GB2397731A - Authenticating a user access request to a secure service over a primary communication channel using data sent over a secondary communication channel - Google Patents
Authenticating a user access request to a secure service over a primary communication channel using data sent over a secondary communication channel Download PDFInfo
- Publication number
- GB2397731A GB2397731A GB0301476A GB0301476A GB2397731A GB 2397731 A GB2397731 A GB 2397731A GB 0301476 A GB0301476 A GB 0301476A GB 0301476 A GB0301476 A GB 0301476A GB 2397731 A GB2397731 A GB 2397731A
- Authority
- GB
- United Kingdom
- Prior art keywords
- channel
- user
- authentication
- communication channel
- over
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 claims abstract description 36
- 230000008569 process Effects 0.000 claims abstract description 22
- 238000013475 authorization Methods 0.000 claims description 5
- 238000010295 mobile communication Methods 0.000 description 13
- 101000775692 Pseudopleuronectes americanus Ice-structuring protein 4 Proteins 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000001994 activation Methods 0.000 description 2
- 238000004883 computer application Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
-
- H04Q7/3802—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Computing Systems (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Software Systems (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A method and apparatus are provided for authenticating a user access request 14 to a secure service over a primary communication channel. At least one secondary substantial real-time communication channel is also opened 16. An authentication process is then performed, with at least part of this process being performed over the secondary channel. Access to the secure service is authorised over the primary channel in dependence on the result of the authentication. The secondary channel may be a telecommunications channel and may be used to deliver a users PIN. Furthermore the authorizing may involve generating a one time usage token 22 which may only be usable only for a predetermined time period, and the usage token may be delivered to the user via the secondary channel.
Description
-1- 2397731
AUTHENTICATION SYSTEM
This invention relates to an authentication system of the type which provides an authorisation to gain access to a secured computer service. A computer service includes a specific computer application or resource, and computer authorization for specific transactions e.g. fund transfers.
Two factor authentication systems are used widely. Usually they require the use of a hardware token device which is carried by a user in combination with a Personal Identification Number (PIN). The hardware token device in combination with the PIN is able to provide a usage token to gain access to a secured service.
Typically this is done by a synchronization process with a server protecting the service. The usage token may be a one time usage token. It may have an expiry time, it may also provide access for a predetermined amount of access time e.g. 2 hours.
If a user requires access to more than one secured service then he will usually have to carry with him a hardware token device for each service. Because of this, recent developments have used the short messaging service provided by mobile phones to transmit a usage token to the user. This is dependent on the user first having correctly entered his PIN into the secured service, usually over the Internet, and possibly also to have answered some personal authentication questions in addition to entry of the PIN. Similarly, some products have also started to use e-mail as the delivery mechanism for the token. This is similar in principal to SMS.
Problems with hardware token devices arise because they can easily be mislaid or stolen. They typically also have a limited life and have to be replaced periodically.
The activation process when they are issued is complex and requires coordination between system set-up, physical delivery of the tokens, and password activation management. They are generally expensive to produce and manage and usually have structures which make them unattractive to many potential users.
Mobile SMS or e-mail options also have problems specific to them. They are not generally regarded as secure delivery services and can easily be hacked into. Also, neither service can guarantee delivery within a particular short time span. They currently work in the outbound direction from a server to a recipient. Therefore, they may incur a cost on the service provider, which would not otherwise be there. Also, 45299-uk this type of messaging does not enable any PIN security to be placed on messages, which include the usage tokens, thereby reducing the security of the system.
We have appreciated that the need for a user to carry a hardware device or to rely on SMS or e-mail delivery of messages can be eliminated.
Accordingly, preferred embodiments of the invention provide an authentication system which uses at least one secondary communication channel at least partially in an authentication process to generate a usage token for a secured service so that access can be made to the secured service over a primary communication channel.
The secondary channel may be a pre-existing channel or a new channel. When reference is made to opening a channel, this may mean opening a new channel or the use of a pre-existing channel. The pre-existing channel may be in place due to the method of operation of the service provider of the secondary channel. For example, it may be there because there is a mobile phone protocol for management channel information, this is the channel used to advise users that there is voicemail waiting, advises users of the local operator name, etc. or it may be established by some software present, e.g. in the operating system, the SIM card, or other means on the device, or for any other reason.
Preferably the secondary channel is used to communicate the one time usage token to the user.
Preferably the secondary channel is a telecommunication channel.
Preferably the secondary channel is used for delivery of a user's PIN to the service.
Preferably the service and the user both communicate with a further server via the primary and secondary channels which further server performs at least part of the authentication process.
Preferably the further server communicates with the user via the secondary channel.
Preferably the further server can communication with the user via the primary channel.
Preferably the further server is able to perform authentications for a plurality of secured services.
45299-uk - 3 - Preferably the further server is able to perform authentications for a plurality of different servers.
The primary and secondary channels may be formed over physically separate links e.g. Internet dial-up and mobile telephone. Alternatively they may be provided via the same physical connection (telecommunications cable) but be effectively separate by the use of different communications protocols, or connections.
The invention is defined with more precision in the appended claims to which reference should now be made.
A preferred embodiment of the invention will now be described in detail by way of example with reference to the accompanying drawings in which: Figure 1 shows a block diagram of a system embodying the invention; Figure 2 shows a block diagram of an authentication server embodying the invention; and Figure 3 is a flow chart showing how the authentication process operates.
Figure 1 shows a user terminal 2. This will typically be a personal computer.
In this example it is a personal computer at a remote location. Using a conventional telephone connection e.g. DSL, leased line. Satellite, radio etc., the user uses the user terminal to connect to a communications network e.g. an Internet service provider (ISP) 4 using well-known techniques. Using the Internet service provider, the user is then able to request access to a particular service stored on a web application server.
This is a secured service and requires an authentication process to be completed before the user can access it.
The web application server 6 is connected to an authentication server 8 which it uses to perform authentication.
The user requests a service in the secured application via the ISP. The request gets as far as the web application server which informs the authentication server 8 that an authentication for a particular service on the web application server 6 is required, and it is ready to start an authentication process.
A further communication channel is opened to the user. Typically this is to a mobile communication device 10 such as a mobile telephone or PDA. The device could also be a standard telephone connected via a landline to the authentication 45299-uk - 4 - server 8. The connection between the authentication server 8 and the communication device 10 can be instigated in a number of different ways. One option is for the authentication server to notify the user terminal 2 via the web application server and the ISP 4 that it is now ready to receive a call from the communication device 10 which will open the second communication channel. The user then calls the authentication server on his mobile communication device 10 using a number he either knows or is advised of by the authentication server 8 via the web application server and the ISP 4. The second communication channel is then opened.
Alternatively, the user may be asked for a number from a known set of numbers, or a new number which should be called in order to open up the second communication channel to the mobile communication device 10. This number is then dialled by the authentication server and the call answered by the user, thereby opening the channel.
Once both channels are open, the authentication process can continue.
The authentication server then uses the communication channels via the web application server and the Internet service provider and via the mobile communication device 10 to ask the user a question or series of questions to determine whether or not a one time usage token to enable access to the secure service should be issued.
The questions asked of the user will typically include a request for either his PIN or a selected subset of his PIN. It may also include additional questions e.g. date of birth of user, mothers maiden name etc. These types of questions are well-known in authentication systems for assuring that the person who is requesting access is who he claims to be. All of the above may request the full answer or some subset of it.
The embodiment of the invention shown in figure 1 uses both of the communication channels to perform the authentication although it could take place only in the second communication channel. The second communication channel is the more secure channel. Preferably most of the users responses to the questions will be provided via the second communication channel as this means the service is protected by two separate communication protocols, potentially over two separate bearers. The user may be requested to put forward his PIN which he may enter via the keypad of a mobile phone which generates touch tone signals or he may speak into the mobile and the PIN is recognised by suitable voice recognition. These are recognised by the 45299-uk - 5 authentication server 8 and the PIN can be checked against that stored for a particular user.
To take full advantage of the two channels available for authentication, it is possible for questions to be asked via one channel and for answers to be given via the other. As the second channel is opened via the mobile communication device 10 it is a separate channel, and it is preferable that the answers be provided on this channel.
Questions can be asked either through the user terminal via the first communication channel or directly to the mobile communication device 10. Question generation is automatic and is stored in the software of the authentication server.
The authentication server can communicate with the mobile communication device 10 using the channel as a voice channel, in which case it will require some means to generate a voice signal.
Thus, it can be seen, that the secondary channel provided to the mobile communication device 10 provides a two-way communication link which can be used in the authentication process.
Once the authentication server 8 is satisfied that the user is who he claims to be, the authentication server can proceed to enable access to the resource. This can be done in a number of ways. A usage token can be provided via the voice channel to the mobile communication device 10 where the user hears it and types it into the user terminal 2. It is then provided via the ISP 4 to the web application server 6 where it is verified by the web additional server. If this verification succeeds it enables access to be made to the selected service by the user who is then able to use the user terminal 2 to use that service.
In an alternative embodiment, the authentication server 8 can provide the authentication to proceed directly to the web application server 6 via its link to that server. The user is then advised that access is possible via the ISP 4 and his terminal 2 and can then start to use the service, or the access may proceed automatically.
The system can be adapted to require different users to go through different authentication processes. These can vary the authentication process and questions asked each time a user tries to make access to a resource. It can also vary the process according to the delivery medium being used for the usage token or any other reason.
The use ofthe direct telephone link to the mobile communication device 10 means that immediate delivery of tokens to a user can be made. In addition the fact 45299-uk - 6 that the channel to the communication device 10 is two way means that a much more thorough authentication process can take place via this more secure link than could take place via the ISP link to the user.
The fact that a voice channel is used means that immediate delivery of tokens is possible thus overcoming the problems normally associated with SMS messaging and e-mail delivery of tokens. However future SMS and email services may provide effective immediate delivery services.
Preferably the authentication server 8 is a third party server which provides an authentication service to a plurality of different web application servers. Such an arrangement is shown in figure 2. In the Figure it can be seen that the authentication server 8 is coupled to a plurality of web application servers 6. Each of these in turn may have a plurality of different resources which users may wish to connect to via the Internet. Thus, the web application servers 6 are all capable of communicating with one or more Internet service providers 4 via Internet connections.
Preferably the web application server is configured to provide services even in the event of some failure by using known techniques such as clustering, dual redundant servers, etc. The authentication server 8 has a plurality of telephone connections 12 available to it, which it can use to dial individual users who might request via the Internet to have access to resources provided on one of the web application servers 6.
They may also be configured to receive calls from users Figure 3 shows a basic flow diagram of one possible operation of the authentication server 8. At 14, a resource request is received from a user. At 16 a second communication channel (the voice channel) is opened to a user. At 18 a user's PIN is checked. This is done by asking for the whole PIN or for a particular subset of it. After this, at 20 other additional authentication checks are performed by prompting the user for responses to various questions. This authentication process as discussed before preferably takes place via the voice channel or via a combination of the voice channel and the Internet connection. If all the checks are satisfactory then at 22 the necessary usage token can be generated and provided to the user or directly to the requested resource.
45299-uk - 7 Sending requests for a PIN and receiving a response over the voice line to the mobile communication device 10 severely restricts the possibility of hacking into the system.
The functions of logging on via the user identifying himself requesting a resource over the Internet and PIN identification are split between two communication channels, the chance of a hacker obtaining all the data required to access the resource are again severely restricted since flowing conversations would have to be intercepted as well as the Internet connection having to be accessed.
One way in which this authentication service can be made attractive to potential customers arises from the arrangement whereby a user is instructed to ring in to the authentication server 8. If a premium price option is in use then this enables the provider of the resource to increase the cost of calls made to the authentication server 8. Thus, each time the authentication request is made additional revenue can be contributed to the owner of the requested resource. The amount could be significant for a much requested resource. Thus by the simple step of charging an increased call charge to a user for every authentication request, additional profits can be generated for this resource provider without any apparent increase in the standard charge of resource access made to the user.
In this case where the authentication server is providing authentication to a plurality of different services or to different servers, all owned by different parties, the authentication server is preferably owned by a single party which provides an authentication service to provide access to the other services. Thus there are further options for raising revenue here by a third party which may take percentage of call charges made in authentication requests by users.
Various modifications to the embodiment described are possible. The access from user terminal need not necessarily be via a network. It may be a more secure dial up connection. It may be to a particular application provided on a stand alone computer. In such a case the communication channel to the service is internal to the computer. However the security of the authentication process is still improved by using the additional channel to the mobile communication device 10 in the authentication process.
The two channels may be via the same network. They may be represented as different windows on the same computer display. The user may be a computer 45299-uk - 8 - application requesting access to a secured service. In which case the secondary channel may be connected to the computer application or some other third party.
Token generation and delivery may take place prior to access being requested to the secured service.
Access may be for a period of time and may subsequently be revoked at the time of expiration or in response to some other event, e.g. break-in detection.
The system can be set up to enable a user to enter an emergency PIN. This would notify the service of an emergency. It would then appear to the user to operate as normal, but in fact the apparent operation would not take place. This would be useful if a user was being threatened by a third party to provide access to the secured service.
The secured service may include a resource, an application, some part of an application, or a transaction. In the latter case a new authentication will preferably be required for each access.
A simplified authentication process may involve the authentication system recognising a call from a known user's mobile communication device and providing a usage token or other authority to proceed directly to the service without answering the call, thereby saving costs.
The authentication process could all take place in the server on which the requested service resides.
45299-uk - 9
Claims (16)
1. A method for authenticating a user access request to a secured service over a primary communication channel comprising the steps of: opening at least one secondary substantially real time communication channel to the user; performing at least part of an authentication process over the secondary channel; and authorizing access to be made to the secure service over the primary channel.
2. A method according to claiml in which the authorizing step includes the step of generating a usage token.
3. A method according to claim 2 in which the usage token comprises a one time usage token.
4. A method according to claim 2 or 3 in which the usage token is usable only for a predetermined period of time.
5. A method according to any preceding claim in which only the secondary channel is used in the authentication process to cause the authorization to be generated.
6. A method according to claim 2, 3 or 4 in which the usage token is delivered to the user via the secondary channel.
7. A method according to any preceding claim in which the secondary channel is a telecommunications channel.
8. A method according to any preceding claim in which the secondary channel is used to deliver a user's P - . 45299-uk - 10
9. A method according to any preceding claim in which the method is performed by an authentication server coupled to the primary and secondary channels.
10. An authentication system to provide access to a secured service over a primary communication channel over which access requests are received, a secondary substantially real time communication channel, means for generating an authorization for the secured service, and means for performing at least part of an authentication over the secondary communication channel.
11. A system according to claim 7 in which access to the service is provided over the primary channel and only the secondary channel is used in the authentication process to cause the authorization to be generated.
12. A system according to claim 7 or 8 in which the usage token is delivered to the user via the secondary channel.
13. A system according to claims 7, 8 or 9 in which the secondary channel is a telecommunications channel.
14. A system according to any of claims 7 to 10 in which the secondary channel is used to deliver a user's PIN.
15. A system according to any of claims 7 to 11 comprising an authentication server coupled to the primary and secondary channels and also coupled to a separate server on which the secured service is located.
16. A system according to claim 12 in which the authentication server is coupled to a plurality of servers on which secured services are located.
45299-uk
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0301476A GB2397731B (en) | 2003-01-22 | 2003-01-22 | Authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0301476A GB2397731B (en) | 2003-01-22 | 2003-01-22 | Authentication system |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB0301476D0 GB0301476D0 (en) | 2003-02-19 |
| GB2397731A true GB2397731A (en) | 2004-07-28 |
| GB2397731B GB2397731B (en) | 2006-02-22 |
Family
ID=9951603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0301476A Expired - Lifetime GB2397731B (en) | 2003-01-22 | 2003-01-22 | Authentication system |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2397731B (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1624360A1 (en) * | 2004-06-30 | 2006-02-08 | Microsoft Corporation | Secure certificate enrollment of device over a cellular network |
| EP1705867A1 (en) * | 2005-03-15 | 2006-09-27 | Avaya Technology Llc | Granting privileges to a telecommunications terminal based on the relationship of a first signal to a second signal |
| WO2007044882A2 (en) | 2005-10-11 | 2007-04-19 | Philip Yuen | System and method for authorization of transactions |
| WO2007073352A1 (en) * | 2005-12-19 | 2007-06-28 | Veritas Mobile Solutions Pte. Ltd. | METHOD FOR SECURE TRANSMITTAL OF PINs OVER TELECOMMUNICATIONS NETWORKS |
| WO2007099295A2 (en) * | 2006-02-28 | 2007-09-07 | Orange Sa | System and method for controlling network access |
| EP1914657A2 (en) | 2006-10-19 | 2008-04-23 | Fuji Xerox Co., Ltd. | Authentication system, authentication-service-providing device, authentication-service-providing method, and program |
| WO2008128553A1 (en) * | 2007-04-20 | 2008-10-30 | Gigaset Communications Gmbh | Method, terminal and communication system for verifying call numbers for services of at least one communication network |
| EP2074524A2 (en) * | 2005-10-11 | 2009-07-01 | Philip Yuen | System and method for authorization of transactions |
| WO2009149723A1 (en) * | 2008-06-10 | 2009-12-17 | Nec Europe, Ltd. | Method and system for executing online transactions |
| FR2951000A1 (en) * | 2009-10-05 | 2011-04-08 | Guy Tompouce | Method for secure identification of e.g. expiration date of bank card over Internet, during on-line payment process, involves entering secondary identification unit obtained via telephonic call to key, on identification page |
| EP2334111A1 (en) * | 2009-12-14 | 2011-06-15 | Research In Motion Limited | Authentication of mobile devices over voice channels |
| US8190201B2 (en) | 2010-01-25 | 2012-05-29 | Research In Motion Limited | Verifying and identifying incoming PBX calls on mobile devices |
| US8301117B2 (en) | 2009-12-14 | 2012-10-30 | Research In Motion Limited | Authenticating voice calls from mobile devices |
| US8352376B2 (en) | 2005-10-11 | 2013-01-08 | Amazon Technologies, Inc. | System and method for authorization of transactions |
| GB2492973A (en) * | 2011-07-15 | 2013-01-23 | Validsoft Uk Ltd | An authentication system and method |
| US8385888B2 (en) | 2009-12-14 | 2013-02-26 | Research In Motion Limited | Authentication of mobile devices over voice channels |
| ITPN20130004A1 (en) * | 2013-01-14 | 2014-07-15 | Giovanni Zago | PASSWORD AUTHENTICATION METHOD |
| US8893243B2 (en) | 2008-11-10 | 2014-11-18 | Sms Passcode A/S | Method and system protecting against identity theft or replication abuse |
| US9009309B2 (en) | 2007-07-11 | 2015-04-14 | Verizon Patent And Licensing Inc. | Token-based crediting of network usage |
| US10198764B2 (en) | 2008-03-27 | 2019-02-05 | Amazon Technologies, Inc. | System and method for message-based purchasing |
| US11601807B2 (en) | 2017-05-30 | 2023-03-07 | Belgian Mobile Id Sa/Nv | Mobile device authentication using different channels |
| US11669816B2 (en) | 2009-01-08 | 2023-06-06 | Visa Europe Limited | Payment system |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8447700B2 (en) | 2005-10-11 | 2013-05-21 | Amazon Technologies, Inc. | Transaction authorization service |
| US8239326B1 (en) | 2007-09-19 | 2012-08-07 | Amazon Technologies, Inc. | Method and apparatus for authorizing transactions using transaction phrases in a transaction authorization service |
| US8204827B1 (en) | 2008-03-27 | 2012-06-19 | Amazon Technologies, Inc. | System and method for personalized commands |
| US8620826B2 (en) | 2008-03-27 | 2013-12-31 | Amazon Technologies, Inc. | System and method for receiving requests for tasks from unregistered devices |
| GB2466676A (en) | 2009-01-06 | 2010-07-07 | Visa Europe Ltd | A method of processing payment authorisation requests |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001015381A1 (en) * | 1999-08-21 | 2001-03-01 | Danal Co., Ltd. | User authentication system using second connection path |
| EP1107089A1 (en) * | 1999-12-11 | 2001-06-13 | Connectotel Limited | Strong authentication method using a telecommunications device |
| WO2001044940A1 (en) * | 1999-12-15 | 2001-06-21 | Authentify, Inc. | Dual network system and method for online authentication or authorization |
| WO2001099378A1 (en) * | 2000-06-22 | 2001-12-27 | Icl Invia Oyj | Arrangement for authenticating user and authorizing use of secured system |
| WO2002019593A2 (en) * | 2000-08-30 | 2002-03-07 | Telefonaktiebolaget Lm Ericsson (Publ) | End-user authentication independent of network service provider |
| GB2377523A (en) * | 2001-04-12 | 2003-01-15 | Netdesigns Ltd | User identity verification system |
-
2003
- 2003-01-22 GB GB0301476A patent/GB2397731B/en not_active Expired - Lifetime
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001015381A1 (en) * | 1999-08-21 | 2001-03-01 | Danal Co., Ltd. | User authentication system using second connection path |
| EP1107089A1 (en) * | 1999-12-11 | 2001-06-13 | Connectotel Limited | Strong authentication method using a telecommunications device |
| WO2001044940A1 (en) * | 1999-12-15 | 2001-06-21 | Authentify, Inc. | Dual network system and method for online authentication or authorization |
| WO2001099378A1 (en) * | 2000-06-22 | 2001-12-27 | Icl Invia Oyj | Arrangement for authenticating user and authorizing use of secured system |
| WO2002019593A2 (en) * | 2000-08-30 | 2002-03-07 | Telefonaktiebolaget Lm Ericsson (Publ) | End-user authentication independent of network service provider |
| GB2377523A (en) * | 2001-04-12 | 2003-01-15 | Netdesigns Ltd | User identity verification system |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1624360A1 (en) * | 2004-06-30 | 2006-02-08 | Microsoft Corporation | Secure certificate enrollment of device over a cellular network |
| EP1705867A1 (en) * | 2005-03-15 | 2006-09-27 | Avaya Technology Llc | Granting privileges to a telecommunications terminal based on the relationship of a first signal to a second signal |
| US7949114B2 (en) | 2005-03-15 | 2011-05-24 | Avaya Inc. | Granting privileges to a telecommunications terminal based on the relationship of a first signal to a second signal |
| US7751547B2 (en) | 2005-03-15 | 2010-07-06 | Avaya Inc. | Extending a call to a telecommunications terminal through an intermediate point |
| EP2074524A2 (en) * | 2005-10-11 | 2009-07-01 | Philip Yuen | System and method for authorization of transactions |
| WO2007044882A2 (en) | 2005-10-11 | 2007-04-19 | Philip Yuen | System and method for authorization of transactions |
| EP2074524A4 (en) * | 2005-10-11 | 2011-08-24 | Philip Yuen | System and method for authorization of transactions |
| US8352376B2 (en) | 2005-10-11 | 2013-01-08 | Amazon Technologies, Inc. | System and method for authorization of transactions |
| WO2007073352A1 (en) * | 2005-12-19 | 2007-06-28 | Veritas Mobile Solutions Pte. Ltd. | METHOD FOR SECURE TRANSMITTAL OF PINs OVER TELECOMMUNICATIONS NETWORKS |
| WO2007099295A3 (en) * | 2006-02-28 | 2007-12-06 | Orange Sa | System and method for controlling network access |
| WO2007099295A2 (en) * | 2006-02-28 | 2007-09-07 | Orange Sa | System and method for controlling network access |
| EP1914657A2 (en) | 2006-10-19 | 2008-04-23 | Fuji Xerox Co., Ltd. | Authentication system, authentication-service-providing device, authentication-service-providing method, and program |
| EP1914657A3 (en) * | 2006-10-19 | 2011-11-30 | Fuji Xerox Co., Ltd. | Authentication system, authentication-service-providing device, authentication-service-providing method, and program |
| WO2008128553A1 (en) * | 2007-04-20 | 2008-10-30 | Gigaset Communications Gmbh | Method, terminal and communication system for verifying call numbers for services of at least one communication network |
| US9009309B2 (en) | 2007-07-11 | 2015-04-14 | Verizon Patent And Licensing Inc. | Token-based crediting of network usage |
| US10198764B2 (en) | 2008-03-27 | 2019-02-05 | Amazon Technologies, Inc. | System and method for message-based purchasing |
| WO2009149723A1 (en) * | 2008-06-10 | 2009-12-17 | Nec Europe, Ltd. | Method and system for executing online transactions |
| US8893243B2 (en) | 2008-11-10 | 2014-11-18 | Sms Passcode A/S | Method and system protecting against identity theft or replication abuse |
| US11669816B2 (en) | 2009-01-08 | 2023-06-06 | Visa Europe Limited | Payment system |
| FR2951000A1 (en) * | 2009-10-05 | 2011-04-08 | Guy Tompouce | Method for secure identification of e.g. expiration date of bank card over Internet, during on-line payment process, involves entering secondary identification unit obtained via telephonic call to key, on identification page |
| US8548432B2 (en) | 2009-12-14 | 2013-10-01 | Blackberry Limited | Authenticating voice calls from mobile devices |
| EP2334111A1 (en) * | 2009-12-14 | 2011-06-15 | Research In Motion Limited | Authentication of mobile devices over voice channels |
| US8385888B2 (en) | 2009-12-14 | 2013-02-26 | Research In Motion Limited | Authentication of mobile devices over voice channels |
| US8301117B2 (en) | 2009-12-14 | 2012-10-30 | Research In Motion Limited | Authenticating voice calls from mobile devices |
| US8428647B2 (en) | 2010-01-25 | 2013-04-23 | Research In Motion Limited | Verifying and identifying incoming PBX calls on mobile devices |
| US8190201B2 (en) | 2010-01-25 | 2012-05-29 | Research In Motion Limited | Verifying and identifying incoming PBX calls on mobile devices |
| GB2492973A (en) * | 2011-07-15 | 2013-01-23 | Validsoft Uk Ltd | An authentication system and method |
| GB2492973B (en) * | 2011-07-15 | 2015-10-14 | Validsoft Uk Ltd | Authentication system and method therefor |
| ITPN20130004A1 (en) * | 2013-01-14 | 2014-07-15 | Giovanni Zago | PASSWORD AUTHENTICATION METHOD |
| US11601807B2 (en) | 2017-05-30 | 2023-03-07 | Belgian Mobile Id Sa/Nv | Mobile device authentication using different channels |
Also Published As
| Publication number | Publication date |
|---|---|
| GB0301476D0 (en) | 2003-02-19 |
| GB2397731B (en) | 2006-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| GB2397731A (en) | Authenticating a user access request to a secure service over a primary communication channel using data sent over a secondary communication channel | |
| US20240179244A1 (en) | System and method for electronic notification in institutional communications | |
| US9300792B2 (en) | Registration, verification and notification system | |
| US6782080B2 (en) | Arrangement for authenticating user and authorizing use of secured system | |
| US6310873B1 (en) | Internet telephony directory server | |
| US20040010472A1 (en) | System and method for verifying information | |
| EP0765068A2 (en) | Interactive and information data services telephone billing system | |
| US7940913B2 (en) | System and method for improved contact center services to disabled callers | |
| US20110313924A1 (en) | Method and service computer and system for transacting a monetary amount | |
| WO2001050682A1 (en) | Communication using virtual telephone numbers | |
| JPH11507451A (en) | System for detecting unauthorized account access | |
| KR20100038990A (en) | Apparatus and method of secrity authenticate in network authenticate system | |
| CN101808094A (en) | Identity authentication system and method | |
| JP2003523569A (en) | Method for confirming authentication of service user's ID and apparatus for implementing the method | |
| RU2439702C2 (en) | Method to execute transaction between two servers with pre-check of validity by means of two mobile telephones | |
| US20050190904A1 (en) | Method for performing network-based telephone user identification | |
| KR20090123313A (en) | Method and system for money transaction pre-verification having prevention phishing | |
| KR20020027433A (en) | Transmission method of instant message of wire and wireless using short message | |
| EP1739588A1 (en) | Method and system for registration and user identification of web users | |
| KR102376486B1 (en) | Method for providing financial counseling with enhanced security | |
| US20080063163A1 (en) | Selectively adding a third party to a collect call | |
| KR100974791B1 (en) | Method and system for authentication and authentication server | |
| JPH1040203A (en) | Method for authenticating information receiving person | |
| JPH06197175A (en) | Consent or refusal judgement system for credit card call | |
| US20110110506A1 (en) | Selectively adding a third party to a collect call |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 732E | Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977) |
Free format text: REGISTERED BETWEEN 20120531 AND 20120606 |
|
| 732E | Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977) |
Free format text: REGISTERED BETWEEN 20180222 AND 20180228 |
|
| PE20 | Patent expired after termination of 20 years |
Expiry date: 20230121 |