GB2434663A - Mutual authentication using a pair of one-time passwords - Google Patents

Mutual authentication using a pair of one-time passwords Download PDF

Info

Publication number
GB2434663A
GB2434663A GB0600703A GB0600703A GB2434663A GB 2434663 A GB2434663 A GB 2434663A GB 0600703 A GB0600703 A GB 0600703A GB 0600703 A GB0600703 A GB 0600703A GB 2434663 A GB2434663 A GB 2434663A
Authority
GB
United Kingdom
Prior art keywords
party
user
transaction
passwords
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0600703A
Other versions
GB0600703D0 (en
GB2434663B (en
Inventor
Yurong Lin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DEEPNET SECURITY Ltd
DEEPNET SECURITY Ltd
DEEPNET TECHNOLOGIES Ltd
Original Assignee
DEEPNET SECURITY Ltd
DEEPNET SECURITY Ltd
DEEPNET TECHNOLOGIES Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DEEPNET SECURITY Ltd, DEEPNET SECURITY Ltd, DEEPNET TECHNOLOGIES Ltd filed Critical DEEPNET SECURITY Ltd
Priority to GB0600703A priority Critical patent/GB2434663B/en
Publication of GB0600703D0 publication Critical patent/GB0600703D0/en
Publication of GB2434663A publication Critical patent/GB2434663A/en
Application granted granted Critical
Publication of GB2434663B publication Critical patent/GB2434663B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • H04L29/06789
    • H04L29/06816
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Abstract

The present invention provides methods and systems for authenticating the parties to a transaction over a computer network. A first party to the transaction is provided with a pair of one-time passwords (OTP) and a second party is independently provided with the same pair of one-time passwords. The first party transmits a first one of the one-time passwords to the second party and the second party transmits the other of the one-time passwords to the first party. Each party can then authenticate the other by comparing the received one-time password with the password they have been provided (but which they have not transmitted). Where the transaction is between a user and a server, preferably the one-time passwords provided to the user are generated using a non-dedicated hand held device such as a mobile phone. The received password may be displayed to the user so that the comparison can be made visually.

Description

<p>1 2434663 One-time Password Authentication</p>
<p>Field of the Invention</p>
<p>The present invention relates to one-time password (OTP) authentication methods and systems for authenticating parties to a transaction over a computer network. The invention is particularly suited to authenticating parties communicating over a public network such as the Internet.</p>
<p>Background</p>
<p>An increasing number of personal and business transactions are being carried out over the Internet. The Internet is a very efficient mechanism for communication between parties to a transaction but suffers from the draw back that there is potentially a great deal of uncertainty as to the authenticity of the parties to the transaction. Typically the parties to a transaction will be a user (private or business) on the one hand and a server associated with a commercial organisation (e.g. a financial institution or online commerce website) on the other hand. The user interacts with one or more automated services running on the server to complete a transaction.</p>
<p>It is now very common for the user to authenticate themselves to the server. In simple systems this may be achieved using a static password. The user identifies themselves to the server with a user name and also provides their password. The server then authenticates the user by ensuring that the password that has been provided is correct for the user in question (as identified by their user name). Systems using static passwords are, however, not very secure. The password may be relatively easily compromised using key logging software for example or simply by a third party observing a user when they are entering their password.</p>
<p>To increase the security of systems using static passwords is it known to use more than one static password and/or a user may only be asked for selected parts (e.g. letters or digits) of a password in any one transaction to avoid key logging software capturing complete passwords.</p>
<p>Other more sophisticated systems tend to use one-time passwords (OTP) to authenticate users. One-time passwords are generated at the time of use and are only valid at that time.</p>
<p>A user of a system with OTP authentication will typically possess an OTP calculator', a dedicated device that operates to generate the necessary OTP based on a predefined algorithm In some instances, the user will be required to enter a PIN or other user-specific identification code into the OTP device, as an input to the algorithm, to generate the OTP. In this way, even if the device itself is stolen, it cannot be used. Although the use of OTP authentication offers enhances security, the requirement that the user must be issued with a dedicated OTP calculator, and the costs and practical issues associated with this, means that such systems are not widely deployed Server authentication, that is the server authenticating itself to the user, is still less common but the demand for it is growing as a result of factors such as the rapidly increasing incidences of Phishing and other Internet-based fraud. Certificate based (especially PKI -Public Key Infrastructure -certificate) authentication is the main form of server authentication used.</p>
<p>However, it is not well understood by a majority of users and is therefore open to abuse.</p>
<p>Another scheme for server authentication for web-based transactions is the display on a web page during the transaction of text, graphics or some other content that has been supplied by or pre-selected by the user. The principal is that if the user sees the e.g. phrase or image that they have supplied or chosen then they know that the web page they are viewing, and hence the server it originates from is authentic. Examples include Cyota Inc.'s "eStamp"TM product CRrM) and Passmark Security LLC's "PassMark"concept described in their WO 2004/102338.</p>
<p>These approaches are, however, also vulnerable to being spoofed as it is possible to capture the user's chosen image or pass phrase at the user's client using image logging or screen capture software The captured image or pass phrase can then be reused fraudulently in e.g. a Phishing attack.</p>
<p>Summary of Invention</p>
<p>The present invention proposes the exchange of one-time passwords to authenticate both parties to a transaction over a computer network. In preferred embodiments, at least one of the parties uses a non-dedicated handheld device to generate the one-time passwords.</p>
<p>Preferred non-dedicated devices include mobile (e.g. cellular) telephones, personal digital assistants (PDAs) or other general purpose handheld computers.</p>
<p>The term "transaction" used herein does not necessarily mean a commercial transaction involving a payment, although it includes this. The term includes the sending and or receiving of any network message (e.g. request and/or response) or other data to or from either or both of the parties. Generally the transaction, subsequent to authentication of the parties, will involve an exchange of network messages or other data but in some embodiments the communication may be one way only once the authentication process is complete.</p>
<p>"Non-dedicated" devices are devices that have an intended primary purpose other than the provision of one-time passwords.</p>
<p>In a first aspect, the present invention provides a method of authenticating the parties to a transaction over a computer network, the method comprising: a first party to the transaction being provided with a pair of one-time passwords; a second party to the transaction being independently provided with the same pair of one-time passwords; and the first party transmitting a first one of the one-time passwords to the second party and the second party transmitting the other of the one-time passwords to the first party.</p>
<p>Each party can confirm the authenticity of the other party by comparing the one-time password received from the other party with the corresponding one-time password that they have been provided with. If the passwords match, the other party can be assumed to be authentic.</p>
<p>Typically one of the parties to the transaction will be a user participating in the transaction via a client device connected or connectable to the computer network. The client device may, for example, be a desktop, laptop or handheld personal computer or a mobile telecommunications device such as a cellular or satellite telephone. The connection from the client device to the network may be a wired or a wireless connection. The network will typically be a public network such as the Internet for example.</p>
<p>The other party to the transaction will typically be a server connected to or connectable to the computer network.</p>
<p>The one-time passwords provided to at least one of the parties to the transaction are preferably generated using an OTP generating device separate from the device via which that party connects to the computer network. The OTP generating device is preferably a portable hand held.</p>
<p>The OTP generating device may be a dedicated device but more preferably it is a non-dedicated device, such as a mobile (e.g. cellular) telephone, PDA or other handheld personal computer. A single, non-dedicated device such as this can be used for generating one-time password pairs for any number of online services, applications or other products.</p>
<p>Where the transaction is between a user and a server, the user will generally possess an OTP generating device to provide them with their pairs of one-time passwords, whereas the one-time passwords will typically be provided to the server by an application running on the server or another device connected to the server.</p>
<p>The one-time passwords are generated in accordance with an algorithm, the same algorithm being used to provide the pairs of one-time passwords to both parties. The two passwords of each pair may be generated using two distinct calculations using the same or different algorithms (if the same algorithms are used, at least one if the inputs will be different between the two calculations in order that the two passwords of the pair are not the same).</p>
<p>Alternatively, the pair of passwords may be generated using a single calculation employing an algorithm that provides two password outputs.</p>
<p>The one-time passwords may be generated in accordance with the OATH (Open Authentication) One-Time Password standard.</p>
<p>Once the parties have been authenticated, it may in some instances be desirable to digitally sign subsequent communications between the parties, e.g. for non-repudiation purposes.</p>
<p>Preferably communications passing in both directions are signed, but in some cases it may only be communications passing in one direction that are signed (e.g. from client to server or vice versa). Advantageously, one or both of the parties can digitally sign such communications using a one-time password generated contemporaneously with the transmission of the respective communication and that is preferably generated from the data that is to be signed.</p>
<p>In a second aspect, the invention provides a system, operable in accordance with the method of the first aspect above, for authenticating first and second parties to a transaction over a computer network, the system comprising: a first party authentication system; and a second party authentication system; each of the first party authentication system and second party authentication system comprising a one-time password generator for generating a pair of one-time passwords, a transmitter for transmitting via the computer network, manual keyboard entry or visual screen display one of the pair of one-time passwords to the other authentication system, and a receiver for receiving the one-time password transmitted by the other authentication system.</p>
<p>Preferably one or both of the first party and second party authentication systems further comprise a comparator for comparing the received one-time password with one of the passwords of the locally generated pair. Where one of the parties is a user (i.e. a person) an alternative is for their respective authentication system to include a display for displaying the received one-time password so that the comparison can be made visually by the user.</p>
<p>Preferably the first party is a user and the second party is a server.</p>
<p>The authentication system for each party may be a single unitary device, for example a server computer or personal computer. It is preferred, however, that at least where one of the parties is a user, their function of their associated authentication system is divided between at least two devices, with the one-time password generator being provided by a separate device, preferably a handheld device.</p>
<p>For example, in a preferred embodiment, the transmission and reception functions of a user's authentication system are provided by a personal computer that communicates with the server via the computer network, whilst the one-time password generator is a separate non-dedicated device such as a mobile (e.g. cellular) telephone, PDA or other handheld personal computer.</p>
<p>The password generator device may be interfaced to the personal computer in any appropriate manner to transfer one of the one-time passwords to the computer for transmission to the server. Conveniently, this interface' may simply be provided by the user viewing the password on a display of the password generator and manually inputting it to the personal computer using a conventional input device (keyboard, mouse, tablet, etc).</p>
<p>In a third aspect, the invention provides a one-time password generator comprising a non-dedicated password generator device having a memory, a processor and a display, and a password generating application installed in the memory of the device, the application being executable by the processor of the device to generate a pair of one-time passwords and to display the generated pair of passwords on the display of the device.</p>
<p>The invention also provides computer software comprising the password generating application of the third aspect above, either alone or on a computer readable medium.</p>
<p>In another aspect, the invention provides a computer program comprising code that is executable on a computer or computer network to cause the computer or computer network to operate in accordance with the method of the first aspect above. The invention also provides a computer readable medium comprising this computer program.</p>
<p>Brief Description of Drawings</p>
<p>Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings, in which: Fig I shows schematically a system in accordance with an embodiment of the present invention, and Fig. 2 illustrates a method of operating the system of fig. 1</p>
<p>Description of Embodiment</p>
<p>Figure 1 illustrates a system for completing a transaction between a user 2 and an online service resident on a server 4 The service may, for example, be a banking service, an e-commerce service or an information service. In such transactions it can be important to verify the authenticity of both the user 2 and the server 4.</p>
<p>Preferred embodiments of the present invention propose to achieve this authentication by using a two-way exchange of one-time passwords. Each of the user 2 and the server 4 is provided with a pair of one-time passwords, referred to in the following as OTP 1' and OTP 2'. One of the passwords is sent from the user 2 to the server 4 and the other from the server 4 to the user 2. If the same algorithm is used to generate both password pairs, which will be the case is both parties to the transaction are authentic, then the passwords will match. If the passwords do not match, then the transaction can be terminated before there is any significant exchange of data (e.g. personal details) between the user and the server.</p>
<p>The user 2 interacts with the server 4 using a personal computer 6 or other device that can communicate with the server 4 via the Internet 10 or some other communications network.</p>
<p>The user also has a separate password generating device 8, which in this example is a non-dedicated device such as a mobile (e g. cellular or satellite) telephone, PDA or other handheld computer.</p>
<p>The password generating device has a password generating application installed on it, incorporating the algorithm for generating the one-time password pairs at the request of the user. For example the user may select an item from a menu in the device's graphical user interface or press a predetermined key or keys or a sequence of keys to launch the application and cause it to generate a pair of passwords. The passwords may only be valid for a limited period of time. If a transaction with the server 4 is not initiated within this period then a new pair of passwords must be generated. Additionally or alternatively, the passwords may be valid only for a single use.</p>
<p>Fig. 2 illustrates the authentication method used in the system of fig. 1.</p>
<p>First, having decided they wish to complete a transaction with the server 4, the user 2 executes the password generating application on their e.g. mobile telephone 8 to generate a pair of one-time passwords (OTP 1 and OTP 2). The user 2 then initiates the transaction with the server 4 using their personal computer 6 For instance, they may open a web browser application and navigate to a particular web page associated with the particular service on the server in which they are interested As part of the process of initiating the transaction with the server 4 the user will be required to submit to the server a user name or some other unique identifier along with a specific one of the one-time passwords that they have generated, OTP I in the present case.</p>
<p>The server receives OTP 1 and the user ID. Based on the identity of the user, the server then executes a password generation application running on or accessible to the server to generate its own pair of one-time passwords. The server password generation application uses the same algorithm as used by the user's password generating device 8, so in principle the same pair of passwords is generated (OTP 1, OTP 2).</p>
<p>The server 4 then compares OTPI received from the user 2 with OTP I that it has generated itself. If they match, the server has confirmation that the user is authentic. If they do not match the user is not authentic or some error has occurred and the transaction is terminated.</p>
<p>The user may be sent an error message in these circumstances.</p>
<p>Assuming the passwords do match, the authentication process continues with the server sending OTP 2 to the user's personal computer (for instance, displaying it in a web page in the browser application). The user 2 can then check whether OTP 2 received from the server matches OTP 2 that they have generated locally, simply by comparing the password displayed on the web page with the corresponding password on the display of their e.g. mobile telephone 8. If the passwords match then the user knows that the server is authentic and can proceed with the transaction If not, the user can choose to terminate the transaction.</p>
<p>One or more subsequent data transmissions between the parties during the course of the transaction may be digitally signed using one-time passwords as digital signatures. For instance, the server can provide a data item to be signed to the use, the user can input the data to their one-time password generator to generate a new OTP, which can then be sent to the server where it can be verified The skilled person will appreciate that the specific embodiment described above is given by way of example only. Many and various modifications are possible within the scope of the invention.</p>

Claims (1)

  1. <p>Claims 1. A method of authenticating the parties to a transaction over
    a computer network, the method comprising: a first party to the transaction being provided with a pair of one-time passwords; a second party to the transaction being independently provided with the same pair of one-time passwords; and the first party transmitting a first one of the one-time passwords to the second party and the second party transmitting the other of the one-time passwords to the first party.</p>
    <p>2. A method according to claim 1, wherein one of the parties to the transaction is a user participating in the transaction via a client device connected or connectable to the computer network.</p>
    <p>3. A method according to claim 2, wherein the other party to the transaction is a server connected to or connectable to the computer network.</p>
    <p>4. A method according to any one of the preceding claims, wherein the one-time passwords provided to at least one of the parties to the transaction are generated using an OTP generating device separate from the device via which that party connects to the computer network.</p>
    <p>5. A method according to claim 4, wherein the OTP generating device is a portable hand held device.</p>
    <p>6. A method according to claim 5, wherein the OTP generating device is a non-dedicated device, such as a mobile (e.g. cellular) telephone, PDA or other handheld personal : * computer. * S.. S'S.</p>
    <p>* 30 7. A method according to any one of the preceding claims, wherein once the parties ** ,* have been authenticated, subsequent communications between the parties are digitally signed * S. * * * using a one-time password generated contemporaneously with the transmission of the respective communication. 0** * S S</p>
    <p>* 35 8. A system for authenticating first and second parties to a transaction over a computer *::::* network, the system comprising: a first party authentication system; and a second party authentication system; each of the first party authentication system and second party authentication system comprising a one-time password generator for generating a pair of one-time passwords, a transmitter for transmitting via the computer network, manual keyboard entry or visual screen display one of the pair of one-time passwords to the other authentication system, and a receiver for receiving the one-time password transmitted by the other authentication system.</p>
    <p>9. A system according to claim 8, wherein one or both of the first party and second party authentication systems further comprise a comparator for comparing the received one-time password with one of the passwords of the locally generated pair.</p>
    <p>10. A system according to claim 8, wherein one of the parties is a user (i.e. a person) and their respective authentication system includes a display for displaying the received one-time password so that the comparison can be made visually by the user.</p>
    <p>11. A system according to any one of claims 8 to 10, wherein the first party is a user and the second party is a server.</p>
    <p>12. A system according to claim 8, wherein one of the parties is a user, transmission and reception functions of the user's authentication system being provided by a personal computer that communicates with the server via the computer network and the one-time password generator being a separate non-dedicated device such as a mobile (e.g. cellular) telephone, FDA or other handheld personal computer.</p>
    <p>13. A one-time password generator comprising a non-dedicated password generator device having a memory, a processor and a display, and a password generating application installed in the memory of the device, the application being executable by the processor of the device to generate a pair of 30 one-time passwords and to display the generated pair of passwords on the display of the ** device.</p>
    <p>* *. a * a * * 14. A computer program comprising code that is executable on a digital processing device to cause the digital processing device to operate as a one-time password generator * a * * 35 according to claim 13. **** * S S...</p>
    <p>15. A computer program comprising code that is executable on a computer or computer network to cause the computer or computer network to operate in accordance with the method of any one of claims 1 to 7.</p>
GB0600703A 2006-01-13 2006-01-13 One-time password authentication Expired - Fee Related GB2434663B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0600703A GB2434663B (en) 2006-01-13 2006-01-13 One-time password authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0600703A GB2434663B (en) 2006-01-13 2006-01-13 One-time password authentication

Publications (3)

Publication Number Publication Date
GB0600703D0 GB0600703D0 (en) 2006-02-22
GB2434663A true GB2434663A (en) 2007-08-01
GB2434663B GB2434663B (en) 2010-12-15

Family

ID=35998017

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0600703A Expired - Fee Related GB2434663B (en) 2006-01-13 2006-01-13 One-time password authentication

Country Status (1)

Country Link
GB (1) GB2434663B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010127945A1 (en) * 2009-05-07 2010-11-11 Haute Ecole Specialisee Bernoise Authentication method
US20110035593A1 (en) * 2005-06-29 2011-02-10 Microsoft Corporation Establishing secure mutual trust using an insecure password
US8281375B2 (en) * 2007-01-05 2012-10-02 Ebay Inc. One time password authentication of websites
US8543829B2 (en) 2007-01-05 2013-09-24 Ebay Inc. Token device re-synchronization through a network solution

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001031840A1 (en) * 1999-10-29 2001-05-03 Nokia Corporation Method and arrangement for reliably identifying a user in a computer system
WO2004070506A2 (en) * 2003-02-06 2004-08-19 Consiglio Nazionale Delle Ricerche - Infm Istituto Nazionale Per La Fisica Della Materia A method and system for identifying an authorized individual by means of unpredictable single-use passwords
JP2006004020A (en) * 2004-06-15 2006-01-05 Masakatsu Morii One-time password authentication system and method
GB2430850A (en) * 2005-09-29 2007-04-04 Hewlett Packard Development Co Using One-Time Pad (OTP) data to evidence the possession of a particular attribute

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001031840A1 (en) * 1999-10-29 2001-05-03 Nokia Corporation Method and arrangement for reliably identifying a user in a computer system
WO2004070506A2 (en) * 2003-02-06 2004-08-19 Consiglio Nazionale Delle Ricerche - Infm Istituto Nazionale Per La Fisica Della Materia A method and system for identifying an authorized individual by means of unpredictable single-use passwords
JP2006004020A (en) * 2004-06-15 2006-01-05 Masakatsu Morii One-time password authentication system and method
GB2430850A (en) * 2005-09-29 2007-04-04 Hewlett Packard Development Co Using One-Time Pad (OTP) data to evidence the possession of a particular attribute

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110035593A1 (en) * 2005-06-29 2011-02-10 Microsoft Corporation Establishing secure mutual trust using an insecure password
US8332643B2 (en) * 2005-06-29 2012-12-11 Microsoft Corporation Establishing secure mutual trust using an insecure password
US8281375B2 (en) * 2007-01-05 2012-10-02 Ebay Inc. One time password authentication of websites
US8543829B2 (en) 2007-01-05 2013-09-24 Ebay Inc. Token device re-synchronization through a network solution
US8973114B2 (en) 2007-01-05 2015-03-03 Ebay, Inc. One time password authentication of websites
US9398003B2 (en) 2007-01-05 2016-07-19 Ebay Inc. Token device re-synchronization through a network solution
US9479497B2 (en) 2007-01-05 2016-10-25 Ebay Inc. One time password authentication of websites
US9680825B2 (en) 2007-01-05 2017-06-13 Ebay Inc. Token device re-synchronization through a network solution
US10084774B2 (en) 2007-01-05 2018-09-25 Ebay Inc. Token device re-synchronization through a network solution
US10778671B2 (en) 2007-01-05 2020-09-15 Ebay Inc. Token device re-synchronization through a network solution
WO2010127945A1 (en) * 2009-05-07 2010-11-11 Haute Ecole Specialisee Bernoise Authentication method
US8868918B2 (en) 2009-05-07 2014-10-21 Haute Ecole Specialisee Bernoise Authentication method

Also Published As

Publication number Publication date
GB0600703D0 (en) 2006-02-22
GB2434663B (en) 2010-12-15

Similar Documents

Publication Publication Date Title
EP1710980B1 (en) Authentication services using mobile device
US11108558B2 (en) Authentication and fraud prevention architecture
US8825548B2 (en) Secure authentication between multiple parties
EP2859488B1 (en) Enterprise triggered 2chk association
EP2213044B1 (en) Method of providing assured transactions using secure transaction appliance and watermark verification
EP2859489B1 (en) Enhanced 2chk authentication security with query transactions
CN101084643B (en) Authentication device and/or method
US8856919B2 (en) Authorization of server operations
US8429730B2 (en) Authenticating users and on-line sites
US20140101741A1 (en) Method and system for mobile device based authenticationservices environment
CN102906776A (en) A method for mutual authentication of a user and service provider
EP2404255A1 (en) Method and computer program for generation and verification of otp between server and mobile device using multiple channels
KR101025807B1 (en) Authentication method and authentication server
US20140223185A1 (en) Action verification methods and systems
CN101334884A (en) Method and system for enhancing bank transfer safety
KR101139407B1 (en) Security authentication method and system
GB2434663A (en) Mutual authentication using a pair of one-time passwords
CN106559215A (en) A kind of apparatus and method of Network Bank security transaction
EP3379856A1 (en) Method of user authentication into third-party applications, using a mobile device
JP5135331B2 (en) PC external signature apparatus having wireless communication capability
WO2011060739A1 (en) Security system and method
KR20080109580A (en) Server certification system and method thereof
RU2641219C1 (en) Method of processing data for cashless payment
KR20160001737A (en) System and method for cloud mobile certification
EP3116159A1 (en) Method and apparatus for securing data transmission

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20170113