FR2940727A1 - Strong authentication method for user terminal of Internet, involves transmitting message from web server to user terminal, where message contains hypertext link permitting registration of terminal in account table - Google Patents

Abstract

The method involves inscribing a user terminal near a web server by sending a form comprising an electronic address of a user, where the server is connected with a database comprising a temporary pre-inscription table, a permanent approved user account table and a volatile ticket table. The terminal is registered in the pre-inscription table using the data in the form. A register is generated in the ticket table. A message is sent from the web server to the terminal via a mail server, where the message contains a hypertext link permitting registration of the terminal in the account table.

Description

-1- Simplified Authentication System (SAS) Reference: MFL - BT R1 / 08 06682 General

The goal of the S.A.S. is to accelerate the strong authentication of one or more users of the Internet. This data allows a user to be authenticated on a server on the Internet. The S.A.S. is particularly intended to secure access to websites with a database of their users or subscribers. It also gives them the opportunity to communicate anonymously.

Strong authentication relies on three elements: what the user holds (a token or ticket) 15 and where the user is located (IP address) and when the user has the right to connect (period of validity ticket).

The invention primarily relates to a method for rapidly authenticating users of the Internet on a machine offering a service based on the HTTP1 or HTTPS protocol, without forcing the user to retain a password.

At first, during its first registration request, the user provides the server with his e-mail address. It is then registered in the temporary account base and receives a ticket containing a hypertext link allowing it to register permanently in the account base. This ticket also contains a link allowing the user to log in later, once registered.

In a second step, he clicks on the registration link and the server then executes the final registration request. Subsequently, the user can continue to use the connection ticket to connect, until expiry of the validity of it. Beyond this period, he will have to provide his Hyper Text Transfer Protocol 2940727 -2- email address again in order to receive a new connection ticket. These tickets then send a simple request to check the membership of the user to the account base.

State of the art 5 At the present day, two methods allow a user to be identified on a server: the first uses an identifier associated with a password, the second, less common, uses digital certificates. The first is common, well understood by the greatest number, but very unreliable. The second is on the contrary very safe, but not obvious to the general public. The management of digital certificates and their revocation, may be shunned by most consumer users.

For the most common method, what happens during a complete authentication sequence? 1. Creation of an account from the entry of a username (login or login) and a password, in the best case based on the TLS2 protocol, but it is still very rare.

2. Confirmation a- in the best case: sending a confirmation email to the user, who clicks on a link, and causes his final registration. b- otherwise, there are still some sites that are content with this information (login + password) to register the user directly in the database of active accounts, but this tends to disappear. 3. The user logs regularly by (most often) passing his identifiers in clear on the Internet. Anyone who manages to guess his credentials can then log in his place, usurping his identity, regardless of its geographical location, and its access point to the network. 4. In case of loss of password, the server returns, in clear, a new password, or, a link allowing to go to modify it. The interception of this email, by listening on the network, or attack of the POP3 account, can then cause the usurpation of the account. 'Transport Layer Security' Post Office Protocol 2940727 -3 The SAS relies on the user's mailbox BAL4 to send him everything he needs to register and then log on to the server . We will then talk about "ticket" connection. This is a ticket in the virtual sense, that is to say just a simple record in a table, coupled with a hyperlink contained in an email.

The ticket is valid for a configurable duration, but it dies as soon as the user disconnects from the site.

The ticket contains information on the IP5 address of the origin of the connection request (computer or router), and on the validity period of the ticket. The ticket is always sent to the user's mailbox, which has provided his email address at his first login request.

The ticket contains a temporary identifier and a password, making it possible to find the record which corresponds to it in the database. Also, the interception of this ticket, even for the duration of the authorized period, is only possible by a person acting under cover of the same source IP address (Attack Man in the Middle).

If the user changes his network settings (access point), disconnects, or if the validity period of the ticket is exceeded, then the ticket is destroyed. The usurpation of the IP of the user, coupled with the attack of his / her / its BAL, or with the listening of the flows, will be worth only for the period of validity previously defined.

25 ° Mailbox (electronic) 5 Internet Protocol (IP address, logical address of the machines on a given network) Technical details

The S.A.S. process is based on two main concepts, namely a database and the user's email account. The database contains two main tables, the first being the user account table, and the second is the connection ticket table. In addition, it is essential that the user has an e-mail address, protected by a correct means, so that it can be processed by the SAS This address can be hosted on any e-mail service, independently of the SAS A third table completes the first two, whose content is temporary since it is the pre-registration table of users. The server on which the S.A.S. is running is a classic Web server with an HTTP service for publishing web pages, and an SMTP service for communicating with the user. TLS is not essential, but recommended for connection phases.

Three tables are therefore used: - temporary users - approved users - tickets The table of temporary users is similar to that of the approved users, except that it is only related to the ticket table, in order to allow the user to be inserted into the users' table when they access the site using the link referring to their ticket number. It contains as the table of approved users, an identifier and the user's email address, encrypted using a key located in a private area of the server (not accessible to the public), the timestamp6 of the registration , and the activation code.

To register, the user provides his email address on a form, it is advisable at this point, to ask him to copy a small security code to limit the risk of abuse. The newly registered user is registered in the table of pre-registered users, and the condensate of the unique identifier of his registration is calculated, it will be called precli_code. 'Time in seconds since January 1, 1970 at midnight UTC accurate - 4 2940727 -5- Once the user pre-registered in the pre-registration table, a record is added to the ticket table.

The pre-registered user table contains: 5 - a unique and incremental identifier - the encrypted email address - the timestamp of the record - the user's IP address - an activation code field which is the result of reversible encryption of the email address - a login field that will contain the activation code, once the user has been registered in the trusted users table.

The ticket table contains condensates (hash 'or irreversible imprint): 15 - a unique and incremental identifier, never reused - the condensate of this identifier that will be used in the link sent to the user. The condensate avoids the prediction of the future ticket number - an auto password generated according to the quality rules in force, and a strong entropy, this password will also be used in the link 20 - a customer field that contains the unique reference to a user once he is present in the table of registered users - a field there) which is none other than the condensate of the last IP address of the user - an activation code field which is a copy of that of the previous table (when a user is not yet definitively registered) 25 - the previously calculated precli_code field (hash of the identifier of his registration in the table of pre-registered users) - the timestamp of the record - an optional mailcode field for anonymous email exchange between users

The condensate (irreversible hash of the identifier of the previous record (table tickets) is then sent by email to the address initially provided by the user.This identifier is transmitted as a variable associated with the URLB contained in the This link is used to return 'The result of a hash function according to the algorithm of a one-way function SUniform Resource Locator 2940727 -6- on the website with this ticket identifier as parameter, ie a variable acting according to the HTTP GET9 mode The link also contains a variable "password", generated randomly, according to the state of the art of generating a password (minimum length, choice of characters, case). The user then queries his e-mail box and downloads the e-mail, after which he clicks on the link that directs him to the main page of the website.In terms of the headings of this page, the variables are analyzed and the user returns directed to a referral page, which still operates at the http header level. 10 A SQL10 SELECT "request to check the presence of a record in the ticket table with the value returned by the user as identifier, if found, then the value of the precli_code and code fields. activation and ip are recorded in session variables, then the precli_code and activation code fields are reset to zero The condensate of the IP address is then compared to the value of the corresponding field in the ticket table, and the current timestamp to that of the value of the corresponding field in the same table, given a validity period defined beforehand.If these two values (space-time) are correct, then the page is then redirected to a new one that proceeds to the query of the table of pre-registered users This request verifies the existence of the value of the activation code in this table If a record is found, then a record The record is inserted in the Approved Users table, and the corresponding record of the registration table is deleted. At the same time, the ticket table is updated to associate the ticket with a registered user by entering the user's id in the customer field. The value of the activation code field is moved from the corresponding field to the login field. Thus, when the user re-clicks on the initial link, it will be redirected to a page that will find if it is registered in the table of approved users provided that the values of control space-time (IP / timstamp) are correct.

It is also necessary to foresee the cases where the user uses his activation link too late or under a different source IP address, and to send him a new one after having updated the pre-registration table (deletion and new insertion). 'Request the resource at the specified URL (passing a variable in the URL) 10Structured Query Language "Selecting Records That Respond to Specific Criteria 5 2940727 -7- Afterwards, the user will be able to reuse his link to connect as long as the period of validity is correct, beyond that, his ticket is deleted from the table, and a new ticket is registered, but directly indexed on the table of approved users, ie by informing only the login, client, ip and timestamp fields 5 A link on the site must allow the user to disconnect in hard ie to have his ticket deleted and he will be in the same situation as if he were out of validity period or if his IP address had changed.A new ticket will be sent to him when he reconnects on the site, either thanks to his old ticket, or by filling in again the 10 form with his address. ourriel.

The user can be unsubscribed by deleting the corresponding record in the trusted users table. If he changes his email address without warning, and no longer has his old address, must be able, at his request (written or telephone), regenerate the activation code 15 manually or through a script that must be disabled once used (or deleted from the server, or better yet, generated locally). Also, this possibility is only possible if the user has provided, when registering, what to contact him (postal address, telephone number), which depends on the policy of the website, otherwise, this is not possible. Not possible.

A "lost ticket" option, on the identification page, must be able to allow the user to regenerate his ticket in case of loss, theft, or simply doubt. For this, an emergency cancellation link can be communicated to the user as soon as it is first registered. He will have to keep it preciously. There is still the possibility of sending an email to the site administrator. Also, the procedure for changing the e-mail address can only be done by a secure means, by checking the old address. The webmaster must explicitly warn users not to cause blockages.

If the users wish to communicate with each other without their e-mail address being disclosed, tickets can be sent on the same principle, by filling in a sender field and a recipient field with the e-mail addresses in symmetric encrypted form. The simple fact of informing these two fields determines the type of action to be performed by the server, which will be in this case, not an authentication, but an email. The tickets will allow users to communicate anonymously through a contact form. The S.A.S. method not only allows users to protect their connection data, but also to communicate with each other anonymously thereafter.

The S.A.S. accelerates the registration procedure of a new user, and does not require human intervention, except for the conventional but not specific maintenance. The S.A.S can process multiple registration or authorization requests over the same period. Emails sent to Internet users must scrupulously respect the state of the art (RFC in force) to not be considered as suspicious emails (spam or spam). 2940727 SCHEDULE

Elements of Strong Authentication Only inviolable and unstable elements or factors can provide real strength for authentication. These elements can be: • What the entity knows (a password, a PIN code, a passphrase, etc.) • What the entity holds (a magnetic card, RFID, a USB key , a PDA, a smart card, etc. Either an Authenticator or Token), • What the entity is, either a physical person (fingerprint, retinal footprint, 10 hand structure, bone structure of the face or any other biometric element), • What the entity can do, ie a physical person (behavioral biometry such as handwritten signature, voice recognition, a type of calculation known only to himself, etc.), • Where the entity is, a place where, following successful identification and authentication, it is authorized (access to a logical system from a prescribed location).

Claims (10)

REVENDICATIONS1. The invention relates to a method of strong authentication of a user on a server of the Internet network operating according to the HTTP hypertext protocol. The user registers by providing only his email address to the web server, which returns an electronic message containing a hypertext link to register and thereafter to connect. The web server uses a database to administer the connection and registration requests, as well as an email sending service according to the SMTP protocol. This process is characterized by the fact of not having to remember a password, or to use digital certificates that have the disadvantage of being sometimes difficult to apprehend the general public, and requiring rigorous management. 2. Claims 1. A method for strong authentication of a user terminal on the Internet network characterized in that it comprises: a step of registering the user terminal with a Web server by issuing a form containing his address e-mail, said web server being connected with a database comprising 3 tables: a temporary pre-registration table, a table - permanent approved user accounts, a "volatile" ticket table; a step of registering the user terminal in the temporary pre-registration table using the data of the form, and generating a record in the ticket table; a step of sending a message, via a mail server, from the server to the user terminal, said message containing a hypertext link allowing the user terminal to register permanently in the table of approved user accounts. 2. strong authentication method according to claim 1 characterized in that the link contained in the message allows the user terminal to open a session uniquely identified on the server during the final registration of the user, and renew this logon later once the user is registered. 3. strong authentication method according to claim 1 characterized in that a click of the user on the hypertext link triggers the final registration in the table of accounts 2940727 -11- approved users subject to positive verification of the presence a user terminal record in the ticket table and in the temporary pre-registration table. 4. Strong authentication method according to claim 2, characterized in that the registration of the user terminal in the ticket table comprises the recording in this table of the IP address of the user terminal in an IP address field. 5. Strong authentication method according to claim 2, characterized in that the registration of the user terminal in the ticket table includes the recording in this table of a date of validity of the ticket in a date field in the form of a timestamp. 6. Strong authentication method according to claim 2, characterized in that the generation of a record in the ticket table includes the recording in this table of the unique identifier of the ticket and the unique identifier of the user. registered or pre-registered. 7. Strong authentication method according to claim 2, characterized in that the hypertext link contains, in the form of variables, the irreversible borrowing (hash) the identifier of the record relating to the user terminal in the ticket table, and a strong self generated password according to the state of the art of the moment. 20 8. Strong authentication method according to claim 1, characterized in that each time the virtual connection ticket is used, the validity date of the ticket is compared with the date of use and the registered IP address to identify the terminal. in the table of trusted user accounts is compared with the IP address of the current user and if the validity date is exceeded or if the user's IP address has changed, the relative registration The user terminal in the ticket table is destroyed, forcing the user to log in again by providing his email address to receive a new ticket. 9. Strong authentication method according to claim 8, characterized in that the new ticket is automatically sent to the user assuming that the latter has attempted to connect. 15 2940727 - 12- 10. Strong authentication method according to claim 2, characterized in that the user can choose between two disconnection modes such that the first destroys only the current session on the server and the session cookie at the client and the second destroys the ticket in the ticket table.