WO2001044949A2 - Dispositif informatique pour l'application de donnees accreditives a un logiciel ou a un service - Google Patents
Dispositif informatique pour l'application de donnees accreditives a un logiciel ou a un service Download PDFInfo
- Publication number
- WO2001044949A2 WO2001044949A2 PCT/FR2000/003550 FR0003550W WO0144949A2 WO 2001044949 A2 WO2001044949 A2 WO 2001044949A2 FR 0003550 W FR0003550 W FR 0003550W WO 0144949 A2 WO0144949 A2 WO 0144949A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- software
- flow
- application
- screen
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Definitions
- the subject of the invention is a computer device of the type in which the execution of software or access to a service or to software is controlled by the application of at least one flow-through datum specific to a user.
- a terminal such as a personal computer
- software requiring authentication it displays on the terminal screen a dialog box comprising two fields intended, one for introduction the name of the user, the other to that of his password.
- These credentials specific to the user and to the software in question are entered by the user by means of the keyboard with which the terminal is equipped.
- the software with access by authentication referred to in the present application can be software which either is executed locally on a terminal such as a personal computer, or is executed partly in this terminal and partly in a server to which the terminal can be connected by a communication network such as the Internet.
- the software targeted is mainly application software enabling operations of the aforementioned type to be implemented (electronic mail, home banking, electronic commerce, etc.). In certain cases, this application software makes it possible to execute financial transactions and it is understood that maintaining the secrecy of the flow-through data allowing their access is essential.
- password servers In order to improve the security conditions of the authentication process with regard to applications, it is known practice to use password servers.
- a user wants to access an application from a terminal, he must connect to the password server and authenticate himself vis-à-vis the latter.
- the password server which contains the user's credentials, replaces the user to load the required flow-through data into the application to which the user requests access and start it.
- the flow-through data can remain unknown to the user, with the exception, however, of that allowing him to authenticate himself vis-à-vis the password server.
- This solution implies the existence of a specific server and requires a real-time connection to it when the user wants to access an application.
- the invention aims to provide a computer device making it possible to significantly improve the ergonomics and security of the process of applying flow-through data to software or services executable by said device.
- the invention also aims to provide a computer device making it possible to facilitate the process of authenticating a user with respect to one or more software or services to which access is controlled by the application of at least one flow-specific data specific to the user and to the software or service considered, avoiding the user having to remember the flow-through data or data associated with this or these software or services, or from calling on a word server past.
- Another object of the invention is to provide a computer device which makes it possible to significantly improve the security of such a process for applying flow-through data to software or a service.
- the subject of the invention is a computer device comprising:
- data processing means for the implementation of at least one of the functions comprising access to software, execution of software and access to a service, - the first means of memorizing data and programs,
- means of interface with a user comprising at least one display screen and means of graphical interface, at least one pointing device for controlling the movement of a cursor on said screen, and
- acquisition means for controlling, by means of said pointing member, by positioning said cursor on said sign, the acquisition of said flow-through data in said supply means, and
- the computer device according to the invention does not require the manual introduction by the user of his or her credentials, which are automatically transferred by means of the pointing device of the personal security device to the software to which the user wants to access .
- the personal security device for the user of the hardware type (smart card, token- in English "token”) or software, makes it possible to store strong passwords (long and complex passwords), the computer device according to the invention provides significantly improved security conditions for access to software.
- the development of applications and services accessible via the Internet has indirectly created a proliferation of viruses, one of the objectives of which is to read the passwords or credit card numbers that users store on their personal computer (PC) to avoid having to re-enter them each time you use them.
- the device according to the invention therefore also provides an improvement in security insofar as said flow-through data are protected by the personal security device of the user and, consequently, are not stored in the clear on the PC. No real-time connection to a password server containing the credential data of a set of users is necessary, since the credential data specific to each user is stored in the security device which is personal and which is associated with the terminal from which it requests access to an application.
- the computer device can be used to improve the security of the authentication process with respect to this server: the flow-through data controlling access to this server are then managed as described above.
- the flow-through data referred to may be static or dynamic passwords.
- the means of supplying said data are in fact storage means.
- the supply means are calculation means allowing the execution of an algorithm.
- the dynamic flow-through data are then calculated using a time variable of the "event counter" type, a key, itself static or dynamic, and an algorithm executed in the smart card or the token ( token) hardware or software.
- said access control means further comprise:
- first comparison means for comparing the characteristic data of said window located under the cursor with characteristic data of said destination window stored in said supply means in connection with said flow-through data, and - means for authorizing said application of said flow-through data in response to consistency between said identified characteristic data and said characteristic data stored in said supply means.
- each of said flow-through data is associated in said means for supplying data identifying the corresponding software
- said means display are adapted to display on said screen a plurality of signs respectively representative of said flow-through data
- said access control means further comprise second means for identifying software whose said destination window is displayed on said screen, and second comparison means for comparing the identity of said identified software with the identification data associated with a flow-through data item selected by means of said pointing device, said comparison means authorizing application to said identified software of said flow-through data selected only if there is identity of said software identified with said identification data.
- each of said flow-through data is associated in said means for supplying a data item identifying the corresponding software and said access control means further comprise second means for identifying software whose said destination window is displayed on said screen, second comparison means for comparing the identity of said identified software with said data identification stored in said supply means, said application means being adapted to control the application in said destination window of a flow-through data present in said supply means and whose associated identification data corresponds to the identity of said detected software.
- the authentication process is automated insofar as the user does not have to choose the flow-through data assigned to the software to which he must have access, provided that this flow-through data is indeed available in the device. personal security.
- the device comprises means for, in the absence of a correspondence between said identification data and said detected software, authorizing the introduction by said user, via said interface means, of flow-through data for said detected software and store in said supply means said flow-through data entered with identification data of said detected software.
- the computer device according to the invention further comprises one or more of the following characteristics considered alone or in combination:
- the device comprises a personal computer to which said personal security device is connected; said software is application software distributed between the personal computer and a server, said device comprising means for connecting said personal computer to said server;
- - Said personal security device is a smart card; - Said personal security device comprises means for comparing a memorized secret code with a secret code introduced by the user via said interface means, said access control means being made operational in response to consistency between said secret codes; - Said access control means comprise means for prohibiting the display of said flow-through data on said display screen in response to its application to said software.
- the authentication process can be implemented without the flow-through data being known to the user, which significantly improves the security conditions since this flow-through data cannot be accidentally disclosed by the user. 'user.
- the supply means are storage means. If the flow-through data is dynamic, the supply means comprise means for executing an algorithm for calculating said flow-through data.
- FIG. 1 is a schematic view illustrating hardware and software elements of the computer device according to the invention
- FIG. 2A is a view of a display screen illustrating the authentication process with respect to software using the device according to the invention
- Figure 2B is an enlarged view of an icon displayed on the screen of Figure 2A;
- FIG. 3 is a flowchart illustrating the basic functions implemented by the "drag-and-drop" software used in the device according to the invention
- FIG. 4 is a more detailed flow diagram illustrating a first subroutine of the software illustrated by the flow diagram of FIG. 3;
- Figure 5 is a more detailed flow diagram illustrating a second subroutine of the software illustrated by the flow diagram of Figure 3;
- Figure 6 is a schematic representation of a home page of application software displayed to a user for the introduction of his password.
- a personal computer 1 comprises a display screen 2 and a set of conventional data processing means (microprocessor), data storage, input / output, etc. and designated in their assembly by the reference 3.
- microprocessor microprocessor
- data storage data storage
- input / output etc.
- the keyboard of the personal computer 1 has not been shown.
- the personal computer 1 is associated with a personal security device PSD such as a smart card 5 capable of being read by means of a reading device or reader 4 connected to the personal computer 1.
- a personal security device PSD such as a smart card 5 capable of being read by means of a reading device or reader 4 connected to the personal computer 1.
- the reader can be integrated into the personal computer 1.
- a pointing device such as a mouse 6 provided with left buttons 6a and right button 6b, is connected to the personal computer 1 in order to move a cursor on the screen 2.
- the personal computer 1 is suitable for executing a certain number of software L, in particular application software illustrated in FIG. 1 by a home page bearing the name of the application, namely Application 1, Application 2, Application 3 and Application 4, as well as LPA access control software ensuring access management to application software as will be described below.
- This application software (also called application hereinafter) can be software executed locally in the personal computer 1, or partly in it and partly in a server S to which the personal computer 1 can be connected by a communication network R such as the Internet, within the framework of a client-server architecture.
- the access of a user of the personal computer 1 to any of the applications 1, 2, 3 and 4 is subject to the introduction of flow-through data which are allocated to the user to authorize him to use the 'application considered.
- This flow-through data generally includes a user name and password which are specific to the application and the user concerned.
- passwords PWD1, PWD2, PWD3, PWD4 must be entered in the personal computer 1 to access the applications 1, 2, 3 and 4 respectively.
- the user is invited by a dialog box to enter his password on the keyboard and the different characters typed are displayed in plain text or in unmarked form (for example a succession of asterisks) in a specific window.
- the various flow-through data and in particular the passwords PWD1, PWD2, PWD3, PWD4 for applications 1 to 4, are supplied to the personal computer 1 by the personal security device 5.
- flow-through data such as passwords, can be static or dynamic.
- a personal security device PSD is a device owned and / or accessible (for example by personal identification PIN code or other) exclusively by an authorized user, and making it possible to store therein securely data by offering security guarantees against reading and / or writing of data by an unauthorized person.
- a personal security device PSD can be provided with calculation means for the execution of one or more algorithms, in particular with a view to generating dynamic flow-through data.
- the personal security device PSD can be a smart card 5, capable of being connected to the personal computer 1 by the reader 4 and provided with hardware and software securing means making it possible to store secrets (codes, messages, keys, programs, etc.) Its use is generally subject to the provision of a personal identification code PIN.
- a smart card does not include an electrical energy source and its electronic circuits can only be made active when it is inserted into a reader capable of supplying it electrically.
- the personal security device PSD can be produced in the form of software installed in the personal computer 1 and making it possible to store data therein securely, this data possibly being able to be encrypted.
- the invention described in the present application is not limited to the use as a personal security device of a smart card 5, but that it could just as easily be a "token" capable of communicating with the personal computer 1 by bidirectional transmission means, a personal security device of purely software form installed on the personal computer 1, or any other device specific to a user (access to which is generally controlled by a personal identification code PIN known to the user) making it possible to store secrets in a secure manner and possibly to execute the calculation algorithms in the case of dynamic flow-through data.
- the flow-through data, or the secrets making it possible to calculate these in the case of dynamic passwords, are stored in different segments of a memory M of the personal security device and their number is limited only by the memory of this device. Other limitations may relate to the ability of the PSD device to execute calculation algorithms.
- the personal security device considered is a smart card 5 and the passwords PWD1, PWD2, PWD3, PWD4 provided by the latter are static (stored passwords) or dynamic (calculated passwords).
- the different passwords PWD1, PWD2, PWD3, PWD4 provided by the smart card 5 are associated with the characteristics of the window in which these passwords are intended to be entered, in this case the class and attributes of this window .
- Drag and Drop is a graphical user interface (GUI) process used to transfer data between two applications.
- the personal computer mouse is used to extract data from one application and insert it into another application. For example, it is possible to select text as a block within a word processing program. By moving the cursor over the selected block of text with the mouse, then pressing and holding the mouse button while moving the mouse so as to move the cursor to the desired location other application, this text is inserted in the other application by simply releasing the mouse button.
- the "Drag and Drop” process therefore implies a source, namely an application into which data will be extracted, and a target into which this data will be inserted.
- the source is the LPA access control software adapted to permanently display an icon 7 appearing, for example, as shown in FIG. 2B, in the form of a map representation to chip.
- This icon 7 is displayed and permanently available on the display screen 2, for example in the lower right part thereof, because the LPA access control software is a resident application, that is to say say an application which is run continuously in the background and which is started automatically each time the user connects to his personal computer 1.
- the target is constituted by the window 8 for inserting the password of the home page of the application to which access is sought.
- Most recent application software for personal computers provided with a graphical user interface by windowing indeed has a dialog box provided with fields or windows allowing the user to enter his or her flow-through data.
- the device according to the invention is not limited to this type of application software and can be used with older application software which operate without windowing, in text mode, and simply invite the user to introduce his or her flow-through data.
- the user When he wants to connect to one of the applications 1 to 4, for example to the application 1 as represented in FIG. 2A, the user brings, by means of the mouse 6, the cursor 9 to the icon 7
- the user chooses, by means of a menu, that of the passwords PWD1, PWD2, PWD3, PWD4 which corresponds to the application displayed.
- the passwords PWD1, PWD2, PWD3, PWD4 are not displayed in plain text in this menu and that only codes, messages or signs P1, P2, P3, P4 appear there to identify and identify them. know which application each gives access to.
- a short press of the right button 6b of the mouse when the cursor 9 is on the icon 7, causes the display of a list of codes P1, P2, P3, P4 for identifying passwords.
- the desired password for example PWD1 is selected by positioning the cursor 9 on the corresponding code P1 in the list and by clicking on the right button 6b of the mouse, after which the icon 7 is again displayed.
- the password PWD1 is thus selected by default and will be automatically used during subsequent "drag and drop" authentication process, until the user has selected another password using the menu.
- the access control software LPA modifies the graphic representation of the cursor 9 as long as it has not arrived in the destination window: as shown in FIG. 2A, during its movement until window 8, the cursor 9 is represented in the form of a diametrically crossed circle. Once the cursor 9 has arrived at the destination window 8, it returns to its initial shape of arrow which signifies to the user that he can release the left button 6a of the mouse 6.
- this modification of the graphic representation of the cursor 9 is managed by the access control software LPA which, during the movement of the cursor 9, constantly compares the class of the window located under the cursor in the class of the destination window whose characteristics are associated with the password PWD selected in the smart card 5.
- the release of the left button 6a of the mouse 6, when the cursor 9 has arrived in window 8, has the effect of commanding the application in the destination window 8 of the password PWD supplied by the smart card 5.
- the password PWD transmitted from the smart card 5 by means of the access control software LPA appears in the destination window 8 in the same form as if it had been typed at the keyboard by the user himself.
- the application is designed to display the password in clear, it will remain displayed in clear in the destination window 8.
- security will be improved insofar as the display the PWD password will be fleeting and where, in the case of a static password, the user will not have to memorize it and take the risk of writing it down.
- application software is designed to display dummy characters, such as asterisks, instead of the characters of the password typed by a user: in this case, the password will not appear never in the clear and may even be completely unknown to the user, for example if this PWD password is loaded directly into his smart card by means of a personalization tool under the control of a security administrator.
- the password used if it is static, can be strong, ie long and complex (for example, succession of random characters), which in practice is not possible with conventional solutions requiring its memorization by the user.
- dynamic passwords can be of the asynchronous or synchronous type.
- An asynchronous password assumes that a secret key is shared between the application and the personal security device.
- the application generates a hazard which is transmitted to the personal security device PSD.
- the latter encrypts this hazard using its secret key in memory using an encryption algorithm and the password thus calculated is transmitted to the application.
- the latter also performs a similar calculation on the hazard and compares the result obtained with the password received from the personal security device. If there is consistency, for example identity, of the passwords calculated in the application and in the PSD, access to the application is authorized.
- the device according to the invention makes it possible to implement such an authentication mechanism by asynchronous password by ensuring, at the level of the access control software, after reading the hazard, its transmission to the personal security device PSD then, as described above, the application of the calculated password in the destination window.
- Synchronous passwords are passwords which vary over time, preferably with each use, for example as a function of a time base and / or an event counter.
- Passwords, or the keys and variables used to calculate it evolve synchronously in the personal security device PSD and in the application. These mechanisms are well known to those skilled in the art and will not be described here in more detail. We can however refer to the international patent application WO 99/18546 filed on October 1, 1998 which describes mechanisms making it possible to implement authentication by a dynamic password based on time by means of a smart card, despite the absence of an electrical power source and, consequently, of a clock, in such a card.
- FIG 3 illustrates the overall mouse management process 6 provided by the LPA access control software.
- the process begins at step 100 when the left mouse button 6a is pressed while the cursor 9 is above the icon 7.
- Step 101 corresponds to a capture of the state of the mouse and the 'step 102 waiting for events likely to be generated by the mouse: it can be a movement of the mouse or a release of the left mouse button.
- step 103 corresponding to the subroutine illustrated by the flowchart in FIG. 4.
- Step 105 marks the end of this general program.
- the subroutine of FIG. 4 begins at 106 when a movement of the mouse is detected.
- step 107 the position of the mouse is acquired.
- step 108 the window which is under the cursor 9 is sought.
- Step 109 corresponds to the acquisition of characteristic data of the window located under the cursor, in particular the class of this window.
- the class of the window located under the cursor corresponds to a class of window stored in the smart card 5. If not, the graphic representation of the cursor 9 is modified at 111 to warn the user that at this stage the function of entering the password PWD is inhibited, that is to say that the release of the left button 6a of the mouse will have no effect. The subroutine then proceeds to the end step 112. However, as long as the mouse 6 is moved, the subroutine of FIG. 4 is restarted as shown in the flow diagram of FIG. 3.
- step 102 of FIG. 3 the detected event is a release of the left mouse button
- the subroutine 104 illustrated by the flow diagram of FIG. 5 is executed.
- Step 114 of FIG. 5 corresponds to the detection of the release of the left mouse button.
- the position of the mouse is acquired at 115 and the window under the cursor is searched for at 116.
- the characteristic data of this window is acquired.
- Step 118 is a test aimed at determining whether the window under the cursor 9 belongs to a class stored in the smart card 5. If not, the subroutine ends at 119. If it is, it is searched in 120 to which application the window belongs.
- Step 121 is a test aimed at determining whether the identified application corresponds to an application whose identification data are contained in the smart card 5. If so, the associated password in the smart card 5 to the identified application is applied in the window in which the cursor is then located, then the subroutine ends in 123. If the answer to test 121 is negative, the user is invited in 124 to enter manually, using the keyboard of their personal computer, the required password (in the case of a static password).
- this password as well as the application identification data and the characteristics of the detected window acquired at 117 and 120, are transmitted to the smart card 5 in which they are stored.
- the subroutine then returns to step 122 giving rise to the introduction, in the destination window, of the password entered on the keyboard by the user and stored in the smart card 5.
- FIG. 6 is a schematic representation of a home page of an application making it possible to explain the information which is collected during the running of the subroutines of FIGS. 4 and 5.
- the window for destination 8 in which the password PWD must be inserted is generally a data entry field.
- This window is characterized by its class and its specific attributes, for example an attribute characteristic of a password window.
- the reference 10 designates a dialog box in which the destination window is located. This dialog box is notably characterized by the title of the window displayed in the title bar of the dialog box, for example in the form "enter password".
- the main window of the application that is to say the window of the target application
- the window of the target application is notably characterized by the class of the window and by the title of the window appearing at 11.
- This title generally consists by concatenating the name of the application and the name of the document open in the application, the file name of a text file or the address of a web page for example.
- this information is used as described above to determine whether the insertion of a password is authorized or not.
- the LPA access control software is arranged to search: - if the destination window in which the user has released the mouse button 6 is the one to receive the user name or the one to receive the password;
- the discrimination between window for user name and window for password is carried out by examining whether the window in question has the attribute "Password", namely that this window is intended to hide what is entered by displaying asterisks.
- the search for the second window is done by searching for the parent of the first then by listing all the child windows of this parent until finding a window with the desired characteristics.
- this solution may not work (dialog box with more than two input windows, attribute "password" not used).
- Another solution consists in carrying out an initialization by the user: during the first "release” in an "unknown” dialog box of an application, the LPA software guides the user on the procedure to follow, ie ie a facsimile of the target dialog with its various potential entry windows, the list of passwords (in the form of their P1, P2 codes ...) and user names already present in the card, and the possibility of adding new ones are presented to the user.
- the user makes the link between the passwords and the usernames by indicating, for example by means of the mouse, which flow-through data (username or password) must be entered in the window. All this information is stored in the smart card to be reused later during authentication requests vis-à-vis the application in question.
- the personal security device PSD includes means for executing one or more algorithms making it possible to calculate the static password proper which will be supplied to the personal computer.
- the device described above can also be applied to the introduction of flow-through data, such as credit card number and expiration date, bank account number, etc., necessary for access to a service or software, or the execution of software, whether or not access to it is controlled by the introduction of flow-through access data (password, user name, etc. .).
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- Position Input By Displaying (AREA)
- Saccharide Compounds (AREA)
- Pharmaceuticals Containing Other Organic And Inorganic Compounds (AREA)
- Preparation Of Compounds By Using Micro-Organisms (AREA)
- Electrically Operated Instructional Devices (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
Description
Claims
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002395381A CA2395381A1 (fr) | 1999-12-17 | 2000-12-15 | Dispositif informatique pour l'application de donnees accreditives a un logiciel ou a un service |
JP2001545974A JP2003517683A (ja) | 1999-12-17 | 2000-12-15 | プログラムまたはサービスのためのクリデンシャルのアプリケーションのためのデータ処理システム |
AU25270/01A AU2527001A (en) | 1999-12-17 | 2000-12-15 | Computerised device for accrediting data application to a software or a service |
KR1020027007780A KR20020059764A (ko) | 1999-12-17 | 2000-12-15 | 소프트웨어 또는 서비스에 대한 데이타 애플리케이션을인증하기 위한 컴퓨터 장치 |
DE60008795T DE60008795T2 (de) | 1999-12-17 | 2000-12-15 | Informatikvorrichtung zur anwendung von akkredtierungsdaten auf eine software oder auf einen dienst |
AT00988928T ATE261139T1 (de) | 1999-12-17 | 2000-12-15 | Informatikvorrichtung zur anwendung von akkredtierungsdaten auf eine software oder auf einen dienst |
EP00988928A EP1238340B1 (fr) | 1999-12-17 | 2000-12-15 | Dispositif informatique pour l'application de donnees accreditives a un logiciel ou a un service |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9915979A FR2802665B1 (fr) | 1999-12-17 | 1999-12-17 | Dispositif informatique a acces par accreditation perfectionne |
FR99/15979 | 1999-12-17 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001044949A2 true WO2001044949A2 (fr) | 2001-06-21 |
WO2001044949A3 WO2001044949A3 (fr) | 2001-12-27 |
Family
ID=9553413
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2000/003550 WO2001044949A2 (fr) | 1999-12-17 | 2000-12-15 | Dispositif informatique pour l'application de donnees accreditives a un logiciel ou a un service |
Country Status (10)
Country | Link |
---|---|
EP (1) | EP1238340B1 (fr) |
JP (1) | JP2003517683A (fr) |
KR (1) | KR20020059764A (fr) |
CN (1) | CN1409835A (fr) |
AT (1) | ATE261139T1 (fr) |
AU (1) | AU2527001A (fr) |
CA (1) | CA2395381A1 (fr) |
DE (1) | DE60008795T2 (fr) |
FR (1) | FR2802665B1 (fr) |
WO (1) | WO2001044949A2 (fr) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003088014A2 (fr) * | 2002-04-05 | 2003-10-23 | Amoursoft Ltd | Authentification d'utilisateurs pour systemes informatiques |
EP1513313A1 (fr) * | 2003-09-08 | 2005-03-09 | Alcatel | Procédé d'accès à des ressources et des services dans un réseau, terminal de réseau et dispositif personnel d'utilisateur correspondant |
WO2004053667A3 (fr) * | 2002-12-12 | 2005-04-28 | Encentuate Pte Ltd | Systeme de gestion d'identite et de confirmation d'authentification |
DE10232454B4 (de) * | 2002-01-31 | 2007-08-02 | Fujitsu Ltd., Kawasaki | Zugriffssteuerungsverfahren, Speichervorrichtung und Informationsverarbeitungsvorrichtung |
US7653602B2 (en) | 2003-11-06 | 2010-01-26 | Visa U.S.A. Inc. | Centralized electronic commerce card transactions |
US7725369B2 (en) | 2003-05-02 | 2010-05-25 | Visa U.S.A. Inc. | Method and server for management of electronic receipts |
US7857215B2 (en) | 2003-09-12 | 2010-12-28 | Visa U.S.A. Inc. | Method and system including phone with rewards image |
US8005763B2 (en) | 2003-09-30 | 2011-08-23 | Visa U.S.A. Inc. | Method and system for providing a distributed adaptive rules based dynamic pricing system |
US8010405B1 (en) | 2002-07-26 | 2011-08-30 | Visa Usa Inc. | Multi-application smart card device software solution for smart cardholder reward selection and redemption |
US8015060B2 (en) | 2002-09-13 | 2011-09-06 | Visa Usa, Inc. | Method and system for managing limited use coupon and coupon prioritization |
US8051470B2 (en) | 2002-12-12 | 2011-11-01 | International Business Machines Corporation | Consolidation of user directories |
US8407083B2 (en) | 2003-09-30 | 2013-03-26 | Visa U.S.A., Inc. | Method and system for managing reward reversal after posting |
US8429048B2 (en) | 2009-12-28 | 2013-04-23 | Visa International Service Association | System and method for processing payment transaction receipts |
US8554610B1 (en) | 2003-08-29 | 2013-10-08 | Visa U.S.A. Inc. | Method and system for providing reward status |
US8626577B2 (en) | 2002-09-13 | 2014-01-07 | Visa U.S.A | Network centric loyalty system |
US9852437B2 (en) | 2002-09-13 | 2017-12-26 | Visa U.S.A. Inc. | Opt-in/opt-out in loyalty system |
US11132691B2 (en) | 2009-12-16 | 2021-09-28 | Visa International Service Association | Merchant alerts incorporating receipt data |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8456429B2 (en) * | 2009-07-30 | 2013-06-04 | Ncr Corporation | Encrypting touch-sensitive display |
US9282093B2 (en) * | 2013-04-30 | 2016-03-08 | Microsoft Technology Licensing, Llc | Synchronizing credential hashes between directory services |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2676291A1 (fr) * | 1991-05-06 | 1992-11-13 | Bull Sa | Dispositif de securite pour systeme informatique et procede de reprise d'exploitation. |
FR2740885A1 (fr) * | 1995-11-03 | 1997-05-09 | Sirbu Cornel | Procede et appareil pour la gestion et l'execution des applications de securite |
US5887065A (en) * | 1996-03-22 | 1999-03-23 | Activcard | System and method for user authentication having clock synchronization |
-
1999
- 1999-12-17 FR FR9915979A patent/FR2802665B1/fr not_active Expired - Fee Related
-
2000
- 2000-12-15 CN CN00817144A patent/CN1409835A/zh active Pending
- 2000-12-15 AT AT00988928T patent/ATE261139T1/de not_active IP Right Cessation
- 2000-12-15 CA CA002395381A patent/CA2395381A1/fr not_active Abandoned
- 2000-12-15 DE DE60008795T patent/DE60008795T2/de not_active Expired - Lifetime
- 2000-12-15 WO PCT/FR2000/003550 patent/WO2001044949A2/fr active IP Right Grant
- 2000-12-15 KR KR1020027007780A patent/KR20020059764A/ko not_active Application Discontinuation
- 2000-12-15 AU AU25270/01A patent/AU2527001A/en not_active Abandoned
- 2000-12-15 EP EP00988928A patent/EP1238340B1/fr not_active Expired - Lifetime
- 2000-12-15 JP JP2001545974A patent/JP2003517683A/ja active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2676291A1 (fr) * | 1991-05-06 | 1992-11-13 | Bull Sa | Dispositif de securite pour systeme informatique et procede de reprise d'exploitation. |
FR2740885A1 (fr) * | 1995-11-03 | 1997-05-09 | Sirbu Cornel | Procede et appareil pour la gestion et l'execution des applications de securite |
US5887065A (en) * | 1996-03-22 | 1999-03-23 | Activcard | System and method for user authentication having clock synchronization |
Non-Patent Citations (1)
Title |
---|
LUCKHARDT N: "PASSWORT PORTFOLIO" CT MAGAZIN FUER COMPUTER TECHNIK,DE,VERLAG HEINZ HEISE GMBH., HANNOVER, no. 13, 21 juin 1999 (1999-06-21), page 72 XP000828972 ISSN: 0724-8679 * |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10232454B4 (de) * | 2002-01-31 | 2007-08-02 | Fujitsu Ltd., Kawasaki | Zugriffssteuerungsverfahren, Speichervorrichtung und Informationsverarbeitungsvorrichtung |
WO2003088014A3 (fr) * | 2002-04-05 | 2004-03-18 | Amoursoft Ltd | Authentification d'utilisateurs pour systemes informatiques |
WO2003088014A2 (fr) * | 2002-04-05 | 2003-10-23 | Amoursoft Ltd | Authentification d'utilisateurs pour systemes informatiques |
US8010405B1 (en) | 2002-07-26 | 2011-08-30 | Visa Usa Inc. | Multi-application smart card device software solution for smart cardholder reward selection and redemption |
US10460338B2 (en) | 2002-09-13 | 2019-10-29 | Visa U.S.A. Inc. | Network centric loyalty system |
US9852437B2 (en) | 2002-09-13 | 2017-12-26 | Visa U.S.A. Inc. | Opt-in/opt-out in loyalty system |
US8626577B2 (en) | 2002-09-13 | 2014-01-07 | Visa U.S.A | Network centric loyalty system |
US8239261B2 (en) | 2002-09-13 | 2012-08-07 | Liane Redford | Method and system for managing limited use coupon and coupon prioritization |
US8015060B2 (en) | 2002-09-13 | 2011-09-06 | Visa Usa, Inc. | Method and system for managing limited use coupon and coupon prioritization |
US8051470B2 (en) | 2002-12-12 | 2011-11-01 | International Business Machines Corporation | Consolidation of user directories |
WO2004053667A3 (fr) * | 2002-12-12 | 2005-04-28 | Encentuate Pte Ltd | Systeme de gestion d'identite et de confirmation d'authentification |
US8386343B2 (en) | 2003-05-02 | 2013-02-26 | Visa U.S.A. Inc. | Method and user device for management of electronic receipts |
US9087426B2 (en) | 2003-05-02 | 2015-07-21 | Visa U.S.A. Inc. | Method and administration system for management of electronic receipts |
US7987120B2 (en) | 2003-05-02 | 2011-07-26 | Visa U.S.A. Inc. | Method and portable device for management of electronic receipts |
US7827077B2 (en) | 2003-05-02 | 2010-11-02 | Visa U.S.A. Inc. | Method and apparatus for management of electronic receipts on portable devices |
US7725369B2 (en) | 2003-05-02 | 2010-05-25 | Visa U.S.A. Inc. | Method and server for management of electronic receipts |
US8554610B1 (en) | 2003-08-29 | 2013-10-08 | Visa U.S.A. Inc. | Method and system for providing reward status |
US8793156B2 (en) | 2003-08-29 | 2014-07-29 | Visa U.S.A. Inc. | Method and system for providing reward status |
EP1513313A1 (fr) * | 2003-09-08 | 2005-03-09 | Alcatel | Procédé d'accès à des ressources et des services dans un réseau, terminal de réseau et dispositif personnel d'utilisateur correspondant |
US7857215B2 (en) | 2003-09-12 | 2010-12-28 | Visa U.S.A. Inc. | Method and system including phone with rewards image |
US7857216B2 (en) | 2003-09-12 | 2010-12-28 | Visa U.S.A. Inc. | Method and system for providing interactive cardholder rewards image replacement |
US8244648B2 (en) | 2003-09-30 | 2012-08-14 | Visa U.S.A. Inc. | Method and system for providing a distributed adaptive rules based dynamic pricing system |
US9141967B2 (en) | 2003-09-30 | 2015-09-22 | Visa U.S.A. Inc. | Method and system for managing reward reversal after posting |
US8005763B2 (en) | 2003-09-30 | 2011-08-23 | Visa U.S.A. Inc. | Method and system for providing a distributed adaptive rules based dynamic pricing system |
US8407083B2 (en) | 2003-09-30 | 2013-03-26 | Visa U.S.A., Inc. | Method and system for managing reward reversal after posting |
US7653602B2 (en) | 2003-11-06 | 2010-01-26 | Visa U.S.A. Inc. | Centralized electronic commerce card transactions |
US9710811B2 (en) | 2003-11-06 | 2017-07-18 | Visa U.S.A. Inc. | Centralized electronic commerce card transactions |
US11132691B2 (en) | 2009-12-16 | 2021-09-28 | Visa International Service Association | Merchant alerts incorporating receipt data |
US8650124B2 (en) | 2009-12-28 | 2014-02-11 | Visa International Service Association | System and method for processing payment transaction receipts |
US8429048B2 (en) | 2009-12-28 | 2013-04-23 | Visa International Service Association | System and method for processing payment transaction receipts |
Also Published As
Publication number | Publication date |
---|---|
FR2802665A1 (fr) | 2001-06-22 |
CN1409835A (zh) | 2003-04-09 |
EP1238340A2 (fr) | 2002-09-11 |
DE60008795D1 (de) | 2004-04-08 |
CA2395381A1 (fr) | 2001-06-21 |
EP1238340B1 (fr) | 2004-03-03 |
AU2527001A (en) | 2001-06-25 |
DE60008795T2 (de) | 2005-01-20 |
FR2802665B1 (fr) | 2002-04-05 |
JP2003517683A (ja) | 2003-05-27 |
KR20020059764A (ko) | 2002-07-13 |
ATE261139T1 (de) | 2004-03-15 |
WO2001044949A3 (fr) | 2001-12-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1238340B1 (fr) | Dispositif informatique pour l'application de donnees accreditives a un logiciel ou a un service | |
EP1004100B1 (fr) | Dispositif portable electronique pour systeme de communication securisee, et procede d'initialisation de ses parametres | |
FR2802666A1 (fr) | Systeme informatique pour application a acces par accreditation | |
CH633379A5 (fr) | Installation de securite notamment pour l'execution d'operations bancaires. | |
EP2048814A1 (fr) | Procédé d'authentification biométrique, programme d'ordinateur, serveur d'authentification, terminal et objet portatif correspondants. | |
FR2861875A1 (fr) | Dispositif de stockage de donnees portable a interface usb protege par des parametres biometriques, comportant un processeur de donnees biometriques accessible par l'interface usb | |
EP1460593A1 (fr) | Terminal de paiement securise | |
EP2070234B1 (fr) | Sécurisation de code pour entité personnelle | |
EP2813962B1 (fr) | Méthode de contrôle d'accès à un type de services spécifique et dispositif d'authentification pour le contrôle de l'accès à un tel type de services. | |
FR2765979A1 (fr) | Terminal informatique individuel susceptible de communiquer avec un equipement informatique d'une facon securisee, ainsi qu'un procede d'authentification mis en oeuvre par ledit terminal | |
FR2832829A1 (fr) | Procede, systeme et dispositif permettant d'authentifier des donnees transmises et/ou recues par un utilisateur | |
FR3058814B1 (fr) | Procede de traitement de donnees transactionnelles, terminal de communication, lecteur de cartes et programme correspondant. | |
EP2058746B1 (fr) | Entité électronique portable, station hôte et procédé associé | |
EP2795830B1 (fr) | Procede d'echange de donnee chiffree entre un terminal et une machine | |
FR2730076A1 (fr) | Procede d'authentification par un serveur du porteur d'un objet portatif a microprocesseur, serveur et objet portatif correspondants | |
EP1983480A1 (fr) | Terminal de paiement, procédé et programme associés | |
FR2867577A1 (fr) | Procede permettant de remplir automatiquement des donnees utilisateur en utilisant une identification d'empreintes digitales | |
WO2013093325A1 (fr) | Dispositif electronique pour le stockage de donnees confidentielles | |
WO2014135526A1 (fr) | Système et procédé de gestion d'au moins une application en ligne, objet portable utilisateur usb et dispositif distant du système | |
WO2014135519A1 (fr) | Système et procédé de gestion d'au moins une application en ligne, objet portable utilisateur communiquant par un protocole radioélectrique et dispositif distant du système | |
FR2913551A1 (fr) | Methode d'authentification mutuelle et recurrente sur internet. | |
FR3060171B1 (fr) | Procede de securisation de saisie de donnees, terminal de communication et programme correspondant. | |
FR2812423A1 (fr) | Systeme de paiement par carte d'une transaction sur internet | |
WO2017046281A1 (fr) | Gestion d'un affichage d'une vue d'une application sur un écran d'un dispositif électronique de saisie de données, procédé, dispositif et produit programme d'ordinateur correspondants | |
FR2824208A1 (fr) | Procede et dispositif d'attribution d'un code d'authentification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2000988928 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2001 545974 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2395381 Country of ref document: CA Ref document number: 008171440 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020027007780 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 25270/01 Country of ref document: AU |
|
WWP | Wipo information: published in national office |
Ref document number: 1020027007780 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2000988928 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWG | Wipo information: grant in national office |
Ref document number: 2000988928 Country of ref document: EP |