[go: up one dir, main page]

WO2010128451A3 - Methods of robust multi-factor authentication and authorization and systems thereof - Google Patents

Methods of robust multi-factor authentication and authorization and systems thereof Download PDF

Info

Publication number
WO2010128451A3
WO2010128451A3 PCT/IB2010/051938 IB2010051938W WO2010128451A3 WO 2010128451 A3 WO2010128451 A3 WO 2010128451A3 IB 2010051938 W IB2010051938 W IB 2010051938W WO 2010128451 A3 WO2010128451 A3 WO 2010128451A3
Authority
WO
WIPO (PCT)
Prior art keywords
user
server
communication network
mobile device
verification
Prior art date
Application number
PCT/IB2010/051938
Other languages
French (fr)
Other versions
WO2010128451A2 (en
Inventor
Kwok Yan Karch Lam
Jianbin Li
Guisi Wang
Jianping Song
Original Assignee
Privylink Private Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Privylink Private Limited filed Critical Privylink Private Limited
Priority to SG2011080629A priority Critical patent/SG175860A1/en
Publication of WO2010128451A2 publication Critical patent/WO2010128451A2/en
Publication of WO2010128451A3 publication Critical patent/WO2010128451A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Methods and systems of user authentication and authorization are provided. An application hosted in a server is in communication with a user computing device via a first communication network and the server application is in further communication with a user mobile device via a second communication network. The authentication method begins with a user sending a login request from the user computing device to the server application. The server application generates and sends a challenge to the user mobile device. The user mobile device then derives and returns a response to the server via the second communication network for verification. The user mobile device further derives and displays a context-based one-time passcode (OTP) for the user to submit from the user computing device to the server application via the first communication network for verification. The server subsequently verifies the received response and context-based OTP and grants the user access right if the verification is positive.
PCT/IB2010/051938 2009-05-04 2010-05-04 Methods of robust multi-factor authentication and authorization and systems thereof WO2010128451A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
SG2011080629A SG175860A1 (en) 2009-05-04 2010-05-04 Methods of robust multi-factor authentication and authorization and systems thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG200903010-7A SG166028A1 (en) 2009-05-04 2009-05-04 Methods of robust multi-factor authentication and authorization and systems thereof
SG200903010-7 2009-05-04

Publications (2)

Publication Number Publication Date
WO2010128451A2 WO2010128451A2 (en) 2010-11-11
WO2010128451A3 true WO2010128451A3 (en) 2011-03-24

Family

ID=43050566

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2010/051938 WO2010128451A2 (en) 2009-05-04 2010-05-04 Methods of robust multi-factor authentication and authorization and systems thereof

Country Status (2)

Country Link
SG (2) SG166028A1 (en)
WO (1) WO2010128451A2 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103583060A (en) * 2011-06-03 2014-02-12 黑莓有限公司 System and method for accessing private networks
CN103427999A (en) * 2013-08-23 2013-12-04 北京易优安信息技术有限公司 User authentication method and system
US9477852B1 (en) 2014-07-24 2016-10-25 Wells Fargo Bank, N.A. Augmented reality numberless transaction card
US9679152B1 (en) 2014-07-24 2017-06-13 Wells Fargo Bank, N.A. Augmented reality security access
CN104113556A (en) * 2014-07-31 2014-10-22 国家超级计算深圳中心(深圳云计算中心) Network logon authentication method and system, mobile terminal and application server
US10142841B2 (en) * 2016-07-11 2018-11-27 Disney Enterprises, Inc. Configuration for multi-factor event authorization
US11651357B2 (en) 2019-02-01 2023-05-16 Oracle International Corporation Multifactor authentication without a user footprint
NL2026156B1 (en) 2020-07-24 2022-04-12 Anthony Francis Everts Roy A method that adequately protects the authentic identity and personal data of a natural person and remotely confirms the authentic identity of this natural person through a trusted entity to a beneficiary party.

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040083272A (en) * 2003-03-21 2004-10-01 (주)뱅크타운 Method and System for Authentication of User on Web and/or Wireless Network by Using Mobile Terminal Loaded a Challenge/Response Based Mobile One-Time Password Module
KR20070077569A (en) * 2006-01-24 2007-07-27 삼성전자주식회사 One time password service system and method using a mobile phone
KR20080061714A (en) * 2006-12-28 2008-07-03 손민석 User authentication method based on one-time password generated in mobile communication terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040083272A (en) * 2003-03-21 2004-10-01 (주)뱅크타운 Method and System for Authentication of User on Web and/or Wireless Network by Using Mobile Terminal Loaded a Challenge/Response Based Mobile One-Time Password Module
KR20070077569A (en) * 2006-01-24 2007-07-27 삼성전자주식회사 One time password service system and method using a mobile phone
KR20080061714A (en) * 2006-12-28 2008-07-03 손민석 User authentication method based on one-time password generated in mobile communication terminal

Also Published As

Publication number Publication date
WO2010128451A2 (en) 2010-11-11
SG166028A1 (en) 2010-11-29
SG175860A1 (en) 2011-12-29

Similar Documents

Publication Publication Date Title
WO2010128451A3 (en) Methods of robust multi-factor authentication and authorization and systems thereof
US9104853B2 (en) Supporting proximity based security code transfer from mobile/tablet application to access device
MX2015009993A (en) Method, apparatus and system for access verification.
WO2013120026A3 (en) Enabling secure access to a discovered location server for a mobile device
US20200120469A1 (en) Systems and methods for updating a mobile device
GB2523710A (en) Multi-factor authentication and comprehensive login system for client-server networks
EP2887615A1 (en) Cloud-based scalable authentication for electronic devices
IN2013MU03727A (en)
WO2012149262A3 (en) Interactive control of alarm systems by telephone interface using an intermediate gateway
WO2013106094A3 (en) System and method for device registration and authentication
WO2010140876A8 (en) Method, system and secure server for multi-factor transaction authentication
WO2010093636A3 (en) Devices, systems and methods for secure verification of user identity
WO2009050583A9 (en) Secure network interactions using desktop agent
WO2012094205A3 (en) Methods and systems for providing a signed digital certificate in real time
GB2464552B (en) Authentication system and method for authenticating a user terminal with an access node providing restricted access to a communication network
MX346056B (en) Method and/or system for user authentication with targeted electronic advertising content through personal communication devices.
MX356039B (en) System and method for authorizing access to access-controlled environments.
WO2011123671A3 (en) Mutual mobile authentication using a key management center
WO2014132193A3 (en) Systems, methods and devices for performing passcode authentication
WO2013185147A3 (en) Authorizing a transaction between a client device and a server using a scannable code
MX2015014587A (en) Method and system for activating credentials.
WO2012144849A3 (en) Access authentication method for multiple devices and platforms
MX2015015510A (en) Network access method and device.
WO2011088276A3 (en) Broadcast area authentication
WO2013030836A8 (en) Method and system for authorizing an action at a site

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10772081

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10772081

Country of ref document: EP

Kind code of ref document: A2