WO2007038924A1 - Procede d'etablissement d'indicateur de code d'acces - Google Patents

Procede d'etablissement d'indicateur de code d'acces Download PDF

Info

Publication number
WO2007038924A1
WO2007038924A1 PCT/DK2006/000544 DK2006000544W WO2007038924A1 WO 2007038924 A1 WO2007038924 A1 WO 2007038924A1 DK 2006000544 W DK2006000544 W DK 2006000544W WO 2007038924 A1 WO2007038924 A1 WO 2007038924A1
Authority
WO
WIPO (PCT)
Prior art keywords
access code
user
service
indicator
service provider
Prior art date
Application number
PCT/DK2006/000544
Other languages
English (en)
Inventor
Ole NØRGAARD
Original Assignee
Noergaard Ole
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Noergaard Ole filed Critical Noergaard Ole
Publication of WO2007038924A1 publication Critical patent/WO2007038924A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • the present invention relates to establishing one or more access code indicators, whereby a user during a login procedure can be helped to recall or remember his or her access code.
  • the present invention further relates to a number of user terminals, wherein each user terminal has a pre-installed and filled out access code indicator.
  • help function for users that have forgotten their access code
  • help function is commonly named as "Have you forgotten your access code”.
  • this help function consist in that the user gets the forgotten access code forwarded to the email address given by the user at the time when he or she was registered as a user of the website in question.
  • Some websites offer a user that have forgotten the access code to have a new one forwarded, and on some websites there is also a customer service, which can be phoned in order to have the problem solved. How- ever, these known solutions have several drawbacks.
  • a login procedure may include login to online and offline services and different forms of check-in in physical rooms or compartments
  • a method for establishing an access code indicator whereby a user when performing a login from a user screen onto the website of a service provider can be helped to recall or remember his or her access code, which service provider subscribes to an access code service from an access code service supplier, so that when a login onto the service providers website is performed, one or more access code service links appear, which service links relate to the computer system of the access code service supplier, and which service provider is assigned a unique ID by the access code service supplier, said method comprising: a) user activating a first access code service link ("open access code service link") on the website of the service provider, b) transfer of the unique ID of the service provider to the system of the access code service supplier, c) validating the ID of the service provider at the system of the access code service supplier, and if a positive result of the validation, d) opening of a new browser window at the user screen, which browser window has connection to the computer system of the access code service supplier, and which browser window
  • activation of the first access code service link causes the system of the service provider or service subscriber to transfer the unique ID to the system of the access code service supplier for validation.
  • the method according to the first aspect of the invention further comprises in a preferred embodiment: f) typing a user access code into one or more fields of the access code indicator, g) filling the remaining empty fields of the access code indicator with random characters.
  • the filling of the empty fields of the access code indicator may take place by user activating a second access code service link ("AutoFill link") in the browser window holding the access code indicator, whereby the computer system of the access code service supplier automatically fills out all the empty fields in the access code indicator with random characters.
  • AutoFill link second access code service link
  • the type of the random se- lected characters, which are used for filling out the remaining empty field in the access code indicator are based on the type of characters used in connection with the typed in user access code.
  • the method according to the first aspect of the invention further com- prises: h) generating at the computer system of the access code service supplier an access code key or an encrypted access code key, which access code key is based on all characters in the filled out access code indicator.
  • the generated access code key or encrypted access code key may be displayed on the user screen in the browser window holding the access code indicator.
  • the method further comprises: i) transfer of the access code key or the encrypted access code key to the computer system of the service provider.
  • the method according to the first aspect of the invention further comprises transfer of typed in username and/or access code from the website of the service provider to the computer system of the service provider, so that username and/or access code on the computer system of the service provider is/are connected with the transferred access code key or encrypted access code key.
  • the transfer of the access code key or the encrypted access code key to the computer system of the service provider comprises: copying the access code key or the encrypted access code key from the browser window holding the access code indicator, insertion of the access code key or the encrypted access code key in a field adapted for that purpose on the website of the service provider, and transfer of copied access code key or copied, encrypted access code key from the website of the service provider to the computer system of the service provider.
  • the present invention also comprises a method, wherein the user is logged out from the website of the service provider, which method further comprises: aa) typing a username in a field being adapted for that purpose on the website of the service provider, bb) activating a third access code service link ("forgotten access code link") on the website of the service provider, cc) determining the identity of the user on the computer system of the service provider based on the typed username, dd) displaying and user activating of a fourth access code service link ("show my access code link”) on the website of the service provider, ee) transfer of the unique ID of the service provider and the users access code key or encrypted access code key from the computer system of the service provider to the system of
  • the method may further comprise: ii) user typing the access code in a field in the browser window holding the access code indicator, jj) copying the access code, kk) inserting the access code in a field being adapted for that purpose on the website of the service provider, and
  • a method for establishing an access code indicator whereby a user when performing a login from a user screen onto the website of a service provider can be helped to recall or remember his or her access code, which service provider subscribes to an access code service from an access code service supplier, so that when a login onto the ser- vice providers website is performed, one or more access code service links appear, which service links relate to the computer system of the access code service supplier, and which service provider is assigned a unique ID by the access code service supplier, said method comprising: a) activating the website of the service provider from the user terminal, b) typing a username and a user access code in fields being adapted for that purpose on the website of the service provider, c) activating a first access code service link ("open access code service link") on the website of the service provider, d) transfer of the unique ID of the service provider to the system of the ac- cess code service supplier, e) validating the ID of the service provider at the system of the access
  • the method further comprises: aa) activating the website of the service provider from the user terminal, bb) typing the username in a field being adapted for that purpose on the website of the service provider, cc) activating a third access code service link ("forgotten access code link") on the website of the service provider, dd) determining the identity of the user on the computer system of the service provider based on the typed username, ee) displaying and user activating of a fourth access code service link ("show my access code link”) on the website of the service provider, ff) transfer of the unique ID of the service provider and the users access code key or encrypted access code key from the computer system of the service pro- vider to the system of the access code service supplier, gg
  • the access code indicator may be designed so that it contains one or more mnemotechnical points of support for a user. It is also within a method according to the first aspect of the invention that the user may choose an individual colour pattern based on the colours of the empty fields in the access code indicator when typing in the user access code.
  • no user data is stored in the computer system of the access code service supplier.
  • the user screen may be a touch sensitive screen, wherein the filled out access code indicator displayed in the browser window can be used as a vir- tual keyboard, so that the user access code can be typed in by the user touching the fields containing the access code.
  • a method for establishing an at least partly user defined access code indicator at an access code service supplier wherein the user is assigned a unique ID by the access code service supplier, which method comprises: a) activating the website of the access code service supplier from the users terminal, b) typing in user login data at the website of the access code service supplier, which login data has an unambiguous connection to the ID of the user, c) validating the user ID at the system of the access code service supplier, and if a positive result of the validation, d) opening a new browser window on the user terminal or user screen, which browser window has connection to the computer system of the access code service supplier, and which browser window holds an access code indicator with a number of empty fields having different colours.
  • the method further comprises: e) typing a user access code into one or more fields of the access code indi- cator, f) filling out the remaining empty fields of the access code indicator with random characters.
  • the remaining empty fields of the access code indicator may be automatically filled out with random characters by the computer system of the access code service supplier. The automatically filling out of the remaining empty fields of the access code indicator may take place by a user activation in the browser window holding the access code indicator.
  • the type of the random selected characters, which are user for filling out the remaining empty fields in the access code indicator are based on the type of characters used in connection with the typed in user access code.
  • data corresponding to the access code indicator with all fields being filled out is stored in the system of the access code service supplier. It is also preferred that data corresponding to the access code indicator with all fields being filled out is stored in the user terminal. The user may transfer data corresponding to the stored, filled out access code indicator to another user terminal, wherein the other user terminal may be a mobile terminal.
  • a method of establishing an at least partly user defined access code indicator at an access code service supplier wherein the user is assigned a unique ID at the access code service supplier, and wherein the defined access code indicator can be used in connection with login from a user terminal onto a website of a third party with the website having a corresponding URL
  • the method comprises: a) activating the website of the access code service supplier from the users terminal, b) typing in user login data at the website of the access code service sup- plier, which login data has an unambiguous connection to the ID of the user, c) validating the user ID at the system of the access code service supplier, and if a positive result of the validation, d) opening a new browser window on the user terminal or user screen, which browser window has connection to the computer system of the access code ser- vice supplier, and which browser window holds an access code indicator with a number of empty fields having different colours, e) typing a user access code into one or more fields of the access code indicator
  • the remaining empty fields of the access code indicator are automatically filled out with random characters by the computer system of the ac- cess code service supplier.
  • the automatically filling out of the remaining empty fields of the access code indicator may take place by user activation in the browser window holding the access code indicator.
  • the type of the random selected characters, which are used for filling out the remaining empty fields in the access code indicator are based on the type of characters used in connection with the typed in user access code.
  • data corresponding to the access code indicator with all fields being filled out and URL data corresponding to the unambiguous connection between the access code indicator and the URL of the website of the third party are stored at the system of the access code service supplier. It is also preferred that data corresponding to the access code indicator with all fields being filled out and URL data corresponding to the unambiguous connection between the access code indicator and the URL of the website of the third party are stored at the users terminal.
  • a client program or a browser-plugin may be installed on the users terminal, which client program or browser-plugin is adapted for validating URL for a website activated from the users terminal with URL data stored at the users terminal, which stored URL data corresponds to an unambiguous connection between the access code indicator and the URL of the website of the third party.
  • the method according to the third aspect of the invention may comprise: activating of the website of the third party from the users terminal, validating, at the users terminal, the URL of the activated website with stored URL data, and if a positive result of the validation, displaying the filled out access code indicator corresponding to the stored URL data on the users screen, which filled out access code indicator is stored at the users terminal.
  • the present invention further comprises a method for establishing several at least partly user defined access code indicators according to an embodiment of the third aspect of the invention, wherein data corresponding to the filled out access code indi- cators are stored in the system of the access code service supplier together with URL data corresponding to the unambiguous connection between the stored access code indicators and the URL of the corresponding websites, and wherein data corresponding to the filled out access code indicators are stored in the users terminal together with URL data corresponding to the unambiguous connection between the stored access code indicators and the URL of the corresponding websites.
  • each user terminal has a pre-installed, filled out access code indicator, which access code indicator when displayed on the users screen holds a number of fields in different colours, wherein the fields are filled out with numbers or numerals and/or letter or characters, and wherein the combination of the colours, number or numerals and/or letters or characters differs for at least a part of the user terminals.
  • the combination of the colours, number or numerals and/or letters or characters may differ for each of the user terminals.
  • the selected colours, number or numerals and/or letters or characters may be selected at random by use of a random generator.
  • each single user terminal may be a mo- bile phone, a PDA or a computer.
  • a computer-based method implemented at an access code service comprising the steps of: rendering a predetermined design with a plurality of input fields upon receiving a re- quest for enrolling a payment card into a 1 -time PIN code service; receiving a request for using a specific visual pattern in said predetermined design for displaying said 1-time PIN code; modifying said design so said visual pattern is hidden; generating a 1-time PIN code and displaying it in said visual pattern; receiving a PIN code entered by a user and comparing it with said generated 1-time
  • the predetermined design may be any of the following: a matrix, a rectangular grid-structure, a square grid- structure, an image, a triangular matrix, a circular matrix or a hologram.
  • the access code service may be implemented over a network, said network comprising any of, or a combination of: local area network (LAN), wide area network (WAN), cellular network, or the Internet.
  • LAN local area network
  • WAN wide area network
  • cellular network or the Internet.
  • the PIN code may comprise any of the following: alphabet characters, numeric characters, al- phanumeric characters, or symbols.
  • each field in said design may have a value and a color associated with it.
  • the PIN code may be associated with any of the following: a wired network, a wireless network, a computer, a PDA, cell phone, a file, a folder, a car, a boat, an airplane, or a building.
  • the design may include a defined point composed of a character, a set of characters or a marking, aiding the user in recalling a pattern.
  • said hiding may be performed by filling randomly generated characters in empty fields of said design.
  • the access code indicator may be formed as encrypting scheme with coloured fields, which in an exemplary embodiment can be 49 equally sized quadratic fields having the colours black, red, yellow, green, with the coloured fields being distributed in a mixture of randomness and recognisable patterns, which can be used as mnemotechnical points for the memory.
  • a user may choose a personal colour pattern amongst the coloured fields, and in this colour pattern the user may write or type his or her access code and thereafter fill out the empty fields with random selected numbers or numerals and/or letters or characters.
  • This method makes it possible to hide an access code from any body else than the user, and the user may by simply remembering a colour pattern, which is far easier to remember than an al- phanumerical string, quickly and simply find an access code and thus login into an online or offline service, to which service an access code is demanded.
  • an access code indicator being established When using an access code indicator being established according to an embodiment of the present invention then it is possible for a user to have his or her access codes displayed in a secure manner with a minimum waiting time and next to the field, into which the user shall type the access code. Thereby the demand to the memory of the user is less and the user can choose access codes of a stronger form than he or she would usually choose.
  • the same colour pattern can be used to a large number of different access codes for login on different online services, and as the user only has to remember the colour pattern, the user may both choose strong access codes and to change the codes often without the risk of forgetting the codes, whereby both the user-friendliness and the security is increased. Of course a user may choose several colour patterns, but then the risk of forgetting the patterns is increased correspondingly.
  • the access code indicator may in a similar way be used in connection with usernames and other forms of ID's, which in principle also works as access codes.
  • Fig. 1 shows how data may be transferred between the servers of the access code service supplier and the service provider subscribing to an access code service according to an embodiment of the first aspect of the invention
  • Fig. 2 shows an exemplary embodiment of an encryption scheme or a filled out access code indicator
  • Fig. 3 shows an example of an access code service link
  • a "Read BEFORE you forget your access code” according to an embodiment of the first aspect of the invention
  • Rg. 4 shows examples of access code service links
  • Fig. 5 shows an example of an access code service link, D "Open access code indicator", according to an embodiment of the first aspect of the invention
  • Fig. 6 illustrates an access code indicator with typed in access code according to an embodiment of the invention
  • Fig. 7 shows an access code indicator having all fields in the encryption scheme or access code indicator filled out and an access code key displayed in a field according to an embodiment of the first aspect of the invention
  • Fig. 8 is a flow chart illustrating the sequence for establishing an access code indicator according to an embodiment of the first aspect of the invention
  • Fig. 9 is a flow chart illustrating the sequence when a user wants to see his or her es- tablished access code indicator according to an embodiment of the first aspect of the invention.
  • Fig. 10 is a flow chart showing the sequence when a user wants to shift an access code according to an embodiment of the first aspect of the invention
  • Fig. 11 illustrates an example of how a user can establish a library of access code indicators on the server of an access code service supplier according to an embodiment of a second aspect of the invention
  • Fig. 12 is a flow chart illustrating the establishment of a user library holding access code indicators corresponding to the example shown in Fig. 11,
  • Fig. 13 illustrates an example of how a user can establish a library of access code indicators on the server of an access code service supplier and connect a unique URL to each access code indicator according to an embodiment of a third aspect of the invention
  • Fig. 14 is a flow chart illustrating the establishment of a user library holding access code indicators connected to unique URL's corresponding to the example shown in Fig. 13,
  • Fig. 15 shows an example of how an access code indicator can be pre-installed in a unit of a series of user terminals according to an embodiment of a fourth aspect of the invention
  • Fig. 16 is a diagram illustrating exchange of data between the servers of an access code service supplier and a service provider subscribing to an access code service when establishing a new user or when changing an existing access code according to an embodiment of the invention, in which the access code service supplier encrypts an established access code key,
  • Fig. 17 is a flow chart illustrating different steps when establishing a new user of the access code service according to an embodiment of the invention, in which an access code key is encrypted by the access code service supplier,
  • Fig. 18 is a flow chart illustrating different steps when a user wants to use the access code service in order to have his or her access code displayed according to an embodiment of the invention, in which an access code key is encrypted by the access code service supplier, and
  • Fig. 19 illustrates an online payment solution according to an embodiment of a fifth aspect of the invention, in which an access code indicator displays a 1-time PIN code related to a payment card for establishing the identity of a user.
  • the access code indicator according to the first aspect of the invention may be used as a web-service, which may be supplied by a single service supplier or access code ser- vice supplier, with the aim of making the invention a de facto standard, an with the web-service having an unlimited number of service providers subscribing to the access code service, which service providers integrates the service in their own, proprietary systems, where the customers of the service providers are free to use the service.
  • the access code service supplier establishes the subscribing service provider in the service suppliers system and forwards a unique ID to the subscribing service provider, which unique ID is integrated in the system of the subscribing service provider, for example in the source code to the website of the subscribing service provider.
  • the access code indicator or the digital access code indicator may comprise four or more links A, B, C, D for integration in the website of the subscribing service provider.
  • Link A may be a "Read BEFORE you forget your access code” link and may be integrated in the login page and open up an new browser window holding a short introduction to the access code service for new users.
  • Link B may be a "I have forgotten my access code” link and may also be integrated in the login page and perform the same function as the login link.
  • Link C may be a "Show my access code” link and may be integrated in the login page and open up an access code indicator holding a filled out encryption scheme with a users password hidden in a colour pattern.
  • Link D may be an "Open access code indicator” link and may be integrated in the registration scheme, which shall be filled out by a new user, and which can open up an access code indicator holding an empty encryption scheme.
  • the user When being registered as a new user of a website at a subscribing service provider, the user may click on link D and the access code service supplier can then open up an empty access code indicator in a new browser window, in which the user may type in the selected access code for the website in question in the users personal colour pat- tern on the encryption scheme.
  • the system of the access code service supplier may then generate a key consisting of the total number of signs in the encryption scheme without any indication of which signs constitutes the access code, and this key may be transferred, for example automatically or by the user using the Window function "copy and paste", into a special field in the registration scheme on the website of the sub- scribing service provider, which field as an example may be named "your key to the access code indicator".
  • the user When the user later on wants to login to the website in question, onto which he or she is now registered as a user, then the user may first type in his or her user name, and if in doubt about the access code, the user may then click on link B, which can perform the same function as the login bottom and which initiates the transfer of the typed in username to the subscribing service provides system, whereby the user is identified.
  • the system of the subscribing service provider shows link C "Show my access code" and if the user clicks on this link, the subscribing service provider may send one or more sets of information, for example four sets of information, to the system of the access code service supplier, namely the ID, which the sub- scribing service provider has got from the access code service supplier, the version number of the service application, the selected language as well as the users access code key.
  • the access code service supplier may then open a new browser window, in which the user's access code key is shown in the encryption scheme of the access code indicator having the access code hidden in the personal colour pattern.
  • the user may then put in his or her access code in the login scheme of the website and thereafter login.
  • Rg. 1 is a diagram showing how data is transferred between the servers of the access code service supplier and the service provider subscribing to an access code service according to an embodiment of the first aspect of the invention.
  • the subscribing service provider When being established as a subscribing customer the subscribing service provider is given an ID and the possibility of integrating several parameters in the service providers own system, a language parameter, where the subscribing service provider can decide which language will be used for the service, or choose to have the access code service supplier measure which language is used by the users browser and then automatically supply the service at this language.
  • Another parameter is the version number of the access code service at the time when the subscribing service provider was established as a customer, which makes it is possible to measure or read the version number whereby conflicts with later upgrading can be avoided.
  • the access code service supplier gener- ates an access code key, which is transferred to the server of the subscribing service provider, together with an access code indicator, which can show an access code key in a separate browser window.
  • an access code service supplier should have to store data relating to the customers of the subscribing service provider, which data the customers may fear could be misused, and the security level is hereby the highest conceivable. All transfer of data between the servers of the access code service supplier and the subscribing service provider takes place by use of 128 BIT SSL encryption.
  • Rg. 2 shows an example of an embodiment of the encryption scheme of the access code indicator having 49 coloured fields in which an access code can be hidden in a colour pattern.
  • the arrangement of the colour fields in the encryption scheme is a mixture of accidental occurrence and patterns, wherein the patterns constitute a mnemo- technical help for the user, which can use these patterns as points of support 201 , and thereby make it easier to remember the personal colour pattern, in which the user chooses to write his or her access code.
  • black fields of the encryption scheme all characters are shown as white, while they are shown as black in the remaining fields.
  • Fig. 3 shows link A, which opens a new browser window 301 having information for a new user.
  • Fig. 4 shows link B "I have forgotten my access code", which performs a login function on the server of the subscribing service provider, whereby the identity of the user is determined, and thereafter link C "Show my access code” is shown.
  • 401 shows the access code indicator
  • 402 is an input field in which the user can type in his or her access code
  • 403 is a link to the Windows function "Copy”.
  • Fig. 5 shows link D on the registration page of the subscribing service provider, which link opens up an empty access code indicator in a separate browser window 501 , in which access code indicator the user can select a colour code and type in his or her access code.
  • Fig. 6 shows an access code indicator, in which the user has typed in an access code of 7 digits or numbers in a selected colour code, 601. Hereafter, the user clicks the link AutoFill 602 in order to fill out the empty fields.
  • Fig. 7 shows an access code indicator in which all empty fields of the encryption scheme are filled out with random numbers and characters 701 , whereby the typed in access code is hidden for everybody else than the user.
  • an access code key 702 which the user copies to the Windows copy and paste function by clicking the link 703 and thereafter inserts into the field established for this purpose on the website of the subscribing service provider 704.
  • Fig. 8 is a flow chart showing the different steps connected with establishing a new user of the service according to an embodiment of the first aspect of the invention.
  • the user starts by selecting a user name and an access code at a subscribing service provider, and by typing in the user name and the access code in the corresponding fields on the website of the subscribing service provider. If the user wants to use the digital access code indicator, he clicks on link D 801 , where after the system of the subscrib- ing service provider forwards or sends the website ID, a language parameter and the version number of the service application 802 to the access code service supplier.
  • the website ID is validated 803 in order to see if is an established service subscription and if payment for the service has taken place.
  • a message is shown to the user 804. If the ID of the website is acknowledged, then a new browser window is opened on the users computer screen with an access code indicator, in which the user can choose or select a personal colour pattern and type in his or her access code in the encryption scheme 805 by clicking a field of the colour pattern one at a time and typing in a letter or number or numeral in each field. The user can choose or select an access code, which either consists of letters or numbers or a com- bination of numbers and letters.
  • Fig. 9 is a flow chart showing the different steps connected with a user wanting to use the service to have his or her access code shown according to an embodiment of the first aspect of the invention.
  • the user moves to the login site of the subscribing service provider, types in the user name and thereafter clicks link B "I have forgotten my access code" 901 , whereby a login function is effected in order to determine the identity of the user on the server of the subscribing service provider.
  • link C Show my access code
  • the access code service supplier then validates the ID 904, and if the ID is not valid a message is shown to the user 905.
  • the access code service supplier shows the received access code key in an encryption scheme on an access code indicator 906, which is displayed in a separate browser window on the users computer.
  • the user types the access code in the input field of the access code indicator 907 and thereafter transfers the access code to Windows cut out holder by clicking link 908.
  • the user finishes by inserting the access code in the input field of the login site of the website 909 of the subscribing service provider, where after the user can log in.
  • Fig. 10 is a flow chart showing the different steps connected with a change in an access code according to an embodiment of the first aspect of the invention.
  • the user starts by login onto the website 1001 of the subscribing service provider, where after the system of the subscribing service provider forwards website ID, a language parameter, and the version number of the service application 1002 to the access code service provider.
  • the website ID is validated 1003 to see if there is an established service subscription and if payment for the service has taken place. If this is not the case a message is shown to the user 1004.
  • a new browser window is opened on the users computer screen with an access code indicator having the access code of the user hidden in the encryption scheme, at which scheme the user deletes all typed in signs or characters by clicking Clear 1005.
  • the procedure starts from here 1006.
  • the user chooses a new access code 1007 and fills out the empty fields by clicking the AutoFill link 1008, where after the system of the access code service provider loops all fields 1009 and searches the type characters, which have been typed in (numerals, small letters, capital letters). There after all empty fields are automatically filled with random characters of the types found during the search 1010.
  • a new access code key is generated 1011 , which key consists of all signs or characters in the encryption scheme and this access code key is transferred by the user to the Windows cut out holder 1012, and subsequently the user can insert the access code key in the field established for this purpose on the website of the subscribing service provider 1013, whereby the change of the access code key is accomplished.
  • Fig. 11 shows an example of an embodiment according to a second aspect of the in- vention, wherein a user can establish an online library of access code indicators on the server of the access code service supplier and copy this library to an offline library on the users own computer, and thereafter synchronize the offline library with a library on a mobile terminal via a hardwired or wireless connection.
  • the user may also directly login to the server of the access code service supplier by use of the mobile terminal and synchronize the online library with the offline library on the mobile terminal via the Internet without the involvement of further hardware.
  • Fig. 12 is a flow chart showing the different steps connected with establishing an online library of access code indicators and the following synchronization of this library with an offline library on either a computer or mobile terminal, corresponding to an embodiment according to the second aspect of the invention.
  • the user From the users own computer 1201 , the user moves to the login site of the website of the access code service supplier and types in user name and access code.
  • User name and access code is validated 1202 and if the typed in data is not found to be valid, then a message is sent to the user 1203. If the typed in data is valid, the user is given access to the online library 1204 on the server of the access code service supplier, on which server the user can establish and administrate access code indicators.
  • the user can copy this library 1205 to an offline library on the users own computer, and the offline library can thereafter be synchronized 1206 with the library on the mobile terminal via a hardwired or wireless con- nection.
  • the offline library having the access code indicators on the mobile terminal is now identical with the online library on the server of the access code service supplier 1207.
  • the user may also choose to use the mobile terminal to login onto the website of the access code service supplier 1208 and type in user name and access code.
  • the typed in data is validated 1209 and if the typed in data is not valid, a message is sent to the user 1203. If the typed in data is valid the user gets access to the online library 1210, where the user can establish and administrate access code indicators.
  • the user may synchronize the online library with the library on the mobile terminal via the Internet 1211 , and after this synchronization the offline library with access code indicators in the mobile terminal is identical with the online library on the server of the access code service supplier 1207.
  • Fig. 13 shows an example of an embodiment according to a third aspect of the invention, wherein a user can establish an online library with access code indicators on the server of the access code service supplier and link a unique website URL to each ac- cess code indicator.
  • the online library can then be copied to an offline library on the user's computer, on which computer an installed client program/browser-plugin will measure on all URLs being open in a browser, and determine if there is a matching URL in the offline library. If this is the case, then the client program/browser-plugin will open the access code indicator being linked to the URL in question and show this URL in a separate window on the user's computer.
  • Fig. 14 is a flow chart showing the different steps connected with establishing an online library with access code indicators linked to unique URLs, followed by copying to an offline library on the user's computer, corresponding to an embodiment according to the third aspect of the invention.
  • From the user's own computer the user moves to the registration site on the website of a third party 1401 , and establishes himself as a new user with a new user name and access code.
  • the user then moves to the login site on the website of the access code service supplier, and types in user name and access code for this service 1402.
  • the typed in data is validated 1403 and if the data is not valid a message is sent to the user 1404.
  • the user gets access to the online library having access code indicators 1405, and the user establishes a new access code indicator to the website of the third party and unambiguously links this indicator to the URL of the website in question. Thereafter the user synchronize his or her online library 1406 having access code indicators with an offline library on the users own computer. When the user afterwards logs in to the website of the third party 1407, then a client program/browser-plugin installed on the user's computer will measure the URL, which is open in the browser, and compare this URL with the stored URLs in the offline library 1408.
  • the client program/browser-plugin will open the access code indicator, which is linked to the URL in question and show this indicator in a separate window on the user's computer 1411. If there is no match, a message is sent to the user 1410.
  • Fig. 15 shows an example of an embodiment according to a fourth aspect of the inven- tion, wherein a unique access code indicator may be pre-installed from the manufacturer or fabric on each sample in a series of hardware products, so that an end-user, which buys such a hardware unit, gets the possibility of choosing as an access code for login or as a PIN code, the numerals or letters which are written at random on a colour pattern, which the user chooses to use as a mnemotechnical support.
  • the present invention also comprises an alternative embodiment for establishing and use of an access code indicator, wherein data is exchanged between the server of an access code service supplier and the server of a subscribing service provider, corresponding to the above described embodiment according to the first aspect of the inven- tion being illustrated in Figs. 1 , 8 and 9.
  • this alternative embodiment there is also formed an access code key at the access code service supplier, but here the access code key is encrypted before the key in encrypted form is further forwarded to the subscribing service provider.
  • This embodiment is illustrated in Figs. 16-18, where Fig.
  • 16 is a diagram showing how data is exchanged between the server of the access code ser- vice supplier and the server of the subscribing service provider in connection with the establishment of a new user or a change of an existing access code, and where the access code service supplier encrypts the access code key with a master key, which master key is to be found on the server of the access code service supplier.
  • the user logs in to the website of the subscribing service provider 1601 , and clicks on link to the website of the access code service supplier 1602.
  • the access code service supplier shows an empty access code indicator in a new browser window, wherein the user types in his or her access code and then activates the AutoFill link.
  • An access code key is generated and forwarded to the server of the access code service supplier 1603, where it is encrypted 1604.
  • the encrypted access code key is shown in a field in the browser window with the access code indicator 1605, where after the user copies the encrypted access code key and inserts it in a field in a registration scheme on the website of the subscribing service provider 1606.
  • the encrypted access code key is stored on the server of the subscribing service provider 1607.
  • Fig. 17 is a flow chart showing the different steps connected with establishing a new user of the service, when the access code key is encrypted by the access code service supplier.
  • the user starts by choosing a user name and an access code at a subscribing service provider, where the user name and the access code are both typed in the re- spective fields on the website of the subscribing service provider. If the user wants to use the digital access code indicator, the user clicks on link on the website of the subscribing service provider 1701 , where after the system of the subscribing service provider forwards website ID, a language parameter and the version number of the service application to the access code service supplier 1702.
  • the ID of the website is validated 1703, in order to see if it is an established service subscription and if payment for the service has taken place. If this is not the case, a message is shown to the user 1704.
  • a new browser window is opened on the users computer screen with an access code indicator, in which the use can choose or select a personal colour pattern and type in his or her access code in the encryption scheme 1705 by clicking a field of the colour pattern one at a time and typing in a letter or a number or numeral in each field.
  • the user may fill out the empty fields by clicking the AutoFill link 1706, where after the system of the access code service supplier loops through all fields 1707 and searches for the type of characters, which have been typed in (numerals, small letters, capital letters). Thereafter all the empty fields are filled out automatically with random characters of the types found during the search 1708.
  • the use now has different options 1709, for one thing to regret the typing by clicking the link Clear 1710, whereby the encryption field is discharged.
  • an access code key consisting of all signs in the encryption scheme is generated, and this key is encrypted by use of a master key, which master key is located on the server of the access code service supplier, where after den encrypted key is shown in a field 171 1 with a link to the Windows function "Copy".
  • the user transfers the en- crypted access code key to Windows cut out holder 1712, and the user may hereafter insert the encrypted access code key in the field established for this purpose on the website of the subscribing service provider 1713, whereby the establishment as a new user of the service has been effected.
  • FIG. 18 is a flow chart showing the different steps connected with a user wanting to use the service to have his or her access code shown, when the access code key is encrypted by the access code service supplier.
  • the user moves to the login site of the subscribing service provider, types in the user name and thereafter clicks the link "I have forgotten my access code” 1801 , whereby a login function is effected in order to determine the identity of the user on the server of the subscribing service provider. Thereafter the link "Show my access code" 1802 is shown, and the user clicks this link, where after the ID of the website, language parameter, the version number of the service application, and the encrypted access code key of the user is forwarded to the access code service supplier 1803.
  • the access code service supplier then validates the ID 1804, and if the ID is not valid, a message is shown to the user 1805. If the ID is valid, the access code service supplier decrypts the encrypted access code key by use of master key, and shows the decrypted access code key in an encryption scheme on an access code indicator 1806, which is displayed in a separate browses window on the users computer. The user may now read his or her access code and type in the access code in the input field of the access code indicator 1807 and thereafter transfer the access code to Windows cut out holder by clicking link 1808. The user finishes by inserting the access code in the input field on the login site of the website of the subscribing service provider 1809, where after the user can log in.
  • the present invention also provides for a computer-based method to aid in establishing the identity of a user in connection with online purchasing using payment cards.
  • a computer-based method to aid in establishing the identity of a user in connection with online purchasing using payment cards.
  • the access code service supplier When the owner of a payment card has entered his personal information, including payment card information, in the shopping cart soft- ware, clicking on the "Next" link will send the identity of the payment card to the access code service suppliers server, and if the payment card has been enrolled into the online payment service, the access code service supplier will generate a 1-time PIN code and display it in an access code indicator, the PIN code being hidden in a secret pattern chosen by the user and only known by the user and the access code service supplier. The user identifies him self by entering the 1-time PIN code in a dedicated field, using the access code indicator as a virtual keyboard and clicking on the fields of the secret pattern one by one.
  • the access code service supplier validates the entered PIN code by comparing it to the generated 1-time PIN code. If the entered PIN code is correct, the online payment procedure will continue following the standard protocol. If a wrong PIN code is entered 3 times or any set of times, the user will be locked out, and the online payment process will be cancelled.
  • Fig. 19 illustrates an online payment solution according to an embodiment of the fifth aspect of the invention, in which an access code indicator displays a 1-time PIN code related to a payment card for establishing the identity of a user.
  • the user purchases one or more articles online, and enters information in a Shopping Cart software program 1901.
  • an access code indicator will be shown 1902 in a separate browser window with a 1-time PIN code hidden in a secret pattern chosen upon enrolment by the user, and only known by the user and the access code service provider.
  • the user enters the 1-time PIN code displayed in the secret pattern 1903 using the access code indicator as a virtual keyboard and clicking on the fields containing the PIN code, one by one. If the correct PIN code is entered, the online payment process will continue following the standard protocol. If a wrong PIN code is entered three times or any other set of times, the user will be locked out from further trials, and the purchase will be cancelled.
  • the 1- time PIN code Verification Module can be integrated in the Shopping Cart software 1901 or in the Payment Gateway 1904 or in the Credit Card company's authentication system 1905 or in any other appropriate way.
  • a digital access code indicator which can be activated from several different links being integrated in proprietary websites of third parties, for example one in the scheme, which is filled out when registering a new user, and three in the login site, which access code indicator comprises an encryption scheme with coloured fields and with mnemotechnical supporting points for the user, which user chooses or selects an individual colour pattern, in which there can be typed in a random access code, which code afterwards is hidden by having the remaining empty fields on the encryption scheme being filled out with random numbers or numerals and/or letters.
  • a filled out access code indicator which has been established according to the principles of the present invention, it is possible in a fast an save way to be able to shown or display a filled out access code in a separate browser window in the immediate vicinity of that field, where the access code is to be typed in, with the access code being hidden in a colour pattern so that only one person, who knows the colour pattern, can read the access code, and without the access code service supplier having to hold or keep information or data concerning the user.
  • the present invention also comprises an embodiment, in which the digital access code indicator can be installed in a computer system being adapted for displaying the encryption scheme or the filled out access code indicator on a touch sensitive screen, and where the access code key consisting of a string of all the characters in the encryption scheme is forwarded to the computer in such a way that the encryption scheme can be used as virtual keyboard, and thereby making it possible for the user to type in his or her access code by having a finger touching the fields on the encryption scheme, which fields constitutes the access code, one at a time.

Abstract

La présente invention concerne un procédé d'établissement d'un indicateur de code d'accès, au moyen duquel un utilisateur, lors de la mise en oeuvre d'une ouverture d'une session à partir d'un écran utilisateur sur le site Web d'un fournisseur de service, peut être aidé pour rappeler ou se rappeler de son code d'accès. Le fournisseur de service s'abonne à un service de code d'accès d'un fournisseur de service de code d'accès, de sorte que lorsqu'une ouverture de session sur le site Web du fournisseur de service est mise en oeuvre, un ou plusieurs liens de service de code d'accès apparaissent, lesquels liens de service se rapportent au système informatique du fournisseur de service de code d'accès et lequel fournisseur de service se voit attribuer un ID unique par le fournisseur de service de code d'accès. Selon le procédé de l'invention, l'utilisateur active un premier lien de service de code d'accès ('lien de service de code d'accès ouvert') sur le site Web du fournisseur de service, ce qui est suivi par le transfert de l'ID unique du fournisseur de service vers le système du fournisseur de service de code d'accès. Ensuite, l'ID du fournisseur de service est validé au niveau du système du fournisseur de service de code d'accès, et en cas de résultat positif de la validation, alors une nouvelle fenêtre de navigation est ouverte au niveau de l'écran utilisateur, laquelle fenêtre de navigation présente une connexion au système informatique du fournisseur de service de code d'accès et laquelle fenêtre de navigation contient un indicateur de code d'accès présentant un nombre de champs vides présentant des couleurs différentes. Un code d'accès utilisateur peut être tapé dans des champs conçus à cette fin sur le site Web du fournisseur de service. On préfère que l'activation du premier lien de service de code d'accès conduise le système du fournisseur de service ou l'abonné au service à transférer l'ID unique vers le système du fournisseur de service de code d'accès pour validation. Le procédé peut également consister à taper un code d'accès utilisateur dans un ou plusieurs champs de l'indicateur de code d'accès, ainsi qu'à remplir les champs vides restants de l'indicateur de code d'accès à l'aide de caractères aléatoires. Le procédé peut en outre consister à générer une clé de code d'accès ou une clé de code d'accès chiffrée au niveau du système informatique du fournisseur de service de code d'accès. Ainsi, la clé de code d'accès peut être basée sur l'ensemble des caractères de l'indicateur de code d'accès rempli. La clé de code d'accès ou la clé de code d'accès chiffrée peut être transférée vers le système informatique du fournisseur de service, et le code d'accès tapé peut être transféré du site Web du fournisseur de service vers le système informatique du fournisseur de service, de sorte que le code d'accès sur le système informatique du fournisseur de service est relié à la clé de code d'accès ou à la clé de code d'accès chiffrée transférée.
PCT/DK2006/000544 2005-10-03 2006-10-02 Procede d'etablissement d'indicateur de code d'acces WO2007038924A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
DKPA200501384 2005-10-03
DKPA200501384 2005-10-03
DKPA200600869 2006-06-29
DKPA200600869 2006-06-29

Publications (1)

Publication Number Publication Date
WO2007038924A1 true WO2007038924A1 (fr) 2007-04-12

Family

ID=37561166

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DK2006/000544 WO2007038924A1 (fr) 2005-10-03 2006-10-02 Procede d'etablissement d'indicateur de code d'acces

Country Status (1)

Country Link
WO (1) WO2007038924A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013070124A1 (fr) * 2011-11-08 2013-05-16 Telefonaktiebolaget L M Ericsson (Publ) Appareil et procédés d'obtention d'une indication de mot de passe
CN103455751A (zh) * 2013-09-02 2013-12-18 小米科技有限责任公司 一种密码提示的生成方法、装置和终端设备
CN107154917A (zh) * 2016-03-03 2017-09-12 华为技术有限公司 数据传输方法及服务器
CN112148782A (zh) * 2020-09-24 2020-12-29 建信金融科技有限责任公司 市场数据接入方法及装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040030934A1 (en) * 2001-10-19 2004-02-12 Fumio Mizoguchi User selectable authentication interface and universal password oracle
US20040139331A1 (en) * 2003-01-09 2004-07-15 Yamatake Corporation Password input table creating method and apparatus and program thereof
US20040158746A1 (en) * 2003-02-07 2004-08-12 Limin Hu Automatic log-in processing and password management system for multiple target web sites

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040030934A1 (en) * 2001-10-19 2004-02-12 Fumio Mizoguchi User selectable authentication interface and universal password oracle
US20040139331A1 (en) * 2003-01-09 2004-07-15 Yamatake Corporation Password input table creating method and apparatus and program thereof
US20040158746A1 (en) * 2003-02-07 2004-08-12 Limin Hu Automatic log-in processing and password management system for multiple target web sites

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013070124A1 (fr) * 2011-11-08 2013-05-16 Telefonaktiebolaget L M Ericsson (Publ) Appareil et procédés d'obtention d'une indication de mot de passe
CN103917980A (zh) * 2011-11-08 2014-07-09 瑞典爱立信有限公司 用于获得密码提示的装置和方法
US20140289870A1 (en) * 2011-11-08 2014-09-25 Telefonaktiebolaget L M Ericsson (Publ) Apparatus and methods for obtaining a password hint
EP2776967A4 (fr) * 2011-11-08 2015-07-29 Ericsson Telefon Ab L M Appareil et procédés d'obtention d'une indication de mot de passe
US9524395B2 (en) 2011-11-08 2016-12-20 Telefonaktiebolaget Lm Ericsson (Publ) Apparatus and methods for obtaining a password hint
CN103455751A (zh) * 2013-09-02 2013-12-18 小米科技有限责任公司 一种密码提示的生成方法、装置和终端设备
CN107154917A (zh) * 2016-03-03 2017-09-12 华为技术有限公司 数据传输方法及服务器
CN107154917B (zh) * 2016-03-03 2020-06-02 华为技术有限公司 数据传输方法及服务器
CN112148782A (zh) * 2020-09-24 2020-12-29 建信金融科技有限责任公司 市场数据接入方法及装置

Similar Documents

Publication Publication Date Title
AU2012328082B2 (en) Abstracted and randomized one-time passwords for transactional authentication
US7103912B2 (en) User authorization management system using a meta-password and method for same
JP4948400B2 (ja) 電子メッセージ認証を与える方法及び装置
EP1803251B1 (fr) Procede et appareil apportant une authentification mutuelle entre une unite d'envoi et un destinataire
US7484173B2 (en) Alternative key pad layout for enhanced security
CN104428785B (zh) 使用图标的关键字的图标密码设定装置以及图标密码设定方法
CN104350723B (zh) 账号登录的方法及装置
JP7048948B2 (ja) モバイルコンピューティング機器間で通信を確立させるための方法及びシステム
CN1666457B (zh) 用于在多种环境中鉴权用户的方法和装置
WO2007038924A1 (fr) Procede d'etablissement d'indicateur de code d'acces
WO2009043661A1 (fr) Procédé et système d'authentification
JP2006195716A (ja) パスワード管理システム、方法およびプログラム
JP4758175B2 (ja) 利用者認証方法及び利用者認証プログラム
TW201018170A (en) Service providing system
US20180046797A1 (en) Method for inputting a secure password, sheet, set of sheets, input unit, and uses thereof
CN113475047B (zh) 用于保护操作的方法和系统以及相关联的用户站
JP6289431B2 (ja) 入館申請管理装置、その制御方法及びプログラム
JP2007065789A (ja) 認証システム及び方法
JP4009246B2 (ja) 情報処理方法、情報処理システム、プログラムおよび記録媒体
JP7403705B1 (ja) 認証装置、認証方法、およびプログラム
JP2023111966A (ja) 表示制御システム、表示制御方法、及びプログラム
KR20090086771A (ko) 개인 엠블럼 시스템
JP2004164147A (ja) 電子申請受付システム、その方法及びプログラム
NZ702130B2 (en) Method and System for Abstracted and Randomized One-Time Use Passwords for Transactional Authentication
KR20020086816A (ko) 비밀번호 문자의 입력시간 간격을 이용한 보안 시스템 및그 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06791435

Country of ref document: EP

Kind code of ref document: A1