Device and method for authenticating a transaction with a data processing apparatus

US 8,789,161 B2
Filed: 05/09/2011
Issued: 07/22/2014
Est. Priority Date: 10/17/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A device for connection to a data processing apparatus, the device comprising:

a first interface operatively coupled to an authentication storage means, the authentication storage means being registered with a telecommunications system and storing predetermined authentication information that is respectively associated with a subscription of a user with the telecommunications system, the predetermined authentication information corresponding to information used for authenticating a telecommunications terminal that is respectively used in association with the subscription of the user with the telecommunications system for conducting communications in the telecommunications system, the telecommunications system including an authenticating means that maintains a correspondence between the information used for authenticating the telecommunications terminal and the subscription of the user with the telecommunications system;

a second interface configured to connect to the data processing apparatus; and

an interface driver that, upon the first interface operatively coupling to the authentication storage means and the second interface connecting to the data processing apparatus, controls access to the predetermined authentication information and, in response to an input message transmitted in a communication session established between the data processing apparatus and the authenticating means included within the telecommunications system requesting a response that is based on the input message and the predetermined authentication information, enables the authenticating means, via the communication session between the data processing apparatus and the authenticating means included within the telecommunications system, to execute an authentication process for authenticating a transaction by the user with the data processing apparatus, andwherein the authentication process for authenticating the transaction by the user with the data processing apparatus involves use of the predetermined authentication information stored by the authentication storage means, does not require use of the telecommunications terminal that is respectively associated with the subscription of the user with the telecommunications system, and does not require the telecommunications terminal to be authenticated for conducting communications in the telecommunications system using the information used for authenticating the telecommunications terminal that corresponds to the predetermined authentication information that is respectively associated with the subscription of the user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device or “dongle” (30) is provided for controlling communications between a Subscriber Identity Module (for SIM) (12), such as of the type used in a GSM cellular telephone system, and a computer, such as a WINDOWS® operating system-based PC (10). The SIM (12) can be authenticated by the telephone network, in the same way as for authenticating SIMs of telephone handset users in the network, and can in this way authenticate the user of the PC (10) or the PC (10) itself. Such authentication can, for example, permit the use of the PC (10) for a time-limited session in relation to a particular application, which is released to the PC (10), after the authentication is satisfactorily completed. The application may be released to the PC (10) by a third party after and in response to the satisfactory completion of the authentication process. A charge for the session can be debited to the user by the telecommunications network and then passed on to the third party. The dongle (30) provides additional security for the authentication data stored on the SIM by requiring a PIN to be entered and/or by only being responsive to requests received from the PC (10) which are encrypted using a key, which requests are generated by a special PC interface driver (38).

25 Citations

View as Search Results

60 Claims

1. A device for connection to a data processing apparatus, the device comprising:
- a first interface operatively coupled to an authentication storage means, the authentication storage means being registered with a telecommunications system and storing predetermined authentication information that is respectively associated with a subscription of a user with the telecommunications system, the predetermined authentication information corresponding to information used for authenticating a telecommunications terminal that is respectively used in association with the subscription of the user with the telecommunications system for conducting communications in the telecommunications system, the telecommunications system including an authenticating means that maintains a correspondence between the information used for authenticating the telecommunications terminal and the subscription of the user with the telecommunications system;
  
  a second interface configured to connect to the data processing apparatus; and
  
  an interface driver that, upon the first interface operatively coupling to the authentication storage means and the second interface connecting to the data processing apparatus, controls access to the predetermined authentication information and, in response to an input message transmitted in a communication session established between the data processing apparatus and the authenticating means included within the telecommunications system requesting a response that is based on the input message and the predetermined authentication information, enables the authenticating means, via the communication session between the data processing apparatus and the authenticating means included within the telecommunications system, to execute an authentication process for authenticating a transaction by the user with the data processing apparatus, andwherein the authentication process for authenticating the transaction by the user with the data processing apparatus involves use of the predetermined authentication information stored by the authentication storage means, does not require use of the telecommunications terminal that is respectively associated with the subscription of the user with the telecommunications system, and does not require the telecommunications terminal to be authenticated for conducting communications in the telecommunications system using the information used for authenticating the telecommunications terminal that corresponds to the predetermined authentication information that is respectively associated with the subscription of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The device of claim 1, further comprising security data entry means for obtaining security data independently of the data processing apparatus, and means for analyzing the entered security data for determining whether to allow access to the predetermined authentication information.
  - 3. The device of claim 2, wherein the security data entry means comprises alphanumeric data entry means.
  - 4. The device of claim 2, wherein the security data entry means comprises a keypad.
  - 5. The device of claim 2, wherein the security data comprises a Personal Identification Number (PIN), and wherein the analyzing means compares the PIN obtained by the security data entry means with a PIN stored on the authentication storage means and only allows access to the predetermined authentication information when the respective PINs match.
  - 6. The device of claim 1, comprising a display for displaying security information.
  - 7. The device of claim 1, wherein the interface driver comprises a data processing module for controlling communication with the data processing apparatus via the second interface.
  - 8. The device of claim 7, wherein the data processing module of the device is configured for communicating with a corresponding data processing module of the data processing apparatus via the second interface.
  - 9. The device of claim 8, wherein communication between the authentication storage means and the data processing apparatus is performed using the respective data processing modules.
  - 10. The device of claim 7, wherein the data processing module of the device includes means for decrypting encrypted data received from the data processing module of the data processing apparatus.
  - 11. The device of claim 10, wherein the respective data processing modules comprise a key for allowing encryption and/or decryption of data.
  - 12. The device of claim 11, wherein the key comprises a shared secret key for each of the respective data processing modules.
  - 13. The device of claim 7, wherein the data processing module of the device includes means for encrypting data transmitted via the second interface to the data processing module of the data processing apparatus.
  - 14. The device of claim 1, in which each subscriber of the telecommunications system is authenticated in the telecommunications system by use of a respective subscriber identity module for the subscriber, and in which the predetermined authentication information that is stored by the authentication storage means and respectively associated with the subscription of the user corresponds to or simulates a respective subscriber identity module for the user.
  - 15. The device of claim 14, wherein the telecommunications system includes means for levying a charge for the transaction when authorised.
  - 16. A device according to claim 14, wherein the respective subscriber identity module for the user is utilized in authenticating the transaction when the subscriber identity module is operable in a mobile terminal.
  - 17. A device according to claim 14, wherein the respective subscriber identity module for the user is further operable to authenticate a mobile terminal for conducting communications in the telecommunications system in association with the subscription of the user with the telecommunications system.
  - 18. The device of claim 1, in which the transaction involves use of data processing functions of the data processing apparatus.
  - 19. The device of claim 1, in which the authentication storage means is integrated with the device.
  - 20. The device of claim 1, in which the authentication process is performed in response to the authenticating means transmitting the input message and receiving the response that is based on the input message and the predetermined authentication information in the communication session.
  - 21. The device of claim 1 in combination with the data processing apparatus.
  - 22. The device of claim 1 in combination with the telecommunications system.
  - 23. A device according to claim 1, wherein the device communicates wirelessly to authenticate the transaction.
  - 24. The device according to claim 1, wherein an authentication unit is registered with the telecommunications system in association with the subscription of the user and corresponds to the information used for authenticating the telecommunications terminal in association with the subscription of the user, and wherein, upon the authentication unit being operatively coupled to the telecommunications terminal, the authentication unit is used in connection with the information used for authenticating the telecommunications terminal to authenticate the telecommunications terminal with the telecommunications system for conducting communications in the telecommunications system in association with the subscription of the user.
  - 25. The device according to claim 24, wherein the predetermined authentication information simulates the authentication unit during execution of the authentication process for authenticating performance of the transaction by the data processing apparatus.

26. A method for authenticating a transaction with a data processing apparatus, the data processing apparatus being operatively associated with a security device, the security device being operatively associated with an authentication storage means that is registered with a telecommunications system and stores predetermined authentication information that is respectively associated with a subscription of a user with the telecommunications system, the predetermined authentication information corresponding to information used for authenticating a telecommunications terminal that is respectively used in association with the subscription of the user with the telecommunications system for conducting communications in the telecommunications system, the security device being configured to control access to the predetermined authentication information, the telecommunications system including an authenticating means that maintains a correspondence between the information used for authenticating the telecommunications terminal and the subscription of the user with the telecommunications system, the method comprising:
- operatively coupling the security device to the authentication storage means and connecting the device to the data processing apparatus; and
  
  using the security device to, in response to an input message transmitted in a communication session established between the data processing apparatus and the authenticating means included within the telecommunications system requesting a response that is based on the input message and the predetermined authentication information, obtain the predetermined authentication information from the authentication storage means and enable the authenticating means, via a communication session between the data processing apparatus and the authenticating means included within the telecommunications system, to execute an authentication process for authenticating the transaction by the user with the data processing apparatus that involves use of the predetermined authentication information stored by the authentication storage means, andwherein the authentication process for authenticating the transaction by the user with the data processing apparatus does not require use of the telecommunications terminal that is respectively associated with the subscription of the user with the telecommunications system and does not require the telecommunications terminal to be authenticated for conducting communications in the telecommunications system using the information used for authenticating the telecommunications terminal that corresponds to the predetermined authentication information that is respectively associated with the subscription of the user.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 27. The method of claim 26, further comprising obtaining security data independently of the data processing apparatus, and analyzing the security data for determining whether to allow access to the predetermined authentication information.
  - 28. The method of claim 27, wherein the security data is obtained by alphanumeric data entry means.
  - 29. The method of claim 28, wherein the alphanumeric data entry means comprises a keypad.
  - 30. The method of claim 27, wherein the security data comprises a Personal Identification Number (PIN), and wherein the analyzing step compares the PIN obtained by the security data entry means with a PIN stored on the authentication storage means and only allows access to the predetermined authentication information when the respective PINs match.
  - 31. The method of claim 26, further comprising displaying security information.
  - 32. The method of claim 26, wherein communication between the security device and the data processing apparatus is controlled by a data processing module of the security device.
  - 33. The method of claim 32, wherein the data processing module of the security device is configured for communicating with a corresponding data processing module of the data processing apparatus.
  - 34. The method of claim 33, wherein communication between the authentication storage means and the data processing apparatus is performed via the respective data processing modules.
  - 35. The method of claim 32, wherein the data processing module of the security device decrypts encrypted data received from the data processing module of the data processing apparatus.
  - 36. The method of claim 35, wherein the respective data processing modules comprise a key for allowing encryption and/or decryption of data.
  - 37. The method of claim 32, wherein the data processing module of the security device encrypts data transmitted from the security device to the data processing module of the data processing apparatus.
  - 38. The method of claim 36, wherein the key comprises a shared secret key for each of the respective data processing modules.
  - 39. The method of claim 37, wherein the respective data processing modules comprise a key for allowing encryption and/or decryption of data.
  - 40. A method according to claim 26, in which each subscriber of the telecommunications system is authenticated in the telecommunications system by means of use of a respective subscriber identity module for the subscriber, and in which the predetermined authentication information stored by the authentication storage means that is respectively associated with the subscription of the user corresponds to or simulates a respective subscriber identity module for the user.
  - 41. A method according to claim 40, wherein the respective subscriber identity module for the user is utilized in authenticating the transaction when the subscriber identity module is operable in a mobile terminal.
  - 42. A method according to claim 40, wherein the respective subscriber identity module for the user is further operable to authenticate a mobile terminal for conducting communications in the telecommunications system in association with the subscription of the user with the telecommunications system.
  - 43. A method according to claim 26, in which the transaction involves use of the data processing functions of the data processing apparatus.
  - 44. A method according to claim 26, in which the authentication storage means is integrated with the security device.
  - 45. A method according to claim 26, in which the authentication storage means is associated with the data processing apparatus by being associated with data or software for use by that data processing apparatus.
  - 46. A method according to claim 26, in which the authentication process is performed in response to the authenticating means transmitting the input message and receiving the response that is based on the input message and the predetermined authentication information in the communication session.
  - 47. A method according to claim 26, wherein a charge is levied for the transaction when authenticated.
  - 48. A method according to claim 47, wherein levying of the charge is carried out by the telecommunication system.
  - 49. A method according to claim 26, in which the data processing apparatus is a personal computer.
  - 50. A method according to claim 26, wherein the security device communicates wirelessly with the data processing apparatus to enable the authenticating means execute the authentication process.
  - 51. The method according to claim 26, wherein an authentication unit is registered with the telecommunications system in association with the subscription of the user and corresponds to the information used for authenticating the telecommunications terminal in association with the subscription of the user, and wherein, upon the authentication unit being operatively coupled to the telecommunications terminal, the authentication unit is used in connection with the information used for authenticating the telecommunications terminal to authenticate the telecommunications terminal with the telecommunications system for conducting communications in the telecommunications system in association with the subscription of the user.
  - 52. The method according to claim 51, wherein the predetermined authentication information simulates the authentication unit during execution of the authentication process for authenticating performance of the transaction by the data processing apparatus.

53. A device, comprising:
- authentication storage means registered with a telecommunications system and storing predetermined authentication information that is respectively associated with a subscription with the telecommunications system, the predetermined authentication information corresponding to information used for authenticating a telecommunications terminal that is respectively used in association with the subscription with the telecommunications system for conducting communications in the telecommunications system, the telecommunications system including an authenticating means that maintains a correspondence between the information used for authenticating the telecommunications terminal and the subscription with the telecommunications system,a first interface for coupling to a data processing apparatus to provide for the predetermined authentication information to be used to authenticate a transaction to be performed by the data processing apparatus,a security means for controlling access to the predetermined authentication information via the data processing apparatus, andan interface driver that, upon the first interface coupling to the data processing apparatus, in response to an input message transmitted in a communication session established between the data processing apparatus and the authenticating means included within the telecommunications system requesting a response that is based on the input message and the predetermined authentication information, enables the authenticating means, via a communication session between the data processing apparatus and the authenticating means included within the telecommunications system, to execute an authentication process that involves use of the predetermined authentication information stored by the authentication storage means for authenticating performance of the transaction by the data processing apparatus, andwherein the authentication process for authenticating performance of the transaction by the data processing apparatus does not require use of the telecommunications terminal that is respectively used in association with the subscription with the telecommunications system and does not require the telecommunications terminal to be authenticated for conducting communications in the telecommunications system using the information used for authenticating the telecommunications terminal that corresponds to the predetermined authentication information that is respectively associated with the subscription with the telecommunications system.
- View Dependent Claims (54, 55, 56, 57, 58, 59)
- - 54. The device of claim 53, wherein the security means comprises means for obtaining security data from a user and means for checking the validity of the security data and only allowing access to the predetermined authentication information if the security data is valid.
  - 55. The device of claim 53, wherein the security means comprises data processing means for receiving an encrypted authentication request, encrypted using a predetermined key, from the data processing apparatus and for decrypting the request.
  - 56. The device of claim 55 in combination with the data processing apparatus, wherein the data processing apparatus comprises means for encrypting the authentication request using said key.
  - 57. A device according to claim 53, wherein the device communicates wirelessly with the data processing apparatus to enable the authenticating means execute the authentication process.
  - 58. The device according to claim 53, wherein an authentication unit is registered with the telecommunications system in association with the subscription with the telecommunications system and corresponds to the information used for authenticating the telecommunications terminal that is respectively used in association with the subscription with the telecommunications system, and wherein, upon the authentication unit being operatively coupled to the telecommunications terminal, the authentication unit is used in connection with the information used for authenticating the telecommunications terminal to authenticate the telecommunications terminal with the telecommunications system for conducting communications in the telecommunications system in association with the subscription with the telecommunications system.
  - 59. The device according to claim 58, wherein the predetermined authentication information simulates the authentication unit during execution of the authentication process for authenticating performance of the transaction by the data processing apparatus.

60. A device for connection to a data processing apparatus, the device comprising:
- a first interface operatively coupled to an authentication storage means, the authentication storage means being registered with a telecommunications system and storing predetermined authentication information that is respectively associated with a subscription of a user with the telecommunications system, the predetermined authentication information corresponding to an authentication unit that is registered with the telecommunications system in association with the subscription of the user and that is used for authenticating a telecommunications terminal to be used in association with the subscription of the user with the telecommunications system for conducting communications in the telecommunications system, the telecommunications system including an authenticating means that maintains a correspondence between information used for authenticating the telecommunications terminal in connection with the authentication unit and the subscription of the user with the telecommunications system;
  
  a second interface configured to connect to the data processing apparatus; and
  
  an interface driver that, upon the first interface operatively coupling to the authentication storage means and the second interface connecting to the data processing apparatus, controls access to the predetermined authentication information and, in response to an input message transmitted in a communication session established between the data processing apparatus and the authenticating means included within the telecommunications system requesting a response that is based on the input message and the predetermined authentication information, enables the authenticating means, via a communication session between the data processing apparatus and the authenticating means included within the telecommunications system, to execute an authentication process for authenticating a transaction by the user with the data processing apparatus, andwherein the authentication process for authenticating the transaction by the user with the data processing apparatus involves use of the predetermined authentication information stored by the authentication storage means, does not require use of the authentication unit that is registered with the telecommunications system in association with the subscription of the user, and does not require the telecommunications terminal to be authenticated for conducting communications in the telecommunications system using the information used for authenticating the telecommunications terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vodafone Group PLC
Original Assignee
Vodafone Group PLC
Inventors
Jeal, David, Debney, Charles William
Primary Examiner(s)
HENNING, MATTHEW T

Application Number

US13/103,607
Publication Number

US 20110208529A1
Time in Patent Office

1,170 Days
Field of Search

726/9
US Class Current

726/9
CPC Class Codes

G06F 21/12   Protecting executable software

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06K 7/10237   the reader and the record c...

G06Q 20/1235   with control of digital rig...

G06Q 20/305   using wired telephone networks

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/40975   using encryption therefor

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

H04L 2463/102   applying security measure f...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 9/3234   involving additional secure...

Device and method for authenticating a transaction with a data processing apparatus

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Device and method for authenticating a transaction with a data processing apparatus

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links