Authentication device and/or method
First Claim
1. A method of providing to a user information to enable the user to know that a remote service to which the user connects via a communications network is in fact the service that it represents itself to be as opposed to an imitator of such service, the method including:
- the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key;
communicating the service authentication code to the user via the communications network;
entering the service authentication code into an authentication device in the control of the user;
generating in the authentication device, using the same code generation algorithm, an expected code value based on a second secret key, then comparing the expected code value to the service authentication code received from the remote service; and
if the expected code value correlates correctly with the service authentication code, the authentication device generating a response that indicates to the user that the remote service is the remote service that it represents itself to be, as opposed to an imitator of such service.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating a remote service (104) to a user (102) via a communications network (106) is disclosed. The remote service (104) obtains a service authentication code that has been generated, using a code generation algorithm, based on a first secret key. The service authentication code is communicated to the user (102) via the communications network (106) and received, or entered, into an authentication device (106) associated with the user (102). The authentication device (106) then generates, using the same code generation algorithm, an expected code value based on a second secret key and compares the expected code value to the service authentication code. Responsive to the comparison, and in the event that the expected code value correlates with the service authentication code, the authentication device (106) generates a response that indicates to the user (102) the authenticity of the remote service (104).
44 Citations
36 Claims
-
1. A method of providing to a user information to enable the user to know that a remote service to which the user connects via a communications network is in fact the service that it represents itself to be as opposed to an imitator of such service, the method including:
-
the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key; communicating the service authentication code to the user via the communications network; entering the service authentication code into an authentication device in the control of the user; generating in the authentication device, using the same code generation algorithm, an expected code value based on a second secret key, then comparing the expected code value to the service authentication code received from the remote service; and if the expected code value correlates correctly with the service authentication code, the authentication device generating a response that indicates to the user that the remote service is the remote service that it represents itself to be, as opposed to an imitator of such service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 34)
-
-
18. A method of authenticating a remote service to a user via a communications network whereby the remote service is able to demonstrate to the user that the remote service is the service it purports to be, the method including:
-
the remote service obtaining a service authentication code that has been generated using a code generation algorithm based on a first secret key; communicating the service authentication code to the user via the communications network; entering the service authentication code into an authentication device in the possession of the user; the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key, the authentication device thereafter comparing the expected code value to the service authentication code; and if the expected code value correlates correctly with the service authentication code, the authentication device generating a response that indicates to the user that the remote service is the service it purports to be; wherein the code generation algorithm for generating the service authentication code based on the first secret key, and the code generation algorithm for generating the expected code value based on the second secret key use synchronised encoding sequences for generating the service authentication code and the expected code value, based on the first secret key and the second secret key, respectively.
-
-
19. A method of mutually demonstrating over a communications network to a user and to a remote service that each of the remote service and the user are who they purport to be, the method comprising:
-
the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key; communicating the service authentication code to the user via the communications network; entering the service authentication code into an authentication device in control of the user; generating in the authentication device, using the same code generation algorithm as in the remote service, an expected code value based on a second secret key, and thereafter comparing the expected code value to the service authentication code; if the expected code correlates with the service authentication code, the authentication device generating, using a code generation algorithm, a user authentication code value based on a third secret key; communicating the user authentication code to the remote service via the communications network; the remote service obtaining a second expected code value that has been generated based on a fourth secret key and thereafter comparing the second expected code value to the user authentication code; and if the second expected code value correlates with the user authentication code, the remote service allowing the user further access to the remote service.
-
-
20. A software architecture embodied on at least one non-transitory computer-readable media for implementation on a server to enable a service to demonstrate to a user communicating with that service that the service is the service it purports to be, the software architecture including:
-
a service authentication code generator for generating a service authentication code, using a code generation algorithm, based on a first secret key, the generation of the service authentication code including encoding the first secret key using a first pseudorandom encoding sequence and a second pseudorandom encoding sequence having the same sequence length as the first pseudorandom encoding sequence, the encoding including; identifying, in order, the location of characters in the first pseudorandom encoding sequence that correspond to the characters of the first secret key; mapping the sequence location of the identified characters to characters of the second pseudorandom encoding sequence having the same sequence location to provide a set of characters from the second pseudorandom encoding sequence; and arranging, in order of identification, the set of characters of the second pseudorandom encoding sequence to form the service authentication code; and a communication driver for communicating the service authentication code to a remote user via the communications network; wherein the service authentication code varies according to the first and a second pseudorandom encoding sequences used by the code generation algorithm and wherein a different first and second pseudorandom encoding sequence is used whenever a service authentication code is generated to reduce the likelihood of the same service authentication code being regenerated.
-
-
21. A software architecture embodied on at least one non-transitory computer-readable media for implementation on an authentication device, the software architecture including:
-
an input driver for receiving or entering a service authentication code provided by a remote service, the service authentication code having been generated using a code generation algorithm, based on a first secret key; a generator for generating, using the code generation algorithm, an expected code value based on a second secret key; a comparator for comparing the expected code value to the service authentication code; and a response generator for generating a response indicative of the authenticity of the remote service according to a comparison of the expected code with the service authentication code. - View Dependent Claims (35, 36)
-
-
22. An authentication device for providing a response that indicates to a user of the device that a remote service with which the user wishes to communicate over a communications network is, in fact, the remote service with which the user desires to interact, as opposed to an imitator of such remote service, the authenticity of a remote service based on an service authentication code provided by the remote service, the authentication device including:
-
an input device for receiving or entering the service authentication code, the service authentication code having been generated using a code generation algorithm based on a first secret key; a code generator circuit for generating, using the same code generation algorithm, an expected code value based on a second secret key; a comparator circuit for comparing the expected code value to the service authentication code; and a response generator for generating a response indicative of the authenticity of the remote service according to a comparison matching the expected code with the service authentication code, and thereby indicate to the user that the remote service is, in fact, the remote service with which the user desires to interact, as opposed to an imitator of such remote service. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method of authenticating a remote service to a user via a communications network, the authentication demonstrating to the user that the remote service is actually the remote service with which the user wishes to interact, as opposed to a different remote service, the method including:
-
a user operating an authentication device to retrieve, from the device, a unique identification code associated therewith; the user sending the unique identification code to the remote service via a communications network; the remote service obtaining a service authentication code that has been generated using a code generation algorithm based on a first secret key, the first secret key being retrieved from a database by indexing the unique identification code into the database, the database including identification codes for authentication devices that have been registered for accessing the remote service; communicating the service authentication code to the user via the communications network; entering the service authentication code into an authentication device associated with the user; the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key, and thereafter comparing the expected code value to the service authentication code; and responsive to the comparison, and when the expected code value correctly correlates with the service authentication code, the authentication device generating a response that indicates to the user the authenticity of the remote service.
-
Specification