FR3049736A1 - DEVICE AND METHOD FOR AUTHENTICATING A USER OF AN APPLICATION, COMPUTER PROGRAM - Google Patents

Abstract

The invention relates to a device for authenticating a user of a computer application (APP1) comprising a user account (CU), a button for selecting the account (CU) and for displaying, a field (C1) of input of a user name, a second field (C2) input of a password, a page for accessing data. The invention is characterized in that the second user name (N2) and the second password (MDP2) are prerecorded in a memory sharing container (M) between the first application (APP1) and the second application , which comprises at least one button (B), operable to automatically trigger the copy, from the sharing container, the second user name (N2) in the first field (C1) and / or the copy, since the sharing container, the second word (MDP2) passes in the second field (C2) for the selected account.

Description

The invention relates to a device for authenticating a user of a computer application.

The field of the invention relates to the machines on which computer applications take place, these machines being for example mobile telephones.

More particularly, the invention seeks to authenticate the user of a first computer application present on the machine using a second authentication application, also present on the machine.

The first applications concerned by the invention are those using user accounts, providing for the entry of a user name and a password.

One of the problems of the authentication application is the unlocking of user accounts.

Indeed, applications using user accounts do not always allow easy manipulation of passwords.

Thus, it is often necessary that the user notes his password. The aim of the invention is to obtain an authentication device making it easier to authenticate first applications using user accounts. For this purpose, a first object of the invention is a device for authenticating a user of a first computer application, the device comprising a machine comprising at least one display screen and a permanent memory, in which are recorded the first application and a second authentication application, the first application having at least one user account, which is prerecorded in the memory, the first application having on the screen at least one button for selecting the account, and for displaying on the screen, for the selected account, a first input field of a first user name, a second input field of a first password, and at least one predefined page allowing access to memory data when both the first user name entered in the first field is equal to a second pre-recorded user name dan the memory and associated with the account and the first password entered in the second field is equal to a second password pre-stored in the memory and associated with the account, the device comprising at least one keyboard allowing the user to enter the first username in the first field and entering the first password in the second field, characterized in that the second user name and the second password are pre-recorded in at least one sharing container. the memory between the first application and the second application, the second application having at least one button, operable to automatically trigger the copy, from the sharing container, the second user name in the first field and / or the copy, from the sharing container, the second password in the second field for the selected account.

According to one embodiment of the invention, the machine and / or the first application comprises at least one input interface of at least one account unlocking information, allowing the display of the first and / or second field of the account. count on the screen, when the information entered on the interface corresponds to a pre-recorded information in the memory.

According to one embodiment of the invention, the interface for inputting at least one account unlocking information comprises at least one input keyboard of at least one first personal identification code, the pre-recorded information. having a second personal identification code prerecorded in the memory, for displaying the first and / or second field of the account on the screen, when the first personal identification code entered is equal to the second identification code staff.

A second object of the invention is a method of authenticating a user of a first computer application registered on a machine comprising at least one display screen by using a second authentication application registered on the machine. the first application having at least one user account, which is pre-recorded in a memory of the machine and which has on the screen a first input field of a user name associated with a second input field d a password, allowing access to data from the memory, wherein the user operates at least one account selection button, which causes the display on the screen for the selected account, a first input field of a first user name and a second input field of a first password, and at least one predefined page for accessing data from the memory when the first user name entered in the first field is equal to a second username pre-stored in the memory and associated with the account and the first password entered in the second field is equal to a second password p re-stored in the memory and associated with the account, characterized in that the second username and the second password are pre-recorded in at least one memory-sharing container between the first application and the second application, the the screen of at least one button of the second application by the user automatically triggers the copy, from the sharing container, of the second user name in the first field and / or the copy, from the sharing container, the second password in the second field for the selected account.

According to one embodiment of the invention, the display on the screen of the first and / or second field of the account and / or the account selection button is locked by at least one input interface of at least account unlocking information, allowing the display of the first and / or second field of the account on the screen, when the user has entered on the interface information that corresponds to information prerecorded in the memory.

According to one embodiment of the device and / or method according to the invention, the input interface of at least one unlocking account information comprises a sensor of a biometric fingerprint of the user, the prerecorded information with a pre-recorded biometric imprint.

According to one embodiment of the device and / or the method according to the invention, the input interface of at least one account unlocking information comprises at least one input keyboard of at least a first code of personal identification, the prerecorded information including a second personal identification code pre-stored in the memory, for displaying the first and / or second field of the account on the screen, when the first personal identification code entered is equal to the second personal identification code.

According to one embodiment of the device and / or the method according to the invention, in the sharing container is registered a secret key and / or a secret and / or a unique identifier of the machine and / or a personal identification code. and / or a public key.

A third object of the invention is a computer program, comprising instructions for implementing the authentication method as described above, when it is executed on a processor. The invention will be better understood on reading the description which follows, given solely by way of non-limiting example with reference to the accompanying drawings, in which: FIG. 1 schematically represents a modular block diagram of an architecture of a method of configuring a device 1, which can be used according to one embodiment of the invention, - Figure 2 is a modular block diagram of a machine of the authentication device according to one embodiment of the invention, - FIGS. 3 and 5 represent pages that can be displayed on the machine during the implementation of the authentication method according to one embodiment of the invention; FIG. 4 is a modular block diagram of a second application of FIG. authentication present in the machine, according to one embodiment of the invention. FIG. 6 schematically represents an organization of the application recording memory, implemented according to one embodiment of the invention, FIG. 7 represents a flowchart of the authentication method according to an embodiment of the invention. FIG. 8 represents a flowchart of the authentication method according to another embodiment of the invention, FIGS. 9 and 10 represent pages that can be displayed on the machine during the implementation of the method of the invention. FIG. authentication according to Figure 8.

Context of the invention

First of all, a context is described below, in which the device and the authentication method according to the invention can be used. In FIG. 1, the invention can be used following a method of configuring a telecommunication terminal type device 1 connected to a network 10 in order to enable strong authentication of a user by means of a server 3 via said Device 1, as described below with reference to Figure 1. The server 3 is connected to the network 10. This configuration method comprises the following steps: - Secure connection of a client station 2 to the server 3; - On a user interface of the client station 3, entering the identification information of the device 1; - Generation by the server 3 of an authentication secret key CS associated with the device 1 for the algorithmic generation of single-use password (OLP or, in English: "One-Time Password"); - Generation by the server 3 and display on said user interface of the client station 2 of an activation code; - Loading on said device 1 a second authentication application via the network 10, and entered by the user of the activation code in the second application; - Verification by the device 1 of the activation code with the server 3, and loading at least the authentication secret key CS via the network 10 from the server 3, so as to allow the generation by the device 1 of the words one-time password (OTP).

This configuration method makes it possible, in the event of a positive verification, for the server 3 to authorize the transfer of sensitive data for authentication to a memory of the device 1 (via the second application), for example: at least the secret key CS, and / or an OTP counter and / or management parameters of a PIN2 personal identification code, and / or the unique identifier UUID of the device 1 in the server 3, and / or the size of ΓΟΤΡ.

The method of configuring a device 1 terminal type allows strong authentication of a user. The device 1 is a terminal (in particular a mobile terminal), that is to say a device connected to a network 10 (in particular the internet network) having its own means of data processing, of data storage, and an interface. It is adapted to connect to the network 10 via a wireless link (for example via a mobile communication network). It is typically a smartphone, a touch pad, or any other personal device of the user.

By "configuration" is meant the secure preparation of the device 1 so that it can be used later for purposes of strong authentication of its user. In other words, it is an initialization. The configuration of a device 1 is called the "enrollment" of device 1.

A device 1 thus enrolled is able to serve in a strong authentication.

Strong authentication means a certification (at two levels: a level via login (N2) / password (MDP2), and a level via the possession of device 1) of the identity of a user of device 1 trying to connect to a secure server 4 (the latter is for example the data server of a company, a mail server, etc.). By server 4, we will designate any information system of an enterprise for which access must be controlled. It will be understood that the server 4 can be confused with the server 3.

First application to authenticate

Embodiments of the authentication device and the authentication method according to the invention are described below. In the following, the machine may be the device 1 described above and is designated by the reference 1. In Figure 2, it is assumed that it has been loaded on a permanent memory MEM of the machine 1 a first application APPl and the second APP2 authentication application. The first application APP1 is for example a third-party application. The DAT data of the first application APP1 are stored in a private folder of the first application APP1, in the memory MEM.

The second application APP2 according to the invention serves to authenticate the first application. The second APP2 application allows a user to authenticate securely to a third-party environment or application. The second application APP2 may include an OTP generation and / or the calculation of response to challenges and / or access to the user's container.

The machine 1 also comprises at least one display screen 11, which can be a touch screen. The machine 1 may be for example mobile telecommunication terminal, which may be a mobile phone, a mobile phone, a cell phone or others.

User account of the first application In FIG. 3, the first application APP1 comprises at least one user account eu, which is prerecorded in the memory MEM, for example in a container CC of accounts. The first application APPl comprises one or more buttons, not shown, for selecting the account CU.

The account CU comprises on the screen 11 a first input Cl field of a user name NI (in English: "login") associated with a second input C2 field of a password CDM. The first application APPIl has at least one predefined page which is displayed to allow access to DAT data of the memory MEM when both the first user name NI entered in the first field Cl is equal to a second name. N2 of user pre-recorded in the memory MEM and the first word password MDP entered in the second field C2 is equal to a second password MDP2 prerecorded in the memory MEM.

The second user name N2 and / or the second password MDP2 are associated with the account CU and / or an identifier of the account CU.

The device and / or the first application APP1 further comprises at least a first IEC keyboard entering the user NI name in the first field Cl and / or entering the first password word MDP in the second field C2. This IEC keyboard can be any interface of the machine 1 and can be for example a touch keyboard displayed on the touch screen 11.

Second authentication application

A second authentication APP2 application processes sensitive data of the user. The first application APP1 and / or second application APP2 may comprise a computer program comprising instructions for implementing the authentication method, when the program is executed on a processor of the machine 1.

In FIGS. 1 to 4, the second authentication application APP2 present on the machine 1 may comprise as DAT2 data the secret key CS and / or a secret SECR (for example secret SECR of a challenge) and / or a unique identifier UUID of the machine 1 (in English: "Universally Unique Identifier") and / or the second PIN2 personal identification code and / or the public key CP and / or the second user name N2 and / or the second word MDP2 of pass (which may be for example a one-time password or OTP), and / or an account CC container.

These data are stored encrypted in a private area to APP2 application.

In order to encrypt these data, in FIGS. 1 and 2, the APP2 authentication application comprises a cryptographic system capable of generating, during the enrollment, a public key CP, which may be, for example, of the RSA type. Ea public key CP forms with the secret key CS mentioned above (or private key CS) a set of asymmetric keys, which can be for example RSA type. The public key CP and / or the secret key CS may each have a length greater than or equal to 2048 bits.

The public key CP is then shared with the server 3, for example being sent by the machine 1 to the server 3. The DAT data then sent by one or more ENV sendings by the server 3 to the machine 1 via the network 10, will be encrypted by the public key CP, then stored in F files of the memory MEM of the machine 1, as shown in Figure 4.

The secret key CS is encrypted by the secret SECR, generated on the machine 1 and can be for example AES 256 type, then is stored in a space of the memory MEM of the machine 1.

The secret SECR can also be encrypted. The secret SECR can be encrypted for example using a unique UUID identifier of the machine 1. The secret SECR can also be encrypted for example using the unique UUID identifier of the machine 1 and the second code personal identification PIN2.

The machine 1 and / or the first application APPf can comprise one or more interfaces INT allowing the user to enter information, allowing the unlocking of the reading of data DAT in the memory MEM when this information input corresponds to a pre-recorded information , and ensuring a lock of the reading of data DAT in the memory MEM otherwise. This read-lock INT interface may comprise a sensor 12 of a biometric fingerprint of the user, for example a finger of the user, and / or a second keyboard CL2 input of a first PIN code of the user. personal identification (causing the unlocking of the reading when the first personal identification PIN entered by the user is equal to the second personal identification PIN2 code), the CL2 keyboard being identical to the first CL1 keyboard or different from the first one; keyboard CLl. The unlocking of the input interface INT by the input of the user information, then the possible decryption of the secret SECR using the unique UUID identifier of the machine 1 (for example in the case of the use of the sensor 12) or using the unique identifier UUID of the machine 1 and the second personal identification code ΡΓΝ2 (for example in the case of the keyboard CL2), gives access to the secret key CS on the machine 1. The secret key CS is then used to decrypt the DAT data.

The second user name N2 and the second password word MDP2 are prerecorded in at least one memory sharing container FP M. The sharing container FP is shared between the first application APP1 and the second application APP2. Thus, each of the two APP1 and APP2 applications has access to the content of the sharing container FP and therefore to the second user name N2 and the second word password MDP2.

The second application APP2 comprises at least one button B and / or C, operable by the user to automatically trigger the copy, from the sharing container FP, of the second user name N2 in the first field Cl and / or or copying, from the sharing FP container, the second password word MDP2 to the second field C2 for the selected account.

According to one embodiment, the second application APP2 uses the sharing container FP to store the secret key CS and / or the secret SECR and / or the unique identifier UUID of the machine 1 and / or the second personal identification code PIN2 and / or the public key CP and / or the second user name N2 and / or the second word MDP2 pass.

Keyboard of the second authentication application

According to one embodiment in FIG. 2, the second application APP2 comprises a keyboard extension CL3 or third keyboard CL3. The third keyboard CL3 is distinct from the first keyboard CL1 input of the user NI name and / or is distinct from the INT interface and / or is distinct from the second input keyboard CL2 of the first personal identification PIN. The CL3 keyboard allows the user to access his list of CU accounts from the first APPl application and to enter his user name NI and his password CDM.

The keyboard CL3 includes the button B and / or C and / or D, described below.

Locking and unlocking the account

In one embodiment, access to the user's CU account (s) is locked by the second personal identification PIN2. Access to the account (s) CU can be unlocked either by the interface INT read lock, part of the first application APPl and described above (this INT interface is present for example in a tab " account "of the first application), or by the third keyboard CL3 of the second application APP2 as described below. Once the account (s) CU is or are unlocked (s), the account (s) is (are) accessible during a given timeout, this time being able to be modified in the parameters of APP1 or APP2 application .

The PIN and PIN2 codes can be for example formed of digits or alphanumeric characters. The INT interface or the CL3 keyboard can be a simplified keypad (which can consist of 10 digits from 0 to 9 and a validation key for ΡΓΝ and PIN2 digits.) If the PIN and PIN2 codes are alphanumeric, the INT interface or the CL3 keyboard may comprise a shortcut key which, when this key is activated, causes the display of an alphanumeric keyboard for entering the PIN code.

According to one embodiment, the unlocking of the account CU is performed as follows by the third keyboard CL3 of the second application APP2. The keyboard CL3 is displayed on the screen 11. The user enters the first PIN code on the keyboard.

According to one embodiment, the second application may include a page that serves little to authenticate the first application APPL

In the case where the first PIN code is equal to the second PIN2 code, a link to the PCU page of the second application is displayed on the screen 11.

Authentication of the first application

The PCU page of the second application may comprise the first field C1 and the second field C2, as shown in FIG.

An embodiment of the second application implementing a method of authentication of the first APP1 application is shown in Figures 3, 5 and 7 and is described below.

During a first step El, according to one embodiment, the user clicks on a prescribed field (for example the Cl or "login" field), which triggers the display of the last selected keyboard. A navigation button navigates the available keyboards and interfaces INT, which are keyboards activated in the parameters of the machine 1 and may include the keyboards IEC, CL2, CL3 and INT interfaces.

The keyboard CL3 of the second application is selected by the user, for example by pressing a button. From the keyboard CL3, the user will be able to use his identifiers in the following way.

According to another embodiment, the keyboard CL3 is displayed automatically during step El.

During a second step E2, it is determined whether the list of accounts or the account (s) CU is or are locked.

When in step E2 it has been determined that the list of accounts CU or account (s) CU is or are locked, this list or account (s) can be unlocked during the third step E3, implementing the unlocking in one of the ways described above for the CU account. He returned to step E2 after step E3.

When in step E2, it has been determined that the list of accounts CU or the account (s) CU is or are unlocked, it has moved to the fourth step E4. In the fourth step E4, the list of the user's CU accounts (for example drop-down), or the user's CU account (s), is displayed. Each account CU displayed is selectable by the user by operating an interface of the machine, which can be for example CL1 or CL2 or CL3 for example by selecting a prescribed field of the CU account displayed.

Button B is displayed. This B button can be displayed as a substitute for the shortcut key.

Then, in the fifth step E5, the user selects a account CU, for example in the manner indicated above.

According to one embodiment, the selection of a CU account during the step E5 by the action of the user on an interface of the machine automatically triggers the sixth step E6, during which the name N2 of The user is automatically entered in the field C1 from the sharing container FP by the second application APP2, as shown in FIG. 5. The user can then choose to enter himself by the keyboard CL1 or CL2 or CL3. in the C2 field in step E6, that is, by pressing the B button, automatically trigger the automatic copying of the second password MDP2 from the sharing container FP in the second field C2 during the seventh step E7.

According to one embodiment, the copy of the second user name N2 and / or second password MDP2 from the sharing container FP in the first and / or second field Cl and / or C2 is effected via random access memory or temporary memory. MV of the machine 1.

According to one embodiment, the operation of the button B automatically causes the copy of the second password MDP2 from the sharing container FP in an area of the RAM or temporary memory VM of the machine 1, during the step E7 . Then, the user causes, by selection of the C2 field and operation of a copy command of the second password MDP2 from the area of the random access memory or temporary MV (temporary storage area of the RAM, also called press paper, using a copy-and-paste instruction) in the C2 field. By selecting the C2 field, the keyboard CL3 disappears from the screen and only the keyboard CLl and / or CL2 of the first application is displayed on the screen. Then, the user manually validates the authentication by actuating another button AU of the keyboard CL3, shown in FIG. 2. The user then has access to the data DAT of the first application APP1.

Another embodiment of the second application implementing a method of authentication of the first APP1 application is shown in Figures 8 to 10 and is described below.

This embodiment implements the keyboard CL3 capable of automatically entering the user name N2 and / or the password MDP2 in the field C1 and / or C2 respectively and to validate the connection when the user selects an account .

When the account (s) is unlocked, the secret key CS is stored in a cache of the random access memory or temporary VM of the machine 1. The keyboard CL3 being a service, shares this cache with the first application APPL

The CL3 keyboard can include a D button that allows you to change the keyboard.

During a first step Eli, according to one embodiment, the user clicks on a prescribed field (for example the field Cl or "login"), which triggers the display of the last selected keyboard. A navigation button makes it possible to navigate the keypads and interfaces ΓΝΤ available, which are the keypads activated in the parameters of the machine 1 and may include the CLl, CL2, CL3 keyboards and the interface (s) ΓΝΤ.

The keyboard CL3 of the second application is selected by the user, by actuating a button C of the third keyboard CL3, shown in FIGS. 9 and 10. In one embodiment, the button C provides direct access to the tab. account of the first application.

During a second step El2, it is determined whether the list of accounts or the account (s) CU is or are locked.

When in step E12 it has been determined that the list of accounts CU or account (s) CU is or are locked, this list or account (s) can be unlocked during the third step E13, implementing the unlocking in one of the ways described above for the account CU. He returned to step E2 after step El3.

When in step El2, it has been determined that the list of accounts CU or the account (s) CU is or are unlocked, it has moved to the fourth step E14. In the fourth step E14, the list of the user's CU accounts (for example, drop-down), or the user's CU account (s), is displayed. Each account CU displayed is selectable by the user by operating an interface of the machine, which may be for example the keyboard CL1 or CL2 or CL3, for example by selecting a prescribed field CU account displayed.

Then, in the fifth step El5, the user selects a account CU, for example in the manner indicated above.

According to one embodiment, the step E16 may be preceded by an automatic determination step El6b to know if the selected field of the account CU during the step E14 is the password entry field C2.

According to one embodiment, the selection of a CU account during the step E15 by the action of the user on an interface of the machine automatically triggers the sixth step E16, during which the name N2 of The user associated with the account CU is automatically entered in the field Cl from the sharing container FP by the second application APP2, as shown in FIG.

According to one embodiment, the step E16 may be preceded by an automatic determination step El6b to know if the selected field of the account CU during the step E14 is the password entry field C2. If not in step E16bis, it is moved to step E16. If yes, in step E16bis, it goes to step E19. In step E17, the second application APP2 automatically switches to the next field of the account CU and step El8.

According to one embodiment, in step El 8, the second application APP 2 automatically determines whether the next field of the account CU is a secure field. If yes in step E18, it goes to step E19. In the negative in step El8, the second application waits for the user to select via the keyboard CL1 or CL2 or CL3 the second password entry field C2. The selection of the second password entry field C2 by the keyboard CL1 or CL2 or CL3 automatically triggers the transition to step E19.

According to another embodiment, in step El8, the second application APP2 automatically determines whether the next field of the account CU is the second field C2. If not in step El8, it is returned to step E14. If yes in step E18, it goes to step E19.

Of course, the step E16b and / or E18 can be omitted, in which case the second application APP2 automatically goes from step E15 to step E16 and / or the second application APP2 automatically goes from step E17 to step E19. In step El9, the second password MDP2 associated with the IEC account is automatically entered in the field N2 from the sharing container FP by the second application APP2.

Then, in step E20, the second application APP2 automatically validates the authentication or the connection. The user then has access to the DAT data of the first application APP1.

Implementing the sharing container

The sharing FP container can be implemented in different ways. The recording of the applications APP1 and APP2 in the memory may depend on the operating system of the machine 1.

In some operating systems, such as for example Apple's iOS (trademark) system, each application is included in a protected and isolated memory space (in English: sandbox) or a protected container in memory M. Thus, several applications are saved in different respective protected memory spaces. By default, each application can only access files included in its protected memory space.

So that the second application APP2 can access the data DAT of the first application APP1, according to one embodiment in FIG. 6, a group GR of applications is created, grouping together the first application APP1 and at least one part APP20 of the second APP2 application. This part APP20 comprises for example the third keyboard CL3. The first application APP1 and the part APP20 of the second application APP2 are parameterized as part of the same GR group of applications. The first application APP1 has access to its DAT data stored in a first container CN1, which can be or include the account container CC. The APP20 part has access to the aforementioned DAT2 data, which has been previously stored in a second CN2 extension container. The sharing container FP between the first application APP1 and the second application APP2 is created. This sharing container FP is present in the memory MEM in addition to the first and second containers CN1 and CN2. DAT data files of the first APP1 application and DAT2 data of the APP20 part are stored in the sharing FP container.

Some operating systems, such as the one mentioned above, comprise for the first APP application a container for secure storage of password, keys, certificates and notes, such as for example Keychain (registered trademark) of the company Apple. The data stored in the container is encrypted by the system and accessible only from the first APPl application and by the authenticated user.

According to one embodiment, an application sharing FP group is created, grouping the first application APP1, the data DAT2 and the third keyboard CL3 of the second application APP2. When the user activates the third CL3 keyboard, he must allow full access to the sharing FP group.

According to one embodiment, in order to unlock the account CU during the step E2, during the input of the PIN code, the secret key CS is temporarily shared in the FP group of application sharing.

Each keyboard CL1 or CL2 or CL3 or interface ΓΝΤ or button B, C, D or other button or button or interface, mentioned above, can be touch or virtual and be displayed in the form of a touch screen area 11 to be operated or selected by user support on this area.

Claims (11)

1. Device for authenticating a user of a first computer application (APP1), the device comprising a machine (1) comprising at least one display screen (11) and a permanent memory (MEM), in which are registered the first application (APPl) and a second application (APP2) authentication, the first application (APPl) having at least one user account (CU), which is pre-recorded in the memory (MEM), the first application ( APPl) having on the screen (11) at least one button for selecting the account (CU), and for displaying on the screen (11), for the selected account, a first input field (C1) of a first user name (NI), a second input field (C2) of a first password (MDP), and at least one predefined page for accessing data (DAT) of the memory (MEM ) when both the first user name (NI) entered in the first field (C) l) is equal to a second user name (N2) prerecorded in the memory (MEM) and associated with the account (CU) and the first password word (CDM) entered in the second field (C2) is equal to a second password (MDP2) pre-stored in the memory (MEM) and associated with the account (CU), the device comprising at least one keyboard (IEC, CL2) allowing the user to enter the first user name (NI) in the first field (C1) and entering the first word (CDM) pass in the second field (C2), characterized in that the second user name (N2) and the second password (MDP2) are prerecorded in at least one memory sharing container (M) (M) between the first application (APP1) and the second application (APP2), the second application (APP2) comprising at least one button (B, C), adapted to be actuated to automatically trigger the copy, from the sharing container (FP), of the second user name (N2) ur in the first field (Cl) and / or copying, from the sharing container (FP), the second word (MDP2) pass in the second field (C2) for the selected account. 2. Device according to claim 1, characterized in that the machine (1) and / or the first application (APPl) comprises at least one interface (INT, 12, CL1, CL2, CL3) input of at least one account unlocking information (CU), allowing the display of the first and / or second field (C1, C2) of the account (CU) on the screen (11), when the information entered on the interface (INT , 12, CL1, CL2, CL3) corresponds to pre-recorded information in the memory (MEM). 3. Device according to claim 2, characterized in that the interface (INT, 12, CL1, CL2, CL3) input of at least one account unlocking information (CU) comprises a sensor (12) of a biometric imprint of the user, the prerecorded information including a prerecorded biometric imprint. 4. Device according to claim 2 or 3, characterized in that the input interface (INT, 12, CL1, CL2, CL3) of at least one account unlocking information (CU) comprises at least one keyboard ( CL2, CL3) for inputting at least one first personal identification code (PIN), the pre-recorded information including a second personal identification code (PIN2) pre-stored in the memory (MEM), for displaying the first and / or second field (C1, C2) of the account (CU) on the screen (11), when the first personal identification code (PIN) entered is equal to the second personal identification code (PIN2) . 5. Device according to any one of the preceding claims, characterized in that in the container (FP) sharing is recorded a secret key (CS) and / or a secret (SECR) and / or a unique identifier (UUID) of the machine (1) and / or a personal identification code (PIN2) and / or a public key (CP). A method of authenticating a user of a first computer application (APP1) stored on a machine (1) having at least one display screen (11) using a second authentication application (APP2) registered on the machine (1), the first application (APPl) comprising at least one user account (CU), which is pre-stored in a memory (MEM) of the machine (1) and which has on the screen a first field ( Cl) input of a user name (NI) associated with a second field (C2) input of a password (MDP) pass, for accessing data (DAT) of the memory ( MEM), the method in which the user actuates at least one account selection button (CU), which causes the display (11) for the selected account (CU) of a first field (C1) to be displayed on the screen (11). ) input of a first user name (NI) and a second input field (C2) of a first word (MDP) password, and at least one predefined page for accessing data (DAT) of the memory (MEM) when both the first user name (NI) entered in the first field (C1) is equal to a second user name (N2) prerecorded in the memory (MEM) and associated with the account (CU) and the first password word (CDM) entered in the second field (C2) is equal to a second word (MDP2) of prerecorded password in the memory (MEM) and associated with the account (CU), characterized in that the second user name (N2) and the second password (MDP2) are prerecorded in at least one sharing container (FP) of the memory (M) between the first application (APP1) and the second application (APP2), the on-screen operation (1) of at least one button (B, C) of the second application (APP2) by the user automatically triggers the copy, from the sharing container (FP), of the second user name (N2) in the first r field (Cl) and / or copy, from the sharing container (FP), the second word (MDP2) pass in the second field (C2) for the selected account. 7. Method according to claim 6, characterized in that the display on the screen (1) of the first and / or second field (C1, C2) of the account (CU) and / or the account selection button ( CU) is locked by at least one input interface (INT, 12, IEC, CL2, CL3) of at least one account unlocking information (CU), allowing the display of the first and / or second field ( C1, C2) of the account (CU) on the screen (11), when the user has entered on the interface (INT, 12, IEC, CE2, CES) information which corresponds to information pre-stored in the memory ( SAME) 8. A method according to claim 7, characterized in that the interface (INT, 12, CL1, CL2, CL3) input of at least one account unlocking information (CU) comprises a sensor (12) of a biometric imprint of the user, the prerecorded information including a prerecorded biometric imprint. 9. A method according to claim 7 or 8, characterized in that the input interface (INT, 12, CL1, CL2, CL3) of at least one unlocking information of the account (CU) comprises at least one keyboard ( CL2, CL3) for inputting at least one first personal identification code (PIN), the pre-recorded information including a second personal identification code (PIN2) pre-stored in the memory (MEM), for displaying the first and / or second field (C1, C2) of the account (CU) on the screen (11), when the first personal identification code (PIN) entered is equal to the second personal identification code (PIN2) . 10. A method according to any one of claims 6 to 9, characterized in that in the sharing container (FP) is registered a secret key (CS) and / or a secret (SECR) and / or a unique identifier (UUID ) of the machine (1) and / or a personal identification code (PIN2) and / or a public key (CP). 11. Computer program, comprising instructions for implementing the authentication method according to any one of claims 5 to 9, when it is executed on a processor.