CA2193819C - User authentication method and apparatus - Google Patents

User authentication method and apparatus Download PDF

Info

Publication number
CA2193819C
CA2193819C CA002193819A CA2193819A CA2193819C CA 2193819 C CA2193819 C CA 2193819C CA 002193819 A CA002193819 A CA 002193819A CA 2193819 A CA2193819 A CA 2193819A CA 2193819 C CA2193819 C CA 2193819C
Authority
CA
Canada
Prior art keywords
personal unit
service
challenge
code
response code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CA002193819A
Other languages
French (fr)
Other versions
CA2193819A1 (en
Inventor
Bjorn Erik Rutger Jonsson
Johan Per Falk
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US08/264,939 external-priority patent/US5668876A/en
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Publication of CA2193819A1 publication Critical patent/CA2193819A1/en
Application granted granted Critical
Publication of CA2193819C publication Critical patent/CA2193819C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Abstract

Authorization for a user to use a service is provided by a modified pager which calculates a unique response code to a transmitted challenge code based on the challenge code, an input personal identification number, and an internal key.
The response code is input to a simple terminal, such as a telephone and if the unique response code is acceptable, the user may access the desired service, such as cashless transactions or long distance phone service.

Description

r"~
_. i '~ ,~ i '.

USER AUTHENTICATION METHOD AND APPARATQS
B_ACKG~,OTJND OF THE INVENTI~JN
1) ~,ield of the Invention The present invention involves a method and an apparatus for authentication of a user attempting to access an electro nic service, and, in particular, providing an authentication unit Which is separate from preexisting systems.
2) Description of elated Art Effective authentication methods and apparatuses have been in great demand to prevent fraud and theft of services.
This demand increases with the explosion of electronic services in the current information age. E:Lectronic services such as banking services, credit card services, automatic teller machine (ATM) services, account information services such as mortgage, savings and investment accounts, general information services such as data base services and networks, security services and long distance phone services all require that a user be accurately identified for purposes of security, proper billing and avoidance of fraud. Recently, fraud in the cellular mobile telephone industry has placed so great a demand on effective authentication methods that a protocol has been standardized for cellular mobile systems. See, GSM
03.20, European Telecommunications Standards Institute (ETSI) , 1993, pp. 19-29 and U.S. Patent No. 5,282,250, herein incorporated by reference.
However, conventional authentication systems have required specially equipped terminals with card readers such as ATMs or credit card gas station terminals, data terminals using a log-in procedure, or cellular mobile radio stations with built-in authentication capabilities. Credit cards having a magnetic strip provide only minimal security insomuch as the bearer of the card is usually pezzaitted to conduct transactions without further authentication of the user's identification other than perhaps comparing a unauthenticated ~~ . i ~.~- ~ ~~
WO 96/00485 ' PCTISE95100719 signature on the card to a signature of the user. Even in transactions when signatures are required, the certainty of the user's identification is minimal.
Other identity cards, such as ATM cards, require a log-on procedure with a password, or PIN. But the PIN, once learned by an unauthorized user, offers no security in authenticating the user if the user can duplicate the ATM card.
These methods of authentication require specially equipped, and often dedicated, terminals,, which raises the l0 cost and reduces the availability of the associated electronic service. In other words, the prior art security systems often require a dedicated or customized terminal or modification to existing terminals, which greatly restricts the use of security systems to specific sites. Also, a user may use several electronic services, each service requiring an authentication procedure and/or personal identification number (PIN) or password, each procedure or password different from the others. As a subscriber to several electronic services, a user might end up with numerous passwords to remember. Even worse, he or she may be required to change these passwords periodically, thus having to remember if a password is still valid or not.
Also, transactions requiring relatively certain authen tication have been largely unavailablefrom relatively simple terminals like telephones. For instance, home banking by telephone has been limited to transactions involving the bank customer's own accounts or using only the customer's own telephone.
SUMMARY OF THE INVENTION
The present invention overcomes these and other problems by providing an authentication procedure wherein the user carries a personal unit not limited to use pith or physically connected to a terminal of any one specific electronic service. The personal unit ca~a be used to authenticate a CA 021938_19 1996-12-23 ._.,,.-,,..--, -~~~/ ~_'a5/~.i ~- ~ ~9 FAT Ir"::rna;ional Appiica~ion 2 ~ 9 ~ 81 ~ ~ ~ ~ ._;~_. ,qs~
_~3..
user's identity through a variety of terminals associated with a variety of electronic services.
The personal unit includes a receiver for receiving a transmitted challenge code and an algorithm unit which processes the challenge code, a user input such as a personal identification number (PIN) or electronically recognizable signature, and an internally stored security key for calculating a response code according to a pre-stored algorithm.
The response code is then sent to the service node and, if it is acceptable, access to the service is authorized.
The basic method involves receiving a challenge code from a system, the user inputting a personal identification number or other recognizable input, and the personal' unit generating a response code based on an internally storedL algorithm. The PIN or other user input may be changed from time to time, and the challenge code and the response is unique for each transaction. The personal unit may receive and store a plurality of challenge codes for later use.
The personal unit can be used with virtually any existing; terminal of an electronic service without requiring the terminal to be modified or customized. For instance, the personal unit can be used with a standard telephone, whether <~ radio telephone or land-line telephone. The user can input the response code displayed on the personal unit through the telephone keypad or the personal unit can include a DTMF
transmitter for direct input of the response code into the microphone of the telephone. It follows that the keypad of any service terminal (e.g., a data terminal connected to a service computer) can be used to input the response code. If some other input device is used in a terminal, such as an acoustic input, a inductively coupled input, an optical input, radio receiver (particularly if the terminal is by-passed and the response code; is transmitted directly to the authentication center), etc., the personal unit can include a compatible output device.
In other words, the personal unit can be modified or equipped to be compatible with H(U~~~ED SHEET

existing or perspective terminals, rather than having to modify the terminals to suit the authentication procedure.
The same basic authentication procedure can be used for all services the user might wish to engage, the procedure being modifiable to suit any specific requirements of the electronic service. The user may have one personal unit for all the services he may wish to subscribe to, or several personal units, each unit being usable with one or a subset of services to which the user has subscribed.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will now be described with reference to the attached-drawing figures in which:
Figure 1 is a schematic diagram of an authentication pager system in accordance with the present invention;
Figure 1 A is a schematic diagram of an authentication pager system with reference to specific communications in accordance with the present invention;
Figure 2 is a perspective view of a personal unit in accordance with the present invention; and Figure 3 is a flowchart outlining the authentication procfas in accordance with the present rnventron.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Hardware of the Stem Referring to Figure 1, the present invention includes a personal unit 20 for generating a response code, a terminal 22 for initiating service access and conducting service, and for inputting the response code to a service access network 24.
The service access network transmits data between the terminal 22 and a service 26. The terminal 22 can be a land-line telephone, a radio telephone, an ATM, a computer with a modem AMENDED SlIEET

~1 < ~ , ~ 7 ?~'i ~f '~ '7 ~ a J i ~ 9 -s-(modulator/demodulator), a facsimile machine, or virtually any other type of terminal capable of receiving an input directly or indirectly from the personal unit 20 and relaying information to a service node 26.
The service node 26 may be any form of electronic service, such as banking or financial services, credit card services, long distance telephone services, information services, etc. The type of service provided is not germane to the present invention. One of the advantages of the personal unit 20 of the present invention is that it can be used for authenticating the user of any service.
In an exemplary embodiment, the authentication center 30, whether separate or as part of the service node 26, includes a radio transnnitter, storage for one or more algorithms, and a comparator to compare the received response code to an expected response code. The authentication center 30 can be realized in the form of additional software added to a preexisting pager system or other radio communication system. The separate authentication center 30 enables many service nodes or networks to use one is authentication center 30. This permits changes in the authentication procedure to be done at one location for all applications and permits one authentication procedure to be used for more than one service, and perhaps all services to which a user has subscribed.
The service access network 24 can be in the form of any communication system, such as a public or private telephone network, telegraph, or other land-line system, cellular radio telephone network, or other radio communication network. The form of the service access network 24 can be in any form capable of transmitting information from the terminal 22 to the service node 26. The service access network 24 in some of the examples provided below is in the form of a preexisting tf:lephone network.
The authentication challenge network 28 can be. the same network as the service 2s access network 24, or preferably a distinct and separate network. The authentication challenge network 28 can be any communication system, such as a public or private telephone network, telegraph, or other land-line system, cellular radio telephone network, ~ner~~-~~'n, SHEET

. ~i ~ ~~ ;' f . -~ , :.. , I I
'~ ~~9F

or other radio communication network. The authentication challenge network 28 can be in any form capable of transmitting information from the service node 26 (or authentication center 30) to the personal unit 20. In one embodiment, the authentication challenge network 28 is a preexisting wide area pager system capable of broadcasting a personal unit identification number and additional information, such as at least one challenge code. Existing pager systems which can transmit at least the telephone number the user is being prompted to call have sufticient capabilities to function with the personal unit 20 disclosed herein. Any form of radio communication system can provide the optimum security offered by the present invention because only a specific receiver properly generate the expected response when the proper PIN or the like is input in the personal unit 20. However, the user can be required to manually input a challenge code provided over an interactive service access network 24.
In the exemplary embodiment of Figure 2, the personal unit 20 includes a receiver unit 21a for receiving the challenge code, and an algorithm unit 21b, operatively connected to the receiver unit 21a and preferably including an input device for receiving a user input, such as a security number, e.g., a PIN. The receiver unit 21a can be in the form of the radio receiver of a pager having a digital display capable of displaying a caller's telephone number or the like. The personal unit 20 can be essentially a conventional pager which is moditied to include, for example, an algorithm unit 21b, an input keypad 2Ic and optionally a dual tone multi-frequency (1DTMF) generator 21d (if automated input of the displayed response code is preferred where the terminal 22 is connected to some form of audio communications network). The personal unit 20 may include a transmitter 21f in an embodiment where the service a<;cess network 24 includes an radio uplink, or where the response code is directly sent to the authentication center 30 or service node 26. The algorithm unit 21b calculates a response code in accordance with the received challenge code, an appropriate input security number and optionally a secret key (a secret number or code provided by the supplier of the personal unit 20) AI'~iEi~3DEt~ SHEET

~ra?,~j~ . ~:-~:>/!~0'~9 ..~ ~.i r'-d~i:~
_ '7 _ entered into storage in the personal unit 20 at the time of subscription.
Algorithms of this type are known in the art or readily derived therefrom. See, GSM 03.20, Appendix C.2, algorithm A3, for example. The specific algorithm used in a given embodiment is not germane to the present invention. A memory 21e is provided to store the algorithms, the secret key, received challenge codes and computer programming as a specific embodiment makes expedient. The personal unit 20 may be nnicroprocessor driven.
This provides a triple check on the identity of the user, requiring information from three separate sources (user: PIN, service node or authentication center:
challenge code, and provider of the personal unit: secret key), thereby increasing the relative security of the transaction against fraud or other unauthorized use.
In a preferred embodiment, the personal unit 20 is a separate unit, thereby minimizing or avoiding the need to customize a communication device such as a cellular telephone. The receiver unit 21a, input device 21c, and the capacity for performing the necessary calculations exists in conventional cellular to°.lephones and personal communication units, allowing the present invention to be implemented through software.
The challenge code can either be unique to a given transaction or broadcast, for example, to all such personal units in use at a given time. The response code is to be unique to each transaction in either scenario. Also, in either scenario, the challenge codes should be changed on a periodic or a random basis to provide additional security for transactions. Similarly, the user input, such as a PIN, can be updated at the user's discretion or on a regular basis. Even the algorithm can be changed from time to time, or more than one algorithm can be stored in the personal unit 20, which can be either cyclically used in a predetermined order or changed after a predetermined number of uses. As long as the authentication center 30 can determine what algorithm, what secret key (if used), and what user input should have been used for a given transaction, the user can be authenticated.

~ CA 02193819 1996-12-23 i' ~ '-',1,~') ~ '~~~/ .~; '~::p / ~.ij',''; o _g_ The algorithm unit 21b calculates a response code based. on the received challenge code, the user input (e.g., PIN), and optionally the secret hey. Thus, for a correct response code to be generated, the challenge code, the user input and the secret key (if used) have to be in accordance with the expectations of the service node 26 or authentication center 30 if access to the service is to be granted. The service node 26 or the authentication center 30 is provided with enough information to be able to anticipate the proper response code. Thus, for a transaction to be authorized, the user must know the appropriate user input (e.g., PIN), be in possession of the correct personal unit 20 and receive the appropriate challenge code.
A conventional twelve button (0-9, * and i~) keypad 2lc is preferably provided-for inputting the user input as shown in Figure 2. Alternatively, a reduced or expanded keypad can be used with lesser or greater security being afforded thereby. A
character recognition device which can recognize a signature or other writing can be used for the user input device. Also, fingerprint or retinal scanner can be used for added security in appropriate situations.
For example, the challenge code may have 10 decimal digits, the secret key may have 12 decimal digits, the PIN may have 4 decimal digits, and the response code may have 8 decimal digits.
Authentication Process A user initiates a service access through terminal 22 by transmitting the request over a service access network 24 to a service node 26. The service node 26 does not immediately initiate the services offered. Rather, it generates a challenge code or causes a challenge code to be generated in an authentication center 30. The challenge code is sent over an authentication challenge network 28 to the personal unit 20.
When the personal unit 20 receives an authentication challenge code, it prompts the user to input a PIN or other identifying information, and ,generates a response code AMENDED ~HEEI~

~w . r;
~' g~819 ~ ~ ,:_;.. 1~9b by an algorithm having the challenge code, an internal security code and the PIN as variable. Alternatively, several challenge codes can be received and stored in the personal unit 20, and the user prompted for the user input when attempting access to an electronic service. The user inputs a PIN, for example, via the keyboard 21c of the personal unit 20. However, known character recognition devices can be used to recognize a signature, or writing generally, which is input on a pad via a stylist. Other possibilities include a finger print or retinal scan devices, though the expense of these devices makes a practical embodiment less likely except for transactions requiring the highest form of security.
The internally stored algorithm then generates a response code based on the challenge code, the user input, and optionally a secret key.
The response code is either displayed on a display (Fig. 2) for manual input to terminal 22, or electronically, acoustically or optically input to terminal 22 which then transparently transmits the response code over the service .access network 24 to the service node 26. Alternatively or additionally, the response can be transmitted over the authentication network 28 to the authentication center 30 which then may send the response to the service node 26, or compare the response to an expected response and forward the result to the service node 26. If the response code: is acceptable, the service node 26 permits the user to access the services offered. The response code is compared to an expected response code, which, in exemplary embodiments, may be pre-stored or generated using the same algorithm and variables. Because the communication links in the authentication challenge network 28, and perhaps the service access network 24 may suffer from noise (e.g., radio interference), some tolerance rnay be given in the result of the comparison. In other words, the response code and the expected response code do not have to be exactly the same to gain access to the service, particularly when using an analog, rather than a digital, transmission format.
AMENDED SHEET

~.1 '~ 3 ~ ~ 9 ~-~ , ~;_- 1996 - to -With reference to the tlow chart of Figure 3, an exemplary authentication process begins at step S 10 where a user initiates communication to a service node 26 via the service access network 24. This can be as simple as picking up the telephone and dialing an appropriate telephone number, which may be pre-stored in the personal unit 20. At step S 12, the process may include entering a user number or identity, such as used for a data service. As shown at step S 14, the service access network 24 transparently communicates an access request from the user to the service node 26. The service node 26, in response to the access request, requests authentication via an authentication challenge network 28 by sending a challenge code (either generated in a separate authentication center 30 or in the service node 26) to the user's personal unit 20, as shown at step S 18. Alternatively, one or more challenge codes can be sent to the personal unit 20 in advance. The personal unit 20 may display a prompt to prompt the user to input, for example, a security code, such as a PIN, or the terminal 22 may provide the prompt as shown in step 520. Upon entry of the user input, the algorithm unit 21b of the personal unit 20 calculates and sends a response: code either to the display or to a dual tone multi-frequency generator, or both as shown in step S22.
Other output devices can be used, such as radio wave (e.g., radio transmitter or transceiver), infrared, visible or ultraviolet generators (e.g., LED's or semiconductor lasers), electrically inductive couplers (e.g., induction coils), or forms of acoustic devices other than a DTMF generator.
The user then either manually inputs the displayed response code to the terminal 22, or the personal unit 20 directly inputs the response code in the case of a different type of output device. For example, when a dual tone multi-frequency (DTMF) generator is used with a communication system, the user presents generated tones to a microphone of such a system.
The service access network 24 transparently transmits. the response code to the service node 26 which determines whether it is acceptable as shown in step S24. If the AMEiVDED SHEET

i ~ _7 -~ ~ j ;~ J '- ~ ~ - ~ 5 / r; ..~ l i A
' .~ ~ -; . q _ 1996 authentication center 30 performs the comparison of the received response code to the expected response code, the service node 26 will transmit the response code to the authentication center 30. Alternatively, the personal unit 20 can send via radio transmission the response directly to the authentication center 30 and the authentication center 30 can inform the service node 26 of the results. if the response code is not acceptable, the user's access to the service is denied and the process returns to either initiating the entire process or re-requesting the identitication information as shown in step S26. Optionally, the system can disable the personal unit 2U if a predetermined number of denied access attempts occur or if the personal unit 20 has been reported as stolen.
If the response code is acceptable, the service is accessed and the user can perform the desired, available functions through the service node 26.
With reference to Figure 1 A, the basic procedure is ea;amined with reference to specific, numbered communications of an exemplary embodiment.
(1) ENTER USERID: PTOEXAN.
(2) Service node 26 receives request for a service from PTOEXAN. This USERID is connected to Patent and Trademark Oftice Examiner Andersson. Service node 26 sends a request for authentication: "Please authenticate this user: Examiner Andersson.'°
(3) Challenge code is sent to Examiner Andersson's authentication pager.
(4) ENTER PASSWORD, which is sent to the data terminal 22 from the service node 26.
(5) Examiner Andersson enters PIN number to activate calculation of response code in personal unit 20. Response code is shown on the display of the personal unit 20, and then manually input t.o the data terminal 22.
Alternatively, the response code can be sent via a radio link directly to the authentication center 30.
(6) The response code is sent from the service node 26 to the authentication center 30.
AMENDED SHEET

CA 02193819 1996-12-23 , _ 9 3~ ~ ~ 1 ~ -~;~_ 1996 _ 1y _ (7) Authentication center 30 compares the received response to the expected response and sends a message to the service node 26 informing the node authenticated/not authenticated.
(8) Authentication approved/not approved to the user.
As a concrete example of the present invention, a home banking application will be described. In this application, the intention is to transfer money from the owner's account to a different account, such as a creditor's account. The user can pay his bills at home using a telephone and a personal unit 20. In this example, all authentication steps performed by the user are manual. The resulting dialogue is as follows:
User: Initiates a telephone call by calling a payment service-telephone number of a bank.
Bank: "Enter your account number."
User: "4219231459i~."
Bank: "Please enter the following digits into your authentication unit - 1, 2, 3, 2, 8" (challenge code). Alternatively, if the challenge code is broadcast or previously stored in the personal unit 20, then this step is skipped.
"Please enter your personal identitication number."
User: Enters his PIN into the personal unit 20. The personal unit 20 presents a challenge response, e.g., "i9283746", on the personal unit's display. The user enters " 19283746" on the telephone keypad.
Bank: "Enter account number of account to receive payment."

User: "431395067811."
Bank: "Account of Ms. Jane Doe, Anytown, USA. Enter amount."
User: "'$500.00."
AMENDED SHEET

n ~1 , r' "i A
~.~_ ? i w .- z~= ~ ~?~
~..1 - l3-Bank: "$500.00 is credited to the account of Ms. Jane Doe.
Transaction reference number 123456."
User: Hangs up.
This procedure may be complicated by routines for interrupting if an error has occurred, routines for handling more than one transaction during a single call, routines for using another home telephone, etc.
A second exemplary procedure involves charging for long distance calls using a special service node (SSN). In this example, the authentication is provided when charging a long distance call through a long distance telephone company.
User: The special service node telephone is, e.g., with the prefix 900, followed by the long distance telephone number to be called, e.g., 900 555-1212 .
SSN: "Give ID and challenge response."
User: Enters PIN into a personal unit 20 (wh:ich has received a radio transmitted challenge code) and the personal unit 20 presents a challenge response on its display, e.g., "19283746." A button is then pressed and the personal unit's speaker is held against a microphone of the telephone giving an acoustical DTMF output to the SSN, e.g., '°#0859032843#19283746#" which includes a personal identity number and followed by a response to the challenge code.
SSN: Authenticity of the response code is checked and, if acceptable, the connection is provided.
The same personal unit 20 can be used for both the above transactions. A
more automatic transaction can be implemented. For instance, the personal unit 20 may include a receiver and a DTMF transmitter, in which case, the user merely initiates access to a service and at a prompt inputs a user input, such a;s a PIN.
To avoid waiting for the paging system to transmit challenges over a wide area paging network, for example, it is possible to transmit several (e.g., three) challenge codes which are stored in the personal unit 20 until used when a PIN is entered to AMENDED SHEE-i ~','~_=95/G~;7i9 r r t,_7 .Y ;~; ,. -~ ~ ~ . . t~ X996 .': i generate a response code. The response code subsequently generated is not to be used more than once if repeating an entry due to error.
The authentication center 30 can determine when to provide additional challenge codes to a personal unit 20 via a radio signal, because it receives the responses in order to perform the authentication. Alternatively, it the service node 26 receives the responses, the service node 26 requests the authentication center 30 to send the next expected response to the service node 26, so that the authentication center 30 can count the number of generated~used response codes. As stated previously, an authentication center 30 may be combined with a service node 26 or may be independently located and used by several service nodes.
The present invention can be implemented for any suitable service node 26 using existing networks without significant costs by setting up appropriate data exchanges between existing networks and service nodes. The response code may be used for authentication using any terminal in any networks, provided the terminal is capable of transmitting data. The response code may be sent via the authentication network 28 (e.g., via a radio signal).
According to one embodiment of the present invention, a method for authentication is provided which can be used for all electronic services subscribed by a user without requiring numerous passwords to be remembered. To achieve this, the authentication network 30 is connectable to all electronic networks or service nodes 26.
When a user addresses a particular service node 26, requesting a service, the service node 26 sends a request for authentication to the authentication center 30. At reception of the request for authentication of a user, the authentication center 30 generates a challenge code which is sent to the ~~ser via the service node. 26. The user may then manually input the challenge code and a user input, such as a F'1N, into his personal unit 20, to receive a response code, shown on the display of the personal unit 20.
The response may then be manually input to the terminal 22 used for accessing the service.
AN~~idl;~D SHEET

i ~. i r L ? 7 ~ 1y ~
- IS -An authenticity check may then be performed either by the authentication center 30 or by the service node 26.
The challenge code may also be sent to the personal unit 20 via radio from the authentication center 30, or sent as DTMF tones, for example via a PSTN
telephone.
The response code may also be sent to the authentication centE:r 30 via radio or sent as DTMF tones, for example via a PSTN telephone.
This authentication method does not require any than~;es to existing terminals.
The method allows the response code to be sent to the node 26 performing the authenticity check in a way suitable to the service application. The PIN code used to activate the calculation of a response in the personal unit 20 is the only "password" or PIN that must be memorized by the user.
The present invention may, of course, be carried out in other specitrc ways than those set forth herein without departing from the spirit and the central characteristics of the invention. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, and all changes coming within the meaning and the equivalency range of the appended claims are intended to be embraced herein.
AMENDED SHEE i

Claims (37)

WHAT IS CLAIMED IS:
1. ~A method for authenticating a prospective user of an electronic service associated with a service node, the user having a personal unit, said method comprising the steps of:
transmitting a challenge code generated from an authentication center, which is either separate from or integral in the service node, over a network that is independent of the type of electronic service being selected;
receiving said challenge code in said personal unit;~
generating, in said personal unit, a response code based on an algorithm having at least said challenge code and a user input as variables;
generating, in said personal unit, an output code comprising said response code for either transmission from the personal unit to the authentication center or input to a terminal, said terminal being operatively connected to said electronic service;
comparing by the authentication center or the service node said response code with an expected response code; and permitting access to said electronic service only when a result of said comparison step is accepted.
2. ~A method according to claim 1, further comprising the step of:

requesting access to said electronic service before said challenge code is received, wherein said challenge code is transmitted and received in response to said access request.
3. ~A method according to claim 1, further comprising the steps of:
storing one or more received challenge codes ins said personal unit; and requesting access to said electronic service after said challenge code is received and stored, wherein said algorithm uses at least one of said stored challenge codes and a user input as variables in generating a response code.
4. ~A method according to claim 1, further comprising the steps of:
receiving said user input through a keypad.
5. ~A method according to claim 1, further comprising the steps of:
receiving said user input through a character recognition device.
6. ~A personal unit comprising:
a receiver for receiving a challenge code;
an input means for inputting a user input;

- l8 -a response code generating means, operatively connected to said receiver and said input means, for generating a response code in accordance with a received challenge code and a user input;

an output means for generating an output code comprising said response code for input to a terminal connected to an external electronic service, said personal unit being physically separate from said terminal and said terminal being at the location of the user.
7. A personal unit according to claim 6, wherein said receiver includes a radio wave receiver.
8. A personal unit according to claim 7, wherein said receiver includes conventional pager circuitry.
9. A personal unit according to claim 6, wherein said user input is a personal identification number.
10. A personal unit according to claim 6, wherein said input means includes a keypad.
11. A personal unit according to claim 6, wherein said input means includes a character recognition device.
12. A personal unit according to claim 6, wherein said output means includes a display.
13. A personal unit according to claim 6, wherein said output means includes an acoustic generator.
14. A personal unit according to claim 13, wherein said acoustic generator includes a dual tone multi-frequency generator.
15. A personal unit according to claim 6, wherein said output means includes an optical generator.
16. A personal unit according to claim l5, wherein said optical generator includes at least one of a infrared generator, a visible light generator, and a ultraviolet light generator.
17. A personal unit according to claim 6, wherein said output means includes at least one electrically inductive coupler.
18. A personal unit according to claim 17, wherein said at least one electrically inductive coupler includes at least one induction coils.
19. A personal unit according to claim 6, wherein said output means includes a radio transmitter.
20. A personal unit according to claim 6, wherein said response code generator means calculates a response code in accordance with an algorithm wherein said received challenge code, said user input and a secret key stored in said personal unit are variables in the algorithm.
21. A personal unit according to claim 6, further comprising:

means for storing one or more received challenge codes in said personal unit, wherein said response code generating means generates a response code after said challenge code is received and stored, and wherein an algorithm uses at least one of said stored challenge codes and a user input as variables in generating a response code.
22. A system for granting access to an electronic service, comprising:

a personal unit for receiving a challenge code, for receiving a user input, and generating a response code according to a received challenge code and said user input;

a terminal operatively connected to an authentication center, said terminal being capable of receiving said response code; and a network independent of said electronic service for sending said challenge code when access to a service is attempted, said network interconnecting comparing means for comparing said response code generated by said personal unit to an expected response code and permitting means for permitting access to said service only when a result of said comparison of said response code generated by said personal unit to said expected response code is accepted.
23. A system according to claim 22, wherein said network comprises:

a service access network for transmitting a request to access a service;
an authentication challenge network, operatively connected to said authentication center, for transmitting said challenge code to said personal unit, said system further comprising:

at least one service node for providing a service including exchanging service data with a user through said service access network and for receiving said request to access a service causing the authentication center to generate a challenge code in response to said request to access a service.
24. A system according to claim 23, wherein said service access network further comprises means for transmitting said response code to said comparing means.
25. A system according to claim 23, wherein said authentication challenge network further comprises means for transmitting said response code to said comparing means.
26. A system according to claim 24, wherein said comparing means is located in said authentication center.
27. A system according to claim 25, wherein said comparing means is located in said authentication center.
28. A system according to claim 24, wherein said comparing means is located in said at least one service node.
29. A system according to claim 25, wherein said comparing means is located in said at least one service node.
30. A system according to claim 22, wherein said response code is generated according to an algorithm stored in said personal unit.
31. A system according to claim 23, wherein said service access network includes a land-line telephone system.
32. A system according to claim 24, wherein said service node offers one or more services selected from the following group of services: banking services, credit card services, automatic teller machine services, account information services, general information services, security services, and long distance telephone services.
33. A system according to claim 23, wherein said authentication challenge network includes a radio transmitter.
34. A system according to claim 23, wherein said authentication challenge network includes a cellular telephone network.
35. A system according to claim 23, wherein said authentication challenge network includes a pager network.
36. A system according to claim 22, wherein said personal unit generates said response code according to said received challenge code, said user input and a secret key stored in said personal unit.
37. A system according to claim 22, wherein said personal unit further comprises:

means for storing one or more received challenge codes in said personal unit, wherein said response code is generated after said challenge code is received and stored, and wherein an algorithm uses at least one of said stored challenge codes and a user input as variables in generating a response code.
CA002193819A 1994-06-24 1995-06-14 User authentication method and apparatus Expired - Lifetime CA2193819C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US08/264,939 US5668876A (en) 1994-06-24 1994-06-24 User authentication method and apparatus
US08/264,939 1994-06-24
PCT/SE1995/000719 WO1996000485A2 (en) 1994-06-24 1995-06-14 User authentication method and apparatus

Publications (2)

Publication Number Publication Date
CA2193819A1 CA2193819A1 (en) 1996-01-04
CA2193819C true CA2193819C (en) 2006-09-12

Family

ID=36999255

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002193819A Expired - Lifetime CA2193819C (en) 1994-06-24 1995-06-14 User authentication method and apparatus

Country Status (1)

Country Link
CA (1) CA2193819C (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG130035A1 (en) * 2000-02-14 2007-03-20 Yong Kin Michael Ong Increased security for electronic transactions
US8230486B2 (en) 2003-12-30 2012-07-24 Entrust, Inc. Method and apparatus for providing mutual authentication between a sending unit and a recipient
US8612757B2 (en) 2003-12-30 2013-12-17 Entrust, Inc. Method and apparatus for securely providing identification information using translucent identification member
US9100194B2 (en) 2003-12-30 2015-08-04 Entrust Inc. Method and apparatus for providing authentication between a sending unit and a recipient based on challenge usage data
US9191215B2 (en) 2003-12-30 2015-11-17 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques
US9281945B2 (en) 2003-12-30 2016-03-08 Entrust, Inc. Offline methods for authentication in a client/server authentication system
US9519770B2 (en) 2003-12-30 2016-12-13 Entrust, Inc. Transaction card for providing electronic message authentication

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100559008B1 (en) 2003-04-02 2006-03-10 에스케이 텔레콤주식회사 User authentication system using infrared communication of mobile telephony terminal and method therefore

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG130035A1 (en) * 2000-02-14 2007-03-20 Yong Kin Michael Ong Increased security for electronic transactions
US7849005B2 (en) 2000-02-14 2010-12-07 Yong Kin Ong Electronic funds transfer method
US8230486B2 (en) 2003-12-30 2012-07-24 Entrust, Inc. Method and apparatus for providing mutual authentication between a sending unit and a recipient
US8612757B2 (en) 2003-12-30 2013-12-17 Entrust, Inc. Method and apparatus for securely providing identification information using translucent identification member
US9100194B2 (en) 2003-12-30 2015-08-04 Entrust Inc. Method and apparatus for providing authentication between a sending unit and a recipient based on challenge usage data
US9191215B2 (en) 2003-12-30 2015-11-17 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques
US9281945B2 (en) 2003-12-30 2016-03-08 Entrust, Inc. Offline methods for authentication in a client/server authentication system
US9519770B2 (en) 2003-12-30 2016-12-13 Entrust, Inc. Transaction card for providing electronic message authentication
US9876793B2 (en) 2003-12-30 2018-01-23 Entrust, Inc. Offline methods for authentication in a client/server authentication system
US10009378B2 (en) 2003-12-30 2018-06-26 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques

Also Published As

Publication number Publication date
CA2193819A1 (en) 1996-01-04

Similar Documents

Publication Publication Date Title
EP0766902B1 (en) User authentication method and apparatus
US6259909B1 (en) Method for securing access to a remote system
EP0493895B1 (en) Telephone network credit card calling apparatus and method of operation
EP0708547B1 (en) Cellular telephone as an authenticated transaction controller
EP1305926B1 (en) Arrangement for authenticating a user and authorizing use of a secured system
CA2013374C (en) Authenticated communications access service
US7565321B2 (en) Telepayment method and system
CA2114562C (en) Fraud protection for card transactions
CN101242271B (en) Trusted remote service method and system
US7865719B2 (en) Method for establishing the authenticity of the identity of a service user and device for carrying out the method
JP2000069571A (en) Method and system for safe and sure remote payment of article purchased and/or service received through mobile radio telephone system, and the mobile radio telephone system
US7251731B2 (en) Call set-up from a mobile radio telephone terminal with biometric authentication
CA2193819C (en) User authentication method and apparatus
JP2001508955A (en) Security system and method for services provided by telecommunications operators
WO2000035178A2 (en) Method and device for access control by use of mobile phone
KR20100120371A (en) System and method for collecting user authentication information, and system for processing credit card approval
CN1124766C (en) System and method for preventing replay attacks in wireless communication
US6983485B1 (en) Method and apparatus for authentication for a multiplicity of services
KR101005982B1 (en) System and method for drawing out/in cash by using mobile telecommunication network
MXPA96006518A (en) Usua authentication method and device
KR100367777B1 (en) secure service system and method of supporting secure service
JPH0494232A (en) Verification method for communication terminal equipment
KR100336093B1 (en) Method and apparatus for changing limitation storable money
KR20010048798A (en) A method for citating an subscriber in a speech information processing unit
CA2336935C (en) A method for securing access to a remote system

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20150615