WO2010128356A3 - Remote user authentication and apparatus verification - Google Patents
Remote user authentication and apparatus verification Download PDFInfo
- Publication number
- WO2010128356A3 WO2010128356A3 PCT/IB2009/051803 IB2009051803W WO2010128356A3 WO 2010128356 A3 WO2010128356 A3 WO 2010128356A3 IB 2009051803 W IB2009051803 W IB 2009051803W WO 2010128356 A3 WO2010128356 A3 WO 2010128356A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- security code
- otps
- valid
- service provider
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Abstract
The present application provides a method and system for remote user authentication and apparatus verification applicable to secured mobile payment using pre-paid stored value cards and general multi-factor authentication employing one-time passcodes (OTPs). A user having knowledge of a user security code, an apparatus OTP and a transformation function easily derives a transformed security code for submission to a service provider. Data encryption is not required to secure the code nor the communication channel. The service provider system retrieves from its database a valid user security code associated with the user, a plurality of valid appliance OTPs and the corresponding transformation functions in a verification process wherein the system determines whether the submitted transformed security code can be mapped to any one of the valid apparatus OTPs.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2009/051803 WO2010128356A2 (en) | 2009-05-04 | 2009-05-04 | Remote user authentication and apparatus verification |
SG2011080603A SG175858A1 (en) | 2009-05-04 | 2009-05-04 | Remote user authentication and apparatus verification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2009/051803 WO2010128356A2 (en) | 2009-05-04 | 2009-05-04 | Remote user authentication and apparatus verification |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2010128356A2 WO2010128356A2 (en) | 2010-11-11 |
WO2010128356A3 true WO2010128356A3 (en) | 2011-01-27 |
Family
ID=43050554
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2009/051803 WO2010128356A2 (en) | 2009-05-04 | 2009-05-04 | Remote user authentication and apparatus verification |
Country Status (2)
Country | Link |
---|---|
SG (1) | SG175858A1 (en) |
WO (1) | WO2010128356A2 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9507921B2 (en) * | 2014-04-07 | 2016-11-29 | Microsoft Technology Licensing, Llc | User-specific application activation for remote sessions |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4993068A (en) * | 1989-11-27 | 1991-02-12 | Motorola, Inc. | Unforgeable personal identification system |
GB2337908A (en) * | 1998-03-13 | 1999-12-01 | Nec Corp | Accessing a network host computer from outside the network with improved security |
WO2002078249A1 (en) * | 2001-03-23 | 2002-10-03 | Kent Ridge Digital Labs | Method of using biometric information for secret generation |
-
2009
- 2009-05-04 WO PCT/IB2009/051803 patent/WO2010128356A2/en active Application Filing
- 2009-05-04 SG SG2011080603A patent/SG175858A1/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4993068A (en) * | 1989-11-27 | 1991-02-12 | Motorola, Inc. | Unforgeable personal identification system |
GB2337908A (en) * | 1998-03-13 | 1999-12-01 | Nec Corp | Accessing a network host computer from outside the network with improved security |
WO2002078249A1 (en) * | 2001-03-23 | 2002-10-03 | Kent Ridge Digital Labs | Method of using biometric information for secret generation |
Also Published As
Publication number | Publication date |
---|---|
WO2010128356A2 (en) | 2010-11-11 |
SG175858A1 (en) | 2011-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10361857B2 (en) | Electronic stamp system for security intensification, control method thereof, and non-transitory computer readable storage medium having computer program recorded thereon | |
US10945112B2 (en) | Systems and methods for updating a mobile device | |
NO20090934L (en) | Procedure and computer program for multi-channel one-time password verification between server and mobile device | |
WO2015023341A3 (en) | Secure authorization systems and methods | |
US20140237242A1 (en) | Compact security device with transaction risk level approval capability | |
WO2010126509A3 (en) | Systems and methods for randomized mobile payment | |
WO2009102915A3 (en) | Systems and methods for secure handling of secure attention sequences | |
IN2012DN01770A (en) | ||
CN102315942A (en) | Security terminal with Bluetooth and communication method thereof of security terminal and client end | |
TR201902104T4 (en) | Systems and methods for secure communication. | |
WO2014160347A3 (en) | Methods and systems for authenticating a transaction with the use of a portable electronic device | |
WO2011138558A3 (en) | Method for authenticating a user requesting a transaction with a service provider | |
MX2011012671A (en) | Trusted integrity manager (tim). | |
WO2007138486A3 (en) | System and method for improving restrictiveness on accessing software applications | |
WO2013040713A3 (en) | System and method for user authentication | |
WO2016144257A3 (en) | Method and system for facilitating authentication | |
EP4274286A3 (en) | Secure login with authentication based on a visual representation of data | |
WO2012099330A3 (en) | System and method for issuing an authentication key for authenticating a user in a cpns environment | |
SG166055A1 (en) | Bidirectional communication certification mechanism | |
JP2015201844A5 (en) | ||
RU2017134975A (en) | METHOD AND SYSTEM FOR PROVIDING ACCESS DATA TO MOBILE DEVICE | |
CN104424427A (en) | Password authentication method and device | |
US10735409B2 (en) | Authenication stick | |
KR101358375B1 (en) | Prevention security system and method for smishing | |
WO2007106566A3 (en) | A method and apparatus to provide authentication using an authentication card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09844312 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09844312 Country of ref document: EP Kind code of ref document: A2 |