Method, arrangement and secure medium for authentication of a user
First Claim
1. A method for authenticating a user for access to protected areas, where an access code is read from a database comprising a plurality of pre-calculated access codes that are stored on a security medium, particularly a chip card, and is transmitted to a data processing apparatus, wherein said method comprises the steps of:
- authenticating the user before the access code is read, starting a mediator program, particularly a Java program, a card program stored on the security medium is asked by the mediator program to read the access code, the mediator program is authenticated by the security medium, and, if the mediator program and the user have been correctly authenticated, the access code is read from the database by the card program, is transferred to the mediator program and is transmitted to the data processing apparatus by the mediator program, wherein after the mediator program is authenticated, the access code is read from the database by the card program, is then transferred to the mediator program and is then transmitted to said data processing apparatus, said access code being provided for each new connection that is extended between the user and the data processing apparatus.
3 Assignments
0 Petitions
Accused Products
Abstract
When confidential data or areas of an EDP system (2) are accessed by a user (9), the user is granted access only if he registers (16) with the EDP system correctly with a user name and a password and, in addition, can identify himself as having access authorization using an access code (21), to which only he has access, from a database (5.2). The database is stored on a chip card (5), and access to the database has dual protection. Access to the access codes in the database is given only to that user who can correctly authenticate himself (12) to the chip card using biometric data, for example. In addition, the access codes in the database can be accessed only by a program (5.1) which is stored on the chip card and which can be activated only following correct authentication to the chip card by the user and which needs to have correctly authenticated itself (20) directly on the database using an ID incorporated in the program code.
4 Citations
13 Claims
-
1. A method for authenticating a user for access to protected areas, where an access code is read from a database comprising a plurality of pre-calculated access codes that are stored on a security medium, particularly a chip card, and is transmitted to a data processing apparatus, wherein said method comprises the steps of:
authenticating the user before the access code is read, starting a mediator program, particularly a Java program, a card program stored on the security medium is asked by the mediator program to read the access code, the mediator program is authenticated by the security medium, and, if the mediator program and the user have been correctly authenticated, the access code is read from the database by the card program, is transferred to the mediator program and is transmitted to the data processing apparatus by the mediator program, wherein after the mediator program is authenticated, the access code is read from the database by the card program, is then transferred to the mediator program and is then transmitted to said data processing apparatus, said access code being provided for each new connection that is extended between the user and the data processing apparatus. - View Dependent Claims (2, 3, 4, 5, 6)
- 7. An arrangement for authenticating a user for access to protected areas, comprising a data processing apparatus for authenticating the user, a security medium and first means for accessing the security medium, the security medium having a processor and a memory, wherein the memory stores a database comprising a plurality of access codes that are pre-calculated, a program for accessing the database and user-specific identification features for a user, in that an access code can be read from the database exclusively by the program, and the security medium has means for authenticating a mediator program which asks the program to read the access code, in that the arrangement has second means for ascertaining user-specific identification features, preferably biometric user data, and the arrangement has third means for comparing the ascertained user-specific identification features with the user-specific identification features stored on the security medium, wherein after the mediator program is authenticated, the access code is read from the database by a card program, is then transferred to the mediator program and is then transmitted to said data processing apparatus, said access code being provided for each new connection that is extended between the user and the data processing apparatus.
- 12. A security medium for authenticating a user for access to protected areas, comprising a processor and a memory, wherein the memory stores a database having a plurality of access codes that are pre-calculated, an individual program and user-specific identification features for a user, at least one of said plurality of access codes that are pre-calculated can be read from the database exclusively by the individual program, and the security medium has means for authenticating a mediator program which asks the individual program to read an access code, wherein after said mediator program is authenticated, at least one of said plurality of access codes is read from the database by said individual program and is then transferred to the mediator program, said at least one of said plurality of access code being provided for each new connection that is extended between the user and a data processing apparatus.
Specification