Method for controlling the access to a specific type of services and authentication device for controlling the access to such type of services

US 9,348,983 B2
Filed: 06/13/2014
Issued: 05/24/2016
Est. Priority Date: 06/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a specific type of services among a plurality of types of services proposed by a service supplier, a type of service comprising services requiring the same access rights to access the services, the method comprising:

entering, by an authentication device of a user, a personal identification code specific to the user, the personal identification code being identical for at least two different services of a same type of service proposed by the service supplier;

receiving by the authentication device, from said user, an indication of a specific type of services for which the access is required;

transforming said personal identification code in the authentication device, in a way depending on at least one cryptographic function specific to the user and on the required specific type of services, the cryptographic function being memorized in the authentication device;

transmitting the result of the transformation of said personal identification code to the service supplier; and

receiving, from the service provider, an access right corresponding to the required specific type of service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and device for controlling access to a specific type of services among a plurality of type of services proposed by a service supplier. The method includes entering, into an authentication device of the user, a personal identification code specific to the user, the personal identification code being identical for at least two different types of services proposed by the service supplier; and indicating, by said user, said specific type of services for which the access is required, the indication being made in the authentication device. The method further comprises transforming said personal identification code, in a way depending on a cryptographic function specific to said user and to said required specific type of services, the cryptographic function being memorized in the authentication device; transmitting the result of the transformation of said personal identification code to the service supplier; authenticating the user by the service supplier by means of the transmitted result of said transformation, and assigning an access right according to the result of the authentication. The device implements the record.

4 Citations

View as Search Results

20 Claims

1. A method for controlling access to a specific type of services among a plurality of types of services proposed by a service supplier, a type of service comprising services requiring the same access rights to access the services, the method comprising:
- entering, by an authentication device of a user, a personal identification code specific to the user, the personal identification code being identical for at least two different services of a same type of service proposed by the service supplier;
  
  receiving by the authentication device, from said user, an indication of a specific type of services for which the access is required;
  
  transforming said personal identification code in the authentication device, in a way depending on at least one cryptographic function specific to the user and on the required specific type of services, the cryptographic function being memorized in the authentication device;
  
  transmitting the result of the transformation of said personal identification code to the service supplier; and
  
  receiving, from the service provider, an access right corresponding to the required specific type of service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising:
    - authenticating the user by the service supplier, by means of the transmitted result of said transformation;
      
      assigning or refusing to assign, by the service supplier, an access right to said specific type of services required according to the result of the authentication.
  - 3. The method for controlling access according to claim 1, wherein said cryptographic function comprises at least one encryption key and one encryption algorithm and in that the transformation step of the personal identification code depending on the cryptographic function comprises the encryption of said personal identification code by this cryptographic function.
  - 4. The method for controlling access according to claim 2, wherein said method further comprises introducing, into the authentication device, a challenge received from the service supplier, and wherein the step of transforming said personal identification code comprises calculating a response which depends at least on said personal identification code, on said cryptographic function specific to said specific type of service selected by the user and on said challenge.
  - 5. The method for controlling access according to claim 2, wherein the result of the transformation contains an indication allowing the service supplier to determine which specific service has been selected by the user.
  - 6. The method for controlling access according to claim 5, wherein the step of authenticating the user by the service supplier comprises the following steps:
    - reading the indication allowing the service supplier to determine which specific type of services has been selected by the user;
      
      selecting, by the service supplier, the cryptographic function specific to said user and to said specific type of services;
      
      calculating, by the service supplier, the transformation of said personal identification code by means of the selected cryptographic function;
      
      comparing the value calculated by the service supplier with the value received from the authentication device;
      
      authorizing access to said specific type of service if these values are equal, and refusing access if these values are different.
  - 7. The method for controlling access according to claim 2, further comprising:
    - a) calculating, by the service supplier, the transformation of said personal identification code by means of a first cryptographic function specific to said user and to said specific type of services;
      
      b) comparing the value calculated by the service supplier with the value received from the authentication device;
      
      c) authorizing access to said specific type of services if the value calculated by the supplier and the value received by from the authentication device are equal;
      
      d) if the value calculated by the supplier and the value received by from the authentication device are different, repeating steps a) to c) using a different cryptographic function during each iteration;
      
      e) if none of the cryptographic functions specific to the types of services proposed by the service supplier leads to an equality, refusing access to the services of the service supplier.
  - 8. The method for controlling the access according to claim 2, further comprising:
    - calculating, by the service supplier, the transformation of said personal identification code by means of the different cryptographic functions specific to said user and to said service types proposed by said service supplier;
      
      comparing the values calculated by the service supplier and the value received from the authentication device; and
      
      authorizing access to said specific type of services if the value received from the authentication device corresponds to one of the values calculated by said service supplier, and refusing the access to the services of the service supplier if the value received from the authentication device does not correspond to any of the values calculated by said service supplier.
  - 9. The method for controlling access according to claim 4, wherein the result of the transformation contains an indication allowing the service supplier to determine which specific service has been selected by the user.
  - 10. The method for controlling access according to claim 9, wherein the step of authenticating the user by the service supplier comprises:
    - reading the indication allowing the service supplier to determine which specific type of services has been selected by the user;
      
      selecting, by the service supplier, the cryptographic function specific to said user and to said specific type of services;
      
      calculating, by the service supplier, the transformation of said personal identification code by means of the selected cryptographic function;
      
      comparing the value calculated by the service supplier with the value received from the authentication device; and
      
      authorizing access to said specific type of service if these values are equal, and refusing access if these values are different.
  - 11. The method for controlling access according to claim 4, further comprising:
    - a) calculating, by the service supplier, the transformation of said personal identification code using a first cryptographic function specific to said user and to said specific type of services;
      
      b) comparing the value calculated by the service supplier with the value received from the authentication device;
      
      c) authorizing access to said specific type of services if the value calculated by the service supplier is equal to the value received by from the authentication device;
      
      d) if the value calculated by the service supplier is equal to the value received by from the authentication device are different, repeating steps a) to c) using a different cryptographic function during each iteration;
      
      e) if none of the cryptographic functions specific to the types of services proposed by the service supplier leads to an equality, refusing of access to the services of the service supplier.
  - 12. The method for controlling access according to claim 4, further comprising:
    - calculating, by the service supplier, the transformation of said personal identification code suing different cryptographic functions specific to said user and to said service types proposed by said service supplier;
      
      comparing the value calculated by the service supplier and the value received from the authentication device;
      
      authorizing access to said specific type of services if the value received from the authentication device corresponds to one of the values calculated by said service supplier, and refusing access to the services of the service supplier if the value received from the authentication device does not correspond to any of the values calculated by said service supplier.
  - 13. The method for controlling access according to claim 4, wherein the step of transmitting the result of the transformation of said personal identification code to the service supplier comprises copying the response to the challenge on a terminal connected to the service supplier.
  - 14. The method for controlling access according to claim 1, wherein a type of services comprises several different services.
  - 15. The method for controlling access according to claim 1, wherein a type of services comprises one service.

16. An authentication device for controlling the access to a specific type of services among a plurality of types of services proposed by a service supplier, a type of services comprising the services requiring same access rights to access the services, the authentication device comprising;
- at least a processor;
  
  a memory connected to the processor, the memory storing at least two distinct cryptographic functions; and
  
  an interface connected to the processor and configured to select at least one type of services among said plurality of types of services;
  
  wherein the processor is configured to perform one of the distinct cryptographic functions based on a selected type of service.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The authentication device according to claim 16, wherein said memory contains at least one personal authentication code.
  - 18. The authentication device according to claim 16, wherein said memory contains at least two distinct encryption keys and at least one encryption algorithm.
  - 19. The authentication device according to claim 16, wherein said memory contains at least one encryption key and at least two different encryption algorithms.
  - 20. The authentication device according to claim 16, wherein said interface is configurable to introduce a challenge received by a service supplier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
Kudelski, Henri
Primary Examiner(s)
Hoffman, Brandon

Application Number

US14/303,901
Publication Number

US 20140373131A1
Time in Patent Office

711 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 2221/2103   Challenge-response

Method for controlling the access to a specific type of services and authentication device for controlling the access to such type of services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

4 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for controlling the access to a specific type of services and authentication device for controlling the access to such type of services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links