Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
First Claim
1. A method for authenticating a user to a service provider, said method using a single authentication device identified by a device identifier and comprising the steps of:
- transmitting, from the authentication device to the service provider, an authentication request comprising at least said device identifier;
preparing, by the service provider, provider authentication data on the basis of pairing data shared by both said authentication device and said service provider;
sending said provider authentication data from the service provider to the authentication device;
authenticating at the authentication device said provider authentication data;
in response to a positive authentication of the provider authentication data, preparing device authentication data based on any of said pairing data by the authentication device, and sending said device authentication data to the service provider; and
verifying the authenticity of the device authentication data by the service provider and in response to a positive authentication of the device authentication data, validating the authentication of said user;
whereinsaid service provider is selected from among a plurality of service providers with whom the user is registered by having a user account, and said authentication device comprises a provider record for each of said plurality of service providers, each provider record comprises a pairing key and first data, said pairing key and said first data being shared with the service provider to which said provider record refers;
said provider authentication data comprises a first cryptogram obtained by encrypting said first data with said pairing key; and
authenticating said provider authentication data is performed at the authentication device by the steps ofdecrypting said first cryptogram by means of the pairing key stored in one of said provider records;
comparing the decrypted first cryptogram with first data resulting from pairing data stored in said provider record;
if the comparison does not indicate a match, then repeating the previous decryption and comparison steps by using the pairing key of another provider record until each of said provider records stored in the authentication device has been processed.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating a user to a provider, among a plurality of providers. The method uses an authentication device comprising, for each of provider, a record comprising a pairing key and first data, both as shared data. Provider authentication data comprises a first cryptogram obtained by encrypting said first data with said pairing key. Authenticating provider authentication data is performed at the authentication device by the steps of decrypting said first cryptogram by means of the pairing key stored in one of said records, then comparing the result of this decryption with first data resulting from pairing data stored in said record, if the comparison does not indicate a match, then processing again the previous decryption and comparison steps by using the pairing key of another record until each of said records stored in the authentication device has been processed.
-
Citations
14 Claims
-
1. A method for authenticating a user to a service provider, said method using a single authentication device identified by a device identifier and comprising the steps of:
-
transmitting, from the authentication device to the service provider, an authentication request comprising at least said device identifier; preparing, by the service provider, provider authentication data on the basis of pairing data shared by both said authentication device and said service provider; sending said provider authentication data from the service provider to the authentication device; authenticating at the authentication device said provider authentication data; in response to a positive authentication of the provider authentication data, preparing device authentication data based on any of said pairing data by the authentication device, and sending said device authentication data to the service provider; and verifying the authenticity of the device authentication data by the service provider and in response to a positive authentication of the device authentication data, validating the authentication of said user; wherein said service provider is selected from among a plurality of service providers with whom the user is registered by having a user account, and said authentication device comprises a provider record for each of said plurality of service providers, each provider record comprises a pairing key and first data, said pairing key and said first data being shared with the service provider to which said provider record refers; said provider authentication data comprises a first cryptogram obtained by encrypting said first data with said pairing key; and authenticating said provider authentication data is performed at the authentication device by the steps of decrypting said first cryptogram by means of the pairing key stored in one of said provider records; comparing the decrypted first cryptogram with first data resulting from pairing data stored in said provider record; if the comparison does not indicate a match, then repeating the previous decryption and comparison steps by using the pairing key of another provider record until each of said provider records stored in the authentication device has been processed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An authentication device for authenticating a user to a service provider among a plurality of service providers, comprising:
-
a non-volatile secured memory for storing secret and shared data; a unique device identifier; a user interface for user data input; a display; and a crypto-processor for performing cryptographic and logical operations and for verifying a validity of an existing user account in said plurality of service providers; wherein the non-volatile secured memory is organized for storing, in an orderly manner, data relating to the plurality of service providers and the crypto-processor is able to retrieve, from said non-volatile secured memory, data relating to each of said plurality of service providers for processing said data relating to each of said plurality of service providers separately from the data relating to each other of said plurality of service providers. - View Dependent Claims (12, 13, 14)
-
Specification