Method, arrangement and secure medium for authentication of a user

US 7,447,910 B2
Filed: 02/07/2002
Issued: 11/04/2008
Est. Priority Date: 02/09/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a user for access to protected areas, where an access code is read from a database comprising a plurality of pre-calculated access codes that are stored on a security medium, particularly a chip card, and is transmitted to a data processing apparatus, wherein said method comprises the steps of:

authenticating the user before the access code is read, starting a mediator program, particularly a Java program, a card program stored on the security medium is asked by the mediator program to read the access code, the mediator program is authenticated by the security medium, and, if the mediator program and the user have been correctly authenticated, the access code is read from the database by the card program, is transferred to the mediator program and is transmitted to the data processing apparatus by the mediator program, wherein after the mediator program is authenticated, the access code is read from the database by the card program, is then transferred to the mediator program and is then transmitted to said data processing apparatus, said access code being provided for each new connection that is extended between the user and the data processing apparatus.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When confidential data or areas of an EDP system (2) are accessed by a user (9), the user is granted access only if he registers (16) with the EDP system correctly with a user name and a password and, in addition, can identify himself as having access authorization using an access code (21), to which only he has access, from a database (5.2). The database is stored on a chip card (5), and access to the database has dual protection. Access to the access codes in the database is given only to that user who can correctly authenticate himself (12) to the chip card using biometric data, for example. In addition, the access codes in the database can be accessed only by a program (5.1) which is stored on the chip card and which can be activated only following correct authentication to the chip card by the user and which needs to have correctly authenticated itself (20) directly on the database using an ID incorporated in the program code.

4 Citations

View as Search Results

13 Claims

1. A method for authenticating a user for access to protected areas, where an access code is read from a database comprising a plurality of pre-calculated access codes that are stored on a security medium, particularly a chip card, and is transmitted to a data processing apparatus, wherein said method comprises the steps of:
- authenticating the user before the access code is read, starting a mediator program, particularly a Java program, a card program stored on the security medium is asked by the mediator program to read the access code, the mediator program is authenticated by the security medium, and, if the mediator program and the user have been correctly authenticated, the access code is read from the database by the card program, is transferred to the mediator program and is transmitted to the data processing apparatus by the mediator program, wherein after the mediator program is authenticated, the access code is read from the database by the card program, is then transferred to the mediator program and is then transmitted to said data processing apparatus, said access code being provided for each new connection that is extended between the user and the data processing apparatus.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein the card program authenticates itself on the database, and the database does not read an access code and/or deletes itself or is deleted if the card program does not correctly authenticate itself.
  - 3. The method according to claim 1, wherein the mediator program acknowledges receipt of the access code to the card program, and the card program deletes the access code from the database afterwards.
  - 4. The method according to claim 1, wherein the user is authenticated by virtue of user-specific identification features, preferably biometric user data, being ascertained and these features being compared, particularly by the security medium, with user identification features stored on the security medium beforehand.
  - 5. The method according to claim 1, wherein the data processing apparatus is accessed via a public communication network, where communication between the user and the data processing apparatus is encrypted and the encryption is performed using an asymmetric encryption method, particularly a public key method, and the user preferably inputs a user name and a password in order to access the data processing apparatus.
  - 6. The method according to claim 1, wherein the data processing apparatus checks the access code transmitted by the mediator program, and the user is permitted to access the, particularly confidential, data or areas if the check was successful.

7. An arrangement for authenticating a user for access to protected areas, comprising a data processing apparatus for authenticating the user, a security medium and first means for accessing the security medium, the security medium having a processor and a memory, wherein the memory stores a database comprising a plurality of access codes that are pre-calculated, a program for accessing the database and user-specific identification features for a user, in that an access code can be read from the database exclusively by the program, and the security medium has means for authenticating a mediator program which asks the program to read the access code, in that the arrangement has second means for ascertaining user-specific identification features, preferably biometric user data, and the arrangement has third means for comparing the ascertained user-specific identification features with the user-specific identification features stored on the security medium, wherein after the mediator program is authenticated, the access code is read from the database by a card program, is then transferred to the mediator program and is then transmitted to said data processing apparatus, said access code being provided for each new connection that is extended between the user and the data processing apparatus.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The arrangement according to claim 7, wherein the second and third means are integrated in the security medium.
  - 9. The arrangement according to claim 7, wherein the third means are integrated in the security medium and the second means are integrated in the first means.
  - 10. The arrangement according to claim 7, wherein the memory stores information for identifying the user.
  - 11. The arrangement according to claim 7, wherein the security medium has fourth means for deleting the database if it is accessed for misuse.

12. A security medium for authenticating a user for access to protected areas, comprising a processor and a memory, wherein the memory stores a database having a plurality of access codes that are pre-calculated, an individual program and user-specific identification features for a user, at least one of said plurality of access codes that are pre-calculated can be read from the database exclusively by the individual program, and the security medium has means for authenticating a mediator program which asks the individual program to read an access code, wherein after said mediator program is authenticated, at least one of said plurality of access codes is read from the database by said individual program and is then transferred to the mediator program, said at least one of said plurality of access code being provided for each new connection that is extended between the user and a data processing apparatus.
- View Dependent Claims (13)
- - 13. The security medium according to claim 12, wherein the security medium has means for determining user-specific identification features and also means for comparing the user-specific identification features stored in the memory with the determined identification features.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Human Bios GmbH
Original Assignee
Human Bios GmbH
Inventors
Kisters, Friedrich
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Reza; Mohammad W

Application Number

US10/467,508
Publication Number

US 20040107367A1
Time in Patent Office

2,462 Days
Field of Search

713/186, 713/182
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40145   Biometric identity checks

G07F 7/1008   Active credit-cards provide...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

Method, arrangement and secure medium for authentication of a user

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method, arrangement and secure medium for authentication of a user

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links