MXPA96006518A - Usua authentication method and device - Google Patents

Usua authentication method and device

Info

Publication number
MXPA96006518A
MXPA96006518A MXPA/A/1996/006518A MX9606518A MXPA96006518A MX PA96006518 A MXPA96006518 A MX PA96006518A MX 9606518 A MX9606518 A MX 9606518A MX PA96006518 A MXPA96006518 A MX PA96006518A
Authority
MX
Mexico
Prior art keywords
key
personal unit
challenge
service
user
Prior art date
Application number
MXPA/A/1996/006518A
Other languages
Spanish (es)
Other versions
MX9606518A (en
Inventor
Erik Jonsson Bjorn
Falk Per Johan
Original Assignee
Telefonaktiebolaget Lm Ericsson
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US08/264,939 external-priority patent/US5668876A/en
Application filed by Telefonaktiebolaget Lm Ericsson filed Critical Telefonaktiebolaget Lm Ericsson
Publication of MX9606518A publication Critical patent/MX9606518A/en
Publication of MXPA96006518A publication Critical patent/MXPA96006518A/en

Links

Abstract

The present invention relates to an authorization for a user to use a service by a modified pager, which calculates a unique response key to a transmitted challenge key, based on the challenge key, a personal identification number of entry and an internal key The answer key is entered into a single terminal, such as a telephone and, if the unique answer key is acceptable, the user can have access to the desired service, such as money transactions or long distance telephone service.

Description

METHOD AND USER AUTHENTICATION DEVICE BACKGROUND OF THE INVENTION 1) Field of the Invention The present invention involves a method and apparatus for authenticating a user attempting access to an electronic service and, in particular, providing an authentication unit which is separate from the systems previously existing. 2) Description of the Related Art The effective authentication methods and apparatuses have been in high demand to prevent fraud and theft of services. This demand increases with the large number of electronic services at the current information age. Electronic services, such as banking services, credit card systems, automatic teller machine (ATM) services, account information services, such as mortgages, savings and investments, general information services, such as services and Database networks, security services and long distance telephone services all require that a user be identified exactly for security purposes, proper billing and avoid fraud. Recently, there have been frauds in the mobile cell phone industry, so there is a great demand on effective methods of authentication with a standardized protocol for mobile cellular systems. See, GSM 03.20, of the European Telecommunications Standards Institute Jnstitute (ETSI), 1993, pages 19-29 and the patent of E. U. A., No. 5,282,250, incorporated herein by reference. However, conventional authentication systems have required terminals equipped especially with card readers such as ATMs or terminals of credit card gas stations, data terminals using a startup procedure or cellular mobile radio stations with capabilities of Integrated authentication. Credit cards have a magnetic strip that provides only minimum security, since the cardholder is usually allowed to make transactions without further authentication of the user's identification in addition to perhaps comparing an unauthenticated signature on the card to the card. signature of the user. Even in transactions where signatures are required, the certainty of the user's identification is minimal. Other identity cards, such as ATM cards, require an initial procedure with a password word, or personal identification number, PIN. However, the PIN, once learned by an unauthorized user, does not offer security in the authentication of the user, if this user duplicates the ATM card.
These authentication methods require specially equipped and often dedicated terminals, which raise the cost and reduce the availability of the associated electronic service. In other words, security systems of the prior art often require a dedicated or customer-adapted terminal or a modification of existing terminals, which greatly restricts the use of security systems at specific sites. Likewise, a user may use several electronic services, each service requiring an authentication procedure and / or a personal identification number (PIN) or keyword, each procedure or keyword different from others. As a subscriber of several electronic services, a user may have to remember numerous password words. Even worse, you may need to periodically change these password words, and so you have to remember if a password word is still valid or not. Also, transactions that require relatively certain authentication have been little available in relatively simple terminals, such as telephones. For example, the banking service by telephone from the home has been limited to transactions involving the bank's own accounts or to using only the customer's own telephone.
SUMMARY OF THE INVENTION The present invention overcomes these and other problems by providing an authentication method, in which the user carries a personal unit not limited to use with, or physically connected to, a terminal of any specific electronic service. The personal unit can be used to authenticate the user's identity through a variety of terminals associated with a variety of electronic services. The personal unit includes a receiver, which receives a transmitted challenge key and an algorithm unit which processes the challenge key, a user input such as a personal identification number (PIN) or an electronically recognizable signature, and a security key, stored internally, to calculate a response key, according to a previously stored algorithm. The answer key is then sent to the service node and, if acceptable, access to the service is authorized. The basic method involves receiving a challenge key from a system, the user enters a personal identification number or other recognizable entry, and the personal unit generates a response key based on the algorithm stored internally. The PIN or other user input can be changed occasionally and the password Challenge and response are unique to each transaction. The personal unit can receive and store a plurality of challenge keys for further use. The personal unit can be used with virtually any existing terminal of an electronic service without requiring the terminal to be modified or adapted to the client. For example, the personal unit may be used with a standard telephone, such as a radiotelephone or a landline telephone. The user can enter the response key displayed on his personal unit, through the keyboard or the personal unit can include a DTHF transmitter for direct entry of the answer key into the telephone microphone. Therefore, the keyboard of any service terminal (for example, a data terminal connected to a service computer) can be used for the entry of the response key. If another input device is used in a terminal, such as an acoustic input, an inductively coupled input, an optical input, a radio transmitter (particularly if the terminal is bypassed and the answer key is transmitted directly to the authentication center), etc. , the personal unit can include a compatible output device. In other words, the personal unit can be modified or equipped to be compatible with existing terminals or in perspective, rather than having to modify the terminals to adapt them to the authentication procedure.
The same basic authentication procedure can be used for all the services that the user may wish to connect, the procedure can be modified to adapt to any specific requirement of the electronic service. The user can have a personal unit to subscribe to all the services that he could wish or several personal units, each unit can be used with one or a subset of services to which the user has subscribed. BRIEF DESCRIPTION OF THE DRAWINGS The present invention will now be described with reference to the figures of accompanying drawings, in which: Figure 1 is a schematic diagram of an authentication paging system, according to the present invention; Figure 1A is a schematic diagram of an authentication paging system, with reference to specific communications, in accordance with the present invention; Figure 2 is a perspective view of a personal unit, according to the present invention; Y Figure 3 is a flow chart, which outlines the authentication process, according to the present invention. DETAILED DESCRIPTION OF THE PREFERRED MODALITIES Hardware of the System Referring to Figure 1, the present invention includes a personal unit 20 for generating a response key, a terminal 22 for initiating access to the service and conducting this service, and for inputting the response key to a service access network 24 or directly to a center 30 separate from authentication. The service access network transmits data between terminal 22 and a service node 26. This service node 26 generates a challenge key and requests that this challenge key be sent to the personal unit 20 by an authentication challenge network 28. Alternatively, the separate authentication center 30 may generate the challenge key in the request by the service node 26. Terminal 22 may be a landline telephone, a radiotelephone, an ATM, a computer with a modem (modulator / demodulator), a facsimile machine, or virtually any other type of terminal capable of receiving an input, directly or indirectly, from the personal unit and relay the information to a service node 26.
This service node 26 may be any form of electronic service, such as banking or financial services, credit card services, long distance telephone services, information services, etc. The type of service provided is not applicable to the present invention. One of the advantages of the personal unit of the present invention is that it can be used for user authentication of any service. In an exemplary embodiment, the authentication center 30, either separate or as part of the service node 26, includes a radio transmitter, the store for one or more algorithms and a comparator, for comparing the received response key to an expected response key . The authentication center 30 can be realized in the form of additional software added to a previously existing paging system or other radio communication system. The separate authentication center 30 makes it possible for many nodes or service networks to use an authentication center 30. This allows changes to the authentication procedure made in one location for all applications and allows you to use an authentication procedure for more than one service, and perhaps all the services to which a user has subscribed. The service access network 24 may be in the form of any communication system, such as a network telephone, public or private, telegraph, or other landline system, cellular radiotelephone networks, or other radiocommunication network. The form of the service access network 24 may be in any form capable of transmitting the information from the terminal 22 to the service node 26. The service access network 24, in some of the examples provided below, is in the form of a previously existing telephone network. The authentication challenge network 28 may be the same network as the service access network 24, or preferably a separate and distinct network. The authentication challenge network 28 can be any communication system, such as a public or private telephone network, telegraph, or other landline system, cellular radiotelephone network, or other radio communication network. This authentication challenge network 28 may be in any form capable of transmitting information from the service node 26 (or authentication center 30) to the personal unit 20. In one embodiment, the authentication network is an existing paging system. previously, broad area, capable of broadcasting an identification number of the personal unit and additional information, such as at least one challenge key. Existing paging systems, which can transmit at least the phone number that the user tries to call, must have sufficient capabilities to work with the personal unit described here. Any form of radio communication system can provide the optimum security offered by the present invention, because only a specific receiver appropriately generates the expected response, when the appropriate PIN or the like is entered. However, the user may require manual entry of the challenge key provided in an interactive service access network 24. In the exemplary embodiment of Figure 2, the personal unit 20 includes a receiving unit 2 the, to receive the challenge key, and an algorithm unit 21b, operatively connected to the receiving unit 21a and preferably including an input device for receive a user input, such as a security number, for example a PIN (Figure 2). The receiving unit 21a may be in the form of a pager having a digital display capable of displaying a caller's telephone number, or the like. The personal unit 20 may essentially be a conventional pager which is modified to include, for example, a receiver 21b, an input keypad 21c and, optionally, a dual tone multifrequency (DTMF) 2Id generator (if the input is preferred). automatic response key displayed, where terminal 22 is connected to some form of audio communication network). The personal unit 20 may include a transmitter 21f in one embodiment, where the service access network includes a radio link, or where the response key is sent directly to the communication center 30 or service node 26. Algorithm unit 21b calculates a response key according to the challenge key received, an appropriate security entry number and, optionally, a secret key (a secret number or key, provided by the personal unit's supplier), that enters the warehouse in the personal unit at the time of subscription. Algorithms of this type are known in the art or are easily derived from it. See, for example, GSM 03.20 Appendix C.2, Algorithm A3. The specific algorithm used in a given embodiment is not related to the present invention. A 2le memory is provided to store the algorithms, the secret key, the challenge keys received and the programming of the computer, when a specific modality is convenient. The paging unit can be a powered microprocessor. This provides a triple check on the identity of the user, which requires information from three separate sources (user: PIN, service node or authentication center, challenge key and personal unit provider: secret key), thus increasing relative security of the transaction against fraud or other unauthorized use.
In a preferred embodiment, the personal unit is a separate unit, thereby minimizing or avoiding the need to adapt a communication device to the client, such as a cellular telephone. The receiving unit, the input device and the ability to perform the necessary calculations existing in conventional cell phones and personal communication units, which allow the present invention to be made through the software. The challenge key may or may be unique to a transaction or broadcast given, for example, to all personal units in use at any given time. The answer key is unique for each transaction in any scenario. Likewise, in any scenario, the challenge keys must be changed on a periodic or random basis to provide additional security for the transactions. Similarly, user input, such as a PIN, may be updated at the discretion of the user or on a regular basis. Although the algorithm may be changed occasionally, or more than one algorithm may be stored in the personal unit 20, which may be used or cyclically in a predetermined order or changed after a predetermined number of uses. In as much the authentication center 30 can determine which algorithm, secret lave (if used) and user input, must be used for a given transaction, the user can be authenticated. The algorithm unit 21b calculates a response key based on the received challenge key, the user input (for example the PIN), and, optionally, the secret key. Thus, for a correct response key to be generated, the challenge key, the user input and the secret keys (if used), have to be in accordance with the expectations of the service node 26 or the authentication center 30 , if access to the service is going to be granted. The service node 26 or authentication center 30 is provided with sufficient information to make it possible to anticipate the appropriate response key. Thus, for a transaction to be authorized, the user must know the user's appropriate entry (for example, the PIN), in possession of the correct personal unit and receive the appropriate challenge key. A conventional twelve-button keyboard 21c (0-9, * and #) is preferably provided for access to the user input, as shown in Figure 2. Alternatively, a keyboard, reduced or expanded, can be used with a keyboard. minor or major security provided by it. A character recognition device, which can recognize a signature or other writing, can be used for the user's input device. It can also be used a fingerprint or retina scanner for added safety in appropriate situations. For example, the challenge key can have 10 decimal digits, the secret key, 12 decimal digits, the PIN, 4 decimal digits and the answer key, 8 decimal digits. Authentication Procedure A user initiates a service access through terminal 22, transmitting the request on a service access network 24 to a service node 26. This service node 26 does not immediately start the services offered. Rather, it generates a challenge key or causes the challenge key to be generated in an authentication center. This challenge key is sent in network 28 of authentication challenge to the personal unit. When the personal unit 20 receives an authentication challenge key, it suggests the user to enter a PIN or other identification information, and generates a response key by an algorithm having the challenge key, an internal security key and the PIN as variables. Alternatively, several challenge keys can be received and stored in the personal unit, and the user is suggested to make the entry when attempting to access an electronic service. For example, the user enters a PIN, by means of a keyboard. However, the devices Known character recognition may be used to recognize a signature, or generally a writing, which is entered into a block by means of a stylus. Other possibilities include fingerprint or retinal scanning devices, although the expenses of these devices make a practical modality less likely, except for transactions that require the highest form of security. The algorithm stored internally, then generates a response key based on the challenge key, the user's input and, optionally, a secret key. The response key is or displayed in the display 20a (Figure 2) for manual input to the terminal 22, or the electronic input, acoustically or optically to the terminal 22, which then transparently transmits the response key on the network 24 of service access to the service node 28. Alternatively or additionally, the response can be transmitted over the authentication network 28 to the authentication center 30, when the response can be sent to the service node 26, or compare the response to the expected response and send the result to the service node 26 . If the answer key is acceptable, the service node 26 allows the user to access the services offered. The answer key is compared to an expected response key, which, in the exemplary modalities, can be stored previously or generated using the same algorithm and variables. Because the communication links in the authentication challenge network, and perhaps the service access network may suffer from interference (eg radio interference), some tolerance may be given in the comparison result. In other words, the answer key and the expected response key do not have to have exactly the same access gain to the service, particularly when using an analog, rather than digital, transmission format. With reference to the flow chart of Figure 3, an exemplary authentication process begins at step S10, where a user initiates communication to a service node 26 via the service access network 24. This can be as simple as picking up the phone and dialing the appropriate number, which can be stored previously in the personal unit. In step S12, the process may include the entry of the user's number or identity, as used for a data service. As shown in step S14, the service access network 24 transparently communicates an access request from the user to the service node 26. This service node 26, in response to the access request, requires authentication by means of an authentication challenge network 28, by sending a challenge key (or generated in a separate challenge center 30). at service node 26) to the personal unit 20 of the user, as shown in step S18. Alternatively, one or more challenge keys can be sent to the personal unit in advance. The personal unit 20 may display a suggestion to prompt the user to the entry, for example, a security key, such as a PIN, or the terminal 22 may supply the suggestion. Once access is made to the user input, the unit unit 21b of the personal unit 20 calculates and sends a response key either to the merchandiser or to the dual tone multifrequency generator, or both. Other output devices may be used, such as radio waves (for example, a radio transmitter or transmitter-receiver), infrared, visible or ultraviolet light generators (e.g. light-emitting diodes, LEDs, or semiconductor lasers), electrically inductive couplers (for example, induction coils) or forms of acoustic devices, in addition to a DTMF generator. The user then manually enters the response key displayed to the terminal 22, or the personal unit 20 directly enters the response key in the case of a different type of output device. For example, when a dual tone multifrequency (DTMF) generator is used with a communication system, the user presents the generated tones to a microphone of such a system.
The service access network 24 transparently transmits the response key to the service node 26, which determines whether it is acceptable. If the authentication center 30 performs a comparison of the received response key to the expected response key, the service node 26 will transmit the response key to the authentication center 30. Alternatively, the personal unit can send the response by radio transmission directly to the authentication center 30 and this authentication center 30 can inform the service node 26 of the results. If the response response is not acceptable, the user's access to the service will be denied and the process will return to the beginning of the entire process or re-request the identification information. Optionally, the system may disable the personal unit if a predetermined number of access attempts occur or if the personal unit 20 has been reported as stolen. If the answer key is acceptable, access to the service is given and the user can carry out the desired functions available through the service node. With reference to Figure 1A, the basic procedure is examined with reference to numbered communications specific to an exemplary embodiment. (1) ENTER USERID: PTOEXAN. (2) The service node receives a request for a PTOEXAN service. This USERID is connected to the Andersson Examiner, of the Patent and Trademark Office. The service node sends a request for authentication: "Please authenticate this user: Andersson Examiner". (3) The challenge key is sent to the authentication pager of the Andersson Examiner. (4) ENTER PASSWORD (Word PASSWORD), which is sent to the data terminal from the service node. (5) The Andersson Examiner enters the PIN number to activate the calculation of the response code in the personal unit. This response key is displayed on the personal unit's display, and then manually entered into the data terminal. Alternatively, the answer key can be sent via a radio link directly to the authentication center. (6) The response key is sent from the service node to the authentication center. (7) The authentication center compares the received response to the expected response and sends a message to the service node informing that the node is authenticated / not authenticated. (8) Authentication is approved / not approved to the user. As a concrete example of the present invention, a banking service application from a home will be described. In this application, the intention is to transfer money from the owner's account to a different account, such as an account of a creditor. The user can pay their Invoices at home using a telephone and a personal unit. In this example, all authentication steps performed by the user are manual. The resulting dialogue is as follows: User: Start a phone call to call a payment service telephone number in a bank.
Bank: "Enter your account number." User "4219231459" Bank: "Please enter the following digits in your authentication unit -1, 2, 3, 2, 8" (challenge key). Alternatively, if the challenge key is broadcast or stored previously in the personal unit, then this stage is skipped.
"Please write down your personal identification number." User: Enter your PIN in the personal unit. The personal unit presents a challenge response, for example 19283746, on the personal unit display. The user enters "19283746" on the telephone keypad.
Bank: "Enter the account number of account that receives the payment." User: "4313950678" Bank: "Account of Ms. Jane Doe, Anytown, USA. Enter amount." User: "$ 500.00" Bank: "500.00 is credited to Ms. Jane Doe's account, reference number of transaction 12346." User: Hang.
This procedure can be complicated by routines to interrupt if an error has occurred, routines to handle more than one transaction during a single call, routines to use another telephone in the home, etc. A second exemplary procedure involves charging for long distance calls, using a special service node (SSN). In this example, authentication is provided when a long distance call is charged through a long distance telephone company.
User: The telephone of the special service node is, for example, with the prefix 900, followed by the long-distance telephone number to be called, for example, 900 555-1212.
SSN: "Give the ID and response of the challenge." User: Enter the PIN in the personal unit (which has received a challenge key transmitted by radio) and the personal unit presents a challenge response in its display, for example "19283746.". Then a button is pressed and the person talking about the personal unit is held against a telephone microphone, giving an acoustic output of DTMF to the SSN, for example, "# 0859032843 # 19283746 #", which includes the number of the personal identity, followed by a response to the challenge key.
SSN: The authenticity of the answer key is checked and, if acceptable, the connection is provided.
The same personal unit can be used for both transactions. A more automatic transaction can be made. For example, the personal unit may include a receiver and a DTMF transmitter, in which case, the user It initiates access to a service in an indication of access to the user's input, such as a PIN. To avoid waiting for the paging system to transmit challenges over a wide area paging network, for example, it is possible to transmit several (for example three) challenge keys, which are stored in the personal unit 20, until their use when the PIN is entered to generate a response key. This response key, subsequently generated, will not be used more than once if an entry is re-pitted due to errors. The authentication center 30 can determine when to provide additional challenge keys to a personal unit via a radio signal, because it receives the responses in order to perform the authentication. Alternatively, if the service node 26 receives the responses, the service node 26 requires the authentication center 30 to send the next expected response to the service node 26, so that the authentication center can count the number of response keys. generated / used. As previously noted, an authentication center 30 can be combined with a service node 26 or can be independently located and used by the various service nodes. The present invention can be realized for any suitable service node 26, using existing networks without significant costs adjusting appropriate data exchanges between networks and existing service nodes. The answer key can be used for authentication using any terminal in any network, as long as the terminal is capable of transmitting data. The response key can be sent via the authentication network 28 (for example by means of a radio signal). According to one embodiment of the invention, an authenticator method is provided, which can be used for all electronic services of the user, without requiring the recall of numerous keywords. To achieve this, the authentication network 30 is connected to all the electronic networks or service nodes 26. When a user goes to a particular service node 26, and requests service, the service node 26 sends a request for authentication to authentication center 30. Upon receiving this request from a user, the authentication center 30 generates a challenge key which is sent to the user via the service node 26. The user can then manually annotate the challenge key and a user input, such as a PIN, in his or her personal unit, to receive a response key, shown on the personal unit's display. The response can then be manually annotated to terminal 22 used for service access. It then performs an authenticity check, or by the authentication center 30 or by the service node 26.
The challenge key can then be sent to the personal unit via the radio for the authentication center 30, or sent as DTMF tones, for example by means of a PSTN telephone. The response key can also be sent to the authentication center 30 via radio or sent as DTMF tones, for example by means of a PSTN telephone. This authentication method does not require any change to existing terminals. The method allows the response key to be sent to the node performing the authenticity check in a manner appropriate to the service application. The key of the PIN used to activate the calculation of a response in the personal unit is only a "password word" or the PIN that must be memorized by the user. The present invention can, of course, be carried out in other specific ways than those set forth herein, without departing from the spirit and the main features of the invention. Therefore, the present embodiments should be considered, in all respects, as illustrative and not restrictive, and all changes within the meaning and range of equivalence of the appended claims are intended to be encompassed by the present invention. .

Claims (36)

  1. CLAIMS 1. A method to authenticate a presumed user of an electronic service, this user has a personal unit, the method comprises the steps of: transmitting a challenge key; receive the challenge key in the personal unit; generate, in the personal unit, a response key, based on an algorithm that has at least the challenge key and a user input as variables; generating an exit key, comprising the appropriate response key for entry to a terminal physically located at the user's location, but separated from the personal unit, the terminal being operatively connected to the electronic service; compare the response key with an expected response key; and allow access to the electronic service only when the result of the comparison stage is acceptable.
  2. 2. A method, according to claim 1, further comprising the step of: requesting access to the electronic service before receiving the challenge key, in which this challenge key is transmitted and received in response to the request for access .
  3. 3. A method, according to claim 1, further comprising the step of: storing one or more challenge keys received in the personal unit; and request access to the electronic service, after the challenge key is received and stored, in which the algorithm uses at least the stored challenge keys and a user input as variables in the generation of a response lave.
  4. 4. A method, according to claim 1, further comprising the step of: receiving the user's input through a keyboard.
  5. A method, according to claim 1, further comprising the step of: receiving the user's input through a handwriting recognition device.
  6. 6. A personal unit, comprising: a receiver to receive a challenge key; an input element for accessing the user's input; an element that generates a response key, operatively connected to the receiver and the input element, to generate a response key, according to a received challenge key and a user input; an output element, to generate an output key, suitable for input to a terminal connected to an external electronic service, this personal unit being physically separated from the terminal and this terminal is at the user's location.
  7. 7. A personal unit, according to claim 6, wherein the receiver includes a radio wave receiver.
  8. 8. A personal unit, according to claim 7, wherein the receiver includes a conventional circuitry of the pager.
  9. 9. A personal unit, according to claim 6, in which the user's entry is a personal identification number.
  10. 10. A personal unit, according to claim 6, in which the input element includes a keyboard.
  11. 11. A personal unit, according to claim 6, in which the input element includes a character recognition device.
  12. 12. A personal unit, according to claim 6, in which the output element includes an exhibitor.
  13. 13. A personal unit, according to claim 6, in which the output element includes an acoustic generator.
  14. 14. A personal unit, according to claim 13, wherein the acoustic generator includes a dual tone multifrequency generator.
  15. 15. A personal unit, according to claim 6, wherein the output element includes an optical generator.
  16. 16. A personal unit, according to claim 15, wherein the optical generator includes at least one of an infrared light generator, a visible light generator and an ultraviolet light generator.
  17. 17. A personal unit, according to claim 6, in which the output element includes at least one inductive coupler electrically.
  18. 18. A personal unit, according to claim 17, in which this at least one electrically inductive coupler includes at least one induction coil.
  19. 19. A personal unit, according to claim 6, in which the output element includes a radio transmitter.
  20. 20. A personal unit, according to claim 6, in which the response key generating element calculates a response key according to an algorithm, where the received challenge key, the user input and a secret key, stored in the personal unit, are variables in the algorithm.
  21. 21. A system comprising: a personal unit, to receive a challenge key, to receive a user input, and generate a response key according to the challenge key received and a user input; a terminal, operatively connected to an authentication center, this terminal is capable of receiving the response key and being physically separated from the personal unit; and a network, to send the challenge key when trying to access a service, and to receive the response key from the personal unit, this network also comprises: a comparison element, to compare the response key generated by the Personal joined to an expected response lave; and an authorization element, to allow access to the service only using the result of comparing the response key, generated by the personal unit, to the expected response key, is acceptable.
  22. 22. A system, according to claim 21, wherein the network comprises: a service access network, for transmitting a request to access a service; an authentication challenge network, operatively connected to the authentication center, to transmit the challenge key to the personal unit; the system also comprises: at least one service node, to provide a service that includes the service of exchanging data with a user, through the service access network, and to receive the request for access to a service, which causes that the authentication center generates a challenge lane in response to the request for access to a service.
  23. 23. A system, according to claim 22, wherein the service access network further comprises an element for transmitting the response key to the comparator element.
  24. 24. A system, according to the claim 22, wherein the authentication challenge network further comprises an element for transmitting the response key to the comparator element.
  25. 25. A system, according to claim 23, wherein the comparator element is located in the authentication center.
  26. 26. A system, according to claim 24, wherein the comparator element is located in the authentication center.
  27. 27. A system, according to claim 23, in which the comparator element is located in at least one service node.
  28. 28. A system, according to claim 24, in which the comparator element is located in at least one service node.
  29. 29. A system, according to the claim 21, in which the response key is generated according to an algorithm stored in the personal unit.
  30. 30. A system, according to the claim 22, in which the service access network includes a landline telephone system.
  31. A system, according to claim 22, in which the service node offers one or more services, selected from the following group: banking services, credit card services, automatic teller machine services, account information services , general information services, security services and long distance telephone services.
  32. 32. A system, according to the claim 22, in which the authentication challenge network includes a radio transmitter.
  33. 33. A system, according to claim 22, wherein the authentication challenge network includes a cellular telephone network.
  34. 34. A system, according to claim 22, wherein the authentication challenge network includes a pager network.
  35. 35. A system, according to claim 22, in which the personal unit includes a response key generating element.
  36. 36. A system, according to claim 29, in which the generating element of the response key generates this response key according to the received challenge key, the user's input and a secret password, stored in the personal unit. .
MXPA/A/1996/006518A 1994-06-24 1996-12-17 Usua authentication method and device MXPA96006518A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US08/264,939 US5668876A (en) 1994-06-24 1994-06-24 User authentication method and apparatus
US08264939 1994-06-24
PCT/SE1995/000719 WO1996000485A2 (en) 1994-06-24 1995-06-14 User authentication method and apparatus

Publications (2)

Publication Number Publication Date
MX9606518A MX9606518A (en) 1997-05-31
MXPA96006518A true MXPA96006518A (en) 1997-09-04

Family

ID=

Similar Documents

Publication Publication Date Title
EP0766902B1 (en) User authentication method and apparatus
CA2114562C (en) Fraud protection for card transactions
EP1430452B1 (en) Point-of-sale (pos) voice authentication transaction system
CA2013374C (en) Authenticated communications access service
JP3609436B2 (en) General-purpose authentication device used via telephone line
EP0493895B1 (en) Telephone network credit card calling apparatus and method of operation
JP3479634B2 (en) Personal authentication method and personal authentication system
US6704715B1 (en) Method and system for ensuring the security of the remote supply of services of financial institutions
US7000117B2 (en) Method and device for authenticating locally-stored program code
JP2000069571A (en) Method and system for safe and sure remote payment of article purchased and/or service received through mobile radio telephone system, and the mobile radio telephone system
JPH11345264A (en) Payment system and paying method
CA2266658C (en) Method and system to secure services provided by telecommunications operators _
US8172137B1 (en) Authentication with no physical identification document
WO2000035178A2 (en) Method and device for access control by use of mobile phone
CA2193819C (en) User authentication method and apparatus
MXPA96006518A (en) Usua authentication method and device
US6983485B1 (en) Method and apparatus for authentication for a multiplicity of services
KR20050010606A (en) Method for preventing illegal use of service informations registered and System using the same
KR101005982B1 (en) System and method for drawing out/in cash by using mobile telecommunication network
JPH0494232A (en) Verification method for communication terminal equipment
KR100336093B1 (en) Method and apparatus for changing limitation storable money
US20180183925A1 (en) Mobile device user validation method and system
RU2256216C2 (en) System for paying for services in telecommunication network
KR20010048798A (en) A method for citating an subscriber in a speech information processing unit
KR20050012919A (en) Method for preventing illegal use of credit-card and System using the same