WO2003063411A1 - Procede d'authentification a deux facteurs avec mot de passe ephemere a usage unique - Google Patents
Procede d'authentification a deux facteurs avec mot de passe ephemere a usage unique Download PDFInfo
- Publication number
- WO2003063411A1 WO2003063411A1 PCT/FR2003/000189 FR0300189W WO03063411A1 WO 2003063411 A1 WO2003063411 A1 WO 2003063411A1 FR 0300189 W FR0300189 W FR 0300189W WO 03063411 A1 WO03063411 A1 WO 03063411A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- information system
- password
- sms message
- mobile telephone
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Definitions
- the main object of the invention is to propose an improved method of authenticating a user with an information system.
- a method is proposed as mentioned in the preamble which, according to the invention, is characterized in that the mobile telephone is equipped with a smart card comprising asymmetric key applications and software for exploiting said key and in that, when the user transmits an access request message from a computer terminal sender to the information system, the latter prepares an SMS message containing a one-time password with a limited validity period and sends said SMS message to said user's mobile phone, then the user to the using said data entry means of his mobile phone, enters a secret personal code into said mobile phone and submits a personal data medium to said reading means of the mobile phone which deciphers a private key assigned to the user, so that said mobile phone is authorized to decode the aforesaid SMS message and to extract the aforementioned password, and finally the user sends, by the transmitting computer terminal, the password to the information system which authorizes access of the user.
- the method can implement the following steps: - a certification authority assigns, to the user, a public key K c and a private key k c , the certification authority establishes a one-to-one correspondence between the public key K c of the user and the user, the information system establishes a one-to-one correspondence between the user and a call datum with the help of which the user can, by said transmitting computer terminal , call the information system, - following a call from the user from said transmitting computer terminal, the information system generates the aforementioned password for single use and with a limited lifespan and requests the certification authority the public key K c of the user enclosed in a certificate signed by the public key of the certification authority, the information system constitutes the above-mentioned SMS message with the password is for single use and for a limited lifetime coded with the user's public key, - and it is this SMS message that is sent to the user's mobile phone.
- the password is for single use only: having already been used by the user, it will no longer be recognized a second time by the information system.
- the password is ephemeral (limited lifetime, for example for 10 minutes) so that, even if it ends up being identified in the user's computer terminal, its life will have expired.
- the mobile phone is, as indicated above, equipped with a SIM card (SIMToolkit) supplied with an RSA key pair, certified by the certification authority, and an application allowing, after entering a secret code, to decipher an SMS message developed by the information system intended for the user (message consisting of the ephemeral password for single use), then to display it.
- SIMToolkit SIM card supplied with an RSA key pair, certified by the certification authority, and an application allowing, after entering a secret code, to decipher an SMS message developed by the information system intended for the user (message consisting of the ephemeral password for single use), then to display it.
- the authentication process does not require, unlike a symmetric key system, a relationship privileged between the information system and user, but relies entirely on the certification authority.
- the password (or authentication token) encrypted with the user's public key is, alone, sent in the form of an SMS message to be processed by the SIMToolkit application.
- the authentication token thus obtained can be used to gain access to any type of service via any channel: website, nomadic access (PPP), electronic messaging, etc.
- the one-time password can be a temporary user identifier, such as in particular a virtual bank card number.
- the invention may also find another interesting application in mobile phones will be equipped for future cards WIM louse "p connections to a WAP site (Wireless Application Protocol): this will be the WIM card which will contain the private key of the user and which will decode the password received by the user.
- WAP site Wireless Application Protocol
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR02/00818 | 2002-01-23 | ||
FR0200818A FR2835129B1 (fr) | 2002-01-23 | 2002-01-23 | Procede d'authentification a deux facteurs avec mot de passe ephemere a usage unique |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003063411A1 true WO2003063411A1 (fr) | 2003-07-31 |
Family
ID=27589567
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2003/000189 WO2003063411A1 (fr) | 2002-01-23 | 2003-01-21 | Procede d'authentification a deux facteurs avec mot de passe ephemere a usage unique |
Country Status (2)
Country | Link |
---|---|
FR (1) | FR2835129B1 (fr) |
WO (1) | WO2003063411A1 (fr) |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7114080B2 (en) * | 2000-12-14 | 2006-09-26 | Matsushita Electric Industrial Co., Ltd. | Architecture for secure remote access and transmission using a generalized password scheme with biometric features |
EP1919157A1 (fr) * | 2006-11-06 | 2008-05-07 | Axalto SA | Procédé et systéme d'autentification utilisant un seul message |
EP1971161A1 (fr) * | 2007-02-02 | 2008-09-17 | Vodafone Holding GmbH | Procédé destiné à l'échange de données |
US7840993B2 (en) | 2005-05-04 | 2010-11-23 | Tricipher, Inc. | Protecting one-time-passwords against man-in-the-middle attacks |
ITFI20100167A1 (it) * | 2010-07-30 | 2012-01-31 | Silvano Antonelli | "metodo di identificazione di un utente tramite password" |
EP2479957A3 (fr) * | 2006-10-19 | 2012-10-17 | Qualcomm Incorporated | Système et procédé d'authentification d'accès au serveur à distance |
US8423782B2 (en) | 2007-10-29 | 2013-04-16 | Gemalto Sa | Method for authenticating a user accessing a remote server from a computer |
EP2610826A1 (fr) * | 2011-12-29 | 2013-07-03 | Gemalto SA | Procédé de déclenchement d'une session OTA |
US8621216B2 (en) | 2006-08-31 | 2013-12-31 | Encap As | Method, system and device for synchronizing between server and mobile device |
US8752125B2 (en) | 2004-10-20 | 2014-06-10 | Salt Group Pty Ltd | Authentication method |
US9485169B2 (en) | 2014-07-23 | 2016-11-01 | Nexmo Inc. | Systems and methods for adaptive routing |
US10356567B2 (en) | 2014-11-24 | 2019-07-16 | Nexmo, Inc. | Multi-channel communication system |
US10440627B2 (en) | 2014-04-17 | 2019-10-08 | Twilio Inc. | System and method for enabling multi-modal communication |
US10469670B2 (en) | 2012-07-24 | 2019-11-05 | Twilio Inc. | Method and system for preventing illicit use of a telephony platform |
US10476782B2 (en) | 2015-08-03 | 2019-11-12 | Nexmo, Inc. | Systems and methods for adaptive routing |
US10560495B2 (en) | 2008-04-02 | 2020-02-11 | Twilio Inc. | System and method for processing telephony sessions |
US10693644B2 (en) | 2017-06-23 | 2020-06-23 | International Business Machines Corporation | Single-input multifactor authentication |
US10694042B2 (en) | 2008-04-02 | 2020-06-23 | Twilio Inc. | System and method for processing media requests during telephony sessions |
EP3705235A1 (fr) * | 2019-03-04 | 2020-09-09 | Hilti Aktiengesellschaft | Procédé de personnalisation d'un objet |
US10880697B2 (en) | 2015-03-24 | 2020-12-29 | Nexmo, Inc. | Multi-channel communication system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NL1007409C1 (nl) * | 1997-10-31 | 1997-11-18 | Nederland Ptt | Authenticatiesysteem. |
EP0881559A1 (fr) * | 1997-05-28 | 1998-12-02 | Siemens Aktiengesellschaft | Système d'ordinateur et méthode pour protéger des logiciels |
WO2001080525A1 (fr) * | 2000-04-14 | 2001-10-25 | Sun Microsystems, Inc. | Securite acces reseau |
WO2001092999A2 (fr) * | 2000-05-26 | 2001-12-06 | Citrix Systems, Inc. | Echange securise d'une marque d'authentification |
-
2002
- 2002-01-23 FR FR0200818A patent/FR2835129B1/fr not_active Expired - Fee Related
-
2003
- 2003-01-21 WO PCT/FR2003/000189 patent/WO2003063411A1/fr not_active Application Discontinuation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0881559A1 (fr) * | 1997-05-28 | 1998-12-02 | Siemens Aktiengesellschaft | Système d'ordinateur et méthode pour protéger des logiciels |
NL1007409C1 (nl) * | 1997-10-31 | 1997-11-18 | Nederland Ptt | Authenticatiesysteem. |
WO2001080525A1 (fr) * | 2000-04-14 | 2001-10-25 | Sun Microsystems, Inc. | Securite acces reseau |
WO2001092999A2 (fr) * | 2000-05-26 | 2001-12-06 | Citrix Systems, Inc. | Echange securise d'une marque d'authentification |
Non-Patent Citations (2)
Title |
---|
OMURA J K: "NOVEL APPLICATIONS OF CRYPTOGRAPHY IN DIGITAL COMMUNICATIONS", IEEE COMMUNICATIONS MAGAZINE, IEEE SERVICE CENTER. PISCATAWAY, N.J, US, vol. 28, no. 5, 1 May 1990 (1990-05-01), pages 21 - 29, XP000132493, ISSN: 0163-6804 * |
ROTRAUT LAUN: "ASYMMETRIC USER AUTHENTICATION", COMPUTERS & SECURITY. INTERNATIONAL JOURNAL DEVOTED TO THE STUDY OF TECHNICAL AND FINANCIAL ASPECTS OF COMPUTER SECURITY, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 11, no. 2, 1 April 1992 (1992-04-01), pages 173 - 183, XP000245841, ISSN: 0167-4048 * |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7114080B2 (en) * | 2000-12-14 | 2006-09-26 | Matsushita Electric Industrial Co., Ltd. | Architecture for secure remote access and transmission using a generalized password scheme with biometric features |
US8752125B2 (en) | 2004-10-20 | 2014-06-10 | Salt Group Pty Ltd | Authentication method |
US7840993B2 (en) | 2005-05-04 | 2010-11-23 | Tricipher, Inc. | Protecting one-time-passwords against man-in-the-middle attacks |
US8621216B2 (en) | 2006-08-31 | 2013-12-31 | Encap As | Method, system and device for synchronizing between server and mobile device |
EP2479957A3 (fr) * | 2006-10-19 | 2012-10-17 | Qualcomm Incorporated | Système et procédé d'authentification d'accès au serveur à distance |
EP2082558B1 (fr) * | 2006-10-19 | 2019-04-10 | QUALCOMM Incorporated | Système et procédé d'authentification d'accès au serveur à distance |
EP1919157A1 (fr) * | 2006-11-06 | 2008-05-07 | Axalto SA | Procédé et systéme d'autentification utilisant un seul message |
EP1971161A1 (fr) * | 2007-02-02 | 2008-09-17 | Vodafone Holding GmbH | Procédé destiné à l'échange de données |
US8423782B2 (en) | 2007-10-29 | 2013-04-16 | Gemalto Sa | Method for authenticating a user accessing a remote server from a computer |
US10694042B2 (en) | 2008-04-02 | 2020-06-23 | Twilio Inc. | System and method for processing media requests during telephony sessions |
US11575795B2 (en) | 2008-04-02 | 2023-02-07 | Twilio Inc. | System and method for processing telephony sessions |
US10893079B2 (en) | 2008-04-02 | 2021-01-12 | Twilio Inc. | System and method for processing telephony sessions |
US11856150B2 (en) | 2008-04-02 | 2023-12-26 | Twilio Inc. | System and method for processing telephony sessions |
US11843722B2 (en) | 2008-04-02 | 2023-12-12 | Twilio Inc. | System and method for processing telephony sessions |
US10986142B2 (en) | 2008-04-02 | 2021-04-20 | Twilio Inc. | System and method for processing telephony sessions |
US11831810B2 (en) | 2008-04-02 | 2023-11-28 | Twilio Inc. | System and method for processing telephony sessions |
US11765275B2 (en) | 2008-04-02 | 2023-09-19 | Twilio Inc. | System and method for processing telephony sessions |
US11722602B2 (en) | 2008-04-02 | 2023-08-08 | Twilio Inc. | System and method for processing media requests during telephony sessions |
US11706349B2 (en) | 2008-04-02 | 2023-07-18 | Twilio Inc. | System and method for processing telephony sessions |
US10560495B2 (en) | 2008-04-02 | 2020-02-11 | Twilio Inc. | System and method for processing telephony sessions |
US11611663B2 (en) | 2008-04-02 | 2023-03-21 | Twilio Inc. | System and method for processing telephony sessions |
US10893078B2 (en) | 2008-04-02 | 2021-01-12 | Twilio Inc. | System and method for processing telephony sessions |
US11283843B2 (en) | 2008-04-02 | 2022-03-22 | Twilio Inc. | System and method for processing telephony sessions |
US11444985B2 (en) | 2008-04-02 | 2022-09-13 | Twilio Inc. | System and method for processing telephony sessions |
ITFI20100167A1 (it) * | 2010-07-30 | 2012-01-31 | Silvano Antonelli | "metodo di identificazione di un utente tramite password" |
WO2013098298A1 (fr) * | 2011-12-29 | 2013-07-04 | Gemalto Sa | Procede de declenchement d'une session ota |
EP2610826A1 (fr) * | 2011-12-29 | 2013-07-03 | Gemalto SA | Procédé de déclenchement d'une session OTA |
US9402180B2 (en) | 2011-12-29 | 2016-07-26 | Gemalto Sa | Method for initiating an OTA session |
US11063972B2 (en) | 2012-07-24 | 2021-07-13 | Twilio Inc. | Method and system for preventing illicit use of a telephony platform |
US10469670B2 (en) | 2012-07-24 | 2019-11-05 | Twilio Inc. | Method and system for preventing illicit use of a telephony platform |
US11882139B2 (en) | 2012-07-24 | 2024-01-23 | Twilio Inc. | Method and system for preventing illicit use of a telephony platform |
US10440627B2 (en) | 2014-04-17 | 2019-10-08 | Twilio Inc. | System and method for enabling multi-modal communication |
US11653282B2 (en) | 2014-04-17 | 2023-05-16 | Twilio Inc. | System and method for enabling multi-modal communication |
US10873892B2 (en) | 2014-04-17 | 2020-12-22 | Twilio Inc. | System and method for enabling multi-modal communication |
US9853884B2 (en) | 2014-07-23 | 2017-12-26 | Nexmo Inc. | Systems and methods for adaptive routing |
US9485169B2 (en) | 2014-07-23 | 2016-11-01 | Nexmo Inc. | Systems and methods for adaptive routing |
US10356567B2 (en) | 2014-11-24 | 2019-07-16 | Nexmo, Inc. | Multi-channel communication system |
US10880697B2 (en) | 2015-03-24 | 2020-12-29 | Nexmo, Inc. | Multi-channel communication system |
US10476782B2 (en) | 2015-08-03 | 2019-11-12 | Nexmo, Inc. | Systems and methods for adaptive routing |
US10708055B2 (en) | 2017-06-23 | 2020-07-07 | International Business Machines Corporation | Single-input multifactor authentication |
US10693644B2 (en) | 2017-06-23 | 2020-06-23 | International Business Machines Corporation | Single-input multifactor authentication |
EP3705235A1 (fr) * | 2019-03-04 | 2020-09-09 | Hilti Aktiengesellschaft | Procédé de personnalisation d'un objet |
WO2020178139A1 (fr) * | 2019-03-04 | 2020-09-10 | Hilti Aktiengesellschaft | Procédé de personnalisation d'un objet |
Also Published As
Publication number | Publication date |
---|---|
FR2835129A1 (fr) | 2003-07-25 |
FR2835129B1 (fr) | 2004-11-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11546756B2 (en) | System and method for dynamic multifactor authentication | |
KR100912976B1 (ko) | 보안 시스템 | |
WO2003063411A1 (fr) | Procede d'authentification a deux facteurs avec mot de passe ephemere a usage unique | |
AU2003285357B2 (en) | Method and system for the authentication of a user of a data processing system | |
RU2415470C2 (ru) | Способ создания безопасного кода, способы его использования и программируемое устройство для осуществления способа | |
EP1549011A1 (fr) | Procédé et système de communication entre un terminal et au moins un équipment communicant | |
WO2006111626A2 (fr) | Procédé et dispositif d'acces a une carte sim logée dans un terminal mobile | |
JP2006318489A (ja) | サービスユーザのidの認証を確認する方法および装置 | |
US20120310840A1 (en) | Authentication method, payment authorisation method and corresponding electronic equipments | |
US20040199764A1 (en) | Method for authentication of a user on access to a software-based system by means of an access medium | |
US20080141354A1 (en) | Network Acess System, Method and Storage Medium | |
FR2809260A1 (fr) | Procede d'approvisionnement d'un compte prepaye | |
EP1837793A1 (fr) | Procede de protection d'informations du reseau et support de stockage | |
US20120089830A1 (en) | Method and device for digitally attesting the authenticity of binding interactions | |
RU2354066C2 (ru) | Способ и система для аутентификации пользователя системы обработки данных | |
KR101853970B1 (ko) | 인증번호 중계 방법 | |
KR100629450B1 (ko) | 유무선 통합 인터넷 환경에서 이동 통신 단말기에 저장된공인 인증서를 이용하여 사용자 인증을 수행하는 방법 및시스템 | |
KR20030042789A (ko) | 로밍 사용자 인증을 위한 트러스트 모델 | |
FR2850772A1 (fr) | Procede et dispositif de securisation de transactions electroniques effectuees sur un terminal non securise | |
FR2779895A1 (fr) | Procede et systeme pour payer a distance au moyen d'un radiotelephone mobile l'acquisition d'un bien et/ou d'un service | |
GB2368237A (en) | Encryption of computer communications using the encryption function of a mobile communication device | |
EP2411935A1 (fr) | Procédé et dispositif permettant d'attester numériquement de l'authenticité d'interactions de liaison | |
FR2850813A1 (fr) | Dispositif de securisation de transactions electroniques effectuees sur un terminal non securise |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |