WO2009144247A1 - Method for authentication - Google Patents
Method for authentication Download PDFInfo
- Publication number
- WO2009144247A1 WO2009144247A1 PCT/EP2009/056458 EP2009056458W WO2009144247A1 WO 2009144247 A1 WO2009144247 A1 WO 2009144247A1 EP 2009056458 W EP2009056458 W EP 2009056458W WO 2009144247 A1 WO2009144247 A1 WO 2009144247A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- party
- random
- trusted
- private key
- key
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000004891 communication Methods 0.000 claims abstract description 22
- 230000004044 response Effects 0.000 claims description 13
- 230000008569 process Effects 0.000 description 13
- 230000008901 benefit Effects 0.000 description 7
- 238000012546 transfer Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000007796 conventional method Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
Definitions
- the present invention relates to a method for authentication of a first party to a second party, by a trusted third party.
- the present invention also relates to a corresponding system.
- the method at the first party comprises the steps of: transmitting identification data of said first party to the trusted third party; receiving a temporary random private key from the trusted third party, said random private key and a random open key forming a single use temporary master authentication code; and transmitting said random private key to the second party, said first party being authenticated to said second party in case of match between said random private key and a random open key held at the second party and a valid single use temporary master authentication code at the third party.
- the method of the present invention is based on the realization that a random private key and a random open key may be combined into a single use temporary master authentication code by the trusted third party, and that the single use temporary master authentication code must match a received random private key and random open key from the second party to authenticate the first party to the second party.
- the two parts of the temporary master authentication code can be distributed in different ways, and storage and handling of the entire temporary master authentication code can be minimized. This enables a highly secure and reliable authentication process, and which is still very efficient and simple to use.
- the above-discussed use of the random open key and the random private key to form a single use temporary master authentication code makes it possible to have a very limited information transfer between the first and second party. In some realizations, it suffices that the random private key is transferred from the first party to the second party, thus avoiding the need to transfer ID information and the like.
- An advantage of the present invention is that the first party does not need to transmit its identification data to the second party, since the random private key in combination with the random open key carries the identity of the first party.
- the random open key preferably comprises a sequence of numeric and/or alphabetic characters.
- the random open key may further be divided into segments, wherein one of the different segments may be random while the other segments may define for example some of, but not limited to, the type of transaction requested, the identity of the trusted third party, or a geographical location, such as a region.
- the length of the random open key may be configurable depending on the application where it is used, so that the length is increased when higher security levels are needed.
- the trusted third party sends the ID application to the first party, and the first party chooses a personal identification code in combination with transmitting the one time code, for the user data of the first party to get registered at the trusted third party.
- the application may send the mobile number and for example IMEI automatically.
- the second party is preferably registered at the trusted third party, even though this is not a necessary requirement for exercising the present invention.
- the first party and the second party may each have an agreement with an identification service provider, which may be two different identification service providers or the same identification service provider.
- the identification service provider(s) is preferably a company or a governmental department being able to guarantee a user identity. Other examples of identification service providers are banks, card issuing companies, and phone operators.
- the third party may have an agreement with the identification service provider, being able to obtain identification data from the database of the identification service provider. Alternatively, the identification service provider may be a part of the trusted third party.
- the random open key is to be conveyed to the third party via the first party
- the random open key is preferably received by the first party from the second party prior to transmitting the identification data and the random open key to the trusted third party.
- the random open key is as well as the random private key provided to the first party, and does not have to be stored or remembered by the first party, which contributes to the ease of use of the method of the present invention.
- the global user ID may be created by for example the trusted third party, an identification service provider or by the user. Receiving a global user ID for the second party in combination with identification data of the first party is a way for the trusted third party to secure the identity of the second party involved in the current authentication. Alternatively, the random open key may be generated by the third party and transmitted to the second party only after reception of the identification data from the first party.
- both the first party and the second party are prepared for an authentication process to be executed, although the second party is not aware of which first party that is involved in the current process until the execution is initiated by the first party.
- the method may comprise the step of setting of an expiration time for the single use temporary master authentication code, whereby authenticating is performed in case of a valid expiration time.
- the first party A transmits the random private key to the second party B via the end application.
- the second party B combines the received random private key with the previously known random open key to a single use temporary master authentication code, and transmits it together with identification data of the second party B to the trusted third party C, performing a so called service request, in step 5, and preferably over a secure network connection.
- Other information may also be transmitted, such as requests for a global user client ID, a password, the payment amount if the authentication involves a payment transaction, the position of the first party, etc.
- the trusted third party C generates a random private key, a random open key by means of a random key generator and preferably a reference number, combines the two keys to form the single use temporary master authentication code and preferably sets an expiration time for the usage of the code.
- the trusted third party transmits the random private key preferably in combination with the reference number to the ID application of the first party A in step 3a.
- a reference number and service data for the second party B such as ticket service data if the authentication involves ticketing, may be transmitted in combination with the random private key from the trusted third party.
- Secure identification for the purpose of performing payments on the internet for a service or merchandise.
- Secure identification for the purpose of performing payments in real life, such as in a store, a taxi, a restaurant or anywhere else.
- Secure identification for the purpose of performing payments to a vending machine or other unattended service.
- Secure identification for the purpose of performing cash out from an ATM machine.
- Secure identification for the purpose of making a simple registration such as becoming a user of a service from someone on the internet. 6. Secure identification for the purpose of logging in to a website on the internet without having to remember a specific login and password combination. 7. Secure identification for the purpose of logging in to a corporate system in a private or public network. 8. Secure identification for the purpose of logging in to a corporate network in a private or public network.
- the password given by the first party and the second party can login with a specific global user ID to be a random private key as well, a random private client ID.
- the trusted third party verifies the random private client ID is valid for a specific global user ID and logs the user in, creates a new random private client ID and returns this in the background to the client.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/994,235 US8572377B2 (en) | 2008-05-27 | 2009-05-27 | Method for authentication |
BRPI0912317A BRPI0912317A2 (pt) | 2008-05-27 | 2009-05-27 | método de autenticação |
CA2724856A CA2724856A1 (en) | 2008-05-27 | 2009-05-27 | Method for authentication |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP08156955A EP2128781A1 (en) | 2008-05-27 | 2008-05-27 | Method for authentication |
EP08156955.0 | 2008-05-27 | ||
US12951608P | 2008-07-02 | 2008-07-02 | |
US61/129,516 | 2008-07-02 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009144247A1 true WO2009144247A1 (en) | 2009-12-03 |
Family
ID=39769035
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2009/056458 WO2009144247A1 (en) | 2008-05-27 | 2009-05-27 | Method for authentication |
Country Status (5)
Country | Link |
---|---|
US (1) | US8572377B2 (en_2) |
EP (1) | EP2128781A1 (en_2) |
BR (1) | BRPI0912317A2 (en_2) |
CA (1) | CA2724856A1 (en_2) |
WO (1) | WO2009144247A1 (en_2) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011081589A1 (en) * | 2010-01-04 | 2011-07-07 | Dts Steering Group Ab | Secure digital communications |
US9407665B2 (en) | 2014-10-07 | 2016-08-02 | Demandware Inc. | Contract broker for secure ad-hoc personal data sharing |
CN111242632A (zh) * | 2020-01-07 | 2020-06-05 | 石化盈科信息技术有限责任公司 | 一种识别套现账户的方法、存储介质及电子设备 |
Families Citing this family (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB201010546D0 (en) * | 2010-06-23 | 2010-08-11 | Applied Neural Technologies Ltd | Method of indentity verification |
US8769646B2 (en) * | 2010-12-08 | 2014-07-01 | Disney Enterprises, Inc. | System and method for associating a universal user identification and a domain specific user identification |
US9953155B2 (en) * | 2010-12-08 | 2018-04-24 | Disney Enterprises, Inc. | System and method for coordinating asset entitlements |
US9026805B2 (en) | 2010-12-30 | 2015-05-05 | Microsoft Technology Licensing, Llc | Key management using trusted platform modules |
EP2562704A1 (en) * | 2011-08-25 | 2013-02-27 | TeliaSonera AB | Online payment method and a network element, a system and a computer program product therefor |
WO2013036179A1 (en) * | 2011-09-08 | 2013-03-14 | Dts Steering Group Ab | Secure digital communications |
WO2013036180A1 (en) * | 2011-09-08 | 2013-03-14 | Dts Steering Group Ab | Method for performing a secure transaction between a first device and a second device |
US9008316B2 (en) * | 2012-03-29 | 2015-04-14 | Microsoft Technology Licensing, Llc | Role-based distributed key management |
US20130275492A1 (en) * | 2012-04-13 | 2013-10-17 | Microsoft Corporation | Enabling Web Clients to Provide Web Services |
US8955073B1 (en) * | 2012-10-04 | 2015-02-10 | Jpmorgan Chase Bank, N.A. | System and method for user identification and authentication |
US10701058B1 (en) * | 2012-10-04 | 2020-06-30 | Jpmorgan Chase Bank, N.A. | System and method for user identification and authentication |
US10235692B2 (en) | 2012-10-17 | 2019-03-19 | Groupon, Inc. | Consumer presence based deal offers |
US20140108247A1 (en) | 2012-10-17 | 2014-04-17 | Groupon, Inc. | Peer-To-Peer Payment Processing |
JP2016506152A (ja) * | 2012-12-19 | 2016-02-25 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | タグ付けによるデバイスの認証 |
US9197422B2 (en) * | 2013-01-24 | 2015-11-24 | Raytheon Company | System and method for differential encryption |
US20140229375A1 (en) | 2013-02-11 | 2014-08-14 | Groupon, Inc. | Consumer device payment token management |
US20140259135A1 (en) * | 2013-03-08 | 2014-09-11 | Signature Systems Llc | Method and system for simplified user registration on a website |
US9576286B1 (en) | 2013-03-11 | 2017-02-21 | Groupon, Inc. | Consumer device based point-of-sale |
US9852409B2 (en) | 2013-03-11 | 2017-12-26 | Groupon, Inc. | Consumer device based point-of-sale |
US10482511B1 (en) | 2013-03-12 | 2019-11-19 | Groupon, Inc. | Employee profile for customer assignment, analytics and payments |
US9479499B2 (en) * | 2013-03-21 | 2016-10-25 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for identity authentication via mobile capturing code |
US9106642B1 (en) | 2013-09-11 | 2015-08-11 | Amazon Technologies, Inc. | Synchronizing authentication sessions between applications |
US9112854B1 (en) * | 2013-09-11 | 2015-08-18 | Amazon Technologies, Inc. | Secure communication between applications on untrusted platforms |
US9928493B2 (en) | 2013-09-27 | 2018-03-27 | Groupon, Inc. | Systems and methods for providing consumer facing point-of-sale interfaces |
US10855760B2 (en) * | 2013-11-07 | 2020-12-01 | Cole Asher Ratias | Systems and methods for synchronizing content and information on multiple computing devices |
US9424410B2 (en) * | 2013-12-09 | 2016-08-23 | Mastercard International Incorporated | Methods and systems for leveraging transaction data to dynamically authenticate a user |
US9406182B2 (en) * | 2014-03-12 | 2016-08-02 | Mg Tech Center Bv H.O.D.N. Lock Technology | Method of automatically activating a user code for an electronic lock |
US10671980B2 (en) | 2014-10-20 | 2020-06-02 | Mastercard International Incorporated | Systems and methods for detecting potentially compromised payment cards |
FR3032847A1 (fr) * | 2015-02-13 | 2016-08-19 | Orange | Technique de connexion a un service |
CN106571920B (zh) * | 2015-10-10 | 2019-09-27 | 西安西电捷通无线网络通信股份有限公司 | 一种多ttp参与的实体身份有效性验证方法及装置 |
CN106572063B (zh) * | 2015-10-10 | 2019-10-29 | 西安西电捷通无线网络通信股份有限公司 | 一种多ttp参与的实体身份有效性验证方法及装置 |
CN110022320B (zh) * | 2019-04-08 | 2020-12-18 | 北京纬百科技有限公司 | 一种通信配对方法及通信装置 |
US11234125B2 (en) * | 2019-08-09 | 2022-01-25 | Rosemount Inc. | Two-factor authentication for wireless field devices |
CN111010363B (zh) * | 2019-09-20 | 2022-04-05 | 中国银联股份有限公司 | 信息认证方法及其系统、认证模块以及用户终端 |
SE545872C2 (en) * | 2019-09-27 | 2024-02-27 | No Common Payment Ab | Generation and verification of a temporary authentication value for use in a secure transmission |
US20240129111A1 (en) * | 2021-05-19 | 2024-04-18 | Nippon Telegraph And Telephone Corporation | Key exchange system, terminal, server, key exchange method, and program |
GB2632859A (en) * | 2023-08-25 | 2025-02-26 | Ronald Marquis Glen | Electronic digital identity service |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996029667A1 (en) * | 1995-03-20 | 1996-09-26 | Sandberg Diment Erik | Providing verification information for a transaction |
WO2001018720A1 (en) * | 1999-09-07 | 2001-03-15 | Epacific, Inc. | Method of and system for authorizing purchases made over a computer network |
US20060080545A1 (en) * | 2004-10-12 | 2006-04-13 | Bagley Brian B | Single-use password authentication |
US20060117173A1 (en) * | 2002-08-16 | 2006-06-01 | Alain Deblock | Method and system for the secure transmission of a confidential code through a telecommunication network |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4578530A (en) * | 1981-06-26 | 1986-03-25 | Visa U.S.A., Inc. | End-to-end encryption system and method of operation |
US5604800A (en) * | 1995-02-13 | 1997-02-18 | Eta Technologies Corporation | Personal access management system |
US5661803A (en) * | 1995-03-31 | 1997-08-26 | Pitney Bowes Inc. | Method of token verification in a key management system |
US20020152179A1 (en) | 2000-10-27 | 2002-10-17 | Achiezer Racov | Remote payment method and system |
NO20050152D0 (no) | 2005-01-11 | 2005-01-11 | Dnb Nor Bank Asa | Fremgangsmate ved frembringelse av sikkerhetskode og programmbar anordning for denne |
-
2008
- 2008-05-27 EP EP08156955A patent/EP2128781A1/en not_active Ceased
-
2009
- 2009-05-27 CA CA2724856A patent/CA2724856A1/en not_active Abandoned
- 2009-05-27 BR BRPI0912317A patent/BRPI0912317A2/pt not_active IP Right Cessation
- 2009-05-27 WO PCT/EP2009/056458 patent/WO2009144247A1/en active Application Filing
- 2009-05-27 US US12/994,235 patent/US8572377B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996029667A1 (en) * | 1995-03-20 | 1996-09-26 | Sandberg Diment Erik | Providing verification information for a transaction |
WO2001018720A1 (en) * | 1999-09-07 | 2001-03-15 | Epacific, Inc. | Method of and system for authorizing purchases made over a computer network |
US20060117173A1 (en) * | 2002-08-16 | 2006-06-01 | Alain Deblock | Method and system for the secure transmission of a confidential code through a telecommunication network |
US20060080545A1 (en) * | 2004-10-12 | 2006-04-13 | Bagley Brian B | Single-use password authentication |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011081589A1 (en) * | 2010-01-04 | 2011-07-07 | Dts Steering Group Ab | Secure digital communications |
US9407665B2 (en) | 2014-10-07 | 2016-08-02 | Demandware Inc. | Contract broker for secure ad-hoc personal data sharing |
CN111242632A (zh) * | 2020-01-07 | 2020-06-05 | 石化盈科信息技术有限责任公司 | 一种识别套现账户的方法、存储介质及电子设备 |
Also Published As
Publication number | Publication date |
---|---|
BRPI0912317A2 (pt) | 2015-10-13 |
CA2724856A1 (en) | 2009-12-03 |
US20110088087A1 (en) | 2011-04-14 |
EP2128781A1 (en) | 2009-12-02 |
US8572377B2 (en) | 2013-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8572377B2 (en) | Method for authentication | |
CN107690788B (zh) | 识别和/或认证系统和方法 | |
US8245292B2 (en) | Multi-factor authentication using a smartcard | |
US8132243B2 (en) | Extended one-time password method and apparatus | |
JP5619007B2 (ja) | サーバ・オペレーションの認可を行うための装置、システムおよびコンピュータ・プログラム | |
CN102088353B (zh) | 基于移动终端的双因子认证方法及系统 | |
US20200366484A1 (en) | A system and method for authenticating a user | |
US20090187980A1 (en) | Method of authenticating, authorizing, encrypting and decrypting via mobile service | |
US20130282589A1 (en) | Multi-factor mobile transaction authentication | |
DK2481230T3 (en) | A method for authentication, method of payment authorization, and similar electronic devices | |
US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
CN108684041A (zh) | 登录认证的系统和方法 | |
EP2569692A1 (en) | One-time use password systems and methods | |
JP2003534589A (ja) | 認証システム及び方法 | |
CN101997824A (zh) | 基于移动终端的身份认证方法及其装置和系统 | |
US11363014B2 (en) | Method and system for securely authenticating a user by an identity and access service using a pictorial code and a one-time code | |
WO2010140876A1 (en) | Method, system and secure server for multi-factor transaction authentication | |
US20240005312A1 (en) | Multi-Factor User Authentication Using Blockchain Tokens | |
US20120290483A1 (en) | Methods, systems and nodes for authorizing a securized exchange between a user and a provider site | |
EP3379856A1 (en) | Method of user authentication into third-party applications, using a mobile device | |
Szczygieł et al. | Two-factor authentication (2FA) comparison of methods and applications | |
Tepandi et al. | Wireless PKI security and mobile voting | |
KR20070029537A (ko) | 무선단말기와 연동한 개인별고유코드를 활용한인증시스템과 그 방법 | |
Florczak et al. | Two-factor authentication (2FA) comparison of methods and applications | |
KR20050045157A (ko) | 전자 결제 시스템 및 그 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09753902 Country of ref document: EP Kind code of ref document: A1 |
|
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 7673/DELNP/2010 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2724856 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12994235 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09753902 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: PI0912317 Country of ref document: BR Kind code of ref document: A2 Effective date: 20101122 |