CA2336935C - A method for securing access to a remote system - Google Patents
A method for securing access to a remote system Download PDFInfo
- Publication number
- CA2336935C CA2336935C CA002336935A CA2336935A CA2336935C CA 2336935 C CA2336935 C CA 2336935C CA 002336935 A CA002336935 A CA 002336935A CA 2336935 A CA2336935 A CA 2336935A CA 2336935 C CA2336935 C CA 2336935C
- Authority
- CA
- Canada
- Prior art keywords
- access
- code word
- access device
- communications
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Method for secure user access to a remote system using a communications device.
Access to the system is released only after the input of valid code words via independent communications devices. One of the communications devices may be a data processing unit and the second communications device may be a mobile telephone.
Access to the system is released only after the input of valid code words via independent communications devices. One of the communications devices may be a data processing unit and the second communications device may be a mobile telephone.
Description
V~~fl 00/03316 PCT/EP98/04249 The present invention relates to a method for securing access to a system. In particular, the invention relates to a method for securing access to data of a remote system using a communications apparatus.
Because of the increasingly widespread deployment and use of data networks, security aspects are becoming increasingly important in various applications. These may be applications in which secret information is transferred between data processing devices via a data network, e.g. in electronic payments transactions, electronic "shopping" and the like. Most importantly, security requirements include, apart from secure transmission of data via the network, the identification of an authorized user. In particular, when an authorized user wishes to access, via a publicly accessible data network, to a system and/or to data stored there and associated with it, it must be ensured by specific arrangementsc, that only the authorized user can access associated data.
For example, the data network can be an Internet, comprising a large number of computers are connected with each other to form a generally accessible network. Since in such a network there are no secure data transmission lines, other ways are required to secure data and to identify an authorized user.
In general, a secure unit requests the input of a code word for authenticating a user, thus clearly identifying the
Because of the increasingly widespread deployment and use of data networks, security aspects are becoming increasingly important in various applications. These may be applications in which secret information is transferred between data processing devices via a data network, e.g. in electronic payments transactions, electronic "shopping" and the like. Most importantly, security requirements include, apart from secure transmission of data via the network, the identification of an authorized user. In particular, when an authorized user wishes to access, via a publicly accessible data network, to a system and/or to data stored there and associated with it, it must be ensured by specific arrangementsc, that only the authorized user can access associated data.
For example, the data network can be an Internet, comprising a large number of computers are connected with each other to form a generally accessible network. Since in such a network there are no secure data transmission lines, other ways are required to secure data and to identify an authorized user.
In general, a secure unit requests the input of a code word for authenticating a user, thus clearly identifying the
2 , , ... .. ,. .. ..
user.
This process of securing access from a communications device to a remote system is generally known. An example is shown in figure 8. C' marks a communications device, A' an access device and S' the system. Access from the communications device to the system is cleared as follows: in a first step, a code word is entered at the communications device C' . It is then transmitted to the access device A' where it is checked for validity. In case the code word is determined to be valid, the access device releases access to the system by the communications devicE~ C' .
A large number of such processes, identifying a subscriber by means of such code word, are known. However, like the example described above, they do have the disadvantage that the knowledge of the code word allows an unauthorized user to, e.g., access data of another user or to otherwise take not allowed influence on the system.
user.
This process of securing access from a communications device to a remote system is generally known. An example is shown in figure 8. C' marks a communications device, A' an access device and S' the system. Access from the communications device to the system is cleared as follows: in a first step, a code word is entered at the communications device C' . It is then transmitted to the access device A' where it is checked for validity. In case the code word is determined to be valid, the access device releases access to the system by the communications devicE~ C' .
A large number of such processes, identifying a subscriber by means of such code word, are known. However, like the example described above, they do have the disadvantage that the knowledge of the code word allows an unauthorized user to, e.g., access data of another user or to otherwise take not allowed influence on the system.
3 describes a computer security system for preventing an unauthorized access to a host computer system by a user at a remote terminal using paging system technology. A user inputs a user identification code into a terminal which in response thereto generates a random code or an access code which is then transmitted to a host computer system. Using the generated random code a second code is generated which is transmitted via a paging system to a receiver located at the user. The user then transfers the received code to t:he terminal and, the host computer system grants access in case the codes are valid.
A~r~~PtDED ; ~~
YTV VV/V.IJiV
US 5,6&8,876 describes a user authentication method to a system using a modified pager calculating a response code to a transmitted challenge code. A user obtains access to the system by first entering a user ID into a terminal whereupon a challenge code is sent to a personal unit and the code is manually inputted into a data terminal which transmits a transformed version of the code to the service node. In case valid codes are entered, access is' granted.
It is object of the invention to provide a method for securing access to data allowing greater security in authenticating an authorized user wishing to access said data.
According to the invention there is provided a method for secure user access to a separate system having data stored in a memory device, including the following steps:
establishing a first connection between a first communications device and an access device and transmission of a first code word from the first - 25 communications device to the access device, the first Code word known only to a user requesting access;
comparing the first code word with the first authentication data stored in the access device;
establishing a second connection between a second communications device and the access device and transmitting a second code word froze the second communications device to' the access device, the second code word known only to a user requesting access;
Amended Sheet WU UU1U331b r~. mr.ryomy~y7 3a comparing the second code word with second authentication data stored in access device;
transmitting a third code word from access device to the first communication device;
transmitting the third code word from the first Communications device to the Second communications device;
transmitting the third code word from the second communications device to the access drive; and IS granting access~to the system via at least one of the communications devices, given a valid third code word and the presence of a determined relationship between the first and second code words and first and second authentication data stored in access device.
A method permits improved security of access .to the system due to the fact that after the transmission and checking of a first code word by the determining device, a second code word is. transmitted to the second communications device, for input into the first communications device and transmission from the first communications device to the transmission device for checking.
Amended Sheet
A~r~~PtDED ; ~~
YTV VV/V.IJiV
US 5,6&8,876 describes a user authentication method to a system using a modified pager calculating a response code to a transmitted challenge code. A user obtains access to the system by first entering a user ID into a terminal whereupon a challenge code is sent to a personal unit and the code is manually inputted into a data terminal which transmits a transformed version of the code to the service node. In case valid codes are entered, access is' granted.
It is object of the invention to provide a method for securing access to data allowing greater security in authenticating an authorized user wishing to access said data.
According to the invention there is provided a method for secure user access to a separate system having data stored in a memory device, including the following steps:
establishing a first connection between a first communications device and an access device and transmission of a first code word from the first - 25 communications device to the access device, the first Code word known only to a user requesting access;
comparing the first code word with the first authentication data stored in the access device;
establishing a second connection between a second communications device and the access device and transmitting a second code word froze the second communications device to' the access device, the second code word known only to a user requesting access;
Amended Sheet WU UU1U331b r~. mr.ryomy~y7 3a comparing the second code word with second authentication data stored in access device;
transmitting a third code word from access device to the first communication device;
transmitting the third code word from the first Communications device to the Second communications device;
transmitting the third code word from the second communications device to the access drive; and IS granting access~to the system via at least one of the communications devices, given a valid third code word and the presence of a determined relationship between the first and second code words and first and second authentication data stored in access device.
A method permits improved security of access .to the system due to the fact that after the transmission and checking of a first code word by the determining device, a second code word is. transmitted to the second communications device, for input into the first communications device and transmission from the first communications device to the transmission device for checking.
Amended Sheet
4 In a further advantageous embodiment of the method in accordance with the invention, the transmission device may generate a code word using a secret algorithm. The code word may be transferred to one of the communications devices for input into the other one of the two communications devices, and for subsequent retransmission to the access device for investigation. This allows a further enhanced security.
In addition, one of the code words can be used to carry out data encoding of data transmitted between one or both of the communications .devices and the determining device. In general, a code word may be derived from predetermined subscriber data, the date or the time. Further, the code word may be valid far only one access procedure.
For the implementation of the method for securing access to a system, advantageously an access device may be used, which on the one hand is connected with the system and on the other is connected, via separate communication paths, with two communication devices for the transmission of code words and for access to the system, preferably a data processing unit and a telephone/mobile telephone.
Further embodiments and advantageous modifications of the method become obvious with the subclaims.
Brief description of the figures:
Fig. 1 shows a schematic illustration of an embodiment WO 00/03316 PC'T/EP98/04249 of the method in accordance with the invention for securing access to a remote system;
Fig. 2 shows a flow diagram of the embodiment of the
In addition, one of the code words can be used to carry out data encoding of data transmitted between one or both of the communications .devices and the determining device. In general, a code word may be derived from predetermined subscriber data, the date or the time. Further, the code word may be valid far only one access procedure.
For the implementation of the method for securing access to a system, advantageously an access device may be used, which on the one hand is connected with the system and on the other is connected, via separate communication paths, with two communication devices for the transmission of code words and for access to the system, preferably a data processing unit and a telephone/mobile telephone.
Further embodiments and advantageous modifications of the method become obvious with the subclaims.
Brief description of the figures:
Fig. 1 shows a schematic illustration of an embodiment WO 00/03316 PC'T/EP98/04249 of the method in accordance with the invention for securing access to a remote system;
Fig. 2 shows a flow diagram of the embodiment of the
5 method in accordance with the invention of Fig.
1;
Fig. 3 shows a schematic illustration of a further embodiment. of the method in accordance with the invention;
Fig. 4 shows a flow diagram of the embodiment of the method in accordance with the invention of Fig.
3;
Fig. 5 shows a schematic illustration of another embodiment. of the method in accordance with the invention;:
Fig. 6 shows a flow diagram of the embodiment of the inventive method in accordance with Fig. 5;
Fig. 7 shows a block diagram of a device for carrying out the method in accordance with the invention;
and Fig. 8 shows a schematic illustration of a known access procedure..
In the following, the invention is described with respect to the figures.
1;
Fig. 3 shows a schematic illustration of a further embodiment. of the method in accordance with the invention;
Fig. 4 shows a flow diagram of the embodiment of the method in accordance with the invention of Fig.
3;
Fig. 5 shows a schematic illustration of another embodiment. of the method in accordance with the invention;:
Fig. 6 shows a flow diagram of the embodiment of the inventive method in accordance with Fig. 5;
Fig. 7 shows a block diagram of a device for carrying out the method in accordance with the invention;
and Fig. 8 shows a schematic illustration of a known access procedure..
In the following, the invention is described with respect to the figures.
6 PCT/EP98/04249 Fig. 1 shows a first embodiment of the method in accordance with the invention, wherein individual process steps are illustrated using arrows. Fig. 1 shows first communications device C1, a second communications device C2 as well as an access device A and a system S, to which access is to be obtained. Further devices, such as for example communications line:, data transmission devices and the like are not shown. Reference numerals 511, S12 and S13 denoting the arrows illustrate process steps which are carried out successively in the embodiment of the method in accordance with the invention.
Figure 2 shows a flow diagram of the embodiment shown in Fig. 1 to further clarify the process in accordance with the invention for securing access to a remote system.
In the following, steps for executing the procedure in accordance with figures 1 and 2 will be described. At first, the step denoted S11 is carried out. In step 511, a first connection is established from the communications device C1 to an access device A and, besides identifying a user, a first code word is transmitted from the first communications device C1 to the access device A. The first code word is received by the access device A and it is compared with authentication data stored in access device A. The comparison. can be a known procedure for the verification of a transmitted code word. For example, in access device A, a copy of the first code word could be stored and it could be determined by comparison, whether the code word which was transmitted is the requisite code V1'O 00/03316 PCT/EP98/04249
Figure 2 shows a flow diagram of the embodiment shown in Fig. 1 to further clarify the process in accordance with the invention for securing access to a remote system.
In the following, steps for executing the procedure in accordance with figures 1 and 2 will be described. At first, the step denoted S11 is carried out. In step 511, a first connection is established from the communications device C1 to an access device A and, besides identifying a user, a first code word is transmitted from the first communications device C1 to the access device A. The first code word is received by the access device A and it is compared with authentication data stored in access device A. The comparison. can be a known procedure for the verification of a transmitted code word. For example, in access device A, a copy of the first code word could be stored and it could be determined by comparison, whether the code word which was transmitted is the requisite code V1'O 00/03316 PCT/EP98/04249
7 word. It could also be determined by a methematical operation whether the first code word is correct, by checking a particular relationship to the authentication data which are stored in access device A. If the first code word is determined as being incorrect, the execution of the process proceeds to the end point of the flow diagram shown in figure 2. If the first code word is found to be correct, the process moves on to a step 512.
In step 512, a connection is established from the second communications device C2 to access device A. A second code word is transmitted. via this connection to the access device. This second transmitted code word is received at the access device <~nd is authenticated, as was already described in step S11. The code word can be a fixed sequence of signs, which identify the user and a code portion which is known only to the user. But identification of the user may also be carried out in a differently. If no user assigned code word has been transmitted, the process moves on to the end point shown in the flow diagram of Fig.
2. If the second code word is determined to be correct, the process moves on to :step S13.
In step 513, access to the system S is released by the access device A from one or both of the communications devices C1, C2. This access to system S may be such that data can be transferred to system S and/or data can be retrieved from system S via one or both of the communications devices C1, C2. In addition, it is possible that the authorized user can trigger certain functions of the system S via one. or both of the communications devices
In step 512, a connection is established from the second communications device C2 to access device A. A second code word is transmitted. via this connection to the access device. This second transmitted code word is received at the access device <~nd is authenticated, as was already described in step S11. The code word can be a fixed sequence of signs, which identify the user and a code portion which is known only to the user. But identification of the user may also be carried out in a differently. If no user assigned code word has been transmitted, the process moves on to the end point shown in the flow diagram of Fig.
2. If the second code word is determined to be correct, the process moves on to :step S13.
In step 513, access to the system S is released by the access device A from one or both of the communications devices C1, C2. This access to system S may be such that data can be transferred to system S and/or data can be retrieved from system S via one or both of the communications devices C1, C2. In addition, it is possible that the authorized user can trigger certain functions of the system S via one. or both of the communications devices
8 C1, C2. In the embodiment described, process steps are carried out in sequence, preferably in the sequence S11 -S13. However, modifications of this sequence or partial steps are possible.
As in the case of a device described in more detail later with reference to Fig. 7, in a second embodiment a data processing unit can b.e used as the first communications device C1 and wherein the connection between this data processing unit and the access device A is established via a data processing network.
The data processing unit may be constituted by a personal computer available on the market, which is equipped with a suitable modem. The connection between the personal computer and the access device A may be established via a data network, for example the Internet. The provision of a connection from a computer via an Internet to the access device A, which may also be constituted by a computer or a server, optionally 'with special functions and features, is well known and will not be further explained at this point.
In addition, in the second embodiment, the second communications device C2 may be constituted by a telephone and the connection between the telephone and the access device A may be e:~tablished via a telephone network. In this connection, the telephone network may preferably be a mobile radio network or a conventional fixed telephone network and/or PSTN.
Thereby it is possible that the connections between the first and/or second communications devices C1, C2 and the W~ 00/03316 PCT/EP98/04249
As in the case of a device described in more detail later with reference to Fig. 7, in a second embodiment a data processing unit can b.e used as the first communications device C1 and wherein the connection between this data processing unit and the access device A is established via a data processing network.
The data processing unit may be constituted by a personal computer available on the market, which is equipped with a suitable modem. The connection between the personal computer and the access device A may be established via a data network, for example the Internet. The provision of a connection from a computer via an Internet to the access device A, which may also be constituted by a computer or a server, optionally 'with special functions and features, is well known and will not be further explained at this point.
In addition, in the second embodiment, the second communications device C2 may be constituted by a telephone and the connection between the telephone and the access device A may be e:~tablished via a telephone network. In this connection, the telephone network may preferably be a mobile radio network or a conventional fixed telephone network and/or PSTN.
Thereby it is possible that the connections between the first and/or second communications devices C1, C2 and the W~ 00/03316 PCT/EP98/04249
9 access device A may be established via separate communications routes independent from each other.
Furthermore, in the second embodiment, the system S to be accessed, may be a mobile radio network and/or a memory device of the mobi:Le radio network, in which specific subscriber-related data are stored, but in particular a telephone network in accordance with the GSM standard. In case of a GSM network, the access device may advantageously be an expansion of t:he HLR (home location register) which forms a unit with a server of the worldwide web (WWW) and/or of the Internet. In this embodiment, access is advantageously controlled to the HLR (home lacation register) by the access device A. In thie HLR register, subscriber-specific data are stored, for example for services such as forwarding of calls or other configuration settings which concern the subscriber. The above described embodiment enables a subscriber a secure access to the communication network or to subscriber data associated with him stored in the HLR: register.
Therefore the user may alter in a particularly convenient way, for example, configuration settings, activate certain services and deactivate them and may retrieve, change or store information and data. The communication between the user and the system, necessary for transmission of the code words, may be carried out, inter alia, via USSD
(unstructured supplementary service data).
Access to subscriber-specific data stored in the HLR
register in this embodiment may be carried out as follows when relying on the method in accordance with the invention shown in figures 1 and 2.
A subscriber wishing access to the subscriber data in the 5 HLR register associated with him, establishes a connection between a data processing unit constituting one of the communications devices and which is connected bar the Internet (WWW client) to access device A. In this case, this is an Internet server forming a unit with an expansion
Furthermore, in the second embodiment, the system S to be accessed, may be a mobile radio network and/or a memory device of the mobi:Le radio network, in which specific subscriber-related data are stored, but in particular a telephone network in accordance with the GSM standard. In case of a GSM network, the access device may advantageously be an expansion of t:he HLR (home location register) which forms a unit with a server of the worldwide web (WWW) and/or of the Internet. In this embodiment, access is advantageously controlled to the HLR (home lacation register) by the access device A. In thie HLR register, subscriber-specific data are stored, for example for services such as forwarding of calls or other configuration settings which concern the subscriber. The above described embodiment enables a subscriber a secure access to the communication network or to subscriber data associated with him stored in the HLR: register.
Therefore the user may alter in a particularly convenient way, for example, configuration settings, activate certain services and deactivate them and may retrieve, change or store information and data. The communication between the user and the system, necessary for transmission of the code words, may be carried out, inter alia, via USSD
(unstructured supplementary service data).
Access to subscriber-specific data stored in the HLR
register in this embodiment may be carried out as follows when relying on the method in accordance with the invention shown in figures 1 and 2.
A subscriber wishing access to the subscriber data in the 5 HLR register associated with him, establishes a connection between a data processing unit constituting one of the communications devices and which is connected bar the Internet (WWW client) to access device A. In this case, this is an Internet server forming a unit with an expansion
10 of the HLR. Authentication of the user and/or subscriber is carried out by the transmission and validation of the first code word in step 511, shown in figures 1 and 2, to access device A. Here, the communication between the data processing unit and the access device A may be performed in accordance with a so-called TCP/IP protocol.
If the access device A determines the user as being authorized, access device A awaits an input of a second code word via a second communications device, in this case the mobile telephone or a fixed network telephone (step S12 ) . In further embodiments, access device A may transmit a request for an input of the second code word (step 12) via an interface to the GSM network of the mobile telephone or of a fixed network telephone. The input of the code word may be carried out using a telephone keyboard by pressing a single key, for example the call demand key, or by pressing a sequence of keys.
After authorization of the second code word and therefore of the subscriber at access device A, the access device allows access to system S (step S13 in figures 1 anal 2) .
V,~O 00/03316 PCT/EP98/04249
If the access device A determines the user as being authorized, access device A awaits an input of a second code word via a second communications device, in this case the mobile telephone or a fixed network telephone (step S12 ) . In further embodiments, access device A may transmit a request for an input of the second code word (step 12) via an interface to the GSM network of the mobile telephone or of a fixed network telephone. The input of the code word may be carried out using a telephone keyboard by pressing a single key, for example the call demand key, or by pressing a sequence of keys.
After authorization of the second code word and therefore of the subscriber at access device A, the access device allows access to system S (step S13 in figures 1 anal 2) .
V,~O 00/03316 PCT/EP98/04249
11 This may be access to subscriber-specific data stored in the memory device of the HLR register or it may be an activation or deactivation of certain services. After access has been granted, one of the two communications devices C1, C2, i.e. the data processing unit or the telephone or both, may actually be used for accessing the system.
By means of this procedure, for example a selective access of a particular subscriber of a mobile radio network to data assigned to this subscriber may be made allowed.
Preferably, by this proceeding, access is granted only to subscriber-specific data and services which assigned to a specific subscriber. For example, in a GSM network;, the identity of the specific mobile telephone used by a particular user is permanently known, and therefore a fraudulent authentication of a particular subscriber may not be performed using any other communications device.
By the input of at least one further code word via one of the communications devices C1, C2 and by transmission of this at least one further code word to access device A, expanded access to the system or to subscriber data stored in the memory device of the HLR register may be allowed.
In Fig. 3, a third embodiment of the method in accordance with the invention far securing access to a remote system is shown will be described. As already shown in the first embodiment of Fig. 1, a first communications device C1, a second communications device C2, an access device A and a system S are illustrated. In addition, arrows representing
By means of this procedure, for example a selective access of a particular subscriber of a mobile radio network to data assigned to this subscriber may be made allowed.
Preferably, by this proceeding, access is granted only to subscriber-specific data and services which assigned to a specific subscriber. For example, in a GSM network;, the identity of the specific mobile telephone used by a particular user is permanently known, and therefore a fraudulent authentication of a particular subscriber may not be performed using any other communications device.
By the input of at least one further code word via one of the communications devices C1, C2 and by transmission of this at least one further code word to access device A, expanded access to the system or to subscriber data stored in the memory device of the HLR register may be allowed.
In Fig. 3, a third embodiment of the method in accordance with the invention far securing access to a remote system is shown will be described. As already shown in the first embodiment of Fig. 1, a first communications device C1, a second communications device C2, an access device A and a system S are illustrated. In addition, arrows representing
12 individual process steps are denoted by S31 to S35. The process steps are preferably carried out successively in the sequence S31 to 535. However, modifications of this sequence or of partial steps are possible.
Figure 4 shows a f low diagram of the embodiment in Fig . 3 to further outline the embodiment of the invention.
In the following, the process steps of figures 3 and 4 will be described in more detail. In a first step 531, a communication is established between the first communications device C1 and the access device A and, apart from a user identification, a first code word is transmitted to access device A. The access device compares the first code word with stored authentication data. This may be done similar to the authentication procedure already described with respect to example of embodiment 1. If the code word is not recognized as correct, the process ends, as shown in Fig. 4. Otherwise, the sequence of steps proceeds to step S32.
In step S32, a second code word is transmitted from access device A to the communications device C1, e.g., for display. This second code word may be a predetermined code word or it may be generated by access device A using a secret algorithm. For example, the second code word may be derived from subscriber-specific identification data and/or the time and/or the date. Thereby it becomes possible that this second code word or another code word generated by access device A is only valid for one access. In addition, the second or another code word may be used for data
Figure 4 shows a f low diagram of the embodiment in Fig . 3 to further outline the embodiment of the invention.
In the following, the process steps of figures 3 and 4 will be described in more detail. In a first step 531, a communication is established between the first communications device C1 and the access device A and, apart from a user identification, a first code word is transmitted to access device A. The access device compares the first code word with stored authentication data. This may be done similar to the authentication procedure already described with respect to example of embodiment 1. If the code word is not recognized as correct, the process ends, as shown in Fig. 4. Otherwise, the sequence of steps proceeds to step S32.
In step S32, a second code word is transmitted from access device A to the communications device C1, e.g., for display. This second code word may be a predetermined code word or it may be generated by access device A using a secret algorithm. For example, the second code word may be derived from subscriber-specific identification data and/or the time and/or the date. Thereby it becomes possible that this second code word or another code word generated by access device A is only valid for one access. In addition, the second or another code word may be used for data
13 encoding a data transmission between the first or the second communications device C1, C2 and the access device A.
In a step S33 the second code word is transmitted from the first communications device C1 to the second communications device C2. This may be done by a read out operation from the first communications device C1 and an input operation at the second communications device C2 or by another form of data transmission.
After input of the second code word at the second communications device C2, in a step S34 the second code word is transmitted to the access device A and is authenticated there in accordance with the authentication process which was described above. If the second code word transmitted to the access device is determined to be incorrect, the process moves on to END, as shown in the flow diagram of figure 4.
If the code word is recognized as being valid, in step S35 access from one of the communications devices.Cl, C2 to system S is granted, as it was described above in more detail with reference to the first or second embodiment. In a modification of this third embodiment, it is possible that after transmission of a first code word from the communications device C1 and thereafter of a second code word from communications device C2 to access device A, a third code word is transmitted from access device A to the communications device C1 and from there to communications device C2, and is then transferred 'by communications device
In a step S33 the second code word is transmitted from the first communications device C1 to the second communications device C2. This may be done by a read out operation from the first communications device C1 and an input operation at the second communications device C2 or by another form of data transmission.
After input of the second code word at the second communications device C2, in a step S34 the second code word is transmitted to the access device A and is authenticated there in accordance with the authentication process which was described above. If the second code word transmitted to the access device is determined to be incorrect, the process moves on to END, as shown in the flow diagram of figure 4.
If the code word is recognized as being valid, in step S35 access from one of the communications devices.Cl, C2 to system S is granted, as it was described above in more detail with reference to the first or second embodiment. In a modification of this third embodiment, it is possible that after transmission of a first code word from the communications device C1 and thereafter of a second code word from communications device C2 to access device A, a third code word is transmitted from access device A to the communications device C1 and from there to communications device C2, and is then transferred 'by communications device
14 C2 to access device .A for authentication.
As with respect to the second embodiment, and also with respect to Fig. 7, in order to realize the inventive proceeding, the communications device C1 may be a data processing unit connected with access device A via the Internet, and the communications device C2 may be a telephone and/or a mobile telephone, connected to access device A via a fixed telephone network. and/or a mobile radio network. As was described in the embodiment, in this case, code words may be transmitted by the telephone by activating a sequence of telephone keys or a separate telephone key, such as, for example, the call connection key.
Attention is drawn t:o the fact that in other examples of embodiments, the communications device Cl may be a telephone/ mobile telephone and/or the communications device C2 may be a data processing unit. In addition, the second code word which is transmitted from access device A
to communications device C1 may be generated by access device A, for example using subscriber-specif is identification data and/or the time and/or the date. Thus it is possible that this second code word, or another code word generated by access device A, is valid only for one access session. Furthermore, one of the code words transmitted may be used for data encoding in a data transmission between the first or the second communications devices C1, C2 and the access device A. This may improve the security of access to the system. Preferably, the second code word generated by access device A would be used for such data encoding.
By inputting of at least one further code word via ane of the communications devices C1, C2 and by transmission of 5 this at least one :Further code ward to access device A, expanded access to the system or to other data stored in the memory device of the system may be released.
Figure 5 describes a further embodiment for a realization 10 of the method in accordance with the invention for secure access to a remote system. As has already been described with respect to the embodiments 1 and 3, Fig. 5 schematically illustrates a first communications device C1, a second communications device C2, an access device A and a
As with respect to the second embodiment, and also with respect to Fig. 7, in order to realize the inventive proceeding, the communications device C1 may be a data processing unit connected with access device A via the Internet, and the communications device C2 may be a telephone and/or a mobile telephone, connected to access device A via a fixed telephone network. and/or a mobile radio network. As was described in the embodiment, in this case, code words may be transmitted by the telephone by activating a sequence of telephone keys or a separate telephone key, such as, for example, the call connection key.
Attention is drawn t:o the fact that in other examples of embodiments, the communications device Cl may be a telephone/ mobile telephone and/or the communications device C2 may be a data processing unit. In addition, the second code word which is transmitted from access device A
to communications device C1 may be generated by access device A, for example using subscriber-specif is identification data and/or the time and/or the date. Thus it is possible that this second code word, or another code word generated by access device A, is valid only for one access session. Furthermore, one of the code words transmitted may be used for data encoding in a data transmission between the first or the second communications devices C1, C2 and the access device A. This may improve the security of access to the system. Preferably, the second code word generated by access device A would be used for such data encoding.
By inputting of at least one further code word via ane of the communications devices C1, C2 and by transmission of 5 this at least one :Further code ward to access device A, expanded access to the system or to other data stored in the memory device of the system may be released.
Figure 5 describes a further embodiment for a realization 10 of the method in accordance with the invention for secure access to a remote system. As has already been described with respect to the embodiments 1 and 3, Fig. 5 schematically illustrates a first communications device C1, a second communications device C2, an access device A and a
15 system S. To further outline the procedure and their realization, process steps S51 to S55 are denote arrows.
Figure 6 shows a flow diagram for further explaining the drawing shown in Fig. 5.
Below the realization of the method in accordance with the invention for secure access by a user to the remote system S is described with :regard to figures 5 and 6.
In process step 551, as in steps S11 and S31, a first connection is established between a first communcations device C1 an access device A, and, apart from a user identification, a first code word is transmitted from the first communications device C1 to access device A where it is authenticated. If the transmitted code word is found to be invalid, the process moves on to the end point of the flow diagram shown in Fig. 6. If the code word is found to
Figure 6 shows a flow diagram for further explaining the drawing shown in Fig. 5.
Below the realization of the method in accordance with the invention for secure access by a user to the remote system S is described with :regard to figures 5 and 6.
In process step 551, as in steps S11 and S31, a first connection is established between a first communcations device C1 an access device A, and, apart from a user identification, a first code word is transmitted from the first communications device C1 to access device A where it is authenticated. If the transmitted code word is found to be invalid, the process moves on to the end point of the flow diagram shown in Fig. 6. If the code word is found to
16 PCT/EP98/04249 be valid, the procesa moves on to step S52.
In step 552, by access device A a second code word is generated, for example by means of a secret algorithm, as was already described with respect to the third embodiment, or a predetermined value is transmitted as the second code word to the second communications device C2.
In a subsequent step S53, the second code word is transmitted from the second communications device C2 to a first communications device C1. For this purpose the second communications device C2 may display the second code word for an input into the: first communications device C1, or it may be transmitted in another way from the second communications device C2 to the first communications device C1.
In a further step S54, the second code word is transmitted from the first communications device C1 to access device A
and is checked there for correctness, as described above.
If the code word transmitted in step S54 is determined to be invalid, the process moves on to the end point of the flow diagram shown in Fig. 6.
:Z5 If the second code word transmitted in step S54 is found to be valid, in step S35 data access or access to functions of the system is released by access device A. This access to data or to functions of the system may be carried out, as described above, by one of the communications devices 3 0 C1, C2 .
In step 552, by access device A a second code word is generated, for example by means of a secret algorithm, as was already described with respect to the third embodiment, or a predetermined value is transmitted as the second code word to the second communications device C2.
In a subsequent step S53, the second code word is transmitted from the second communications device C2 to a first communications device C1. For this purpose the second communications device C2 may display the second code word for an input into the: first communications device C1, or it may be transmitted in another way from the second communications device C2 to the first communications device C1.
In a further step S54, the second code word is transmitted from the first communications device C1 to access device A
and is checked there for correctness, as described above.
If the code word transmitted in step S54 is determined to be invalid, the process moves on to the end point of the flow diagram shown in Fig. 6.
:Z5 If the second code word transmitted in step S54 is found to be valid, in step S35 data access or access to functions of the system is released by access device A. This access to data or to functions of the system may be carried out, as described above, by one of the communications devices 3 0 C1, C2 .
17 As in the examples of embodiments described above, the connections between the first communication device C1 and/or the second communications device C2 and the access device A may be established via separate communications routes independent from each other. Furthermore, as it was described with respect to the example of embodiment 2, the first communications device C1 may be a data processing unit and the connection between access device A and the data processing unit may be established via a data processing device network. Preferably, a data processing unit is selected as the first communications device C:1 and a mobile telephone as the second communications device.
In this fourth embodiment, the second code word transmitted to communications device C1 in step S52 may be computed using subscriber-specific data and/or a date and/or a time and, in certain cases, it may be. valid only for a single access session. In addition, the communications device C2 may be a telephone or a mobile telephone, and the connection between communications device C2 and access device A may be established via a f fixed telephone network and/or via a mobile telephone network. Attention is drawn to the fact that the communications device C1 may also be a telephone or a mobile telephone, and communications device C2 may be a data processing unit.
The transmission of the code words may be carried out as was already described in the second embodiment. The grant of access to system S may be such that a subscriber can access subscriber data allocated to him, change or store them, or the subscriber may be allowed to activate or
In this fourth embodiment, the second code word transmitted to communications device C1 in step S52 may be computed using subscriber-specific data and/or a date and/or a time and, in certain cases, it may be. valid only for a single access session. In addition, the communications device C2 may be a telephone or a mobile telephone, and the connection between communications device C2 and access device A may be established via a f fixed telephone network and/or via a mobile telephone network. Attention is drawn to the fact that the communications device C1 may also be a telephone or a mobile telephone, and communications device C2 may be a data processing unit.
The transmission of the code words may be carried out as was already described in the second embodiment. The grant of access to system S may be such that a subscriber can access subscriber data allocated to him, change or store them, or the subscriber may be allowed to activate or
18 deactivate certain. services. The subscriber data are preferably stored in a home location register (HLR). Should a mobile telephone be used as the communications device, access to subscriber data may advantageously be restricted to subscriber data allocated to a subscriber, to whom the used mobile telephone is allocated.
In addition, one of the transmitted code words may be used for data encoding in data transmission between the first. or second communications devices C1, C2 and access device A.
Moreover, after release of data access by the access device A at least one further code word may be transmitted from one of the communications devices C1, C2 to access device A, in order to release expanded access to the system or to other data which ares stored in the memory device.
Figure 7 shows an embodiment of a device for carrying out the method in accordance with the invention. The figure shows an access device marked A to control access by a user to a remote system S.
The double arrow Shawn between access device A and system S
marks a data connection existing between these two devices.
In the case of a CSM system, the access device and the system may communicate with each other within the framework of the MAP (mobile application part) protocol.
E1 shows a mobile telephone. An arrow connects with access device A, denoting, e.g, a mobile radio network. In addition, Fig. 7 shows a data processing unit D2. A double arrow connects with access device A, denoting any data
In addition, one of the transmitted code words may be used for data encoding in data transmission between the first. or second communications devices C1, C2 and access device A.
Moreover, after release of data access by the access device A at least one further code word may be transmitted from one of the communications devices C1, C2 to access device A, in order to release expanded access to the system or to other data which ares stored in the memory device.
Figure 7 shows an embodiment of a device for carrying out the method in accordance with the invention. The figure shows an access device marked A to control access by a user to a remote system S.
The double arrow Shawn between access device A and system S
marks a data connection existing between these two devices.
In the case of a CSM system, the access device and the system may communicate with each other within the framework of the MAP (mobile application part) protocol.
E1 shows a mobile telephone. An arrow connects with access device A, denoting, e.g, a mobile radio network. In addition, Fig. 7 shows a data processing unit D2. A double arrow connects with access device A, denoting any data
19 connection. E.g., this data connection may be an Internet and communication may be carried out in accordance with the TCP/IP protocol.
In accordance with <~ process shown in connection with the examples of embodiments 1 to 4 for the authentication of a user, in the case of correct input of the code words, the access device releases access to the system. Then either by the mobile telephone E1 and/or the data processing unit E2 via the respective connections to the access device, access to system S can be obtained. In the embodiment, supported by a graphic display of the data processing unit E2, the subscriber-specific user profile in an HLR of a memory device of a mobile radio network, for example a GSM
network, may be stored, retrieved or changed. It is furthermore conceivable that other functions of system S
may be controlled by one of the data processing devices G.
In addition, by the input of further code words, after connection has been established between the devices E1, E2, access to further functions of system S or to other subscriber-specific data in the subscriber register HLR may be enabled.
In accordance with <~ process shown in connection with the examples of embodiments 1 to 4 for the authentication of a user, in the case of correct input of the code words, the access device releases access to the system. Then either by the mobile telephone E1 and/or the data processing unit E2 via the respective connections to the access device, access to system S can be obtained. In the embodiment, supported by a graphic display of the data processing unit E2, the subscriber-specific user profile in an HLR of a memory device of a mobile radio network, for example a GSM
network, may be stored, retrieved or changed. It is furthermore conceivable that other functions of system S
may be controlled by one of the data processing devices G.
In addition, by the input of further code words, after connection has been established between the devices E1, E2, access to further functions of system S or to other subscriber-specific data in the subscriber register HLR may be enabled.
Claims (14)
1. A method for secure user access to a separate system (S) having data stored in a memory device, comprising the following steps:
establishing a first connection between a first communications device (C1) and an access device (A) and transmission of a first code word from the first communications device (C1) to the access device (A), the first code word known only to a user requesting access;
comparing the first code word with first authentication data stored in the access device (A);
establishing a second connection between a second communications device (C2) and the access device (A), and transmitting a second code word from the second communications device (C2) to the access device (A), the second code word known only to a user requesting access;
comparing the second code word with second authentication data stored in access device (A);
transmitting a third code word from access device (A) to the first communications device (C1);
transmitting the third code word from the first communications device (C1) to the second communications device (C2);
transmitting the third code word from the second communications device (C2) to the access device (A);
and granting access to the system (S) via at least of the communications devices (C1, C2), given a valid third code word and the presence of a predetermined relationship between the first and second code words and first and second authentication data stored in access device.
establishing a first connection between a first communications device (C1) and an access device (A) and transmission of a first code word from the first communications device (C1) to the access device (A), the first code word known only to a user requesting access;
comparing the first code word with first authentication data stored in the access device (A);
establishing a second connection between a second communications device (C2) and the access device (A), and transmitting a second code word from the second communications device (C2) to the access device (A), the second code word known only to a user requesting access;
comparing the second code word with second authentication data stored in access device (A);
transmitting a third code word from access device (A) to the first communications device (C1);
transmitting the third code word from the first communications device (C1) to the second communications device (C2);
transmitting the third code word from the second communications device (C2) to the access device (A);
and granting access to the system (S) via at least of the communications devices (C1, C2), given a valid third code word and the presence of a predetermined relationship between the first and second code words and first and second authentication data stored in access device.
2. Method according to claim 1, wherein the second code word is equal to the third code word.
3. Method in accordance with claims 1 or 2, characterized by establishing the first and second connection via communications routes independent from each other.
4. Method in accordance with claims 1 to 3, characterized in that at least the first communications device (C1) is constituted by a data processing unit and the connection between the data processing unit and the access device (A) is established via a data processing device network.
5. Method in accordance with claim 4, characterized in that a data network is used for the connection between access device (A) and the data processing unit.
6. Method in accordance with claims 1 to 5, characterized in that a telephone is used as one of the communications devices (C1, C2) and the connection between the telephone and access device (A) is established via a telephone network.
7. Method in accordance with claim 6, characterized in that a mobile telephone is used as communications device (C1, C2).
8. Method in accordance with claims 6 or 7, characterized in that the first or second code word is transmitted by pressing a single key.
9. Method in accordance with one of claims 6 to 8, characterized in that the system (S) is a GSM
network and the memory device is a home location register storing subscriber-specific data.
network and the memory device is a home location register storing subscriber-specific data.
10. Method in accordance with one of claims 1 to 9, characterized in that at least one of the code words is generated by access device (A) and is valid only for one access session.
11. Method in accordance with claim 10, characterized in that at least one of the code words is generated using a subscriber identification and at least one of time and date.
12. Method in accordance with one of claims 1 to 11 characterized in that one of the code words is used for data encoding in a data transmission between the access device (A) and at least one of the first and second communication devices (C1, C2)s.
23 23. Method in accordance with one of claims 1 to 12, characterized in that after the release of data access via one of the communications devices (C1, C2) at least one further code word is transmitted to access device (A) to release expanded access to the system or to other data which are stored in the memory device.
14. A device comprising means for carrying out the method steps of one of claims 1 to 13.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/EP1998/004249 WO2000003316A1 (en) | 1997-05-28 | 1998-07-08 | A method for securing access to a remote system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2336935A1 CA2336935A1 (en) | 2000-01-20 |
| CA2336935C true CA2336935C (en) | 2007-01-30 |
Family
ID=8166993
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002336935A Expired - Lifetime CA2336935C (en) | 1998-07-08 | 1998-07-08 | A method for securing access to a remote system |
Country Status (2)
| Country | Link |
|---|---|
| AU (1) | AU759955B2 (en) |
| CA (1) | CA2336935C (en) |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1995019593A1 (en) * | 1994-01-14 | 1995-07-20 | Michael Jeremy Kew | A computer security system |
| US5537474A (en) * | 1994-07-29 | 1996-07-16 | Motorola, Inc. | Method and apparatus for authentication in a communication system |
-
1998
- 1998-07-08 AU AU90641/98A patent/AU759955B2/en not_active Ceased
- 1998-07-08 CA CA002336935A patent/CA2336935C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| AU9064198A (en) | 2000-02-01 |
| CA2336935A1 (en) | 2000-01-20 |
| AU759955B2 (en) | 2003-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6259909B1 (en) | Method for securing access to a remote system | |
| US7133662B2 (en) | Methods and apparatus for restricting access of a user using a cellular telephone | |
| US7715823B2 (en) | Methods and apparatus for restricting access of a user using a cellular telephone | |
| US8335925B2 (en) | Method and arrangement for secure authentication | |
| EP1807966B1 (en) | Authentication method | |
| US6741851B1 (en) | Method for protecting data stored in lost mobile terminal and recording medium therefor | |
| US20060053296A1 (en) | Method for authenticating a user to a service of a service provider | |
| US20120066749A1 (en) | Method and computer program for generation and verification of otp between server and mobile device using multiple channels | |
| US7340525B1 (en) | Method and apparatus for single sign-on in a wireless environment | |
| US7865719B2 (en) | Method for establishing the authenticity of the identity of a service user and device for carrying out the method | |
| KR20010041363A (en) | Method, arrangement and apparatus for authentication through a communications network | |
| JP2001500701A (en) | Preventing misuse of copied subscriber identity in mobile communication systems | |
| KR20030076625A (en) | Method for enabling pki functions in a smart card | |
| JPH1066158A (en) | Security with respect to access control system | |
| CN100361436C (en) | System and method for performing mutual authentication between mobile terminal and server | |
| KR20050053967A (en) | Authorization system and method for utilizing one time password based on time synchronization | |
| EP1119147A1 (en) | Provision of secure access for telecommunications system | |
| CA2336935C (en) | A method for securing access to a remote system | |
| US20060101149A1 (en) | Method for verifying the authentication of a manager application in a telecommunications management network operating system by means of a network element and network element suitable therefor | |
| JP2001298774A (en) | Method for authenticating use of wireless phone | |
| JP2002318785A (en) | Device and method for authentication | |
| KR20070092917A (en) | Method and system for transmitting authentication and personal security information of internet user through mobile communication network | |
| KR100367777B1 (en) | secure service system and method of supporting secure service | |
| US20040152448A1 (en) | Method and arrangement for authenticating terminal equipment | |
| MXPA01000013A (en) | A method for securing access to a remote system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |