EP1922856A2 - Verfahren zur authentifizierung eines benutzers und vorrichtung dafür - Google Patents

Verfahren zur authentifizierung eines benutzers und vorrichtung dafür

Info

Publication number
EP1922856A2
EP1922856A2 EP06808284A EP06808284A EP1922856A2 EP 1922856 A2 EP1922856 A2 EP 1922856A2 EP 06808284 A EP06808284 A EP 06808284A EP 06808284 A EP06808284 A EP 06808284A EP 1922856 A2 EP1922856 A2 EP 1922856A2
Authority
EP
European Patent Office
Prior art keywords
medium
data
user
support
storage means
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP06808284A
Other languages
English (en)
French (fr)
Inventor
Alain Leclercq
Yves Arnail
Bernard Delbourg
Pierre Rabischong
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MEDISCS Sas
Original Assignee
MEDISCS SARL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MEDISCS SARL filed Critical MEDISCS SARL
Publication of EP1922856A2 publication Critical patent/EP1922856A2/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Definitions

  • the present invention relates to a method for authenticating a user through a terminal connected to a computer type network and comprising means for reading a ROM memory medium, of the CD, CD CARD or DVD type.
  • the present invention is in the field of secure and remote authentication of a user, in particular the identification of a user through a computer type network.
  • the invention relates more particularly to such an authentication method and its implementation device.
  • the present invention will find a particular application in the field of banking and online payment, in the manner of a bank card.
  • the remote authentication of a user can be performed through a system using a smart card.
  • a computer can be provided with a terminal for reading a smart card.
  • the latter contains authentication information, such as an electronic signature, which is then transferred from said terminal through said network to be compared and authenticated. Access is guaranteed.
  • the connection is secured through known encryption tools and protocols.
  • the object of the invention is to overcome the disadvantages of the state of the art by proposing a secure authentication method and its implementation device offering an optimal security, an impossible reproduction rendering them unfalsifiable.
  • the invention creates a link between the data contained on a medium and the medium itself, so that the copy of one independently of the other is not feasible.
  • the data relating to the support relates to the errors that occurred during the etching of said support.
  • support is provided compatible with readers equipping most computer terminals, such as DVD players or CDs.
  • the present invention therefore provides a unique, secure and tamper-proof payment solution.
  • the present invention relates to a method for authenticating a user through a terminal connected to a computer type network and comprising means for reading a ROM memory medium, of the CD, CD CARD type. or DVD, in which, when creating said medium:
  • identification data relating to said user are recorded, on the one hand, on said medium through etching means and, on the other hand, on storage means;
  • said identification data are read through said reading means and transmitted through secure means of connection to said remote storage means through said network;
  • said transmitted data is compared with said data contained on said storage means in order to be authenticated; said method also comprising:
  • connection through secure means consists of:
  • such a method may consist in transmitting bank data transparently to the user in order to automatically fill out an online payment form.
  • the invention also relates to a device for implementing the authentication method, comprising a medium containing personal data concerning a user and able to be read through a terminal provided with reading means, said terminal being connected to the through a computer network, to means for comparing, on the one hand, said personal data with data contained on storage means and, on the other hand, information relating to the etching of said data on said medium with collected information relating to the physical level of said medium in the form of a trace listing the random errors that occurred during the etching of said medium.
  • said comparison means comprise means for burning data concerning the user on said medium and means for collecting information relating to said etching, and means for storing said data and said information.
  • said medium is a ROM memory comprising a chip.
  • the present invention relates to a method of authenticating a user and its implementation device.
  • the invention aims to authenticate a user from a terminal 1 connected to a computer network 2.
  • the network 2 is preferably the Internet network but the invention also relates to any computer type network in which two terminals are connected to one another.
  • the invention will find its application in the secure connection of a user, when transmitting information requiring a high level of confidentiality, for example in the case of access to an online payment site where it is necessary to communicate risk banking data.
  • the invention also relates to any type of connection or access where it is necessary to identify with certainty the user wishing to connect, for example in the case of an intranet or other network.
  • the present invention confers a strong authentication of the personal medium to the user and consequently of the latter. It uses the combined comparison, on the one hand, of characteristics related to a physical medium 3 with information related to these same characteristics previously stored and, on the other hand, information stored or contained on said medium with previously stored information.
  • a user wishing to connect to an application, a payment site or the like, acquires a terminal 1, connected to said computer network 2, and comprising means 4 for reading said medium 3.
  • the support 3 is a support equipped with a ROM-type memory such as a CD, CD CARD or DVD.
  • This memory can be provided rewritable, such as a C-D or a DVD-RW, or non-rewritable, this characteristic thus conferring on said support 3 a security preventing the modification of the data recorded therein.
  • the reading means 4 are of known type, such as a ROM-type memory reader, such as a CD and DVD disc player.
  • said support 3 may comprise a chip so that it is compatible with smart card systems, in particular in the case of a CD CARD type support.
  • the support 3 has been made in advance and sent through a conventional routing network, for example postal.
  • identification data 5 are recorded on said support 3.
  • These data are personal to each user and may relate to the identity of the person (name, surname, contact details, bank account number , etc.) and may contain an identifier of connection for the recognition of said support 3 when using the latter.
  • This data may also include the bank details of the user, said support 3 can be issued by a bank.
  • the recording of said data is performed by etching through conventional etching means. On the other hand, these same data are copied and stored in storage means 6.
  • An advantage of the present invention resides in the fact that information 7 relating to the etching of said medium 3 is stored on said storage means 6.
  • This etching information 7 is collected in the form of a trace after the finalization of said medium 3.
  • This trace lists the errors that occurred during this operation of etching at the physical level of said support 3.
  • each etching produces random physical errors, impossible to reproduce, and unique to each support 3.
  • the surface of said support 3 therefore contains an identification of its own.
  • An advantage in terms of security therefore consists in comparing the trace of the support 3 with the support 3 used during the connection. Thus, any reproduction or duplication of the support 3 is not possible.
  • Another advantage lies in the fact that only the trace of the inserted medium 3 is transmitted over the network, the comparison being made with the trace stored on a remote server. Thus, in case of falsification, the original data are not transmitted, minimizing the risk of piracy.
  • this data may be encrypted beforehand and / or encoded to prevent any modifications or interception during the transfer.
  • secure connections and secure data transfer protocols can be used (SSL, private and public key encryption or other).
  • the communicated identifier makes it possible to find within the storage means 6 the data previously recorded and linked to the user and his bank details.
  • Data cohesion provides a first step in authenticating the user.
  • the bank details can be specific to online use, through specific forms and automatically filled by means dedicated to this purpose.
  • the invention consists of transparently transmitting bank data to the user in order to automatically fill out an online payment form.
  • comparison means 11 connected to said network 2 and said storage means 6.
  • the latter can group the data stored therein. known manner in the form of a database.
  • connection through secure means 8 can be based on the entry and encrypted sending of a confidential code 9 known to the user alone.
  • This code can be transmitted to the user at the same time or separately from said medium 3, by means of classic mailing, by electronic mail or any other means.
  • an application is executed on said terminal 1 opening input means 10 through which the user can enter his code 9.
  • These input means 10 comprise an interface for entering said code 9, especially through a keyboard or a keypad, especially a secure keypad.
  • the code 9 can be directly compared with code encoded and encrypted on the support 3.
  • the support 3 can be recognized during each introduction in the reader 4 and may not be requested later.
  • This usage option facilitates the repeated identification of the same user, for example in the case of several separate and consecutive purchases.
  • the code 9 is then encrypted and sent through the network 2, through secure lines, to said storage means 6. It is then decrypted and compared with the previously recorded code, when performing the support 3, in said storage means 6. Once the validity of the code 9 has been checked, the user, with authentication of the medium 3 as previously mentioned, obtains an access authorization.
  • the user can enter up to three times said code 9 before blocking said data contained in said storage means 6. In other words, access to the data is immediately blocked and the further use of the support 3 will not allow any connection.
  • security messages can be sent to an administrator managing the system. The support 3 is then unusable until the restoration of access to the data or the realization of another support 3.
  • comparison means 11 remote and connected, on the one hand, to the storage means 6 and, on the other hand, to said network 2. On request, they make it possible to compare the data received by the network with the data contained in the storage means 6, in particular and vice versa the data transmitted with the identification data 5, the data relating to the support 3 with the trace, and finally the code 9.
  • the present invention thus provides a secure way to access sensitive areas on a network safely.
  • a dedicated application preferentially remains the payment on the Internet. It is no longer necessary to transmit his bank details from his terminal or computer whose security is less than banking networks.
  • the invention does not require any additional device and is adaptable to any terminal equipped with a CD, DVD or similar type of reader. Compatibility is optimal while providing strong authentication of the support 3 and its user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)
EP06808284A 2005-09-07 2006-09-06 Verfahren zur authentifizierung eines benutzers und vorrichtung dafür Withdrawn EP1922856A2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0552701A FR2890509B1 (fr) 2005-09-07 2005-09-07 Procede d'authentification d'un utilisateur et dispositif de mise en oeuvre
PCT/FR2006/050845 WO2007028925A2 (fr) 2005-09-07 2006-09-06 Procede d'authentification d'un utilisateur et dispositif de mise en oeuvre

Publications (1)

Publication Number Publication Date
EP1922856A2 true EP1922856A2 (de) 2008-05-21

Family

ID=36651278

Family Applications (1)

Application Number Title Priority Date Filing Date
EP06808284A Withdrawn EP1922856A2 (de) 2005-09-07 2006-09-06 Verfahren zur authentifizierung eines benutzers und vorrichtung dafür

Country Status (4)

Country Link
US (1) US20080209520A1 (de)
EP (1) EP1922856A2 (de)
FR (1) FR2890509B1 (de)
WO (1) WO2007028925A2 (de)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4785361A (en) * 1982-11-08 1988-11-15 Vault Corporation Method and apparatus for frustrating the unauthorized copying of recorded data
CA2298379A1 (en) * 2000-02-14 2001-08-14 Point Net Communication Inc. System and method for secure transactions over a network
ES2224841B1 (es) * 2003-03-17 2006-06-16 Pedro Gallego Rubio Sistema de identificacion de usuario en red.
US20050005137A1 (en) * 2003-06-16 2005-01-06 Microsoft Corporation System and method for individualizing installation media

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2007028925A3 *

Also Published As

Publication number Publication date
WO2007028925A3 (fr) 2007-05-24
FR2890509B1 (fr) 2009-10-30
FR2890509A1 (fr) 2007-03-09
US20080209520A1 (en) 2008-08-28
WO2007028925A2 (fr) 2007-03-15

Similar Documents

Publication Publication Date Title
EP0055986B1 (de) Sicherheitsverfahren und -vorrichtung zur Dreieckkommunikation von vertraulichen Daten
EP0810506B1 (de) Verfahren und Einrichtung zur gesicherten Identifikation zwischen zwei Endgeräten
EP1302018B1 (de) Sichere transaktionen mit passiven speichermedien
US20020019938A1 (en) Method and apparatus for secure identification for networked environments
EP0425053A1 (de) Datenverarbeitungssystem mit Beglaubigungsmittel einer Speicherkarte, elektronische Schaltung zur Verwendung in diesem System und Verfahren zum Betreiben dieser Beglaubigung
EP1549011A1 (de) Kommunikationsverfahren und System zwischen einem Endgerät und mindestens einer Kommunikationsvorrichtung
EP1791292B1 (de) Personalisierung einer elektronischen Schaltung
WO2007012584A1 (fr) Procédé de contrôle de transactions sécurisées mettant en oeuvre un dispositif physique unique à bi-clés multiples, dispositif physique, système et programme d'ordinateur correspondants
FR2989799A1 (fr) Procede de transfert d'un dispositif a un autre de droits d'acces a un service
EP0995175A1 (de) Verwaltungsverfahren für ein gesichertes endgerät
WO2002052389A2 (fr) Methode anti-clonage d'un module de securite
WO2007028925A2 (fr) Procede d'authentification d'un utilisateur et dispositif de mise en oeuvre
FR2730076A1 (fr) Procede d'authentification par un serveur du porteur d'un objet portatif a microprocesseur, serveur et objet portatif correspondants
CA2652140A1 (fr) Procede d'activation d'un terminal
FR2898423A1 (fr) Procede securise de configuration d'un dispositif de generation de signature electronique.
EP0595720B1 (de) Verfahren und Vorrichtung zum Schreiben von einer Information auf einen Datenträger, mit Möglichkeit zur Bestätigung der Originalität dieser Information
EP3032450B1 (de) Verfahren zur kontrolle der authentizität eines zahlungsterminals, und so gesichertes terminal
WO2002065411A2 (fr) Methode et systeme de securisation d'une transaction commerciale au moyen d'une carte a memoire
BE1015988A6 (fr) Carte plastique produites en 3 couches format carte de credit, individualise par deux pistes memoire non reproductible sur la partie optique digitale, integration d'une antenne et puce et d'un procede de paiement et d'authentification remplacant la certification sur internet, le serveur d'authentification et la methode de realisation.
FR2790854A1 (fr) Supports et systemes d'echange de donnees securises notamment pour paiement et telepaiements
FR3137769A1 (fr) Procédé de sauvegarde de données personnelles sensibles sur une chaîne de blocs
FR3013868A1 (fr) Procede de transmission securisee d'une image d'un document d'identite electronique vers un terminal
Lang Investigating the use of the South African National ID card for electronic transaction processing
FR2856815A1 (fr) Procede d'authentification de donnees contenues dans un objet a memoire
FR2913162A1 (fr) Procede de verification d'un code identifiant un porteur, carte a puce et terminal respectivement prevus pour la mise en oeuvre dudit procede.

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20080208

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

RIN1 Information on inventor provided before grant (corrected)

Inventor name: ARNAIL, YVES

Inventor name: DELBOURG, BERNARD

Inventor name: RABISCHONG, PIERRE

Inventor name: LECLERCQ, ALAIN

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: MEDISCS SAS

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20120807

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20121218