WO2005024743A8 - Granting access to a system based on the use of a card having stored user data thereon - Google Patents

Granting access to a system based on the use of a card having stored user data thereon

Info

Publication number
WO2005024743A8
WO2005024743A8 PCT/IB2004/002715 IB2004002715W WO2005024743A8 WO 2005024743 A8 WO2005024743 A8 WO 2005024743A8 IB 2004002715 W IB2004002715 W IB 2004002715W WO 2005024743 A8 WO2005024743 A8 WO 2005024743A8
Authority
WO
WIPO (PCT)
Prior art keywords
card
authentication
user data
granting access
system based
Prior art date
Application number
PCT/IB2004/002715
Other languages
French (fr)
Other versions
WO2005024743A1 (en
Inventor
Francois Dolivo
Dirk Husemann
Original Assignee
Ibm
Francois Dolivo
Dirk Husemann
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ibm, Francois Dolivo, Dirk Husemann filed Critical Ibm
Publication of WO2005024743A1 publication Critical patent/WO2005024743A1/en
Publication of WO2005024743A8 publication Critical patent/WO2005024743A8/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Abstract

An access system is proposed for granting access to a system based on the use of a card having stored user data thereon. The access system comprises a card (1) comprising user data representing a mobile phone number, a card reader (33) for reading data from the card (1), an authentication engine (41) for initiating sending an authentication request (AR) to the mobile phone number, and a mobile phone (2) for sending a return message (RM) to the authentication engine (41) in response to the authentication request (AR). The authentication engine (41) comprises a verification unit (412) for verifying authentication data received with the return message (RM), and for granting access when the return message (RM) comprises validated authentication data.
PCT/IB2004/002715 2003-09-05 2004-08-20 Granting access to a system based on the use of a card having stored user data thereon WO2005024743A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP03405648.1 2003-09-05
EP03405648 2003-09-05

Publications (2)

Publication Number Publication Date
WO2005024743A1 WO2005024743A1 (en) 2005-03-17
WO2005024743A8 true WO2005024743A8 (en) 2005-08-04

Family

ID=34259307

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2004/002715 WO2005024743A1 (en) 2003-09-05 2004-08-20 Granting access to a system based on the use of a card having stored user data thereon

Country Status (2)

Country Link
CN (1) CN1604525A (en)
WO (1) WO2005024743A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007004957A1 (en) * 2007-01-26 2008-07-31 Vodafone Holding Gmbh Authenticate two transaction partners involved in a transaction
US8863265B2 (en) 2008-06-23 2014-10-14 Microsoft Corporation Remote sign-out of web based service sessions
US8375220B2 (en) 2010-04-02 2013-02-12 Intel Corporation Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
CN101938563B (en) * 2010-09-09 2013-08-14 宇龙计算机通信科技(深圳)有限公司 Protection method, system and mobile terminal of SIM card information
FR2986355A1 (en) * 2012-01-26 2013-08-02 France Telecom METHOD OF QUERYING A TERMINAL IMPLEMENTED BY AN APPLICATION SERVER
US8924711B2 (en) 2012-04-04 2014-12-30 Zooz Mobile Ltd. Hack-deterring system for storing sensitive data records
CN104580112B (en) 2013-10-25 2018-07-13 阿里巴巴集团控股有限公司 A kind of service authentication method, system and server
GB201613233D0 (en) * 2016-08-01 2016-09-14 10Am Ltd Data protection system and method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2801995B1 (en) * 1999-12-07 2005-09-09 Bruno Duval METHOD AND SYSTEM FOR MANAGING SECURE TRANSACTION THROUGH A COMMUNICATION NETWORK
AU2001227007A1 (en) * 2000-01-12 2001-07-24 Seaglade Developments Limited A processing method and apparatus
WO2001065501A1 (en) * 2000-03-03 2001-09-07 Systemswork Pte. Ltd. A method of performing a transaction
JP2001306987A (en) * 2000-04-25 2001-11-02 Nec Corp Card use approval method, card settlement system and card settlement device using portable telephone set
US20030061163A1 (en) * 2001-09-27 2003-03-27 Durfield Richard C. Method and apparatus for verification/authorization by credit or debit card owner of use of card concurrently with merchant transaction
EP1443475B1 (en) * 2001-10-26 2005-03-09 Servicios para Medios de Pago, S.A. Universal payment activator using the mobile telephone network

Also Published As

Publication number Publication date
CN1604525A (en) 2005-04-06
WO2005024743A1 (en) 2005-03-17

Similar Documents

Publication Publication Date Title
US8832815B2 (en) Accessory based data distribution
US7747797B2 (en) Mass storage device with near field communications
CA2490208C (en) System and method for automatic verification of the holder of an authorisation document
WO2007067958A2 (en) Virtual business card and method for sharing contact information electronically
WO2002073877A3 (en) System and method of user and data verification
EP1143758A4 (en) Information transmission system and method
WO2004070508A3 (en) Provision of content to mobile user
CA2308456A1 (en) Method and system for using a frequent shopper card as a phone calling card
EP1565016A3 (en) Mobile communication terminal and method for managing use history information
TW200614024A (en) Service providing server, information processor, data processing method, and commuter program
WO2002082245A3 (en) Smart card for accessing a target internet site
WO2001088859A3 (en) Smartchip biometric device
EP1475695A3 (en) Image printing system controlled by portable terminal
EP1130489A3 (en) Protection against unauthorized access to a portable storage medium
TW200633466A (en) Network access system, method and recording medium
HK1107202A1 (en) Method of and system for storage of i-wlan temporary identities
CN101640881A (en) Method and system for remote control and mobile terminal
EP2979235A2 (en) System and method for a secure electronic transaction using a universal portable card reader device
WO2005024743A8 (en) Granting access to a system based on the use of a card having stored user data thereon
JP2001134536A5 (en) Personal authentication identification method, authentication method, authentication device and mobile phone
WO2002095547A3 (en) Method and system for providing gated access for a third party to a secure entity or service
CN101697184B (en) Plug-in card fingerprint identification anti-theft laptop
WO2004047084A3 (en) Secure transaction card with a large storage volume
WO2001011490A3 (en) Authorising a first user for accessing personal data of a second user
WO2002049322A3 (en) Mobile communication unit

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WR Later publication of a revised version of an international search report
DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
122 Ep: pct application non-entry in european phase