Authentication method and devices for accessing a user account of a service on a data network

US 9,633,221 B2
Filed: 11/18/2014
Issued: 04/25/2017
Est. Priority Date: 11/19/2013
Status: Active Grant

First Claim

Patent Images

1. An authentication method for accessing a user account of a service on a data network, the authentication method comprising:

receiving, by the service, a request from a consulting device for said service, said request including a first authentication information element;

receiving, by the service, an information element sent by an authentication security device manager, the information element received by the service being based on a second authentication information element originating from a security device associated with the user account, the second authentication information element being obtained directly from the security device without any user intervention; and

authenticating, by the service, based on the first authentication information element and the information element received from the authentication security device manager,wherein the security device and the authentication security device manager communicate wirelessly directly, independently from the consulting device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method for accessing a user account of a service (28) on a data network (26), includes the following steps:

reception (E20) by the service (28) of a request from a consulting device (10) for the service (28), the request including a first authentication information element,

reception (E60) by the service (28) of an information element sent by an authentication security device manager (34), the information received by the service (28) being based on a second authentication information element originating from a security device (16; 18) associated with the user account, and

authentication by the service (28), based on the first authentication information element and the information received from the authentication security device manager (34).

13 Citations

17 Claims

1. An authentication method for accessing a user account of a service on a data network, the authentication method comprising:
- receiving, by the service, a request from a consulting device for said service, said request including a first authentication information element;
  
  receiving, by the service, an information element sent by an authentication security device manager, the information element received by the service being based on a second authentication information element originating from a security device associated with the user account, the second authentication information element being obtained directly from the security device without any user intervention; and
  
  authenticating, by the service, based on the first authentication information element and the information element received from the authentication security device manager,wherein the security device and the authentication security device manager communicate wirelessly directly, independently from the consulting device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 17)
- - 2. The authentication method according to claim 1, wherein the second authentication information element is sent spontaneously by the security device to the authentication security device manager when the authentication security device manager is connected.
  - 3. The authentication method according to claim 2, wherein said information element received by the service corresponds to the second authentication information element sent by the security device.
  - 4. The authentication method according to claim 2, wherein the authentication security device manager checks the second authentication information element received from the security device, andthe information sent to the service by the authentication security device manager corresponds to the result of the check.
  - 5. The authentication method according to claim 2, further comprising:
    - sending, by the service, a request to obtain the second authentication information element; and
      
      receiving a response to the request from the security device.
  - 6. The authentication method according to claim 1, wherein said information element received by the service corresponds to the second authentication information element sent by the security device.
  - 7. The authentication method according to claim 1, wherein the authentication security device manager checks the second authentication information element received from the security device, andthe information element sent to the service by the authentication security device manager corresponds to the result of the check.
  - 8. The authentication method according to claim 1, wherein the second authentication information element includes information localizing the security device.
  - 9. The authentication method according to claim 8, wherein the localization information includes the address of a gateway between a local network and the data network hosting the service, said local network connecting the security device and the consulting device.
  - 10. The authentication method according to claim 1, wherein the second authentication information element includes a single-use code based on a secret stored in the security device.
  - 11. The authentication method according to claim 1, further comprising:
    - initiating, by the security device, the opening of a channel dedicated to communications with the authentication security device manager according to a communication protocol enabling messages to be pushed spontaneously over the dedicated channel; and
      
      maintaining the dedicated channel open while the security device is active.
  - 12. The authentication method according to claim 11, further comprising pushing, by the security device, the second authentication information element periodically over the dedicated, secure channel.
  - 13. The authentication method according to claim 12, wherein the pushing of the second authentication information element is performed regularly while the security device is active.
  - 14. The authentication method according to claim 1, wherein the associating the security device and the user account comprises:
    - receiving input on the consulting device of a code presented by the security device,transmitting, by the consulting device of the entered code to the service, andactivating the association by the service.
  - 17. A non-transitory microprocessor-readable information medium encoded with instructions of a computer program to cause a processing device to execute the method according to claim 1.

15. A device implementing a service on a data network, the device comprising:
- one or more processors configured toreceive a request from a consulting device of said service, said request including a first authentication information element,receive information sent by an authentication security device manager, the information received by the service being based on a second authentication information element originating from a security device associated with a user account, the second authentication information element being obtained directly from the security device without any user intervention, andauthenticate, based on the first authentication information element and the information received from the authentication security device manager,wherein the security device and the authentication security device manager communicate wirelessly directly, independently from the consulting device.

16. An authentication security device manager for accessing a user account of a service on a data network, the authentication device manager comprising:
- one or more hardware processing devices configured toreceive authentication information originating from a security device, the authentication information being obtained directly from the security device without any user intervention, andtransmit an information element to the service, based on an authentication information element,wherein the security device and the authentication security device manager communicate wirelessly directly, independently from a consulting device that transmitted a request for the service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IDEMIA France (Advent International Corporation)
Original Assignee
Oberthur Technologies SA
Inventors
Vallee, Florian, Guerin, Vincent
Primary Examiner(s)
ZHAO, DON GORDON

Application Number

US14/546,062
Publication Number

US 20150143474A1
Time in Patent Office

889 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/18   using different networks or...

H04W 12/065   Continuous authentication

Authentication method and devices for accessing a user account of a service on a data network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method and devices for accessing a user account of a service on a data network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links