WO2004028078A1 - Procede et systeme d'authentification - Google Patents

Procede et systeme d'authentification Download PDF

Info

Publication number
WO2004028078A1
WO2004028078A1 PCT/IL2002/000781 IL0200781W WO2004028078A1 WO 2004028078 A1 WO2004028078 A1 WO 2004028078A1 IL 0200781 W IL0200781 W IL 0200781W WO 2004028078 A1 WO2004028078 A1 WO 2004028078A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
password
identification center
encryption key
identification
Prior art date
Application number
PCT/IL2002/000781
Other languages
English (en)
Inventor
Avner Geller
Shay Dardikman
Original Assignee
Avner Geller
Shay Dardikman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Avner Geller, Shay Dardikman filed Critical Avner Geller
Priority to AU2002337588A priority Critical patent/AU2002337588A1/en
Priority to PCT/IL2002/000781 priority patent/WO2004028078A1/fr
Publication of WO2004028078A1 publication Critical patent/WO2004028078A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present invention relates to a method and system for authentication.
  • the user should possess the means to produce authentication elements based partially or fully on the secret number or alphanumeric ID string. This implies that the user must possess some secret.
  • the difficulty in proving authenticity is in providing the means to the authenticator to achieve that proof.
  • One alternative technique that some systems employ is based on an algorithm driven by a secret key such that a data string processed by the algorithm, results in a secret transformation of that data.
  • the data so transformed is used as an authentication certificate or code, which may be tested by an authenticator.
  • One method of testing involves the authenticator in performing the same secret transformation of the data to yield an authentication certificate, which is compared for equality with that provided by the user (for example, a credit card holder or a smart card).
  • the underlying concept of this technique is that the authenticator must duplicate the data manipulation by the user so as to compare the result for equality.
  • An element in this technique is that the authenticator must also have knowledge of the key. If several authenticators need to authenticate an entity, each must possess the secret key. The secret key is securely distributed to each potential authenticator prior to the event. This communication solution approach should have the ability to limit authentication capabilities to only those trusted authenticators, which may utilize this function.
  • Another known alternative technique employs the art of private and public key cryptography wherein an asymmetrical algorithm is used.
  • Public key cryptography is described in the article: Communications of the ACM, vol. 21, No. 2, February 1978, pages 120-126, R. L. Rivest et al. "A Method for Obtaining Digital Signatures and Public Key Crypto-systems".
  • a data element or a change sensitive compression of a data string is enciphered using a secret key or procedure.
  • Authenticity is proven by obtaining the original data element (or change sensitive compression), which is used as a reference value and then using a public key or procedure to decipher the data supplied by the source entity. Equality ofthe deciphered data with the reference data implies that the secret key or procedure was employed and thus that the data is authenticated.
  • the system includes a communications channel coupled to at least one terminal having an encoding device and to at least one terminal having a decoding device.
  • a message-to-be-transferred is enciphered to ciphertext at the encoding terminal by first encoding the message as a number M in a predetermined set, and then raising that number to a first predetermined power (associated with the intended receiver) and finally computing the remainder, or residue, C, when the exponentiated number is divided by the product of two predetermined prime numbers (associated with the intended receiver).
  • the residue C is the ciphertext.
  • the ciphertext is deciphered to the original message at the decoding terminal in a similar manner by raising the ciphertext to a second predetermined power (associated with the intended receiver), and then computing the residue, M', when the exponentiated ciphertext is divided by the product of the two predetermined prime numbers associated with the intended receiver.
  • the residue M' corresponds to the original encoded message M.
  • a common problem limiting the public use of electronic based commercial transactions is related to the strong public reluctance from the implementation and direct feeding to the communication network and tlrrough it to the computerized authentication system of secret identification numbers such as the credit card ID and security numbers.
  • the limited use of electronic transactions by the average related electronic banking services, credit card, or e-commerce service users, lies in the fact that they do not trust the security and safety of the currently available transaction security support systems.
  • a system for authenticating a user through a user terminal, by an identification center, through an identification center terminal, the user terminal connected via a communication medium with the identification center terminal
  • a system for authenticating a user through a user terminal, by an identification center, through an identification center terminal, the user terminal connected via a communication medium with the identification center terminal, the user terminal comprising: (a) an encrypter configured to encrypt a password using at least an encryption key transmitted via the communication medium, the encryption key including at least an n for applying a function Y X e (mod n) to the password; (b) a transmitter configured to transmit the encrypted password to an intermediate service provider terminal which is also connected via the communication medium for transfer to the identification center terminal, or to transmit to the identification center terminal ; and (c) a receiver configured to receive, if results of comparing the sent encrypted password with an encrypted password simulated by the identification center terminal are sufficient to authenticate the user, an indication that comparison results are sufficient.
  • FIG. 1 is a block diagram of an authentication system, according to a preferred embodiment ofthe present invention.
  • FIG. 2 is a flow chart of a method for authentication according to a preferred embodiment of the present invention.
  • FIG. 3 is a flow chart of a method for authentication, according to another preferred embodiment ofthe present invention.
  • FIG. 4 is a flow chart of a method for authentication, according to yet another preferred embodiment ofthe present invention.
  • FIG. 5 is a block diagram of an identification center terminal, according to a preferred embodiment ofthe present invention.
  • FIG. 6 is a block diagram of a user terminal, according to a preferred embodiment ofthe present invention.
  • FIG. 7 is a block diagram of an identification center terminal, according to another preferred embodiment ofthe present invention.
  • FIG. 8 is a block diagram of a user terminal, according to another preferred embodiment ofthe present invention.
  • a preferred embodiment ofthe present invention relates to a system and method for authenticating a user over a communication medium.
  • a predetermined password associated with a particular user is accessible to that user.
  • the predetermined password associated with that particular user is also accessible to the identification center, along with other passwords associated with other users.
  • Various examples of passwords will be discussed in greater detail further below.
  • a password is considered accessible if the password itself can be accessed or if there are accessible means for reproducing the password.
  • an encryption key is transferred directly or indirectly over a communication medium to the user and/or identification center.
  • the user performs the encryption of his associated password using the encryption key and sends the encrypted password directly or indirectly to the identification center.
  • the identification center simulates the encryption on one or more of the passwords accessible to the identification center and compares each simulated encrypted password to the encrypted password received from the user. The user is authenticated if results of the comparison are sufficient, for example if one of the simulated encrypted passwords is singled out as corresponding to the encrypted password received from the user.
  • Figure 1 illustrates in a schematic block diagram form, an authentication system 100 structured from a communication medium 110 coupled to a user terminal 112, an optional intermediate service provider terminal 116, and an identification center terminal 114, in accordance with a preferred embodiment of the present invention.
  • communication medium 110 can represent any combination of physical communication medium with any application protocol.
  • Examples of physical media include, inter-alia: cable, optical (fiber), wireless (radio frequency), wireless (microwave), wireless (infra-red), twisted pair, coaxial, telephone wires, underwater acoustic waves, etc.
  • Examples of application protocols include File Transfer Protocol (FTP), Telnet, Simple Mail Transfer Protocol (SMTP), Hyper Text Transport Protocol (HTTP), Simple Network Management Protocol (SNMP), Network News Transport Protocol (NNTP), Audio (MP3, WAV, AIFF, Analog), Video (MPEG, AVI, Quicktime, RM), Fax (Class 1, Class 2, Class 2.0), tele/video conferencing etc.
  • communication medium 110 can alternatively or in addition to be identified by the middle layers, with examples including the data link layer (modem, RS232, Ethernet, PPP point to point protocol, serial line internet protocol-SLIP, etc), network layer (Internet Protocol-IP, User Datagram Protocol-UDP, address resolution protocol-ARP, telephone number, caller ID, etc.), transport layer (TCP, Smalltalk, etc), session layer (sockets, Secure Sockets Layer-SSL, etc), and/or presentation layer (floating points, bits, integers, HTML, XML, etc).
  • data link layer modem, RS232, Ethernet, PPP point to point protocol, serial line internet protocol-SLIP, etc
  • network layer Internet Protocol-IP, User Datagram Protocol-UDP, address resolution protocol-ARP, telephone number, caller ID, etc.
  • transport layer TCP, Smalltalk, etc
  • session layer socksets, Secure Sockets Layer-SSL, etc
  • presentation layer floating points, bits, integers, HTML, XML, etc
  • User terminal 112 services the user to be authenticated, providing access by the user to medium 110.
  • user terminal 112 can be inter-alia, a computer, data terminal, or computerized communication device. It should be understood that depending on the embodiment the number of users serviced by a user terminal may vary which may impact the accessibility of the user terminal to a particular user password. For example, in an embodiment where the user terminal is associated with only a small number of users, for example a home computer, the password of the user to be authenticated may be permanently accessible to the terminal, for example stored on the hard drive.
  • the password of the user to be authenticated may only be temporarily accessible to the user terminal, for example if the user inserts a card containing her password into the box when authentication is requested.
  • Identification center terminal 114 providing access by the identification center to medium 110, is associated with an identification center responsible for authenticating the user.
  • identification center terminal 114 can be inter-alia, a bank or a credit card central computer center, or a central access control system for a secured area or secured communication networks.
  • Intermediate service provider terminal 116 is associated with an intermediate service provider, providing access by the intermediate service provider to medium 110.
  • service provider should be understood herein below to include providers of both products and services.
  • intermediate service provider should also be understood to mean one or more entities, at a centralized or dispersed locations.
  • intermediate service provider terminal 116 can be inter-alia a central computer center ofthe intermediate service provider.
  • terminals 112, 114, and optional 116 are connecting all terminals 112, 114, and optional 116, it should be evident that different communication mediums 110 can connect different pairs of terminals 112, 114, and 116. It should also be evident that terminals 112, 114, and optional 116 can be at any physical distance from one another. For example, terminals 112 and 114 can in one embodiment be connected by a local bus while in another embodiment situated remotely from one another. The present invention is not bound by any specific structure ofthe terminals, or type of communication medium.
  • user authentication is required prior to the identification center or the intermediate service provider executing a transaction related to the user.
  • a transaction number is used to distinguish the transaction.
  • the transaction may be any transaction, for example selling, buying, transferring confidential information, charging a credit/debit card, allowing access to a protected area, allowing exit from a protected area, etc.
  • a preferred embodiment of the present invention assumes that prior to the authentication process, the user and the identification center had both been provided with the same password associated with the user or with an algorithm to generate the same password (with the identification center having been earlier provided with the passwords and/or algorithms associated with other users as well).
  • the user may have generated the password or an algorithm to generate the password and provided the password or the algorithm (in a suitable format and/or language) to the identification center directly or via the intermediate service provider.
  • the identification center may have generated the password or an algorithm to generate the password and provided the password or the algorithm to the user directly or via the intermediate service provider.
  • the password or an algorithm to generate the password may have been generated by the intermediate service provider and provided to the identification center and the user directly or through one to the other.
  • each user is associated with one password which is accessible to the identification center.
  • the identification center may indicate as part of the authentication process which one or more of the user passwords should be encrypted.
  • the indication of which password(s) can be included for example in the encryption key.
  • the identification center can indicate which password to encrypt by specifying a, b and/or c.
  • the password associated with a user is in one preferred embodiment constructed from predetermined user identification numbers.
  • the password can include inter-alia any combination of all or part of one or more of the following: passport number, driver's license number, social security number, national identification number, birth-date, address, phone number, credit card number etc.
  • the desired password is a sequence of the following user identification numbers: social security number 1111111, birth date 020202 and zip code 33333 in that order, either the password 111111102020233333 can be provided or an algorithm to generate the password, for example ⁇ social security ⁇ >birth date-> zip code ⁇ can be provided.
  • the password can include, instead or in addition, one or more digits which are not taken from predetermined user identification numbers but are selected in some other manner.
  • the password may include characters which are not digits, for example letters, special characters, etc.
  • the non-digit characters may be taken from predetermined user identification (for example, name, mother's maiden name, city of birth, etc.) or may be selected in some other manner.
  • a feature of a preferred embodiment ofthe present invention is the transmission of at least one encryption key which defines or completes the definition of the encryption to be applied to the user password (and possibly during simulation to other passwords accessible to the identification center).
  • the transmitted encryption key includes at least one element needed to perform the encryption. For example, assuming the enciyption includes applying a function to the password, the encryption key could include at least one element required for applying the function to the password(s).
  • a preliminary identifier is transmitted to the identification center which is used by the identification center to select from list of all the passwords accessible by the identification center those passwords corresponding to the preliminary identifier on which simulation is to be performed, thereby speeding up the encryption simulation process.
  • the preliminary identifier used can reduce the number of passwords to be encrypted in the simulation substantially or minimally. For example, if the preliminary identifier is unique to an individual, such as a social security number, the number of passwords to be encrypted in the simulation is one or zero, depending on whether the social security number corresponds to one of the users whose password is accessible to the identification center. As another example, if the preliminary identifier is the year of birth of the user, there would typically be a plurality of passwords on which encryption would need to be simulated, corresponding to all users bom in that year whose passwords are accessible to the identification center.
  • the preliminary identifier can be related to the password so that knowledge of the preliminary identifier can help in determining the password, for example a preliminary identifier including less than all of the characters in the password, or a preliminary identifier resulting from a transformation ofthe password.
  • the preliminary identifier can be unrelated to the password so that knowledge of the preliminary identifier does not help in determining the password.
  • the preliminary identifier can be independent of the password (i.e. the choice in preliminary identifier does not take into account whether the preliminary identifier is related or unrelated to the password).
  • the same preliminary identifier can be used always or there may be more than one preliminary identifier which is randomly or otherwise used each time the same user wishes to be authenticated .
  • preliminary identifiers include inter-alia: year of birth of the user, date of birth of the user, part of a social security number of the user (for example last four digits), a social security number of the user, the expiry month and year of a credit card ofthe user, less than all the characters in the password of the user (for example the first few characters), a predetermined number of letters and along with a predetermined number of digits, a personal identification number PIN of the user, name of the user, part or all of a credit card number of the user, part or all of a national identification number of the user, part or all of a passport number of the user, part or all of a driver's license number ofthe user, part or all of a telephone number ofthe user, part or all of an address ofthe user, city of birth of user, maiden name of mother of user, etc.
  • each password accessible to the identification center which corresponding to a different user is preferably different so as to allow authentication of each user on a separate basis.
  • each password in the group should preferably be different so as to allow authentication of each user in the group on a separate basis.
  • Passwords each of which belongs to a different group as defined by the used preliminary identifier would not necessarily need to be constrained to be different. For example, if the preliminary identifier is the city of birth of the user, then preferably all users born in a given city would have a different password, but more than one user, each born in a different city, can optionally have the same password.
  • all or some of the users may have the same password.
  • the preliminary identifier identifies a department in a company
  • all members in the department may share a password which allows access to group file archives.
  • each password accessible to the identification center does not necessarily need to be different because the preliminary identifier pinpoints one password at the identification center which is encrypted and compared to the received encrypted password.
  • the preliminary identifier is the unique credit card number of the user and the password is similar to the commonly used personal identification number PIN (for example including 4 to 6 characters), more than one user may in some cases be associated with the same PIN, without lowering the level of authentication reliability compared to a unique PIN for each user.
  • Figures 2 through 4 illustrate exemplary preferred embodiments of a method of authenticating a user.
  • the invention is not bound by the specific steps or order of the steps illustrated and discussed with reference to these figures. It should also be noted that alternative embodiments can include selected steps from two or more of the illustrated embodiments. Other embodiments are also applicable, all depending on the particular application.
  • FIG. 2 is a flow chart of the steps of an authentication method of a preferred embodiment of the present invention.
  • the user transmits a preliminary identifier to the identification center.
  • the identification center uses the received preliminary identifier to select all passwords corresponding to the preliminary identifier. Steps 210 and 212, when performed allow a faster simulation process (see below step 218) because of the reduced number of passwords to process.
  • the identification center checks that the preliminary identifier corresponds to at least one password. If not, the user is informed of failure (step 225). The preliminary identifier may not correspond to any passwords, for any number of reasons such as for example, if the preliminary identifier is incorrect (faulty entering) or the preliminary identifier is fraudulent. If at least one corresponding password is selected, or if steps 210, 212, and 213 were omitted then in step 214, the identification center creates and transmits an encryption key.
  • step 215 the user verifies that the encryption key is valid and if not the user transmits a request for a new encryption key to the identification center in optional step 217.
  • Step 215 is omitted for example if either the encryption key is always assumed to be valid or if the user does not have the means to check the validity of the encryption key.
  • step 216 the user encrypts the password and transmits the encrypted password to the identification center.
  • step 218 the identification center simulates the encryption on all the accessible passwords or if steps 210 and 212 were performed then on all the passwords selected in step 212.
  • step 220 the identification center compares each simulated encrypted password to the received encrypted password.
  • step 225 If there is not at least one close enough match, the authentication fails and the user is notified ofthe failure in step 225. If there is more than one close enough match, another encryption key is created and transmitted in step 214 and the subsequent steps are repeated (i.e. a new round) in order to find a single close enough match common to the encrypted passwords received in all the rounds ofthe current authentication process. On any repetition of step 226 the evaluation is whether there is more than one common close enough match for all encrypted passwords received in the current authentication process with the user. If the identification center either in the first round or in subsequent rounds of the session, finds a single close enough match, then the authentication succeeds and the user is notified ofthe success in step 232.
  • the authentication may also fail (step 228) if there are too many rounds. Depending on the application, more than one round may be considered too many so that if there is more than one close enough match, the process may conclude with an authentication fail rather than performing more rounds. In other applications, more than a predetermined number of rounds may be considered too many or the number of allowed rounds may be unlimited. A limitation on the number of rounds would typically although not necessarily limit the maximum computation time spent by the identification center in authenticating a user, and may also prevent a problematic endless loop (which may occur for example, if the preliminary identifier corresponds to two or more users with identical passwords which are accessible to the identification center).
  • step 214 can be executed by the user who generates the encryption key and transmits the encryption key to the identification center.
  • an additional preliminary identifier may be requested and received by the identification center in order to further reduce the number of selected corresponding passwords.
  • steps 210 and 216 can be combined with the user sending the preliminary identifier and the encrypted password closely in time and the identification center performing steps 212 and 213 after receiving the preliminary identifier.
  • a transaction number (including herein below any other type of transaction identifier) may be used to distinguish a transaction and/or indication of execution of the transaction by the identification center may serve to inform the user of success in step 232.
  • a transaction number including herein below any other type of transaction identifier
  • criteria may be applied to choose one out of the more than one close enough matches. Other variations are possible depending on the particular implementation.
  • the authentication method also involves an intermediate service provider.
  • there is an enrollment procedure prior to beginning the steps to authenticate the user, either at the beginning of the current authentication process or during a previous interaction between the user and the intermediate service provider, the user submits identifying enrollment information and the intermediate service provider assigns a customer identifier to the user which is used to distinguish the user in all subsequent interactions with the intermediate service provider.
  • the submitted enrollment information is typically but not necessarily tailored to the needs of the particular intermediate provider. Examples of enrollment information include inter-alia one or more of the following: name, address, telephone number, birth-date, etc.
  • the enrollment procedure is known in the art and will therefore not be further elaborated on
  • Figure 3 illustrates one preferred embodiment of a method including an intermediate service provider who requires authentication of the user prior to performing a transaction. It is assumed in Figure 3 that enrollment has previously taken place.
  • the user transmits the assigned customer identifier to the intermediate service provider.
  • the intermediate service provider locates the enrollment information based on the received customer identifier of the user.
  • the intermediate service provider generates a transaction number to identify the current transaction.
  • the intermediate provider generates a preliminary identifier, for example based on the enrollment information.
  • the intermediate provider transmits the transaction number and optionally the preliminary identifier to the identification center.
  • the identification center uses the received preliminary identifier to select all passwords corresponding to the preliminary identifier.
  • the identification center checks that the preliminary identifier corresponds to at least one password. If not, the identification fails (step 330).
  • the preliminary identifier may not correspond to any passwords, for any number of reasons such as for example, if the preliminary identifier is incorrect (faulty entering) or the preliminary identifier is fraudulent.
  • step 316 the identification center generates an encryption key and transmits the encryption key along with the transaction number to the intermediate service provider for forwarding to the user in step 318.
  • step 319 the user verifies that the encryption key is valid and if not the user requests a new encryption key in optional step 321 (The request is transmitted to the intermediate service provider which forwards the request to the identification center in optional step 323).
  • Step 319 is omitted for example if either the encryption key is always assumed to be valid or if the user does not have the means to check the validity of the encryption key.
  • step 320 the user encrypts the password and transmits the encrypted password along with the transaction number to the intermediate provider.
  • the intermediate provider forwards the encrypted password and the transaction number to the identification center.
  • the identification center simulates the encryption on all the accessible passwords or if steps 310 and 314 were performed then on all passwords selected in step 314.
  • the identification center compares the received encrypted password to the simulated encrypted passwords. If there is not at least one close enough match, the identification center sends to the intermediate provider the transaction number along with an indication of authentication failure in step 330. The user is informed of denial ofthe transaction in step 332. If there is more than one close enough match, another encryption key is generated in step 316 and the subsequent steps are repeated (i.e. a new round) in order to find a single close enough match common to the encrypted passwords received in all the rounds of the current authentication process.
  • step 334 the evaluation is whether there is more than one common close enough match for all encrypted passwords strings received in the current authentication process with the user. If the identification center either in the first round or in subsequent rounds of the authentication process, finds a single close enough match, then the transaction number along with an indication of authentication success is sent to the intermediate service provider in step 336.
  • the intermediate service provider performs the corresponding transaction in step 338.
  • the user receives an indication of transaction execution.
  • the authentication may also fail (step 335) if there are too many rounds. Depending on the application, more than one round may be considered too many so that if there is more than one close enough match, the process may conclude with an authentication fail rather than performing more rounds. In other applications, more than a predetermined number of rounds may be considered too many or the number of allowed rounds may be unlimited. A limitation on the number of rounds would typically although not necessarily limit the maximum computation time spent by the identification center in authenticating a user, and may also prevent a problematic endless loop (which may occur for example, if the preliminary identifier corresponds to two or more users with identical passwords which are accessible to the identification center)
  • steps in the method of Figure 3 relating to the transaction and transaction number may be omitted.
  • the user can generate the encryption key and transmit the encryption key along with the transaction number to the intermediate service provider for forwarding to the identification center.
  • the computational requirements of the intermediate service provider can be reduced if step 310 is omitted and for example in step 304, the user transmits the preliminary identifier to the intermediate service provider for forwarding to the identification center, or in step 320 the user sends the preliminary identifier along with the encrypted password.
  • the computation requirements of the intermediate service provider can be increased if the intermediate service provider rather than the identification center generates the encryption key and transmits the encryption key along with the transaction number to both the identification center and the user
  • an additional preliminary identifier may be requested and received by the identification center in order to further reduce the number of selected corresponding passwords.
  • criteria may be applied to choose one out of the more than one close enough matches.
  • a three way line of communication may be established so that the user can communicate both with the intermediate provider and with the identification center.
  • step 430 the user transmits the assigned customer identifier to the intermediate service provider.
  • step 432 the intermediate service provider generates a transaction number and transmits the transaction number to the user.
  • step 434 the user generates a preliminary identifier.
  • step 436 the user transmits the transaction number and optionally the preliminary identifier to the identification center.
  • step 437 the identification center uses the received preliminary identifier to select all passwords corresponding to the preliminary identifier.
  • Optional steps 434 and 437 when performed allow a faster simulation process (see below step 447) because ofthe reduced number of passwords to process.
  • step 438 the identification center checks that the preliminary identifier corresponds to at least one password. If not, the authentication fails (step 452).
  • the preliminary identifier may not correspond to any passwords, for any number of reasons such as for example, if the preliminary identifier is incorrect (faulty entering) or the preliminary identifier is fraudulent.
  • the m encryption keys may all be the same, all different, or some may be the same and some may be different. For example, in one possible embodiment each of the j encryption keys is identical to one ofthe k encryption keys.
  • the intermediate service provider forwards the j encryption keys and the transaction number received from the identification center to the user.
  • the user receives the m encryption keys and the transaction number.
  • the user can verify if all the encryption keys are valid, and if not request a substitute set of m keys, request a substitute set of j keys (if any of the j keys are invalid), request a substitute set of k keys (if any of the k keys are invalid), request substitute keys for any invalid keys, or discard any invalid keys without substitution.
  • Validation of each received encryption key can be performed independently of other encryption keys received in the same round in step 442 and/or in relation to other encryption keys received in the same round. Independent validation of a key can be for example with respect to security requirements as will be discussed further below.
  • step 444 the user encrypts the password using the m encryption keys and transmits the corresponding m encrypted passwords and transaction number, of which k are transmitted directly to the identification center and j are transmitted to the intermediate service provider.
  • the intermediate service provider forwards the j received encrypted passwords and the transaction number to the identification center in step 446.
  • step 447 the identification center simulates the m encryptions for each password accessible to the identification center, or if steps 434 and 437 were performed then on all passwords selected in step 437.
  • step 448 the identification center compares each set of simulated m encrypted passwords with the set of received m encrypted passwords. If there is not at least one close enough match for all m received encrypted passwords then in step 452, the identification center transmits the transaction number and an indication of authentication failure to the intermediate service provider and the user.
  • step 439 If there is more than one close enough match, another m encryption keys are generated in step 439 for a new round (where m this round may or may not equal m in any previous round) and the subsequent steps are repeated in order to find a single close enough match common to all received sets of m encrypted passwords.
  • step 454 the evaluation is whether there is more than one common close enough match for all sets of m encrypted passwords received in the current authentication process with the user.
  • the identification center either in the first round or in subsequent rounds ofthe identification process finds a single close enough match, then the transaction number along with an indication of authentication success is sent to the intermediate service provider and to the user in step 456.
  • the intermediate service provider performs the corresponding transaction in step 458 and informs the user of performance of the transaction in step 460.
  • the authentication may also fail (step 455) if there are too many rounds. Depending on the application, more than one round may be considered too many so that if there is more than one close enough match, the process may conclude with an authentication fail rather than performing more rounds. In other applications, more than a predetermined number of rounds may be considered too many or the number of allowed rounds may be unlimited. A limitation on the number of rounds should typically although not necessarily limit the maximum computation time spent by the identification center in authenticating a user, and may also prevent a problematic endless loop (which may occur for example, if the used preliminary identifier corresponds to two or more users with identical passwords which are accessible to the identification center. )
  • steps in the method of Figure 4 relating to the transaction and transaction number may be omitted.
  • step 434 can be omitted and in step 432, the intermediate provider can generate the preliminary identifier for example based on the enrollment information and transmit the preliminary identifier and the transaction number to the identification center.
  • step 456 an indication of success may be transmitted only to the intermediate service provider and the indication of transaction performance in step 460 may suffice to inform the user that the authentication process was successful.
  • an additional preliminary identifier may be requested and received by the identification center in order to further reduce the number of selected corresponding passwords.
  • the preliminary identifier can be transmitted along with the encrypted password in step 444 with the identification center performing steps 437 and 438 after receiving the preliminary identifier.
  • less than all valid encryption keys may be used for the encryption.
  • criteria may be applied to choose one out ofthe more than one close enough matches. Other variations are possible depending on the particular implementation. In order to enhance the security ofthe authentication process, one or more ofthe following criteria may be optionally implemented in a particular preferred embodiment.
  • the number of potential passwords may be made sufficiently large to defy a brute force attack of encrypting all potential passwords among which there is at least one valid encrypted password (i.e. matching an actual encrypted password accessible to the identification center which is associated with a user).
  • the actual passwords i.e. the passwords which in reality are associated with users
  • the correspondence between actual passwords and potential passwords should be kept secret. If the actual passwords and/or the correspondence are not kept secret, a large number of potential passwords will not impede an attacker who can instead focus on the actual passwords.
  • the encryption can include applying a one-way function, i.e. a function which is easy to calculate in one direction, but difficult to calculate the inverse in the reverse direction. In this case, even if an eavesdropper eavesdrops one or more sets of the encryption key and encrypted password, it would still be difficult for the eavesdropper to compute or impersonate the password.
  • the encryption can include applying a many to one function, so that attempts by an eavesdropper at inverting an eavesdropped encrypted password may possibly lead to more than one password (and then the eavesdropper would still have to determine which of those passwords corresponds to the particular user). If the "many" is small, the eavesdropper may use some trial and error, but if the function is heavily many to one, trial and error is less feasible.
  • the preliminary identifier may be required to be unrelated to the corresponding password so that knowledge ofthe preliminary identifier does not help in determining the password.
  • One or more of the specified exemplary five conditions (and/or other conditions instead of or in addition to the specified five conditions) can be used depending on the particular implementation.
  • the password assumed to include only numeric characters.
  • this function is used to encrypt a password X and that the elements transmitted in the encryption key include n, e and optionally the function definition (e.g. 'residue of division by n of X raised to the power e') so that the function Y can be calculated by substituting the password for X.
  • the same function is assumed to be used to encrypt a password e, then X, n and optionally the function definition can be transmitted in the encryption key so that the function Y can be calculated by substituting the password for e.
  • the minimum length of the password can be selected so that the number of potential passwords thwarts a brute force attack.
  • the following example is provided.
  • the operation of exponentiation required to verify one potential password has been evaluated empirically to allow efficiently for 20 such verification tests per second. Assume however for the sake of example that a genius attacker can perform 330 such tests per second today. Assume also a conservative modification of Moore's law under which computer efficiency doubles every two years, thus implying that in twenty years from now, speed will be 1000 times higher - see Silverman, R.D, (2000), a cost based security analysis of symmetric and asymmetric key lengths, RSA Laboratories/Bulletins/Bulletin #13.
  • the password should preferably be at least 16 digits long. For example, such an application may use a password of e.g. 20 digits long.
  • n can be generated as the product of two randomly generated prime numbers p and q (alternatively, p and q can be judged to be prime with high probability).
  • the factors p and q are preferably of similar size so as to deter brute force attacks. Note that the smaller ofthe two factors, p and q, determines the complexity of a brute force attack, so by making p and q of comparable size, the smaller of the two factors is as big as can be and safety is maximal.
  • n (and therefore the encrypted password) are at least e.g. 200 decimal digits long, so that factoring n is extremely difficult if not impossible.
  • the probability should be minimized of eavesdropping more than once the same n (with the same or different e) along with the corresponding encrypted password(s) corresponding to the same password. If the same pair (n,e) is used to encrypt the same password more than one time, in subsequent times an eavesdropper can just transmit to the identification center the encrypted password, eavesdropped during a previous time, which would be accepted as legitimate.
  • n is used more than once to encrypt the same password, each time paired with a different e, it can be shown that it is mathematically possible for an eavesdropper to determine the password or a variable connected to the password from the more than one eavesdropped pairs of [n,e ⁇ ; n,e 2; ..] and the encrypted passwords corresponding to the pairs. If a new many digit n is always generated for each encryption key, the probability is inherently minimized because the probability of ever generating twice the same value of n is practically negligible.
  • the identification center can keep in a buffer a sample of tens or hundreds of recently generated n values and pick one at random for each encryption key. In this case the user would check the validity of the received encryption keys. For example, assuming a particular user always encrypts the same password, the user could keep a record of recently used n's (possibly along with other information such as recently used e's).
  • a received encryption key includes an n that is identical to one ofthe n's in the record
  • the user disapproves the received encryption key, either ignoring the disapproved encryption key and using any remaining sent encryption keys or requesting a replacement encrypted key or set(s) of encryption keys.
  • the record of recently used n's would be stored by the user for at least the amount of time required to empty a full buffer at the identification center.
  • e should be sufficiently large so that X e wraps around the size of n, at least a few times. Note that finding the regular root of a number is feasible whereas finding the modulo n root of a number is currently considered intractable. Therefore e should be sufficiently large so that modulo n is significant in the function X e (mod n) and the function does not reduce to X e . For example, assuming X is of 16 digits length and n is 200 digits long, an e of e.g. 50 would result in an X e of 800 digits long, which is four times longer than the length of n. A larger e would also minimize the probability of repeating the use of the same e for encrypting the same password.
  • the size of e should take into account computational requirements. As e becomes larger, the time to compute the encryption increases. Therefore, in some applications where encryption time is desired to be kept short, the size if e may be kept close to the minimum dictated by the wrapping around requirement. Fourth, the probability or using the same factor p and/or q more than once for encrypting the same password should be minimized. Reusing p or q to produce more than one n may lead to discovery of the reused p or q, for example by calculating the greatest common denominator of the produced n's, and consequently the discovery of the other factor, for example through division of a produced n by the discovered reused factor.
  • the same p and/or q should not be reused on purpose, for example in order to save computation time.
  • p and q are very large primes (or judged to be prime with a high probability)
  • the probability of randomly re-generating the same p or q may be considered acceptably small for many applications. For example, if n is 200 digits long, then the number of n/2 digit long primes is approximately 10 97 and accordingly the probability of re-generating the same prime is small. Therefore, for such applications, random generation of factors p and q each time a new n is to be produced may be a sufficient means to minimize the probability of using the same factor p and/or q more than once for encrypting the same password.
  • the password is composed of the birth date (D ⁇ D 2 /M 1 M /Y 1 Y 2 ) of the user followed by a secret code (L ⁇ L 2 /R ⁇ R 2 ) followed by the credit card number ofthe user (Ci C 2 C 3 C 4 C 5 C 6 C 7 C 8 C 9 Cio On C12 C 13 C ⁇ 4 C 15 C ⁇ 6 ).
  • the encryption key can include for example instructions for exchanging the position of D 2 with the position of R 2 and the position of L 2 with Mi.
  • the encryption key can also include a function to be performed on the permuted characters.
  • the function can include selection of a subset of characters in the permuted password to obtain the final encrypted password.
  • Identification center terminal 114 includes a receiver 510 and a transmitter 512 (or a combination of the two) configured to receive and/or transmit via communication medium 110.
  • Identification center terminal 114 also includes a storage element 514, for example a database, for storing user passwords.
  • comparator 518 configured to compare the simulated encrypted password(s) with the encrypted password received directly or indirectly from the user (here it is assumed for the sake of simplicity of explanation that only one encrypted password is received). For example, assuming the encryption results in a number, comparator 518 can calculate the percentage difference between each simulated encrypted password(s) and the received encrypted password. As another example, comparator 518 can compare the number of identical characters (in the same position) in each simulated encrypted password(s) with the received encrypted password. Typically although not necessarily the comparison results are sufficient to authenticate a user if one simulated encrypted password can be singled out as corresponding to the received encrypted password.
  • a score is assigned to each simulated encrypted password and the simulated encrypted password with the best score, i.e. the closest match to the received encrypted password, is selected. (If there is more than one simulated encrypted password with the same best score, more rounds can be performed-see above).
  • the comparison would typically but not necessarily cause the selection of the simulated encrypted password whose percentage difference is closest to zero.
  • the comparison would typically but not necessarily cause the selection of the simulated encrypted password with the most matching characters. It should be evident that if the preliminary identifier pinpoints only one password for encryption simulation, then that one password by definition has the best score, i.e. is the closest match and is therefore selected.
  • the selected (best score) encrypted password is then evaluated to see if the selected encrypted password is close enough to the received encrypted password, where the definition of "close enough" depend on the particular embodiment. Again assuming a percentage difference comparison, in some cases only a percentage difference of zero (i.e. the received and selected encrypted passwords are identical) would be considered close enough and the comparison results sufficient to authenticate the user. In other cases, for example if security requirements are lower, a small non-zero percentage difference may be considered close enough. Assuming the character by character comparison, in some cases all characters would need to be identical for the selected encrypted password to be considered close enough whereas in other cases, a majority or an overwhelming majority of identical characters would be considered close enough .
  • all simulated encrypted passwords which are close enough matches with the received encrypted password are selected.
  • the comparison would typically but not necessarily cause the selection of all simulated encrypted passwords with not more than a predetermined percentage difference level. The level would depend on the embodiment; in one case the definition of a close enough match may require a zero percentage difference (i.e. the received and selected encrypted passwords are identical) whereas in another case a match with a non zero percentage difference may also qualify as close enough.
  • the comparison would typically but not necessarily cause the selection of all simulated encrypted passwords whose number of matching characters is above a predetermined level.
  • the level would depend on the embodiment; in one case the definition of a close enough match may require all identical characters whereas in another case a match with some non-identical characters may also qualify as close enough. If a single simulated encrypted password is selected as being a close enough match, then the comparison results are sufficient to authenticate the user. If more than one simulated encrypted password is selected as close enough matches, more rounds can be performed-see above.
  • the definition of "close enough" may vary based on the reliability and/or uniqueness of the preliminary identifier. For example, in a particular embodiment the requirements for being considered close enough may be less stringent when the preliminary identifier used corresponds to only one password than when the preliminary identifier used corresponds to a plurality of passwords, provided the preliminary identifier is considered reliable. A particular preliminary identifier may be considered reliable, for example, if it is difficult to fraudulently obtain that particular preliminary identifier.
  • identification center terminal 114 may have memory space and computation time requirements which affect the authentication process. For example, if the encryption used in an authentication process is computationally time consuming, then the preliminary identifier may be designed to correspond to only a small number of passwords on which the encryption is to be simulated. For example, assume that the number of passwords accessible to the identification center is 10 8 (1/60* ofthe current estimated world population of 6 x 10 9 ). Assume also that a preliminary identifier of the user is composed of any four letters and any four digits . Therefore, the number of possible preliminary identifiers is 4.5 * 10 9 (i.e. 26 4 *10 4 ).
  • FIG. 6 shows a preferred embodiment of user terminal 112.
  • User terminal 112 include an encrypter 610 configured to encrypt the password ofthe user. For example if the encryption includes applying a function, encrypter 610 is configured to calculate the function.
  • User terminal also includes a transmitter 612 and a receiver 614 (or a combination of the two) configured to transmit and/or receive via communication medium 110. Computation time and memory space requirements of user terminal 112 may impact the authentication process.
  • the tasks assigned to user terminal 112 may be limited to transmitting, receiving, and encrypting. It is also possible that computation time and memory space requirements on one or more of terminals 112, 116 and 114 may affect the remaining terminals. For example, in order to ease the computation required by the identification center terminal 114 and/or user terminal 112, intermediate service provider terminal 116 may be used and assigned tasks more computationally intensive than forwarding data between the other terminals 112 and 114. As another example, user terminal 112 may keep a record ofthe recent history of encryption keys in order to lower the computation time requirements of the identification center terminal 114 during the encryption key transmission process, as was discussed above.
  • Identification of the authenticated user may also be desirable in some embodiments.
  • identification of the authenticated user may be accomplished in different ways depending on the embodiment. For example, in embodiments where a unique preliminary identifier is used, the identification center is in possession of the identity of the user once the identification center has received the preliminary identifier. Continuing with the example, if the preliminary identifier is the credit card number of the user, then if the password corresponding to the credit card number preliminary identifier is matched as described above with reference to various embodiments of the invention, the authenticated user can be identified as the holder of the corresponding credit card.
  • the identification center may extract one or more personal identification numbers in the password and thereby identify the authenticated user.
  • the identification center may have access to identifying information corresponding to each accessible password and can use the identifying information corresponding to the matched password to identify the authenticated user.
  • identification of the authenticated user may be performed by the intermediate service provider (and the identification center does not need to identify the authenticated user), based on for example the preliminary identifier, customer identifier, and/or transaction number, etc. In other embodiments, identification of the authenticated user may not be required.
  • an identification center such as a credit card company may have access to the passwords of all credit card holders and allow any authenticated user to perform a certain action such as for example accessing the credit card web site.
  • an intermediate service provider may target a particular age-group for a free gift, and any authenticated user with a given birth-year (where the birth year is used as a preliminary identifier) would be eligible.
  • authentication ofthe user as described above with reference to various embodiments of the current invention may in some embodiments also lead to authentication of items, actions, and/or data related to the authenticated user. For example, if a user is allowed to log on upon authentication as described above with reference to various embodiments of the current invention, subsequent actions performed by the user and/or data transmitted by the user while logged on may be accepted as authentic. As another example, a bank withdrawal from the account of a user authenticated as described above with reference to various embodiments of the current invention may be accepted as authentic. As another example, authentication ofthe user as described above with reference to various embodiments of the current invention may allow an identification card such as a social security card in the name ofthe user to be accepted as authentic. As another example, if a user is allowed access into a physical restricted area upon authentication as described above with reference to various embodiments of the current invention, subsequent actions by the user while in the restricted area may be accepted as authentic.
  • user terminal 112 and identification center terminal 114 may not be connected by a communication medium.
  • Identification center terminal 114 in this aspect of the invention may exclude receiver 510 and transmitter 512, and instead include an input 702 and an output 704.
  • user terminal 112 may exclude transmitter 612 and receiver 614, and instead include an input 802 and an output 804.
  • identification center terminal 114 may be located at the physical entrance to a restricted place and user terminal 112 may be a portable device carried by the user to the physical entrance.
  • the user (or a proxy) may pass the information between the two terminals 112 and 114.
  • Identification center terminal 114 outputs the encryption key via output 702, for example a display.
  • the user obtains the encryption key from output 702, for example by reading the display.
  • the user then inputs the encryption key into input 802 of user terminal 112, for example by entering the encryption key via a keyboard or stylus.
  • User terminal 112 performs the encryption and outputs the encrypted password via output 804, for example a display.
  • the user obtains the encrypted password from output 804, for example by reading the display and inputs the encrypted password into input 702 of identification center terminal 114, for example by entering the characters through a keypad.
  • Identification center terminal 114 then simulates the encryption and compares the simulated encrypted passwords to the entered encrypted password and if the results are sufficient, authenticates the user.
  • system may be a suitably programmed computer.
  • the invention contemplates a computer program being readable by a computer for executing the method of the invention.
  • the invention further contemplates a machine-readable memory tangibly embodying a program of instructions executable by the machine for executing the method ofthe invention.

Abstract

L'invention concerne des systèmes et des procédés d'authentification d'un utilisateur par un centre d'identification. Un mode de réalisation préféré de cette invention concerne le transfert par l'intermédiaire d'un support de communication d'une clé de cryptage vers l'utilisateur et/ou le centre d'identification, la réception par le centre d'identification d'un mot de passe crypté par l'utilisateur, la simulation par le centre d'identification du cryptage, la comparaison du(des) mot(s) de passe crypté(s) simulé(s) avec le mot de passe crypté reçu et l'authentification de l'utilisateur dans le cas où les résultats de la comparaison s'avèrent suffisants. Selon une autre variante, la clé de cryptage est fournie par un terminal de centre d'identification et entrée manuellement dans un terminal utilisateur.
PCT/IL2002/000781 2002-09-23 2002-09-23 Procede et systeme d'authentification WO2004028078A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2002337588A AU2002337588A1 (en) 2002-09-23 2002-09-23 Method and system for authentication
PCT/IL2002/000781 WO2004028078A1 (fr) 2002-09-23 2002-09-23 Procede et systeme d'authentification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IL2002/000781 WO2004028078A1 (fr) 2002-09-23 2002-09-23 Procede et systeme d'authentification

Publications (1)

Publication Number Publication Date
WO2004028078A1 true WO2004028078A1 (fr) 2004-04-01

Family

ID=32012138

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2002/000781 WO2004028078A1 (fr) 2002-09-23 2002-09-23 Procede et systeme d'authentification

Country Status (2)

Country Link
AU (1) AU2002337588A1 (fr)
WO (1) WO2004028078A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9378343B1 (en) * 2006-06-16 2016-06-28 Nokia Corporation Automatic detection of required network key type
US11228592B1 (en) 2020-04-27 2022-01-18 Identity Reel, LLC Consent-based authorization system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020025046A1 (en) * 2000-05-12 2002-02-28 Hung-Yu Lin Controlled proxy secure end to end communication
FR2814619A1 (fr) * 2000-09-28 2002-03-29 Gemplus Card Int Procede d'encodage de messages longs schemas de signature electronique a base de rsa
US20020067832A1 (en) * 2000-06-05 2002-06-06 Jablon David P. Systems, methods and software for remote password authentication using multiple servers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020025046A1 (en) * 2000-05-12 2002-02-28 Hung-Yu Lin Controlled proxy secure end to end communication
US20020067832A1 (en) * 2000-06-05 2002-06-06 Jablon David P. Systems, methods and software for remote password authentication using multiple servers
FR2814619A1 (fr) * 2000-09-28 2002-03-29 Gemplus Card Int Procede d'encodage de messages longs schemas de signature electronique a base de rsa

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9378343B1 (en) * 2006-06-16 2016-06-28 Nokia Corporation Automatic detection of required network key type
US9408077B1 (en) 2006-06-16 2016-08-02 Nokia Corporation Communication action bar in a multimodal communication device
US11228592B1 (en) 2020-04-27 2022-01-18 Identity Reel, LLC Consent-based authorization system

Also Published As

Publication number Publication date
AU2002337588A1 (en) 2004-04-08

Similar Documents

Publication Publication Date Title
US20030070074A1 (en) Method and system for authentication
EP0824814B1 (fr) Procede et appareil pour authentifier l'origine d'un message
US8190893B2 (en) Portable security transaction protocol
JP4603252B2 (ja) ユニバーサル一般取引のためのセキュリティフレームワーク及びプロトコル
US7716484B1 (en) System and method for increasing the security of encrypted secrets and authentication
US6105012A (en) Security system and method for financial institution server and client web browser
US8654975B2 (en) Joint encryption of data
JPH113033A (ja) クライアント−サーバ電子取引においてクライアントの本人確認を確立する方法、それに関連するスマートカードとサーバ、および、ユーザが検証者と共に操作を行うことが認可されるかどうかを決定する方法とシステム
GB2434724A (en) Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters
JP2000357156A (ja) 認証シード配布のためのシステムおよび方法
EP2536062A1 (fr) Améliorations à la sécurité de communication
CN101278538A (zh) 用于用户认证的方法和设备
WO2018030289A1 (fr) Système de communication ssl, client, serveur, procédé de communication ssl et programme informatique
JP3970243B2 (ja) 暗号認証方法
US8631475B1 (en) Ordering inputs for order dependent processing
Dandash et al. Fraudulent Internet Banking Payments Prevention using Dynamic Key.
WO2004028078A1 (fr) Procede et systeme d'authentification
JP3497936B2 (ja) 個人認証方法
TWI828001B (zh) 使用多安全層級驗證客戶身分與交易服務之系統及方法
US20230143356A1 (en) Method and system for performing cryptocurrency asset transaction
Singh et al. Grammar based off line generation of disposable credit card numbers
CN113793149A (zh) 离线交易认证系统、方法及中心服务器、客户端
Das et al. Towards a formal verification of an authentication protocol using non-monotonic logic
Zhang et al. A novel off-line anonymous and divisible digital cash protocol utilizing smart card for mobile payment
Assora et al. Using WPKI for security of web transaction

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 167557

Country of ref document: IL

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP