EP1442350A2 - User identity verification system - Google Patents
User identity verification systemInfo
- Publication number
- EP1442350A2 EP1442350A2 EP02761938A EP02761938A EP1442350A2 EP 1442350 A2 EP1442350 A2 EP 1442350A2 EP 02761938 A EP02761938 A EP 02761938A EP 02761938 A EP02761938 A EP 02761938A EP 1442350 A2 EP1442350 A2 EP 1442350A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- identification information
- user
- server
- communication medium
- client terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/313—User authentication using a call-back technique via a telephone network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
Definitions
- the invention relates in general to the field of user identity verification.
- the invention relates to a method and apparatus for user identification in a client-server system.
- Common user identity verification systems are based on passwords that are memorised by the user. Such systems may be subverted if the memorised information becomes publicly available.
- Another problem associated with passwords for user identity verification is that a user may require passwords for a number of separate computer systems, and therefore has to remember not only a number of passwords, but also which password corresponds to which computer system. This can lead to a user adopting a common password for all computer systems. Having a single universal password poses a considerable increase in risk of a security breach at all the systems due to the increased likelihood of the password becoming publicly available, and public awareness that one password may permit access to more than one separate computer system.
- Other more sophisticated forms of subvision exist, such as local or remote monitoring of key storkes or screen displays .
- a known alternative user identity verification technique involves the possession of a token, such as a card comprising identification information.
- the holder of the token can be identified as an authorised user.
- a token such as a card comprising identification information.
- the token comprises an optical disc or a smartcard disc.
- cards can be stolen or duplicated, allowing unauthorised and/or unidentifiable users to access otherwise secure computer systems.
- An aim of the present invention is to provide a method and apparatus for verifying identity of a user in a manner which is reliable and which is not vulnerable to subversion.
- Preferred embodiments of the present invention aim to address the problems of the prior art mentioned above.
- a method of user identity verification in a system comprising a client terminal couplable to a server by a first communication medium, the method comprising: sending a first identification information over the first communication medium from the client terminal to the server; verifying, at the server, that the first identification information corresponds to a stored user profile; returning a second identification information to a user over a second communication medium according to the stored user profile; sending the second identification information to the server via the client terminal; and verifying user identity, at the server, according to presentation of the second identification information.
- a user identity verification apparatus comprising: a server comprising a user profile store; a client terminal coupled to a server by a first communication medium; a second communication medium coupled to the server for supply of second identification information to a user, the client terminal being arranged in use to receive the first identification information, and to supply the first identification information over the first communication medium to the server; the server being arranged to verify that the first identification information correspond to a user profile in the user profile store and to supply a second identification information to the user over the second communication medium according to the stored user profile; the client terminal being arranged to receive the second identification information from the user and to supply the second identifier information to the server; and the server being arranged to verify user identity according to presentation of the second identification information.
- the first identification information includes any one of a username, a memorised access code, information read from a token, or any combination thereof.
- the first communication medium is different from the second communication medium.
- the third identification information is supplied to the user over the second communication medium through a mobile communication device.
- the second identification information is transmitted from the client terminal to the server over the first communication medium.
- the first identification information is derived from at least one second identification information supplied to a user previously.
- the first information includes a plurality of second identification information supplied to a user previously, and stored on a token.
- the token is a removable storage device.
- the second identification information sent to the user over the second communication medium is regenerated by the server.
- Figure 1 shows a preferred apparatus for user identity verification
- Figure 2 shows a flowchart illustrating a preferred method for user identity verification.
- Figure 1 shows a preferred apparatus for verifying identity of a user 1.
- the apparatus comprises a client terminal 10 coupled to a server 20 over a first communication link 50.
- the server 20 is also coupled to a second communication link 60.
- the first communication link 50 is ideally different to the second communication link 60.
- the first communication link 50 comprises a computer network such as a local area or wide area network, a- virtual private network, or a more open communication link such as the internet.
- the second communication link is, for example, a telecommunications network, suitably a wireless telephony network or cellular telephony network.
- Most preferably the second communication link 60 is a GSM cellular network capable of carrying short messages (SMS) .
- SMS short messages
- the apparatus of Figure 1 comprises a user profile store 22 at a suitable verification point.
- the server 20 it is convenient for the server 20 to comprise the user profile store 22, although it is possible for the user profile store 22 to be remote from the server 20.
- the client terminal 10 is any suitable form of computing platform, such as a desktop computer or mobile computing device such as a laptop or palmtop computer .
- Figure 2 shows a preferred method for verifying user identity, for use with the apparatus of Figure 1.
- the client terminal 10 receives first identification information.
- the first identification information is supplied to the client terminal 10, such as by the user 1 typing a user name and/or memorised access code into a keyboard input device 12- of the client terminal 10.
- the first identification information is sent from the client terminal 10 to the server 20 over the first communication link 50.
- the server 20 uses the received first identification information to retrieve a user profile from the user profile store 22. This provides a preliminary identification of the user 1.
- the server 20 then generates a second identification information, which is returned over the second communication link 60, to reach the user 1, at step 203.
- the second identification information is transferred to the client terminal 10, such as by the user 1 typing the second identification information into a keyboard input device 12 of the client terminal 10.
- the client terminal 10 sends the second • • identification information back to the server 20, over the first communication link 50.
- the server 20 verifies the identity of the user 1 based on the received second identification information.
- the second communication link 60 is a message transmission system such as an SMS system for use on GSM cellular networks .
- the second identification information is received by the user 1 such as by using a mobile communications device 40, i.e. a mobile phone.
- sending the second identification information to the user's mobile phone 40 according to a predetermined user profile in the user profile store 22, allows increased certainty as to the user's identity.
- Most users tend to carefully guard their mobile communication device 40 and will notice if it is stolen or subject to subversion. Hence, the user will take precautions to avoid unauthorised use of their mobile communication device 40.
- possession of the mobile communication device 40 allows a high degree of trust to be placed in the user's identity.
- the first identification information is provided at least in part from a token 30.
- the token 30 is readily portable and may be carried by the user 1.
- the user presents the token 30 to a token reader 11 of the client terminal 10.
- the token reader 11 extracts the first identification information from the token 30.
- the first identification information may come only from the token 30.
- the first identification information can be formed by taking identification information from the token 30, and from a user input such as . a user name and/or memorised access code.
- the first identification information is received and checked by the server 20, and is used to extract a user profile from the user profile store 22.
- the user profile store 22 contains information which allows a message to be sent over the second communication link 60 to reach the user 1, suitably at their mobile communication device 40.
- the user profile store contains a predetermined mobile telephone number of the mobile communication device 40.
- the second identification information is in the form of a password that is randomly generated by the server 20.
- the randomly generated password contains a short string (e.g. eight to twelve characters) containing a sequence of letters and numbers.
- the user 1 may then easily manually transfer the password from their mobile communication device by typing the password into a keyboard input device of the client terminal 10.
- the password can be automatically transferred from the mobile communication device 40 to the client terminal 10, such as by a short range infra-red communication link.
- the token 30 is a removable storage medium such as a smart card, or preferably a CD or DVD format storage medium.
- the token 30 comprises an updateable or re-writable storage medium such as a CD-RW or a re-writable DVD. This provides an additional layer of security, as the client terminal 10 can record passwords from previous occasions onto the token 30, i.e. record an incremental identity derived from the previous passwords.
- the client terminal 10 can then transmit the incremental token identity back to the server 20 via the first communication link 50, and these can also be checked against a list contained in the user profile store 22. Only if the server 20 is satisfied that the first identification information comprising the incremental identity read from the token 30 matches a stored profile in the user profile store 22 is a new password transmitted to the mobile communication device 40 of the user 1. This makes the cloning of tokens a less effective way to defeat the user identity verification system, since a cloned token will become out of date as soon as the real token 30 is used.
- other security coding can be included with ⁇ the first identification information on the token 30. The other security coding can also be regenerated and stored on the token 30 to add a yet further layer of security.
- the token 30 suitably stores operating software which allows the identity verification system to run on the client terminal 10.
- the token 30 by inserting the token 30 into any suitable computer terminal 10, the user
- Token 30 can also store other information such as promotional and advertising material.
- the identification information stored by the token 30 and/or the other information can be strongly encrypted.
- the token 30 and the* mobile communication device 40 can be incorporated into a single unit.
- the token 30 can in alternative embodiments further comprise a magnetic strip and/or a microprocessor chip to enable a single token 30 to be used for identification in a number of other existing systems.
- the token may include other visible identification information, such as a photograph identity.
- the user identity verification system described herein is able to operate at a number of different levels of security.
- a system administrator is able to select appropriate levels of security according to the needs of particular user or group of users . For some purposes it may be sufficient simply for possession of the token 30 to be an adequate mechanism for identifying the user 1.
- the transmission of first and second identification information, via the first and second communication links 50, 60 allows a higher degree of certainty.
- possession of both the token 30 and the mobile communication device 40 is required.
- a memorised user name or memorised access code is required, which avoids subversion in the event that the token 30 and. the mobile communication device 40 are stolen.
- the user identification system can be used to control access to buildings in combination with electronic locking mechanisms .
- Further example applications include authentication for pay-per-view broadcasting systems, or access to a private electronic messaging system.
Abstract
A user identity verification method and apparatus having improved security characteristics are provided. The method and apparatus are suitable for use in a system comprising a client terminal (10) coupled to a server (20) by a first communication medium (50). A user (1) supplies a token (30) comprising first identification information to the client terminal (10), and also supplies identification information such as a memorised username. The supplied first identification information is transmitted over the first communication medium (50) from the client terminal (10) to the server (20). The server verifies that the first identification information corresponds to a stored user profile and then sends a second identification information to the user over a second communication medium (60, 40) such as a GSM network (60) to the user's mobile telephone (40). The user supplies the second identification information to the server (20) via the client terminal (10) and the user's identity is verified at the server according to presentation of the second identification information.
Description
User Identity Verification System
The invention relates in general to the field of user identity verification. In particular, the invention relates to a method and apparatus for user identification in a client-server system.
In the field of computer systems, it is often desired to verify a user's identity, as user identity verification is important to maintain secure systems. Once a user's identity has been verified, an appropriate level of access can be allowed. In addition to allowing access, knowledge of a user's identity allows that user's browsing and/or other habits to be monitored.
Common user identity verification systems are based on passwords that are memorised by the user. Such systems may be subverted if the memorised information becomes publicly available. Another problem associated with passwords for user identity verification is that a user may require passwords for a number of separate computer systems, and therefore has to remember not only a number of passwords, but also which password corresponds to which computer system. This can lead to a user adopting a common password for all computer systems. Having a single universal password poses a considerable increase in risk of a security breach at all the systems due to the increased likelihood of the password becoming publicly available, and public awareness that one password may permit access to more than one separate computer system. Other more sophisticated forms of subvision exist, such as local or remote monitoring of key storkes or screen displays .
A known alternative user identity verification technique involves the possession of a token, such as a card comprising identification information. The holder of the token can be identified as an authorised user. One example of this type of system is described in the International Application WO 00/62249 in which the token comprises an optical disc or a smartcard disc. However, cards can be stolen or duplicated, allowing unauthorised and/or unidentifiable users to access otherwise secure computer systems.
An aim of the present invention is to provide a method and apparatus for verifying identity of a user in a manner which is reliable and which is not vulnerable to subversion. Preferred embodiments of the present invention aim to address the problems of the prior art mentioned above.
According to a first aspect of the present invention there is provided a method of user identity verification in a system comprising a client terminal couplable to a server by a first communication medium, the method comprising: sending a first identification information over the first communication medium from the client terminal to the server; verifying, at the server, that the first identification information corresponds to a stored user profile; returning a second identification information to a user over a second communication medium according to the stored user profile; sending the second identification information to the server via the client terminal; and verifying user identity, at the server,
according to presentation of the second identification information.
According to a second aspect of the present invention there is provided a user identity verification apparatus comprising: a server comprising a user profile store; a client terminal coupled to a server by a first communication medium; a second communication medium coupled to the server for supply of second identification information to a user, the client terminal being arranged in use to receive the first identification information, and to supply the first identification information over the first communication medium to the server; the server being arranged to verify that the first identification information correspond to a user profile in the user profile store and to supply a second identification information to the user over the second communication medium according to the stored user profile; the client terminal being arranged to receive the second identification information from the user and to supply the second identifier information to the server; and the server being arranged to verify user identity according to presentation of the second identification information.
Preferably, the first identification information includes any one of a username, a memorised access code, information read from a token, or any combination thereof.
Preferably, the first communication medium is different from the second communication medium.
Preferably, the third identification information is supplied to the user over the second communication medium through a mobile communication device.
Preferably, the second identification information is transmitted from the client terminal to the server over the first communication medium.
Preferably, the first identification information is derived from at least one second identification information supplied to a user previously.
Preferably, the first information includes a plurality of second identification information supplied to a user previously, and stored on a token.
Preferably, the token is a removable storage device.
Preferably, the second identification information sent to the user over the second communication medium is regenerated by the server.
For a better understanding of the invention, and to show how embodiments of the same may be carri-ed into effect, reference will now be made, by way of example, to the accompanying diagrammatic drawing in which:
Figure 1 shows a preferred apparatus for user identity verification; and
Figure 2 shows a flowchart illustrating a preferred method for user identity verification.
Figure 1 shows a preferred apparatus for verifying identity of a user 1. The apparatus comprises a client terminal 10 coupled to a server 20 over a first communication link 50. The server 20 is also coupled to a second communication link 60. The first communication link 50 is ideally different to the second communication link 60. For example, the first communication link 50 comprises a computer network such as a local area or wide area network, a- virtual private network, or a more open communication link such as the internet. The second communication link is, for example, a telecommunications network, suitably a wireless telephony network or cellular telephony network. Most preferably the second communication link 60 is a GSM cellular network capable of carrying short messages (SMS) .
The apparatus of Figure 1 comprises a user profile store 22 at a suitable verification point. In this example it is convenient for the server 20 to comprise the user profile store 22, although it is possible for the user profile store 22 to be remote from the server 20.
It is desired to verify the identity of a user 1 who wishes to gain access to the apparatus, through the client terminal 10. Here, the client terminal 10 is any suitable form of computing platform, such as a desktop computer or mobile computing device such as a laptop or palmtop computer .
Figure 2 shows a preferred method for verifying user identity, for use with the apparatus of Figure 1.
Initially, the client terminal 10 receives first identification information. Suitably, the first identification information is supplied to the client terminal 10, such as by the user 1 typing a user name and/or memorised access code into a keyboard input device 12- of the client terminal 10.
At step 201, the first identification information is sent from the client terminal 10 to the server 20 over the first communication link 50.
At step 202, the server 20 uses the received first identification information to retrieve a user profile from the user profile store 22. This provides a preliminary identification of the user 1. The server 20 then generates a second identification information, which is returned over the second communication link 60, to reach the user 1, at step 203.
The second identification information is transferred to the client terminal 10, such as by the user 1 typing the second identification information into a keyboard input device 12 of the client terminal 10.
At step 204, the client terminal 10 sends the second • • identification information back to the server 20, over the first communication link 50.
At step 205, the server 20 verifies the identity of the user 1 based on the received second identification information.
Referring again to Figure 1, ideally the second communication link 60 is a message transmission system such as an SMS system for use on GSM cellular networks . Hence, the second identification information is received by the user 1 such as by using a mobile communications device 40, i.e. a mobile phone.
Advantageously, sending the second identification information to the user's mobile phone 40 according to a predetermined user profile in the user profile store 22, allows increased certainty as to the user's identity. Most users tend to carefully guard their mobile communication device 40 and will notice if it is stolen or subject to subversion. Hence, the user will take precautions to avoid unauthorised use of their mobile communication device 40. By sending the second identification information through the mobile communication device, possession of the mobile communication device 40 allows a high degree of trust to be placed in the user's identity.
As a further enhancement of the present invention, it is preferred that the first identification information is provided at least in part from a token 30. Suitably, the token 30 is readily portable and may be carried by the user 1. The user presents the token 30 to a token reader 11 of the client terminal 10. The token reader 11 extracts the first identification information from the token 30.
In this embodiment, the first identification information may come only from the token 30. Alternatively, the first identification information can be
formed by taking identification information from the token 30, and from a user input such as . a user name and/or memorised access code.
The first identification information is received and checked by the server 20, and is used to extract a user profile from the user profile store 22. Suitably, the user profile store 22 contains information which allows a message to be sent over the second communication link 60 to reach the user 1, suitably at their mobile communication device 40. For example, the user profile store contains a predetermined mobile telephone number of the mobile communication device 40.
Suitably, the second identification information is in the form of a password that is randomly generated by the server 20. In an example embodiment, the randomly generated password contains a short string (e.g. eight to twelve characters) containing a sequence of letters and numbers. The user 1 may then easily manually transfer the password from their mobile communication device by typing the password into a keyboard input device of the client terminal 10. Alternatively the password can be automatically transferred from the mobile communication device 40 to the client terminal 10, such as by a short range infra-red communication link.
Any suitable event can be used to trigger . the generation of a password by the server 20, e.g. the expiry of a particular time period such as seven days. The trigger may be specific to a particular user, or can cover a. small or large group of users to allow mass renewal of passwords conveniently through software administration.
In preferred embodiments, the token 30 is a removable storage medium such as a smart card, or preferably a CD or DVD format storage medium. Ideally, the token 30 comprises an updateable or re-writable storage medium such as a CD-RW or a re-writable DVD. This provides an additional layer of security, as the client terminal 10 can record passwords from previous occasions onto the token 30, i.e. record an incremental identity derived from the previous passwords. The client terminal 10 can then transmit the incremental token identity back to the server 20 via the first communication link 50, and these can also be checked against a list contained in the user profile store 22. Only if the server 20 is satisfied that the first identification information comprising the incremental identity read from the token 30 matches a stored profile in the user profile store 22 is a new password transmitted to the mobile communication device 40 of the user 1. This makes the cloning of tokens a less effective way to defeat the user identity verification system, since a cloned token will become out of date as soon as the real token 30 is used. Furthermore, other security coding can be included with ■ the first identification information on the token 30. The other security coding can also be regenerated and stored on the token 30 to add a yet further layer of security.
The token 30 suitably stores operating software which allows the identity verification system to run on the client terminal 10. Advantageously, by inserting the token 30 into any suitable computer terminal 10, the user
1 is able to operate the identity verification system.
Token 30 can also store other information such as promotional and advertising material. The identification information stored by the token 30 and/or the other information can be strongly encrypted. In yet further embodiments, the token 30 and the* mobile communication device 40 can be incorporated into a single unit. Furthermore, the token 30 can in alternative embodiments further comprise a magnetic strip and/or a microprocessor chip to enable a single token 30 to be used for identification in a number of other existing systems. The token may include other visible identification information, such as a photograph identity.
It will be appreciated that the user identity verification system described herein is able to operate at a number of different levels of security. Advantageously, a system administrator is able to select appropriate levels of security according to the needs of particular user or group of users . For some purposes it may be sufficient simply for possession of the token 30 to be an adequate mechanism for identifying the user 1. When a more secure system is desired, the transmission of first and second identification information, via the first and second communication links 50, 60, allows a higher degree of certainty. In a still more secure mode, possession of both the token 30 and the mobile communication device 40 is required. In a still higher security mode, a memorised user name or memorised access code is required, which avoids subversion in the event that the token 30 and. the mobile communication device 40 are stolen. Hence, it is very unlikely that all of the communication device 40, the token 30 and the memorised information will be subverted simultaneously.
The method and apparatus for user identify verification described above has many practical applications. As one example, the system is useful in the field of banking, both for identification at cash machines
(automatic teller machines) , and for internet banking.. As another example, the user identification system can be used to control access to buildings in combination with electronic locking mechanisms . Further example applications include authentication for pay-per-view broadcasting systems, or access to a private electronic messaging system.
The. reader's attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference .
All of the features disclosed in this specification
(including any accompanying claims, abstract and drawings) , and/or all • of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive.
Each feature disclosed in this specification
(including any accompanying claims, abstract and drawings) , may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Thus, unless expressly stated otherwise,
each feature disclosed is one example only of a generic series of equivalent or similar features.
The invention is not restricted to the details of the foregoing embodiment (s) . The invention extends to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.
Claims
1. A method of user identity verification in a system comprising a client terminal couplable to a server by a first communication medium, the method comprising:
sending a first identification information over the first communication medium from the client terminal to the server;
verifying, at the server, that the first identification information corresponds to a stored user profile;
returning a second identification information to a user over a second communication medium according to the stored user profile;
sending the second identification information to the server via the client terminal; and
verifying user identity, at the server, according to presentation of the second identification information.
2. A user identity verification apparatus comprising:
a server comprising a user profile store;
a client terminal coupled to a server by a first communication medium; a second communication medium coupled to the server for supply of second identification information to a user,
the client terminal being arranged in use to receive the • first identification .information, and to supply the first identification information over the first communication medium to the server;
the server being arranged to verify that the first identification information correspond to a user profile in the user profile store and to supply a second identification information to the user over the second communication medium according to the stored user profile;
the client terminal being arranged to receive the second identification information from the user and to supply the second identifier information to the server; and
the server being arranged to verify user identity according to presentation of the second identification information.
3. The method or apparatus of claims 1 or 2, wherein the first identification information includes any one of a username, a memorised access code, information read from a token, or any combination thereof.
4. The method or apparatus of any preceding claim wherein the first communication medium is different from the second communication medium.
5. The method or apparatus of any preceding claim wherein the • third identification information is supplied to the user over the second communication medium through a mobile communication device.
6. The method or apparatus of any preceding claim wherein the second identification information is transmitted from the client terminal to the server over the first communication medium.
7. The method or apparatus of any preceding claim, wherein the first identification information is derived from at least one second identification information supplied to a user previously.
8. The method or apparatus of claim 7 , wherein the first information includes a plurality of second identification information supplied to a user previously, and stored on a token.
9. The method or the apparatus of any of claims 3 to 9, wherein the token is a removable storage device.
10. The method or apparatus of any preceding claim wherein the second identification information sent to the user over the second communication medium is regenerated by the server.
Applications Claiming Priority (9)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0109200 | 2001-04-12 | ||
GB0109200A GB0109200D0 (en) | 2001-04-12 | 2001-04-12 | Identifier card |
GB0111528 | 2001-05-11 | ||
GB0111528A GB0111528D0 (en) | 2001-05-11 | 2001-05-11 | The identifier |
GB0126583A GB0126583D0 (en) | 2001-11-06 | 2001-11-06 | The identifier system |
GB0126583 | 2001-11-06 | ||
GB0126929A GB0126929D0 (en) | 2001-11-09 | 2001-11-09 | Identifier card system |
GB0126929 | 2001-11-09 | ||
PCT/GB2002/001645 WO2002084456A2 (en) | 2001-04-12 | 2002-04-11 | User identity verification system |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1442350A2 true EP1442350A2 (en) | 2004-08-04 |
Family
ID=27447938
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP02761938A Ceased EP1442350A2 (en) | 2001-04-12 | 2002-04-11 | User identity verification system |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1442350A2 (en) |
GB (1) | GB2377523B (en) |
WO (1) | WO2002084456A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10250590B2 (en) | 2015-08-31 | 2019-04-02 | Samsung Electronics Co., Ltd. | Multi-factor device registration for establishing secure communication |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1436746A4 (en) | 2001-10-17 | 2007-10-10 | Npx Technologies Ltd | Verification of a person identifier received online |
JP2004234632A (en) | 2003-01-06 | 2004-08-19 | Sony Corp | System, server, method, and program for authentication, terminal, method and program for requiring authentication, and storage medium |
GB2397731B (en) * | 2003-01-22 | 2006-02-22 | Ebizz Consulting Ltd | Authentication system |
AU2003239059A1 (en) | 2003-06-18 | 2005-01-04 | Telefonaktiebolaget Lm Ericsson (Publ) | An arrangement and a method relating to ip network access |
US7372839B2 (en) * | 2004-03-24 | 2008-05-13 | Broadcom Corporation | Global positioning system (GPS) based secure access |
TW200602909A (en) * | 2004-04-23 | 2006-01-16 | Nec Corp | User authentication system and data providing system using the same |
GB2413467B (en) * | 2004-04-24 | 2008-10-29 | David Hostettler Wain | Secure network incorporating smart cards |
ATE390663T1 (en) * | 2005-04-19 | 2008-04-15 | Nahar Anoop | METHOD FOR BROADBAND DATA TRANSMISSION |
EP1868131A1 (en) * | 2006-06-14 | 2007-12-19 | Vodafone Holding GmbH | Method and system for secure user authentication |
EP2359290B8 (en) * | 2008-11-10 | 2017-08-09 | CensorNet A/S | Method and system protecting against identity theft or replication abuse |
NL1039134C2 (en) * | 2011-10-26 | 2013-05-01 | Antonius Johannes Clemens Zon | SYSTEM FOR CHECKING A CERTIFICATE OF IDENTIFICATION. |
RU2583710C2 (en) * | 2013-07-23 | 2016-05-10 | Закрытое акционерное общество "Лаборатория Касперского" | System and method for providing privacy of information used during authentication and authorisation operations using trusted device |
CN103955637A (en) * | 2014-04-09 | 2014-07-30 | 可牛网络技术(北京)有限公司 | Identification method and device for user identity of mobile terminal |
JP6980961B2 (en) * | 2017-04-05 | 2021-12-15 | 株式会社日本総合研究所 | Password verification device, verification method and program to prevent phishing scams |
US11093732B2 (en) * | 2018-09-25 | 2021-08-17 | Advanced New Technologies Co., Ltd. | Reduction of search space in biometric authentication systems |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4679236A (en) * | 1984-12-21 | 1987-07-07 | Davies Richard E | Identification verification method and system |
US5060263A (en) * | 1988-03-09 | 1991-10-22 | Enigma Logic, Inc. | Computer access control system and method |
AU1390395A (en) * | 1994-01-14 | 1995-08-01 | Michael Jeremy Kew | A computer security system |
US5604803A (en) * | 1994-06-03 | 1997-02-18 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
US5668876A (en) * | 1994-06-24 | 1997-09-16 | Telefonaktiebolaget Lm Ericsson | User authentication method and apparatus |
FR2745136B1 (en) * | 1996-02-15 | 1998-04-10 | Thoniel Pascal | SECURE IDENTIFICATION METHOD AND DEVICE BETWEEN TWO TERMINALS |
US5684951A (en) * | 1996-03-20 | 1997-11-04 | Synopsys, Inc. | Method and system for user authorization over a multi-user computer system |
GB2328310B (en) * | 1996-05-15 | 1999-12-08 | Ho Keung Tse | Electronic transaction apparatus and method therefor |
US5881226A (en) * | 1996-10-28 | 1999-03-09 | Veneklase; Brian J. | Computer security system |
JP3595109B2 (en) * | 1997-05-28 | 2004-12-02 | 日本ユニシス株式会社 | Authentication device, terminal device, authentication method in those devices, and storage medium |
GB9929291D0 (en) * | 1999-12-11 | 2000-02-02 | Connectotel Limited | Strong authentication method using a telecommunications device |
US6934858B2 (en) * | 1999-12-15 | 2005-08-23 | Authentify, Inc. | System and method of using the public switched telephone network in providing authentication or authorization for online transactions |
DE20001438U1 (en) * | 2000-01-28 | 2001-06-13 | Prestele Eugen | Cartridge piston |
GB2369469B (en) * | 2000-11-28 | 2002-10-23 | Swivel Technologies Ltd | Secure file transfer method and system |
-
2002
- 2002-04-11 WO PCT/GB2002/001645 patent/WO2002084456A2/en not_active Application Discontinuation
- 2002-04-11 EP EP02761938A patent/EP1442350A2/en not_active Ceased
- 2002-04-11 GB GB0208362A patent/GB2377523B/en not_active Expired - Fee Related
Non-Patent Citations (1)
Title |
---|
See references of WO02084456A3 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10250590B2 (en) | 2015-08-31 | 2019-04-02 | Samsung Electronics Co., Ltd. | Multi-factor device registration for establishing secure communication |
Also Published As
Publication number | Publication date |
---|---|
GB2377523A8 (en) | 2003-05-12 |
WO2002084456A2 (en) | 2002-10-24 |
GB2377523A (en) | 2003-01-15 |
WO2002084456A3 (en) | 2003-10-30 |
GB0208362D0 (en) | 2002-05-22 |
GB2377523B (en) | 2003-11-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1969880B1 (en) | System and method for dynamic multifactor authentication | |
JP5133248B2 (en) | Offline authentication method in client / server authentication system | |
US8365988B1 (en) | Dynamic credit card security code via mobile device | |
US9519764B2 (en) | Method and system for abstracted and randomized one-time use passwords for transactional authentication | |
US8997177B2 (en) | Graphical encryption and display of codes and text | |
US20020087892A1 (en) | Authentication method and device | |
US20090013402A1 (en) | Method and system for providing a secure login solution using one-time passwords | |
US10204217B2 (en) | System and method for replacing common identifying data | |
US20080216172A1 (en) | Systems, methods, and apparatus for secure transactions in trusted systems | |
MX2007007511A (en) | Authentication device and/or method. | |
WO2002084456A2 (en) | User identity verification system | |
WO2010011731A2 (en) | Methods and systems for secure key entry via communication networks | |
EP1604257B1 (en) | A method and system for identifying an authorized individual by means of unpredictable single-use passwords | |
JP2008537210A (en) | Secured data communication method | |
EP3579595B1 (en) | Improved system and method for internet access age-verification | |
CN102822835A (en) | Personal portable secured network access system | |
US20050005128A1 (en) | System for controlling access to stored data | |
CA2611549C (en) | Method and system for providing a secure login solution using one-time passwords | |
JP2007065789A (en) | Authentication system and method | |
US20090164802A1 (en) | Memory management method | |
Proctor et al. | Human factors in information security methods | |
session SAAAAAA | SkS U33" flgis;,--CL) tSee | |
IES85150Y1 (en) | Securing access authorisation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20040311 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR |
|
17Q | First examination report despatched |
Effective date: 20041215 |
|
17Q | First examination report despatched |
Effective date: 20041215 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20080624 |