WO2010128356A3 - Remote user authentication and apparatus verification - Google Patents

Remote user authentication and apparatus verification Download PDF

Info

Publication number
WO2010128356A3
WO2010128356A3 PCT/IB2009/051803 IB2009051803W WO2010128356A3 WO 2010128356 A3 WO2010128356 A3 WO 2010128356A3 IB 2009051803 W IB2009051803 W IB 2009051803W WO 2010128356 A3 WO2010128356 A3 WO 2010128356A3
Authority
WO
WIPO (PCT)
Prior art keywords
user
security code
otps
valid
service provider
Prior art date
Application number
PCT/IB2009/051803
Other languages
French (fr)
Other versions
WO2010128356A2 (en
Inventor
Pui Wa Billy Au
Fung Ying Ho
Original Assignee
Pui Wa Billy Au
Fung Ying Ho
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pui Wa Billy Au, Fung Ying Ho filed Critical Pui Wa Billy Au
Priority to PCT/IB2009/051803 priority Critical patent/WO2010128356A2/en
Priority to SG2011080603A priority patent/SG175858A1/en
Publication of WO2010128356A2 publication Critical patent/WO2010128356A2/en
Publication of WO2010128356A3 publication Critical patent/WO2010128356A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The present application provides a method and system for remote user authentication and apparatus verification applicable to secured mobile payment using pre-paid stored value cards and general multi-factor authentication employing one-time passcodes (OTPs). A user having knowledge of a user security code, an apparatus OTP and a transformation function easily derives a transformed security code for submission to a service provider. Data encryption is not required to secure the code nor the communication channel. The service provider system retrieves from its database a valid user security code associated with the user, a plurality of valid appliance OTPs and the corresponding transformation functions in a verification process wherein the system determines whether the submitted transformed security code can be mapped to any one of the valid apparatus OTPs.
PCT/IB2009/051803 2009-05-04 2009-05-04 Remote user authentication and apparatus verification WO2010128356A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/IB2009/051803 WO2010128356A2 (en) 2009-05-04 2009-05-04 Remote user authentication and apparatus verification
SG2011080603A SG175858A1 (en) 2009-05-04 2009-05-04 Remote user authentication and apparatus verification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2009/051803 WO2010128356A2 (en) 2009-05-04 2009-05-04 Remote user authentication and apparatus verification

Publications (2)

Publication Number Publication Date
WO2010128356A2 WO2010128356A2 (en) 2010-11-11
WO2010128356A3 true WO2010128356A3 (en) 2011-01-27

Family

ID=43050554

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2009/051803 WO2010128356A2 (en) 2009-05-04 2009-05-04 Remote user authentication and apparatus verification

Country Status (2)

Country Link
SG (1) SG175858A1 (en)
WO (1) WO2010128356A2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9507921B2 (en) * 2014-04-07 2016-11-29 Microsoft Technology Licensing, Llc User-specific application activation for remote sessions

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
GB2337908A (en) * 1998-03-13 1999-12-01 Nec Corp Accessing a network host computer from outside the network with improved security
WO2002078249A1 (en) * 2001-03-23 2002-10-03 Kent Ridge Digital Labs Method of using biometric information for secret generation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
GB2337908A (en) * 1998-03-13 1999-12-01 Nec Corp Accessing a network host computer from outside the network with improved security
WO2002078249A1 (en) * 2001-03-23 2002-10-03 Kent Ridge Digital Labs Method of using biometric information for secret generation

Also Published As

Publication number Publication date
WO2010128356A2 (en) 2010-11-11
SG175858A1 (en) 2011-12-29

Similar Documents

Publication Publication Date Title
US10361857B2 (en) Electronic stamp system for security intensification, control method thereof, and non-transitory computer readable storage medium having computer program recorded thereon
US10945112B2 (en) Systems and methods for updating a mobile device
US9054873B2 (en) Compact security device with transaction risk level approval capability
NO20090934L (en) Procedure and computer program for multi-channel one-time password verification between server and mobile device
WO2015023341A3 (en) Secure authorization systems and methods
CN109361508B (en) Data transmission method, electronic device and computer readable storage medium
WO2010126509A3 (en) Systems and methods for randomized mobile payment
WO2009102915A3 (en) Systems and methods for secure handling of secure attention sequences
WO2013127292A1 (en) Login method and device, terminal and network server
WO2011146678A3 (en) Method and device for conducting trusted remote payment transactions
CN102315942A (en) Security terminal with Bluetooth and communication method thereof of security terminal and client end
WO2014160347A3 (en) Methods and systems for authenticating a transaction with the use of a portable electronic device
WO2011138558A3 (en) Method for authenticating a user requesting a transaction with a service provider
EP4274286A3 (en) Secure login with authentication based on a visual representation of data
MX361793B (en) Method and system for secure authentication of user and mobile device without secure elements.
MX2011012671A (en) Trusted integrity manager (tim).
MX345061B (en) Method, one or more computer-readable non-transitory storage media and a device, in particular relating to computing resources and/or mobile-device-based trust computing.
WO2012099330A3 (en) System and method for issuing an authentication key for authenticating a user in a cpns environment
JP2015201844A5 (en)
CN104424427A (en) Password authentication method and device
US10735409B2 (en) Authenication stick
KR101358375B1 (en) Prevention security system and method for smishing
US11838755B2 (en) Techniques for secure authentication of the controlled devices
CN104918241A (en) User authentication method and system
WO2010128356A3 (en) Remote user authentication and apparatus verification

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09844312

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09844312

Country of ref document: EP

Kind code of ref document: A2