ATE253745T1 - Sichere benutzer- und datenauthenifizierung über ein kommunikationsnetzwerk - Google Patents

Sichere benutzer- und datenauthenifizierung über ein kommunikationsnetzwerk

Info

Publication number
ATE253745T1
ATE253745T1 AT02006514T AT02006514T ATE253745T1 AT E253745 T1 ATE253745 T1 AT E253745T1 AT 02006514 T AT02006514 T AT 02006514T AT 02006514 T AT02006514 T AT 02006514T AT E253745 T1 ATE253745 T1 AT E253745T1
Authority
AT
Austria
Prior art keywords
data
user
card reader
signature
data authentication
Prior art date
Application number
AT02006514T
Other languages
English (en)
Inventor
Alain P Dr Hiltgen
Original Assignee
Ubs Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ubs Ag filed Critical Ubs Ag
Application granted granted Critical
Publication of ATE253745T1 publication Critical patent/ATE253745T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Strategic Management (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Circuits Of Receivers In General (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
AT02006514T 2002-03-18 2002-03-18 Sichere benutzer- und datenauthenifizierung über ein kommunikationsnetzwerk ATE253745T1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP02006514A EP1349031B1 (de) 2002-03-18 2002-03-18 Sichere Benutzer- und Datenauthenifizierung über ein Kommunikationsnetzwerk

Publications (1)

Publication Number Publication Date
ATE253745T1 true ATE253745T1 (de) 2003-11-15

Family

ID=27798792

Family Applications (1)

Application Number Title Priority Date Filing Date
AT02006514T ATE253745T1 (de) 2002-03-18 2002-03-18 Sichere benutzer- und datenauthenifizierung über ein kommunikationsnetzwerk

Country Status (4)

Country Link
US (1) US7296149B2 (de)
EP (1) EP1349031B1 (de)
AT (1) ATE253745T1 (de)
DE (2) DE60200081T2 (de)

Families Citing this family (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2809892B1 (fr) * 2000-05-31 2002-09-06 Gemplus Card Int Procede de protection contre la modification frauduleuse de donnees envoyees a un support electronique securise
US7401224B2 (en) 2002-05-15 2008-07-15 Qualcomm Incorporated System and method for managing sonic token verifiers
CA2516580C (en) * 2003-02-21 2011-01-25 Research In Motion Limited System and method of multiple-level control of electronic devices
US20040186855A1 (en) * 2003-03-20 2004-09-23 Hiroshi Gotoh Client/server system and method of reproducing information therein
US8676249B2 (en) * 2003-05-19 2014-03-18 Tahnk Wireless Co., Llc Apparatus and method for increased security of wireless transactions
US7392534B2 (en) * 2003-09-29 2008-06-24 Gemalto, Inc System and method for preventing identity theft using a secure computing device
US7930412B2 (en) * 2003-09-30 2011-04-19 Bce Inc. System and method for secure access
US10109141B2 (en) * 2003-12-24 2018-10-23 Intel Corporation Method and apparatus for establishing trust in smart card readers
US7249283B2 (en) * 2004-03-22 2007-07-24 Xerox Corporation Dynamic control system diagnostics for modular architectures
CA2564865C (en) 2004-04-30 2013-07-16 Research In Motion Limited System and method for handling peripheral connections to mobile devices
DE102004046847A1 (de) * 2004-09-27 2006-04-13 Giesecke & Devrient Gmbh System, Verfahren und tragbarer Datenträger zur Erzeugung einer digitalen Signatur
US7788483B1 (en) * 2004-10-22 2010-08-31 Winbond Electronics Corporation Method and apparatus of identifying and enabling of functions of a trusted platform module device
EP1836792A1 (de) * 2004-12-30 2007-09-26 BCE Inc. System und verfahren für sicheren zugang
EP1710758A1 (de) * 2005-04-04 2006-10-11 Research In Motion Limited Tragbarer Chipkartenleser mit sicherer Mobilfunkkommunikationsfähigkeit
US7356539B2 (en) * 2005-04-04 2008-04-08 Research In Motion Limited Policy proxy
US7562219B2 (en) 2005-04-04 2009-07-14 Research In Motion Limited Portable smart card reader having secure wireless communications capability
US7878395B2 (en) 2005-09-08 2011-02-01 Research In Motion Limited Alerting a smart card reader of probable wireless communication
US20070124589A1 (en) * 2005-11-30 2007-05-31 Sutton Ronald D Systems and methods for the protection of non-encrypted biometric data
FR2895610B1 (fr) * 2005-12-23 2008-02-08 Thales Sa Systeme de transactions securisees d'unites de valeur portees par des cartes.
US7775427B2 (en) * 2005-12-31 2010-08-17 Broadcom Corporation System and method for binding a smartcard and a smartcard reader
DE102006004237A1 (de) 2006-01-30 2007-08-16 Siemens Ag Verfahren und Vorrichtung zur Vereinbarung eines gemeinsamen Schlüssels zwischen einem ersten Kommunikationsgerät und einem zweiten Kommunikationsgerät
US20070203973A1 (en) * 2006-02-28 2007-08-30 Microsoft Corporation Fuzzing Requests And Responses Using A Proxy
US7613891B2 (en) * 2006-05-04 2009-11-03 Intel Corporation Methods and apparatus for providing a read access control system associated with a flash device
US8495380B2 (en) * 2006-06-06 2013-07-23 Red Hat, Inc. Methods and systems for server-side key generation
US20080276309A1 (en) * 2006-07-06 2008-11-06 Edelman Lance F System and Method for Securing Software Applications
US8079068B2 (en) 2006-07-17 2011-12-13 Research In Motion Limited Management of multiple connections to a security token access device
US8341411B2 (en) 2006-08-16 2012-12-25 Research In Motion Limited Enabling use of a certificate stored in a smart card
US20080046739A1 (en) * 2006-08-16 2008-02-21 Research In Motion Limited Hash of a Certificate Imported from a Smart Card
US20090037729A1 (en) * 2007-08-03 2009-02-05 Lawrence Smith Authentication factors with public-key infrastructure
DE202007019122U1 (de) 2007-08-09 2010-09-30 Kobil Systems Gmbh Installationsloser Chipkartenleser für sicheres Online Banking
TW200929974A (en) * 2007-11-19 2009-07-01 Ibm System and method for performing electronic transactions
US8839386B2 (en) * 2007-12-03 2014-09-16 At&T Intellectual Property I, L.P. Method and apparatus for providing authentication
US20090177892A1 (en) * 2008-01-09 2009-07-09 Microsoft Corporation Proximity authentication
US8402526B2 (en) * 2008-05-27 2013-03-19 Open Invention Network Llc System integrating an identity selector and user-portable device and method of use in a user-centric identity management system
FR2933560B1 (fr) * 2008-07-07 2012-09-28 Eci Sarl Dispositif d'attestation electronique
US8201224B1 (en) * 2008-09-30 2012-06-12 Symantec Corporation Systems and methods for temporarily adjusting control settings on computing devices
US8965811B2 (en) * 2008-10-04 2015-02-24 Mastercard International Incorporated Methods and systems for using physical payment cards in secure E-commerce transactions
US7896247B2 (en) 2008-12-01 2011-03-01 Research In Motion Limited Secure use of externally stored data
WO2010126994A1 (en) * 2009-04-28 2010-11-04 Mastercard International Incorporated Apparatus, method, and computer program product for recovering torn smart payment device transactions
US8707413B2 (en) * 2010-01-15 2014-04-22 Bank Of America Corporation Authenticating a chip card interface device
WO2011110539A1 (en) * 2010-03-08 2011-09-15 Gemalto Sa System and method for using a portable security device to cryptographically sign a document in response to signature requests from a relying party to a digital signature service
EP2383955B1 (de) 2010-04-29 2019-10-30 BlackBerry Limited Zuweisung und verteilung von zugangsberechtigungen an mobile kommunikationsgeräte
WO2011141579A2 (en) * 2010-05-14 2011-11-17 Gemalto Sa System and method for providing security for cloud computing resources using portable security devices
TW201206129A (en) * 2010-07-20 2012-02-01 Gemtek Technology Co Ltd Virtual private network system and network device thereof
EP2426652A1 (de) * 2010-09-06 2012-03-07 Gemalto SA Vereinfachtes Verfahren zur Personalisierung von Chipkarten, und entsprechende Vorrichtung
WO2013025938A2 (en) 2011-08-16 2013-02-21 Sl-X Ip Sarl Systems and methods for electronically initiating and executing securities lending transactions
US8706610B2 (en) 2011-08-16 2014-04-22 Sl-X Technology Uk Ltd. Systems and methods for electronically initiating and executing securities lending transactions
RU154072U1 (ru) 2011-11-14 2015-08-10 Васко Дэйта Секьюрити Интернэшнл Гмбх Средство чтения смарт-карты с безопасной функцией журналирования
DE102011122273A1 (de) * 2011-12-23 2013-06-27 Giesecke & Devrient Gmbh Vorrichtung und Verfahren zum Erzeugen von digitalen Bildern
KR101151367B1 (ko) * 2011-12-26 2012-08-07 한국전자통신연구원 온라인 금융거래 인증 방법 및 그 장치
US20130185214A1 (en) * 2012-01-12 2013-07-18 Firethorn Mobile Inc. System and Method For Secure Offline Payment Transactions Using A Portable Computing Device
US9398066B1 (en) 2013-03-06 2016-07-19 Amazon Technologies, Inc. Server defenses against use of tainted cache
US9471533B1 (en) * 2013-03-06 2016-10-18 Amazon Technologies, Inc. Defenses against use of tainted cache
CN103544037B (zh) * 2013-10-29 2016-08-17 飞天诚信科技股份有限公司 一种支持OpenSC的软硬件驱动的实现方法
EP2874421A1 (de) * 2013-11-13 2015-05-20 Gemalto SA System und Verfahren zur Sicherung der Kommunikation zwischen einer Kartenleservorrichtung und einem entfernten Server
KR102144517B1 (ko) * 2013-12-31 2020-08-14 원스팬 인터내셔널 게엠베하 전자 서명 방법들, 시스템들 및 장치
US10277560B2 (en) * 2014-02-23 2019-04-30 Samsung Electronics Co., Ltd. Apparatus, method, and system for accessing and managing security libraries
US8990121B1 (en) 2014-05-08 2015-03-24 Square, Inc. Establishment of a secure session between a card reader and a mobile device
US10438187B2 (en) * 2014-05-08 2019-10-08 Square, Inc. Establishment of a secure session between a card reader and a mobile device
WO2015171939A1 (en) * 2014-05-08 2015-11-12 Square, Inc. Establishment of a secure session between a card reader and a mobile device
GB2528043B (en) * 2014-07-03 2021-06-23 Vodafone Ip Licensing Ltd Security authentication
US9509661B2 (en) * 2014-10-29 2016-11-29 Aruba Networks, Inc. Method and apparatus for displaying HTTPS block page without SSL inspection
CN106447323A (zh) * 2015-08-05 2017-02-22 阿里巴巴集团控股有限公司 业务验证方法及装置
US10158490B2 (en) * 2015-08-17 2018-12-18 The Boeing Company Double authentication system for electronically signed documents
US11593780B1 (en) 2015-12-10 2023-02-28 Block, Inc. Creation and validation of a secure list of security certificates
US10803461B2 (en) 2016-09-30 2020-10-13 Square, Inc. Fraud detection in portable payment readers
US9940612B1 (en) 2016-09-30 2018-04-10 Square, Inc. Fraud detection in portable payment readers
US10958640B2 (en) * 2018-02-08 2021-03-23 Citrix Systems, Inc. Fast smart card login
EP3573000A1 (de) * 2018-05-22 2019-11-27 Mastercard Asia/Pacific Pte. Ltd. Verfahren und system zur bereitstellung eines dienstes
US10573163B1 (en) 2019-04-25 2020-02-25 Capital One Services, Llc Real-time ATM alert if user forgets card
SE546367C2 (en) * 2019-06-28 2024-10-15 Assa Abloy Ab Cryptographic signing of a data item
US11528267B2 (en) * 2019-12-06 2022-12-13 Bank Of America Corporation System for automated image authentication and external database verification
US20260065232A1 (en) * 2024-09-05 2026-03-05 Wells Fargo Bank, N.A. Pre-appointment routing using an artificial intelligence assistant

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778071A (en) * 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
JPH1079733A (ja) * 1996-09-03 1998-03-24 Kokusai Denshin Denwa Co Ltd <Kdd> Icカードを用いた認証方法及び認証システム
US6226744B1 (en) * 1997-10-09 2001-05-01 At&T Corp Method and apparatus for authenticating users on a network using a smart card
US6073237A (en) * 1997-11-06 2000-06-06 Cybercash, Inc. Tamper resistant method and apparatus
AU1602500A (en) * 1998-11-02 2000-05-22 Smartdisk Corporation Home point of sale (pos) terminal and electronic commerce method
WO2000074007A1 (en) * 1999-05-28 2000-12-07 Utm Systems Corporation Network authentication with smart chip and magnetic stripe
US20010045451A1 (en) * 2000-02-28 2001-11-29 Tan Warren Yung-Hang Method and system for token-based authentication
US6895502B1 (en) * 2000-06-08 2005-05-17 Curriculum Corporation Method and system for securely displaying and confirming request to perform operation on host computer
AU2001256591A1 (en) * 2000-06-26 2002-01-08 Covadis Sa Computer keyboard unit for carrying out secure transactions in a communications network
US7093133B2 (en) * 2001-12-20 2006-08-15 Hewlett-Packard Development Company, L.P. Group signature generation system using multiple primes

Also Published As

Publication number Publication date
EP1349031A1 (de) 2003-10-01
DE60200081T2 (de) 2004-04-22
DE60200081D1 (de) 2003-12-11
EP1349031B1 (de) 2003-11-05
US7296149B2 (en) 2007-11-13
US20030177353A1 (en) 2003-09-18
DE10212620A1 (de) 2003-10-09

Similar Documents

Publication Publication Date Title
ATE253745T1 (de) Sichere benutzer- und datenauthenifizierung über ein kommunikationsnetzwerk
DE60200093D1 (de) Sichere Benutzerauthenifizierung über ein Kommunikationsnetzwerk
US9363262B1 (en) Authentication tokens managed for use with multiple sites
US20070118758A1 (en) Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system
US20090193264A1 (en) Authentication system and method
US20120249292A1 (en) Proximity based biometric identification systems and methods
WO2006069330A3 (en) Biometric personal data key (pdk) authentication
MY139673A (en) Data communication system, agent system server, computer program, and data communication method
WO2002073877A3 (en) System and method of user and data verification
NO20010427D0 (no) Fremgangsmåte for å åpne hele eller deler av et smartkort
WO2005086569A3 (en) System, method and apparatus for electronic authentication
EP1376983A3 (de) Verfahren und System zur Authentifizierung von Kommunikationsendgeräten
MXPA05003546A (es) Modelo modificado para verificacion con tag.
KR100858144B1 (ko) 이동통신 단말기를 이용한 인터넷 사이트에서의 사용자인증 방법 및 장치
EP1758417A4 (de) Authentifizierungsverfahren
CN106027243A (zh) 一种电子凭证生成方法、客户端、云平台、授权端和系统
KR100548638B1 (ko) 스마트카드를 이용한 원 타임 패스워드 생성 및 인증방법그리고 이를 위한 스마트카드
CN113704580B (zh) 一种信息安全交互方法及装置
JP2006190175A (ja) Rfid利用型認証制御システム、認証制御方法及び認証制御プログラム
EP1162778A2 (de) Verfahren und Vorrichtung zur Anordnung von digitalen Zertifikaten auf einem Hardware-Token
KR100858146B1 (ko) 이동통신 단말기 및 가입자 식별 모듈을 이용한 개인 인증방법 및 장치
CN109460666A (zh) 一种基于区块链技术的员工档案数据溯源与加密方法
JP2020013384A (ja) 身分証明書表示システム、携帯端末、サーバ、端末側身分証明書表示プログラム、サーバ側身分証明書表示プログラム、及び身分証明書表示方法
KR20070084801A (ko) 스마트카드를 이용한 원 타임 패스워드 생성 및 인증방법그리고 이를 위한 스마트카드
US8601270B2 (en) Method for the preparation of a chip card for electronic signature services

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties