EP2427846A1 - Procede d'authentification - Google Patents
Procede d'authentificationInfo
- Publication number
- EP2427846A1 EP2427846A1 EP10716813A EP10716813A EP2427846A1 EP 2427846 A1 EP2427846 A1 EP 2427846A1 EP 10716813 A EP10716813 A EP 10716813A EP 10716813 A EP10716813 A EP 10716813A EP 2427846 A1 EP2427846 A1 EP 2427846A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- response
- user
- challenge
- terminal
- cryptographic device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
Definitions
- the present invention relates to a user authentication method using a personal cryptographic device.
- the device is constituted by a personal cryptographic device (security token) capable of calculating and displaying a response to a challenge.
- the answer to the challenge is either calculated using a confidential algorithm, or based on a confidential key stored in the device.
- Confidential elements can not be determined from the pairs of challenges and responses introduced and displayed, nor by opening the device. The device is thus virtually impossible to falsify or duplicate.
- FIG. 1 An example of a personal cryptographic device is illustrated schematically by way of example in FIG. 1. It comprises a challenge introduction system, for example a keyboard 10, or any other data input device. allowing to introduce a challenge in the device, a data restitution system, for example a screen 11, a speaker etc., to display the response to this challenge, and a not shown cryptographic processor to calculate this response.
- a challenge introduction system for example a keyboard 10, or any other data input device.
- a data restitution system for example a screen 11, a speaker etc.
- Such devices are for example often used to authenticate users who want to access a telebanking server or other services or protected areas.
- the challenge is for example generated in an authentication server and authorization and transmitted through a communication network to a user terminal that displays, for example on a Web page.
- the user reads this challenge and introduces it himself into his personal cryptographic device that has been given to him by the server operator.
- the cryptographic device calculates a response to this challenge and returns it to the user, who enters it manually on the keyboard of the terminal.
- the response is then transmitted to the server via the communications network, and the server releases access to the requested data or services when the response received matches the expected response.
- User authentication is based on proof of the possession of the personal cryptographic device; a user who does not have this device is unable to determine the expected response to the challenge. Since this device can be stolen or used by an unauthorized user, it is common to protect it with additional local authentication. For example, many devices require the user to enter a password or other proof of knowledge in the possession of the user. Other devices use a biometric verification, for example a fingerprint reader, to authenticate the authorized user and lock the system to all other users.
- Personal cryptographic devices frequently offer additional functions, for example the possibility of storing other personal information of the user, including passwords and so on.
- cryptographic devices intended to be used by several users in the same family, or to authenticate the user to several different systems, for example using several different keys.
- the device cryptographic is generally made available to the user by the authentication and authorization server operator. This operator must indeed know a decryption key, or an algorithm that makes it possible to check if the response to the challenge provided by the device and introduced by the user is correct. Since the device may contain personal data to the user (for example, his password, his biometric fingerprint, data relating to other applications, etc.), the risk exists that a tampered device hides these data in the response. displayed in the challenge.
- a personal cryptographic device could perfectly modify a few bits of the displayed response to transmit in coded form information for the server. As the user completely ignores the expected response to the challenge, this change can be made without the knowledge of the user. The operator of a server can thus obtain confidential information stored in the user's cryptographic device, without the user being able to suspect that the data he himself introduces into a terminal constitutes a security breach. .
- the amount of data that can pass through this channel is certainly limited, but it is perfectly possible to transmit sensitive and significant data by changing one or more bits in several successive responses. This risk is in any case sufficient to dissuade some users from using personal cryptographic devices for certain sensitive applications.
- EP1862948 relates to an IC card (for example a SIM card) which includes an application OTP (One Time Password) and which communicates with a device, for example a mobile phone, to display the OTP generated by the IC card.
- the IC card includes a client OTP and an interface for communicating with a mobile phone.
- the phone can connect to a communication network if it has been successfully authenticated through a "communication network key set" stored in a second IC card.
- This second card also includes an interface for communicating with the phone. Both interfaces are compatible.
- the use of two cards presents problems when the user does not have a device that allows him to insert both cards at the same time.
- the application also describes a method of authentication with a server of a bank in which
- OTP-SIM applet in the card produces the OTP and displays it on the display of the device.
- the user types the OTP in a web window generated by a web server web site that requires authentication.
- the authentication data which includes the OTP, is sent to the bank's web server.
- the OTP server checks the authentication data with a HSM ("Hardware security module").
- This document does not contain means or a method for verifying whether the response displayed by the device has not been forged, for example for the purpose of concealing information. There is no way to ensure that the code returned by the device has not been changed to discreetly transmit confidential information or for another purpose.
- An object of the present invention is therefore to provide an authentication method based on the proof of possession of an object that is free from the limitations and risks above.
- this object is achieved in particular by means of a method enabling a user to verify the operation of a personal cryptographic device, the method comprising the following steps: a user submits an access request in a terminal ; a personal cryptographic device of the user calculates and returns a response to a challenge; instead of being authenticated by transmitting said response (for example to the terminal), the user verifies the operation of the personal cryptographic device when he wishes by asking the terminal to display the expected response to the challenge, this expected response to the challenge is restored by the terminal, the user compares the response returned by the personal cryptographic device with the response returned by the terminal.
- This solution has the advantage over the prior art of allowing the user to check, when desired, if the response displayed by his personal cryptographic device corresponds to the response expected by the server and if it has not been falsified, for example for the purpose of concealing information.
- the personal cryptographic device does not know if and when the user will request this verification, it can not with greatity to modify the answer that it restores in answer to a challenge, since the user always has the possibility of checking this answer and to thus discover the manipulation.
- the terminal and the server obviously ignore the information that the cryptographic device seeks to transmit, and therefore can not simulate this response and display it instead of the correct answer to the challenge.
- This method thus allows a user to periodically check if the response provided by its cryptographic device corresponds to what the server expects, and therefore to unmask with a very high probability devices that voluntarily or involuntarily provide another response.
- the security is increased even if the user seldom checks, or never, the response returned by a cryptographic device; it is sufficient that the possibility of verification exists to dissuade manufacturers or distributors of cryptographic devices from attempting manipulation.
- Figure 1 already described schematically illustrates a personal cryptographic device that can be used in the method of the invention.
- FIG. 3 illustrates an example of a dialog box displayed by software implementing the method of the invention.
- Figure 4 schematically illustrates different data streams during authentication according to the method of the invention.
- Figure 5 schematically illustrates different data streams during the verification of the personal cryptographic device according to the method of the invention.
- Figure 1 illustrates an example of a personal cryptographic device 1 according to the invention. It includes a keyboard 10 to turn on and off the device, to choose the operating mode and to introduce a challenge.
- a screen 11 makes it possible to display instructions and the calculated response to a challenge calculated by a cryptographic processor (not shown), for example a processor integrated in the device 1 or in a chip card inserted removably in this device.
- the cryptographic processor calculates a response to the challenge using a mathematical formula that depends on a secret key stored in the device, and / or using an individual secret algorithm and specific to each device.
- a challenge can also be introduced into the personal cryptographic device by any data input means other than a keyboard; for example, a challenge can also be introduced using a microphone, a camera, a barcode reader, etc.
- the response displayed by the device 1 also depends on the current time; the answer to the same challenge will not always be the same, but will depend on an internal clock, which must at least approximately synchronized with a clock of an authentication and authorization server.
- this internal clock or another unique value known both from the device 1 and a remote server, as a challenge.
- the cryptographic device 1 and the server may agree on a list of one-time codes.
- the personal cryptographic device 1 may be devoid of keyboard 10 and the introduction of a challenge amounts to turning on the device so that it displays a response depending solely on the current time, or another single use value.
- the personal cryptographic device 1 can also be used for different functions. For example, it can be programmed to check whether a password required of the user is correct, and to release access to the device or to certain applications of the device only if a correct password is entered. In another embodiment, the device 1 further makes it possible to check the user's biometric parameters, for example his fingerprints, before being used. It is also possible to store other user-dependent data in the personal cryptographic device, for example access data relating to other applications, passwords, account or credit card numbers, names or user data, access codes, etc.
- FIG. 2 schematically illustrates an example of a system in which the method of the invention can be implemented.
- an authentication and authorization server 4 verifies the identity of a user and decides whether this user should be allowed to access protected resources, for example protected data or applications available to a user. or multiple users 2.
- the users 2 access these resources by means of a terminal 3, for example a computer, a mobile phone, a PDA, etc., connected to the server 4 via a telecommunication network 30, for example a packet network Internet or Intranet type.
- the server 4 may for example be a web server, a VPN access controller, an appliance, or any server for controlling access to protected resources.
- At least some users also have a personal cryptographic device 1, or token, capable of delivering responses to access resources protected by the server 4.
- This cryptographic device 1 is typically made available to users by the operator of the authentication and authorization server 4 or of a protected application on this server.
- the server 4 gives access to the protected resources only to the users 2 of terminals 3 capable of providing the expected answers.
- the method of the invention can also be implemented in physical access control systems, for example access control systems to protected areas.
- step 100 the user 2 enters an access request into his terminal. protected resources. This request can for example be introduced by typing or selecting a URL in a browser, or by any appropriate command in a graphical user interface or via a voice server.
- step 101 the access request is then transmitted via a communication network 30 to an authentication and authorization server 4 responsible for authenticating and authorizing the users wishing to access protected resources.
- the access control is performed by an appropriate application directly in the terminal 3, without any request being transmitted to a remote server.
- the authentication and authorization server 4 responds to this access request by sending the terminal 3 a challenge (step 102).
- This challenge can be transmitted via the communication network already used to transmit the access request, or through a different network.
- the challenge (or expected response to a given challenge) may depend on a user identification performed previously, for example by asking the user to enter his user identity (USER ID), or by checking his email address (eg his IP address, Mac address, CLI caller number, etc.).
- the transmission of the challenge can be encrypted and / or signed electronically.
- the challenge received by the terminal is displayed or returned to the user 2 during step 103.
- the challenge is displayed in a web window or in a dialog box 3000 such as that illustrated by way of example in Figure 3; in this example, the challenge 1233-4129 is displayed in an area 301 to the user "USER_X" (zone 300), and the dialog box allows the user to enter an answer to this challenge in the field of data entry 302.
- the challenge can also be implicit, and correspond for example to the current time, or to a sequence of numbers or single-use codes and known both of the device 1 and the server 4.
- the user 2 introduced during the step 104 this challenge in his personal cryptographic device 1 using the introduction means, for example by typing this challenge on the keyboard of the device .
- the challenge can also be transmitted directly from the terminal to the cryptographic device, for example through an acoustic coupling involving a speaker in the terminal and a microphone in the cryptographic device 1, or by means of an optical coupling implementing an image sensor on the device 1 to capture a fixed or animated image, a barcode or a watermark returned by the terminal.
- Other challenge introduction means from the terminal to the device can be envisaged.
- the transmission of the challenge to the cryptographic device does not necessarily pass by the user. On the other hand, the transmission of the response from the device involves the user.
- the cryptographic device 1 responds to the terminal during step 105 by displaying or returning the response to this challenge calculated by the cryptographic processor.
- the display of the response may depend on a password or biometric parameters to block access to the cryptographic device 1 to all users other than the authorized user 2.
- step 106 this response in the field 302 of the dialog box displayed on his terminal, or introduced this response in another way.
- the response is then transmitted to the server 4 during the step 107, for example when the user selects the "connect" button on the graphical interface.
- this transmission can be encrypted and / or electronically signed. It can be done via the transmission channel previously used to transmit the access request and / or the challenge, or via another communication network.
- the server 4 checks in step 107 if the response received is the expected response, for example by comparing with the expected response, or using another cryptographic operation.
- the data or other resources sought are transmitted during step 108 to the terminal 3 which returns them to the user 2.
- the user 2 has no prior art in the art to ensure that the code returned by the cryptographic device 1 during step 105 corresponds only to the response to the expected challenge. , and that this code has not been modified to discreetly transmit confidential information or for another purpose. A fraudulent operator could thus distribute to the users cryptographic devices manipulated so as to modify one or more bits of the displayed responses according to the password of the user, or other confidential data.
- this modification must be made in such a way as to allow a verification of the response introduced, and requires that this response contain redundant information, or in any case that several responses to the same challenge are accepted.
- the method of the invention allows the user to check if the responses to the challenges provided by the personal cryptographic device 1 correspond to the expected answers and if they have not been manipulated.
- the method allows the user to require the access server 4 to provide the expected response to the challenge, or in any case information to verify this response.
- the user can select the button 303 (or perform another manipulation) to ask the server 4 to display the expected response in box 304. This operation interrupts the authentication process and therefore the user must not enter a response in the field 302.
- FIG. 5 illustrates, by way of example, the data flow during this verification. Steps 100 to 105 are identical to the corresponding steps described in relation to FIG. 4.
- user 2 however gives up providing the authentication and authorization server 4 with the response that the cryptographic device staff 1 has just provided him; instead, the user enters in his terminal 3 a request to display the response to the challenge, for example by clicking the button 303 on its graphical interface.
- This request is transmitted to the server 4 during the step 111, which responds during step 112 by transmitting the expected response, or sufficient information to verify a response.
- This information is then returned to the user during the step 113.
- the user 2 can then use this response, for example the answer to the challenge expected by the authentication and authorization server 4, to check whether it corresponds to the response given by the cryptographic device 1 and if the latter has not been manipulated.
- the positive integer number N of attempts to access the server is preferably limited to reduce the risk of "brute force" attack; however, the introduction of a challenge request and then a response request to this challenge preferably does not count as an access attempt and therefore does not reduce the number of subsequent authorized access attempts.
- the method may advantageously be automatically interrupted following M consecutive requests to display the response by the terminal, M being a positive integer. This avoids the risk of a user trying to guess the algorithm or key needed to calculate the answer to a challenge, based on the observation of a large number of challenge-response pairs.
- the number M may be predefined, or advantageously randomly drawn according to a Poisson law for example.
- the invention also relates to a computer system (for example a server 4 or a computer) comprising means for generating a challenge, means for verifying a response to the audit challenge and to release access in case of correct response, and means for remotely transmitting the expected response to said challenge in response to a user request.
- a computer system for example a server 4 or a computer
- the invention also relates to a computer system (for example a server 4 or a computer) comprising means for generating a challenge, means for verifying a response to the audit challenge and to release access in case of correct response, and means for remotely transmitting the expected response to said challenge in response to a user request.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Human Resources & Organizations (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Operations Research (AREA)
- Software Systems (AREA)
- Marketing (AREA)
- Computing Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CH00711/09A CH701050A1 (fr) | 2009-05-07 | 2009-05-07 | Procédé d'authentification. |
PCT/EP2010/055248 WO2010127945A1 (fr) | 2009-05-07 | 2010-04-21 | Procede d'authentification |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2427846A1 true EP2427846A1 (fr) | 2012-03-14 |
Family
ID=41057548
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP10716813A Withdrawn EP2427846A1 (fr) | 2009-05-07 | 2010-04-21 | Procede d'authentification |
Country Status (4)
Country | Link |
---|---|
US (1) | US8868918B2 (fr) |
EP (1) | EP2427846A1 (fr) |
CH (1) | CH701050A1 (fr) |
WO (1) | WO2010127945A1 (fr) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9172546B2 (en) * | 2012-01-25 | 2015-10-27 | Cisco Technology, Inc. | Network mediated multi-device shared authentication |
US9654466B1 (en) * | 2012-05-29 | 2017-05-16 | Citigroup Technology, Inc. | Methods and systems for electronic transactions using dynamic password authentication |
GB2505678B (en) | 2012-09-06 | 2014-09-17 | Visa Europe Ltd | Method and system for verifying an access request |
DE102013102092B4 (de) * | 2013-03-04 | 2015-08-20 | Christian Palm | Verfahren und Vorrichtung zum Authentifizieren von Personen |
CN105095705B (zh) * | 2015-05-19 | 2018-04-10 | 努比亚技术有限公司 | 一种信息处理方法及装置 |
US10805291B2 (en) * | 2015-09-11 | 2020-10-13 | Comcast Cable Communications, Llc | Embedded authentication in a service provider network |
JP6436363B2 (ja) * | 2016-11-11 | 2018-12-12 | 本田技研工業株式会社 | 通信装置、通信システム、通信方法、及びプログラム |
US10728230B2 (en) * | 2018-07-05 | 2020-07-28 | Dell Products L.P. | Proximity-based authorization for encryption and decryption services |
JP7322732B2 (ja) * | 2020-02-03 | 2023-08-08 | トヨタ自動車株式会社 | 認証システム |
CN116137574B (zh) * | 2021-11-18 | 2024-04-09 | 北京小米移动软件有限公司 | 外设认证方法、装置电子设备及存储介质 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030233546A1 (en) * | 2002-06-12 | 2003-12-18 | Rolf Blom | Challenge-response user authentication |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5668876A (en) * | 1994-06-24 | 1997-09-16 | Telefonaktiebolaget Lm Ericsson | User authentication method and apparatus |
US8195940B2 (en) * | 2002-04-05 | 2012-06-05 | Qualcomm Incorporated | Key updates in a mobile wireless system |
US20050033995A1 (en) * | 2003-08-08 | 2005-02-10 | Paul Lin | System and method for utilizing information in publicly broadcast signals for shared secret purposes |
JP4311174B2 (ja) * | 2003-11-21 | 2009-08-12 | 日本電気株式会社 | 認証方法、移動体無線通信システム、移動端末、認証側装置、認証サーバ、認証代理スイッチ及びプログラム |
GB2434663B (en) * | 2006-01-13 | 2010-12-15 | Deepnet Technologies Ltd | One-time password authentication |
KR101300414B1 (ko) * | 2006-02-03 | 2013-08-26 | 미드아이 에이비 | 최종 사용자 인증을 위한 시스템, 장치 및 방법 |
EP1862948A1 (fr) * | 2006-06-01 | 2007-12-05 | Axalto SA | Carte CI avec client OTP |
US20080034216A1 (en) * | 2006-08-03 | 2008-02-07 | Eric Chun Wah Law | Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords |
US8543829B2 (en) * | 2007-01-05 | 2013-09-24 | Ebay Inc. | Token device re-synchronization through a network solution |
US20080235778A1 (en) * | 2007-03-21 | 2008-09-25 | Motorola, Inc. | Communication network, an access network element and a method of operation therefor |
US8621210B2 (en) * | 2008-06-26 | 2013-12-31 | Microsoft Corporation | Ad-hoc trust establishment using visual verification |
JP5374090B2 (ja) * | 2008-08-13 | 2013-12-25 | 株式会社日立製作所 | 認証連携システム、端末装置、記憶媒体、認証連携方法および認証連携プログラム |
-
2009
- 2009-05-07 CH CH00711/09A patent/CH701050A1/fr not_active Application Discontinuation
-
2010
- 2010-04-21 WO PCT/EP2010/055248 patent/WO2010127945A1/fr active Application Filing
- 2010-04-21 EP EP10716813A patent/EP2427846A1/fr not_active Withdrawn
-
2011
- 2011-11-04 US US13/289,591 patent/US8868918B2/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030233546A1 (en) * | 2002-06-12 | 2003-12-18 | Rolf Blom | Challenge-response user authentication |
Non-Patent Citations (1)
Title |
---|
See also references of WO2010127945A1 * |
Also Published As
Publication number | Publication date |
---|---|
US8868918B2 (en) | 2014-10-21 |
WO2010127945A1 (fr) | 2010-11-11 |
CH701050A1 (fr) | 2010-11-15 |
US20120272067A1 (en) | 2012-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2427846A1 (fr) | Procede d'authentification | |
US7904946B1 (en) | Methods and systems for secure user authentication | |
EP1964307B1 (fr) | Procédé pour la réalisation d'un compteur sécurisé sur un système informatique embarqué disposant d'une carte a puce. | |
EP1368930B1 (fr) | Authentification cryptographique par modules ephemeres | |
EP2619941B1 (fr) | Procede, serveur et systeme d'authentification d'une personne | |
EP2614458B1 (fr) | Procede d'authentification pour l'acces a un site web | |
EP1549011A1 (fr) | Procédé et système de communication entre un terminal et au moins un équipment communicant | |
EP3022867B1 (fr) | Procéde d'authentification forte | |
EP1813052B1 (fr) | Procédé de sécurisation de transactions effectuées à distance sur un réseau de communication ouvert | |
EP3729307B1 (fr) | Procédés et dispositifs pour l'enrôlement et l'authentification d'un utilisateur auprès d'un service | |
CA2611549C (fr) | Methode et systeme permettant d'obtenir une ouverture de session protegee au moyen de mots de passe a usage unique | |
EP2813962B1 (fr) | Méthode de contrôle d'accès à un type de services spécifique et dispositif d'authentification pour le contrôle de l'accès à un tel type de services. | |
WO2004082354A2 (fr) | Dispositif d’authentification a mot de passe a usage unique : otp et dispositif generateur de mot de passe associe | |
EP3732604A1 (fr) | Contrôle d'intégrité d'un dispositif électronique | |
WO2012116944A1 (fr) | Procede d'authentification d'un utilisateur | |
EP2071799B1 (fr) | Procédé et serveur pour l'accès a un coffre-fort électronique via plusieurs entités | |
EP1868316B1 (fr) | Procédé et dispositif d'authentification d'un utilisateur | |
EP3570518B1 (fr) | Systeme et procede d'authentification utilisant un jeton a usage unique de duree limitee | |
FR2984047A1 (fr) | Procede d'echange de donnee chiffree entre un terminal et une machine | |
WO2014135519A1 (fr) | Système et procédé de gestion d'au moins une application en ligne, objet portable utilisateur communiquant par un protocole radioélectrique et dispositif distant du système | |
EP2630746B1 (fr) | Procede et systeme d'authentification | |
FR3003058A1 (fr) | Systeme et procede de gestion d’au moins une application en ligne, objet portable utilisateur usb et dispositif distant du systeme | |
WO2012022856A1 (fr) | Procédé d'authentification d' un utilisateur du réseau internet | |
FR2980012A1 (fr) | Systeme et procede d'authentification par code personnel |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20111118 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20120921 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06Q 10/00 20120101ALI20150911BHEP Ipc: H04L 29/06 20060101ALI20150911BHEP Ipc: G06F 21/34 20130101AFI20150911BHEP Ipc: H04L 9/32 20060101ALI20150911BHEP |
|
INTG | Intention to grant announced |
Effective date: 20151002 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20160213 |