WO1995019593A1 - A computer security system - Google Patents
A computer security system Download PDFInfo
- Publication number
- WO1995019593A1 WO1995019593A1 PCT/GB1995/000059 GB9500059W WO9519593A1 WO 1995019593 A1 WO1995019593 A1 WO 1995019593A1 GB 9500059 W GB9500059 W GB 9500059W WO 9519593 A1 WO9519593 A1 WO 9519593A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- code
- user
- transformation
- transformed
- receiver
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
- G06F21/43—User authentication using separate channels for security data wireless channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
Definitions
- the present invention relates to a computer security system and comprises a method and apparatus for preventing unauthorized access to a host computer system.
- a method of preventing unauthorised access to a host computer system by a user at a remote terminal comprising the steps of accepting a user identification code input to the terminal by the user; generating a random code (Code A) ; subjecting Code A to a transformation characteristic of a transformation algorithm identified by the input user identification code so as to generate a transformed code (Code B) ; transmitting Code A via a paging system, to a receiver held by the user, the receiver comprising transformation means adapted to transform the received Code A to a second transformed code (Code C) , and means for displaying Code C to the user; accepting input of Code C to the terminal by the user; comparing Code C with Code B; and permitting access to the host system only if Code C matches Code B.
- apparatus for preventing unauthorized access to a host computer system by a user at a remote terminal, the apparatus comprising means for accepting a user identification code input to the terminal by the user; means for generating a random code (Code A) , and for subjecting Code A to a transformation to generate a transformed code (Code B) ; a transmitter for transmitting Code A via a paging system; a receiver held by the user, the receiver comprising transformation means adapted to transform the received Code A to a second transformed code (Code C) , and means for displaying Code C to the user; means for accepting input of Code C by the user; means for comparing Code C with Code B; and means for permitting access to the host system if Code C matches Code B.
- the receiver carried by an authorized user will have logic circuitry programmed with a transformation algorithm which is characteristic of that receiver.
- the host computer system identifies the corresponding transformation algorithm in a database from the code and transforms the random code (Code A) to a new Code B in such a manner that the Code C, produced by the user's receiver from the transmitted code, will be identical to Code B with which it is compared.
- the transformation algorithms associated with each receiver may be completely different, or may be the same base algorithm which is convoluted with a code corresponding to the user's identification code so as to generate characteristic transformed codes.
- the algorithms used are all, so called, one-way algorithms.
- the user identification code should preferably be treated by the user as a secret code and not be marked on the receiver. It is thus comparable with a personal identification number (PIN) familiar from many other contexts.
- PIN personal identification number
- the receiver can only be enabled for a predetermined period to permit it to transform the received Code A to the transformed Code C by input of a second user identification code by the user.
- This second code may also be in the form of a PIN. In this way additional security is provided since an unauthorised user cannot gain access to the system even if he has possession of the receiver and knows the user identification code without knowledge of the second identification or activation code.
- the signal incorporating Code A which is transmitted by the paging system also incorporates an identifier to enable the receiver to pick out the signal from a plurality which may be being transmitted at the same time.
- the receiver is preferably always responsive to reception of its identifier regardless of whether or not it has been enabled by the user.
- the receiver is responsive to reception of its identifier in circumstances when the authorised user is not attempting to gain access to the host system. In this way the receiver can alert the authorised user that an attempt at unauthorised access is being made. Preferably, therefore, the receiver emits an alarm or otherwise operates to alert the user in these circumstances.
- the means for displaying Code C on the receiver can be a liquid crystal display or other conventional display means.
- the means by which the signal is transmitted via the paging system and the means by which the transmitted signal is received by the receiver may both utilise technology which is generally conventional in paging systems.
- the method preferably comprises the additional steps of generating an access code by the terminal based on the user identification code and at least one of a terminal code for identifying the remote terminal, a network identification code for identifying which of a plurality of networks the remote terminal is connected to, and a software code identifying the presence or absence of particular software stored at the remote terminal site and accessible by its CPU; transmitting the access code to the host computer system; deconstructing the access code to produce at least one computer identification code and the user identification code; generating a second random code (Code D) ; subjecting Code D and the computer identification code to a transformation characteristic of a transformation algorithm so as to generate a transformed code (Code E) ; subjecting Code A to a transformation characteristic of both the transformation algorithm identified by the input user identification code and Code E so as to generate the transformed code (Code B) ; passing Code D to the remote terminal which also subjects Code D and the computer identification code to a transformation characteristic of a transformation algorithm so as to generate a transformed code (Code F) ; passing Code F to
- the method comprises the further additional steps of deconstructing the access code to produce the user identification code, a first computer identification code characteristic of the computer hardware identifying portions of the access code and a second computer identification code characteristic of the computer software identifying portions of the access code; generating a second random code (Code Dl) and a third random code (Code D2) ; subjecting Code Dl and the first computer identification code to a transformation characteristic of a transformation algorithm so as to generate a transformed code (Code El) ; subjecting Code D2 and the second computer identification code to a transformation characteristic of a transformation algorithm so as to generate a transformed code (Code E2) ; and combining in a predetermined fashion Codes El and E2 or parts thereof to produce the transformed code (Code E) ; passing Code Dl and Code D2 to the remote terminal (2) which subjects Code Dl and the first computer identification code to a transformation characteristic of a transformation algorithm so as to generate a transformed code (Code Fl), and which subjects Code D2 and the second computer identification code to a transformation characteristic of a transformation algorithm so
- the system can be used to display sensitive information which, for example, can be made available for viewing only and not for further analysis at the remote terminal.
- the receiver preferably takes the form of a security key which is linked to the remote terminal.
- the receiver is linked to the central processing unit either by a plug and socket arrangement or by an infrared transmission system for the passage of information therebetween.
- Fig. 1 is a schematic view of a first embodiment of a computer security system according to the invention.
- Fig. 2 is a view similar to Fig. 1 but of a second embodiment of the system and additionally showing logic operations carried out by various components of the system.
- a host computer system typically one of several arranged in a local area network (LAN) , may be accessed from any one or more of a series of remote terminals 2, 3, 4 via a telephone line link.
- LAN local area network
- a user at one of the terminals, say terminal 2 must first verify his or her identity by satisfying a security barrier system or security server 5, which is effectively interposed between the remote terminals 2, 3, 4 and the host system 1.
- the user carries a receiver unit 6 which includes encryption means for encryption of received codes.
- the unit will include logic circuitry to do this which preferably itself includes an EPROM or erasable programmable read only memory where the algorithm required is stored. As previously mentioned, this algorithm is preferably a one-way algorithm.
- the receiver unit 6 also stores in the EPROM an identity code.
- This identity code is a key for the one-way algorithm and is such that when applied to the algorithm, together with a code to be encrypted the resultant code is characteristic of the particular receiver unit 6.
- the security server 5 When the user seeks access to the host system 1 via the terminal 2 , he enters his user identification code.
- This code may take any suitable form, for example his actual name or preferably a more secure code such as a PIN.
- the security server 5 includes a database of all authorised users and their authorised receiver units 6, and identifies the corresponding identity code for the appropriate receiver unit 6.
- the security server 5 then generates a random code (Code A) and subjects this number to an encryption using the same one-way algorithm as is stored in the user's receiver 6 together with the corresponding identity code. In this way a transformed code (Code B) is produced.
- the security server 5 In addition to producing the transformed Code B, the security server 5 also transmits the random code to a paging system 7 along with an indentifier or identifying tag which can be recognized by the receiver unit 6.
- the identifying tag and the random code are then broadcast by the paging system 7, typically using a radiofrequency transmitter, in a fashion similar to conventional paging systems. Whilst the receiver unit 6 will pick up all codes broadcast on a particular frequency, the receiver unit 6 will use the identifier to pick out the appropriate signal meant for it from a plurality which may be being transmitted at the same time.
- the user After or before entering his identification code into the terminal 2, the user also activates the receiver unit 6 by entering a second user identification code, which is also preferably in the form of a secret PIN, via a keypad 8.
- a second user identification code which is also preferably in the form of a secret PIN, via a keypad 8.
- the receiver unit 6 can receive the broadcast signal regardless of whether it has been activated or not, but activation enables the logic circuitry of the receiver unit 6 to permit it to encrypt the received random code.
- the receiver unit 6 therefore uses the received random number and the identity code stored in its own EPROM to produce a transformed code (Code C) via its own characteristic algorithm.
- This transformed Code C is then displayed to the user on a display means 9, preferably a liquid crystal display, for a predetermined length of time such as five minutes.
- the terminal 2 at the behest of the security server 5 prompts the user to input the transformed Code C displayed by the receiver unit 6.
- the security server 5 compares the input Code C with the transformed code, Code B, it produced by encryption of the random code, Code A. If Code B and Code C are identical, access to the host system 1 is permitted.
- FIG. 2 A second more sophisticated embodiment of the invention is shown in Fig. 2 and the same reference numbers are used in Fig. 1 as have been used in Fig. 1 to indicate similar features of the system.
- logic operations carried out by various components of the system are shown in the rounded edged boxes.
- This second embodiment enables verification of the actual remote terminal 2, the network system to which it is connected, and the software it has access to. In this way, highly secure information can be made available for viewing but not made available to terminals which may have the capability to store or process the information further.
- the receiver unit 6 would probably, but not necessarily, comprise a stand-alone piece of equipment
- the receiver unit 6 is intended to be linked to the remote terminal 2 for the passage of information therebetween.
- This linkage could be by any conventional means, such as a plug/socket arrangement whereby the unit 6 is plugged into one of the output ports of the terminal 2 or an infrared transmission system.
- the receiver unit 6 forms a security key for the system and must be connected to the terminal 2 before the latter can be used to access the host system 1.
- the terminal 2 also comprises a central processing unit (CPU) in its own right and is preferably in the form of a personal computer (PC) .
- CPU central processing unit
- PC personal computer
- the terminal 2 will also have its own terminal identity code.
- security software which monitors other software which can be accessed and run by the terminal.
- the security software supplies appropriately encrypted software identity codes dependent on this software.
- the network system to which the terminal 2 is connected can also be verified.
- the terminal's token ring identification code can be used for this purpose.
- the system operates as follows.
- the user first attaches the receiver unit 6 or security key to the terminal 2 and enables the unit 6 by entering his second user identification code in the form of a secret PIN, via the keypad 8.
- This PIN is known only to the user and the receiver unit 6 could be constructed so that this number can be changed by the user by following a predetermined routine.
- the user's first identification code (USER ID), which can again comprise the user's name is entered into the terminal 2.
- the security software running on the terminal 2 which enables the dialogue with the user.
- This security software now generates an access code or what can be considered as an access "claim” based on the user's identification code (USER ID) and one or more, and preferably all of the terminal identity code (TERMINAL ID), the network identification code (NETWORK ID) , and one or more software identity codes (SOFTWARE ID) .
- This access code or claim is passed to the security server 5 of the host computer system 1 that it is desired to access.
- the security server 5 deconstructs the access code or claim into its constituent parts. In the same way as the first embodiment, it uses the user identification code (USER ID) to access its database to locate the corresponding identity code for the appropriate receiver unit 6. As before, the security server 5 then generates a random code (Code A) and subjects this number to an encryption using the same one-way algorithm as is stored in the user's receiver 6 to produce the transformed code (Code B) . However, in this embodiment a third code (Code E) is used as a second encryption key. This third Code E is obtained by using the other identification codes comprising the access claim as will now be described. .
- the security server takes the terminal identity code and network identity code and combines these or parts of these in a predetermined manner to form a hardware code (HARDWARE ID) or first computer identification code. It then generates a second random number (Code Dl) which is encrypted using a predetermined one-way algorithm, to produce a first transformed code (Code El) .
- HARDWARE ID hardware code
- Code Dl second random number
- Code El first transformed code
- a similar operation is performed on the software identity codes (SOFTWARE ID) . If more than one of these comprises part of the access claim, then they are combined or parts of them are combined in a predetermined manner to form a single code which comprises the second computer identification code.
- the security server 5 generates a third random number (Code D2) , which is encrypted using a predetermined one-way algorithm to produce a second transformed code (Code E2) .
- the first and second transformed codes, Code El and Code E2 are then combined in a predetermined manner to form a single transformed code which comprises the Code E which is used in the production of Code B.
- the security server 5 transmits the first random code, Code A, along with an indentifier or identifying tag which can be recognized by the security key 6 to the paging system 7.
- the identifying tag and the random code, Code A are then broadcast by the paging system 7 for the security key 6 to pick up, identity and store.
- the security server 5 passes the second and third random numbers, Code Dl and Code D2, along with the transformed code, Code B, back to the host computer system 1.
- the host computer system 1 then passes the second and third random numbers, Code Dl and Code D2, back to the terminal 2.
- the the security software running on the terminal 2 uses the Codes Dl and D2 along with the hardware and software identification codes, which it constructed as part of the access claim, to produce respectively transformed Codes Fl and F2. These are then are then combined in the same predetermined manner as the Codes El and E2 to produce a single transformed code, Code
- This single transformed code, Code F is then passed by the terminal 2 to the security key 6.
- the security key is now able to encrypt the received Code A using the Code F and the user identification code it contains via the one ⁇ way algorithm in its logic circuitry to produce the transformed code, Code C.
- the resultant code, Code C is then displayed on the display means 9 of the security key for the user to enter into the terminal 2 at the behest of the host computer system 1.
- the system 1 can then compare the entered transformed code, Code C, with that, Code B, transmitted to it from the security server 5. Access to the system 1 is then only permitted if the two codes, Code B and Code C, are identical.
- the computer security system not only verifies that the user's identification code and the security key 6 but also the terminal 2 and its network and stored software.
- Code D can be encrypted to produce a single transformed code, Code E, which can then be used directly in the encryption of Code A.
- all the algorithms used in the system should comprise one-way algorithms.
- the receiver unit or security key 6 is preferably always responsive to reception of its identifier regardless of whether or not it has been enabled by the user. Hence, the receiver 6 is responsive to reception of its identifier in circumstances when the authorised user is not attempting to gain access to the host system. In this way the receiver 6 can be used to alert the authorised user that an attempt at unauthorised access is being made as well as act as a conventional pager which can request the user to log into a particular computer system 1 or otherwise receive pager messages.
- a host computer system 1 can request users to log in to receive, for example, electronic mail, or to carry out other operations.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU13903/95A AU1390395A (en) | 1994-01-14 | 1995-01-12 | A computer security system |
GB9614521A GB2300288A (en) | 1994-01-14 | 1995-01-12 | A computer security system |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9400602A GB9400602D0 (en) | 1994-01-14 | 1994-01-14 | Computer security system |
GB9400602.0 | 1994-01-14 | ||
GB9415779A GB9415779D0 (en) | 1994-08-04 | 1994-08-04 | Computer security system |
GB9415779.9 | 1994-08-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1995019593A1 true WO1995019593A1 (en) | 1995-07-20 |
Family
ID=26304162
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1995/000059 WO1995019593A1 (en) | 1994-01-14 | 1995-01-12 | A computer security system |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU1390395A (en) |
WO (1) | WO1995019593A1 (en) |
Cited By (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997031306A1 (en) * | 1996-02-23 | 1997-08-28 | Nokia Mobile Phones Ltd. | Method for obtaining at least one item of user authentication data |
EP0817518A2 (en) * | 1996-07-03 | 1998-01-07 | AT&T Corp. | Method for controlled access to a secured system |
EP0844551A2 (en) * | 1996-10-28 | 1998-05-27 | Brian J. Veneklase | Computer security system |
WO1999026124A1 (en) * | 1997-11-19 | 1999-05-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network |
WO1999023617A3 (en) * | 1997-11-04 | 1999-07-15 | Gilles Kremer | Method for transmitting data and implementing server |
EP0875871A3 (en) * | 1997-04-29 | 1999-07-21 | Kim Schmitz | Authorization method in data transfer systems |
WO1999044114A1 (en) * | 1998-02-25 | 1999-09-02 | Telefonaktiebolaget Lm Ericsson | Method, arrangement and apparatus for authentication through a communications network |
WO1999056520A2 (en) * | 1998-04-23 | 1999-11-11 | House Of Added Value Ab | A method of storing and retrieving personal codes |
WO2000003316A1 (en) * | 1997-05-28 | 2000-01-20 | Telefonaktiebolaget Lm Ericsson (Publ) | A method for securing access to a remote system |
WO2000079366A1 (en) * | 1999-06-21 | 2000-12-28 | Catherin Mitta | Method for the personal identification of mobile users |
EP1107089A1 (en) * | 1999-12-11 | 2001-06-13 | Connectotel Limited | Strong authentication method using a telecommunications device |
GB2360860A (en) * | 2000-03-29 | 2001-10-03 | Ncr Int Inc | Facilitating on-line transactions |
GB2361558A (en) * | 1997-05-28 | 2001-10-24 | Ericsson Telefon Ab L M | A method for securing access to a remote system |
WO2001080525A1 (en) * | 2000-04-14 | 2001-10-25 | Sun Microsystems, Inc. | Network access security |
GB2362489A (en) * | 2000-05-15 | 2001-11-21 | Tom Com Entpr Ltd | Secure communication |
WO2001099382A2 (en) * | 2000-06-19 | 2001-12-27 | Allen Robert Yaxley | A method and system of controlling access to a remote location |
WO2002013154A1 (en) * | 2000-08-09 | 2002-02-14 | Vodafone Holding Gmbh | Method of payment at any sales or service establishment by mobile telephone |
DE10040644A1 (en) * | 2000-08-14 | 2002-02-28 | Arndt Jablonowski | Data transmitting method for Internet-based payment system, involves sending divided frames of payment data, to processor through two channels using different protocols |
GB2366966A (en) * | 2000-09-07 | 2002-03-20 | Swivel Technologies Ltd | Verifying the identity of a device or user in an electronic communications environment |
GB2369469A (en) * | 2000-11-28 | 2002-05-29 | Swivel Technologies Ltd | Secure data transfer method |
NL1015398C2 (en) * | 2000-06-07 | 2002-07-16 | Helger Christian Bouterse | User authentication in computer and telephone network, based on authorisation code transmitted as part of telephone number |
DE10102779A1 (en) * | 2001-01-22 | 2002-08-29 | Utimaco Safeware Ag | Mobile phone transaction authorisation system has separate encrypted password link |
WO2002084456A2 (en) * | 2001-04-12 | 2002-10-24 | Netdesigns Limited | User identity verification system |
EP1253500A1 (en) * | 2001-04-26 | 2002-10-30 | Nokia Corporation | Method and device for authenticating a user on a remote server |
EP1282044A1 (en) * | 2000-03-03 | 2003-02-05 | Kabushiki Kaisha Eighting | Authenticating method |
GB2379040A (en) * | 2001-08-22 | 2003-02-26 | Int Computers Ltd | Controlling user access to a remote service by sending a one-time password to a portable device after normal login |
AU759955B2 (en) * | 1998-07-08 | 2003-05-01 | Telefonaktiebolaget Lm Ericsson (Publ) | A method for securing access to a remote system |
EP1313075A2 (en) * | 2001-11-19 | 2003-05-21 | Fujitsu Limited | Electronic money processing method and program |
GB2387002A (en) * | 2002-02-20 | 2003-10-01 | 1Revolution Group Plc | Personal identification system and method using a mobile device |
WO2003083793A2 (en) * | 2002-04-03 | 2003-10-09 | Swivel Secure Limited | System and method for secure credit and debit card transactions |
GB2391646A (en) * | 2002-08-06 | 2004-02-11 | James Andrew Groves | Secure web page authenication method using a telephone number or SMS message |
EP1424617A1 (en) * | 2002-11-26 | 2004-06-02 | Siemens Aktiengesellschaft | Method for authentication and charging for a sucbriber in a wireless network |
US6747755B1 (en) * | 1999-04-14 | 2004-06-08 | Canon Kabushiki Kaisha | Code generation method, terminal apparatus, code processing method, issuing apparatus, and code issuing method |
WO2004054196A1 (en) | 2002-12-09 | 2004-06-24 | Research In Motion Limited | System and method of secure authentication information distribution |
WO2005062613A1 (en) * | 2003-12-18 | 2005-07-07 | Nptv | Method for accessing an interactive television session by short message (sms) |
US6971027B1 (en) | 1999-04-01 | 2005-11-29 | Veneklase Brian J | Computer security system |
US7043635B1 (en) | 2000-09-15 | 2006-05-09 | Swivel Secure Limited | Embedded synchronous random disposable code identification method and system |
EP1578155A3 (en) * | 2004-03-16 | 2006-08-23 | Broadcom Corporation | Integration of secure identification logic into cell phone |
WO2007006771A1 (en) * | 2005-07-13 | 2007-01-18 | Gemplus | Transaction authorization method and device |
CN1319000C (en) * | 2001-10-19 | 2007-05-30 | 环球速度有限公司 | System and method for controlling transmission of data packets over an information network |
EP1840814A1 (en) * | 2006-03-17 | 2007-10-03 | Hitachi Software Engineering Co., Ltd. | Verification system |
US7289799B1 (en) | 1999-04-14 | 2007-10-30 | Canon Kabushiki Kaisha | Portable terminal apparatus and terminal apparatus |
EP1868125A1 (en) * | 2006-06-16 | 2007-12-19 | Savernova S.A. | Method for identifying a user of a computer system |
US7392388B2 (en) | 2000-09-07 | 2008-06-24 | Swivel Secure Limited | Systems and methods for identity verification for secure transactions |
US7395050B2 (en) | 2002-04-16 | 2008-07-01 | Nokia Corporation | Method and system for authenticating user of data transfer device |
WO2010115795A1 (en) | 2009-04-06 | 2010-10-14 | Giesecke & Devrient Gmbh | Method for carrying out an application with the aid of a portable data storage medium |
US8462920B2 (en) | 2005-01-11 | 2013-06-11 | Telesign Corporation | Registration, verification and notification system |
EP2738996A1 (en) * | 2012-11-30 | 2014-06-04 | Gemalto SA | Method, device and system for accessing a server |
US8973109B2 (en) | 2011-11-29 | 2015-03-03 | Telesign Corporation | Dual code authentication system |
CN104429036A (en) * | 2011-10-12 | 2015-03-18 | 科技商业管理有限公司 | System for secure ID authentication |
US9161222B2 (en) | 2012-08-26 | 2015-10-13 | Vokee Applications, Ltd. | Verifying an association between an application and a mobile device through a telecommunication network |
US9166967B2 (en) | 2012-09-26 | 2015-10-20 | Telesign Corporation | Comprehensive authentication and identity system and method |
US9275211B2 (en) | 2013-03-15 | 2016-03-01 | Telesign Corporation | System and method for utilizing behavioral characteristics in authentication and fraud prevention |
US9703938B2 (en) | 2001-08-29 | 2017-07-11 | Nader Asghari-Kamrani | Direct authentication system and method via trusted authenticators |
US9727864B2 (en) | 2001-08-29 | 2017-08-08 | Nader Asghari-Kamrani | Centralized identification and authentication system and method |
US9762576B2 (en) | 2006-11-16 | 2017-09-12 | Phonefactor, Inc. | Enhanced multi factor authentication |
US10567385B2 (en) | 2010-02-25 | 2020-02-18 | Secureauth Corporation | System and method for provisioning a security token |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4679236A (en) * | 1984-12-21 | 1987-07-07 | Davies Richard E | Identification verification method and system |
WO1990013213A1 (en) * | 1989-04-14 | 1990-11-01 | Blick Communications Limited | Radio pagers |
-
1995
- 1995-01-12 WO PCT/GB1995/000059 patent/WO1995019593A1/en active Application Filing
- 1995-01-12 AU AU13903/95A patent/AU1390395A/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4679236A (en) * | 1984-12-21 | 1987-07-07 | Davies Richard E | Identification verification method and system |
WO1990013213A1 (en) * | 1989-04-14 | 1990-11-01 | Blick Communications Limited | Radio pagers |
Cited By (108)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997031306A1 (en) * | 1996-02-23 | 1997-08-28 | Nokia Mobile Phones Ltd. | Method for obtaining at least one item of user authentication data |
US6112078A (en) * | 1996-02-23 | 2000-08-29 | Nokia Mobile Phones, Ltd. | Method for obtaining at least one item of user authentication data |
EP0817518A2 (en) * | 1996-07-03 | 1998-01-07 | AT&T Corp. | Method for controlled access to a secured system |
EP0817518A3 (en) * | 1996-07-03 | 1999-09-08 | AT&T Corp. | Method for controlled access to a secured system |
US6609206B1 (en) | 1996-10-28 | 2003-08-19 | Brian J. Veneklase | Computer security system |
EP0844551A2 (en) * | 1996-10-28 | 1998-05-27 | Brian J. Veneklase | Computer security system |
EP0844551A3 (en) * | 1996-10-28 | 1998-07-01 | Brian J. Veneklase | Computer security system |
US5881226A (en) * | 1996-10-28 | 1999-03-09 | Veneklase; Brian J. | Computer security system |
US9053316B2 (en) | 1996-10-28 | 2015-06-09 | C.H.I. Development Mgmt. Ltd. Iii, Llc | Secure access computer system |
EP0875871A3 (en) * | 1997-04-29 | 1999-07-21 | Kim Schmitz | Authorization method in data transfer systems |
US6078908A (en) * | 1997-04-29 | 2000-06-20 | Schmitz; Kim | Method for authorizing in data transmission systems |
WO2000003316A1 (en) * | 1997-05-28 | 2000-01-20 | Telefonaktiebolaget Lm Ericsson (Publ) | A method for securing access to a remote system |
GB2361558A (en) * | 1997-05-28 | 2001-10-24 | Ericsson Telefon Ab L M | A method for securing access to a remote system |
GB2361558B (en) * | 1997-05-28 | 2003-07-23 | Ericsson Telefon Ab L M | A method for securing access to a remote system |
WO1999023617A3 (en) * | 1997-11-04 | 1999-07-15 | Gilles Kremer | Method for transmitting data and implementing server |
EP1107203A3 (en) * | 1997-11-04 | 2001-11-14 | Magicaxess | Method for data transmission and implementing server |
AU753318B2 (en) * | 1997-11-19 | 2002-10-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network |
US6230002B1 (en) | 1997-11-19 | 2001-05-08 | Telefonaktiebolaget L M Ericsson (Publ) | Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network |
WO1999026124A1 (en) * | 1997-11-19 | 1999-05-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network |
WO1999044114A1 (en) * | 1998-02-25 | 1999-09-02 | Telefonaktiebolaget Lm Ericsson | Method, arrangement and apparatus for authentication through a communications network |
EP1058872B2 (en) † | 1998-02-25 | 2011-04-06 | TELEFONAKTIEBOLAGET LM ERICSSON (publ) | Method, arrangement and apparatus for authentication through a communications network |
KR100683976B1 (en) * | 1998-02-25 | 2007-02-15 | 텔레폰악티에볼라겟 엘엠 에릭슨(펍) | Method, arrangement and apparatus for authentication |
CN100380267C (en) * | 1998-02-25 | 2008-04-09 | 艾利森电话股份有限公司 | Method, arrangement and apparatus for authentication through communications network |
US6430407B1 (en) | 1998-02-25 | 2002-08-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Method, apparatus, and arrangement for authenticating a user to an application in a first communications network by means of a mobile station communicating with the application through a second communications network |
AU755054B2 (en) * | 1998-02-25 | 2002-12-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Method, arrangement and apparatus for authentication through a communications network |
WO1999056520A3 (en) * | 1998-04-23 | 1999-12-16 | House Of Added Value Ab | A method of storing and retrieving personal codes |
WO1999056520A2 (en) * | 1998-04-23 | 1999-11-11 | House Of Added Value Ab | A method of storing and retrieving personal codes |
AU759955B2 (en) * | 1998-07-08 | 2003-05-01 | Telefonaktiebolaget Lm Ericsson (Publ) | A method for securing access to a remote system |
US6971027B1 (en) | 1999-04-01 | 2005-11-29 | Veneklase Brian J | Computer security system |
US7289799B1 (en) | 1999-04-14 | 2007-10-30 | Canon Kabushiki Kaisha | Portable terminal apparatus and terminal apparatus |
US6747755B1 (en) * | 1999-04-14 | 2004-06-08 | Canon Kabushiki Kaisha | Code generation method, terminal apparatus, code processing method, issuing apparatus, and code issuing method |
WO2000079366A1 (en) * | 1999-06-21 | 2000-12-28 | Catherin Mitta | Method for the personal identification of mobile users |
EP1107089A1 (en) * | 1999-12-11 | 2001-06-13 | Connectotel Limited | Strong authentication method using a telecommunications device |
EP1282044A4 (en) * | 2000-03-03 | 2003-05-02 | Eighting Kk | Authenticating method |
EP1980967A3 (en) * | 2000-03-03 | 2009-01-28 | Kabushiki Kaisha Eighting | Individual certification method using musical sound data |
EP2110768A1 (en) * | 2000-03-03 | 2009-10-21 | Kabushiki Kaisha Eighting | Individual certification method using bar code |
EP1282044A1 (en) * | 2000-03-03 | 2003-02-05 | Kabushiki Kaisha Eighting | Authenticating method |
GB2360860B (en) * | 2000-03-29 | 2004-10-13 | Ncr Int Inc | A method of and apparatus for facilitating on-line transactions |
GB2360860A (en) * | 2000-03-29 | 2001-10-03 | Ncr Int Inc | Facilitating on-line transactions |
WO2001080525A1 (en) * | 2000-04-14 | 2001-10-25 | Sun Microsystems, Inc. | Network access security |
GB2362489A (en) * | 2000-05-15 | 2001-11-21 | Tom Com Entpr Ltd | Secure communication |
NL1015398C2 (en) * | 2000-06-07 | 2002-07-16 | Helger Christian Bouterse | User authentication in computer and telephone network, based on authorisation code transmitted as part of telephone number |
WO2001099382A3 (en) * | 2000-06-19 | 2002-03-21 | Allen Robert Yaxley | A method and system of controlling access to a remote location |
WO2001099382A2 (en) * | 2000-06-19 | 2001-12-27 | Allen Robert Yaxley | A method and system of controlling access to a remote location |
WO2002013154A1 (en) * | 2000-08-09 | 2002-02-14 | Vodafone Holding Gmbh | Method of payment at any sales or service establishment by mobile telephone |
DE10040644A1 (en) * | 2000-08-14 | 2002-02-28 | Arndt Jablonowski | Data transmitting method for Internet-based payment system, involves sending divided frames of payment data, to processor through two channels using different protocols |
GB2366966B (en) * | 2000-09-07 | 2002-08-07 | Swivel Technologies Ltd | Embedded synchronous random disposable code identification method and system |
GB2366966A (en) * | 2000-09-07 | 2002-03-20 | Swivel Technologies Ltd | Verifying the identity of a device or user in an electronic communications environment |
US7392388B2 (en) | 2000-09-07 | 2008-06-24 | Swivel Secure Limited | Systems and methods for identity verification for secure transactions |
US7043635B1 (en) | 2000-09-15 | 2006-05-09 | Swivel Secure Limited | Embedded synchronous random disposable code identification method and system |
GB2369469B (en) * | 2000-11-28 | 2002-10-23 | Swivel Technologies Ltd | Secure file transfer method and system |
GB2369469A (en) * | 2000-11-28 | 2002-05-29 | Swivel Technologies Ltd | Secure data transfer method |
DE10102779A1 (en) * | 2001-01-22 | 2002-08-29 | Utimaco Safeware Ag | Mobile phone transaction authorisation system has separate encrypted password link |
WO2002084456A2 (en) * | 2001-04-12 | 2002-10-24 | Netdesigns Limited | User identity verification system |
GB2377523B (en) * | 2001-04-12 | 2003-11-26 | Netdesigns Ltd | User identity verification system |
WO2002084456A3 (en) * | 2001-04-12 | 2003-10-30 | Netdesigns Ltd | User identity verification system |
GB2377523A (en) * | 2001-04-12 | 2003-01-15 | Netdesigns Ltd | User identity verification system |
EP1253500A1 (en) * | 2001-04-26 | 2002-10-30 | Nokia Corporation | Method and device for authenticating a user on a remote server |
GB2379040A (en) * | 2001-08-22 | 2003-02-26 | Int Computers Ltd | Controlling user access to a remote service by sending a one-time password to a portable device after normal login |
US10083285B2 (en) | 2001-08-29 | 2018-09-25 | Nader Asghari-Kamrani | Direct authentication system and method via trusted authenticators |
US9727864B2 (en) | 2001-08-29 | 2017-08-08 | Nader Asghari-Kamrani | Centralized identification and authentication system and method |
US9703938B2 (en) | 2001-08-29 | 2017-07-11 | Nader Asghari-Kamrani | Direct authentication system and method via trusted authenticators |
US9870453B2 (en) | 2001-08-29 | 2018-01-16 | Nader Asghari-Kamrani | Direct authentication system and method via trusted authenticators |
US10769297B2 (en) | 2001-08-29 | 2020-09-08 | Nader Asghari-Kamrani | Centralized identification and authentication system and method |
CN1319000C (en) * | 2001-10-19 | 2007-05-30 | 环球速度有限公司 | System and method for controlling transmission of data packets over an information network |
EP1313075A3 (en) * | 2001-11-19 | 2005-07-13 | Fujitsu Limited | Electronic money processing method and program |
EP1313075A2 (en) * | 2001-11-19 | 2003-05-21 | Fujitsu Limited | Electronic money processing method and program |
GB2387002A (en) * | 2002-02-20 | 2003-10-01 | 1Revolution Group Plc | Personal identification system and method using a mobile device |
WO2003083793A2 (en) * | 2002-04-03 | 2003-10-09 | Swivel Secure Limited | System and method for secure credit and debit card transactions |
WO2003083793A3 (en) * | 2002-04-03 | 2003-12-31 | Swivel Technologies Ltd | System and method for secure credit and debit card transactions |
US7395050B2 (en) | 2002-04-16 | 2008-07-01 | Nokia Corporation | Method and system for authenticating user of data transfer device |
GB2391646A (en) * | 2002-08-06 | 2004-02-11 | James Andrew Groves | Secure web page authenication method using a telephone number or SMS message |
WO2004049139A1 (en) * | 2002-11-26 | 2004-06-10 | Siemens Aktiengesellschaft | Method for authenticating and charging a subscriber of a radio network |
EP1424617A1 (en) * | 2002-11-26 | 2004-06-02 | Siemens Aktiengesellschaft | Method for authentication and charging for a sucbriber in a wireless network |
CN100335987C (en) * | 2002-11-26 | 2007-09-05 | 西门子公司 | Method for authenticating and charging a subscriber of a radio network |
US7809953B2 (en) | 2002-12-09 | 2010-10-05 | Research In Motion Limited | System and method of secure authentication information distribution |
WO2004054196A1 (en) | 2002-12-09 | 2004-06-24 | Research In Motion Limited | System and method of secure authentication information distribution |
US8677138B2 (en) | 2002-12-09 | 2014-03-18 | Blackberry Limited | System and method of secure authentication information distribution |
WO2005062613A1 (en) * | 2003-12-18 | 2005-07-07 | Nptv | Method for accessing an interactive television session by short message (sms) |
EP1578155A3 (en) * | 2004-03-16 | 2006-08-23 | Broadcom Corporation | Integration of secure identification logic into cell phone |
US7308250B2 (en) | 2004-03-16 | 2007-12-11 | Broadcom Corporation | Integration of secure identification logic into cell phone |
US7526295B2 (en) * | 2004-03-16 | 2009-04-28 | Broadcom Corporation | Integration of secure identification logic into cell phone |
US9106738B2 (en) | 2005-01-11 | 2015-08-11 | Telesign Corporation | Registration, verification and notification system |
US9300792B2 (en) | 2005-01-11 | 2016-03-29 | Telesign Corporation | Registration, verification and notification system |
US8462920B2 (en) | 2005-01-11 | 2013-06-11 | Telesign Corporation | Registration, verification and notification system |
US8687038B2 (en) | 2005-01-11 | 2014-04-01 | Telesign Corporation | Registration, verification and notification system |
US9049286B2 (en) | 2005-01-11 | 2015-06-02 | Telesign Corporation | Registration, verification and notification system |
FR2888691A1 (en) * | 2005-07-13 | 2007-01-19 | Gemplus Sa | TRANSACTION AUTHORIZATION METHOD AND DEVICE |
WO2007006771A1 (en) * | 2005-07-13 | 2007-01-18 | Gemplus | Transaction authorization method and device |
EP1840814A1 (en) * | 2006-03-17 | 2007-10-03 | Hitachi Software Engineering Co., Ltd. | Verification system |
EP1868125A1 (en) * | 2006-06-16 | 2007-12-19 | Savernova S.A. | Method for identifying a user of a computer system |
US10122715B2 (en) | 2006-11-16 | 2018-11-06 | Microsoft Technology Licensing, Llc | Enhanced multi factor authentication |
US9762576B2 (en) | 2006-11-16 | 2017-09-12 | Phonefactor, Inc. | Enhanced multi factor authentication |
WO2010115795A1 (en) | 2009-04-06 | 2010-10-14 | Giesecke & Devrient Gmbh | Method for carrying out an application with the aid of a portable data storage medium |
US9147064B2 (en) | 2009-04-06 | 2015-09-29 | Giescke & Devrient Gmbh | Method for carrying out an application with the aid of a portable data storage medium |
US10567385B2 (en) | 2010-02-25 | 2020-02-18 | Secureauth Corporation | System and method for provisioning a security token |
CN104429036A (en) * | 2011-10-12 | 2015-03-18 | 科技商业管理有限公司 | System for secure ID authentication |
US8973109B2 (en) | 2011-11-29 | 2015-03-03 | Telesign Corporation | Dual code authentication system |
US9553864B2 (en) | 2011-11-29 | 2017-01-24 | Telesign Corporation | Dual code authentication system |
US9635026B2 (en) | 2012-08-26 | 2017-04-25 | Vokee Applications, Ltd. | Verifying an application identifier on a mobile device through a telecommunication network |
US9161222B2 (en) | 2012-08-26 | 2015-10-13 | Vokee Applications, Ltd. | Verifying an association between an application and a mobile device through a telecommunication network |
US9584512B2 (en) | 2012-08-26 | 2017-02-28 | Vokee Applications, Ltd. | Verifying an association between an application and a mobile device through a telecommunication network |
US9167431B2 (en) | 2012-08-26 | 2015-10-20 | Vokee Applications, Ltd. | Verifying an application identifier on a mobile device through a telecommunication network |
US9161223B2 (en) | 2012-08-26 | 2015-10-13 | Vokee Applications, Inc. | Authorizing mobile application access to a service through a telecommunication network |
US9166967B2 (en) | 2012-09-26 | 2015-10-20 | Telesign Corporation | Comprehensive authentication and identity system and method |
EP2738996A1 (en) * | 2012-11-30 | 2014-06-04 | Gemalto SA | Method, device and system for accessing a server |
WO2014083167A1 (en) * | 2012-11-30 | 2014-06-05 | Gemalto Sa | Method, device and system for accessing a server |
US9275211B2 (en) | 2013-03-15 | 2016-03-01 | Telesign Corporation | System and method for utilizing behavioral characteristics in authentication and fraud prevention |
Also Published As
Publication number | Publication date |
---|---|
AU1390395A (en) | 1995-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO1995019593A1 (en) | A computer security system | |
US8041954B2 (en) | Method and system for providing a secure login solution using one-time passwords | |
US8060753B2 (en) | Biometric platform radio identification anti-theft system | |
US9269208B2 (en) | Remote entry system | |
US5528231A (en) | Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process | |
US5491752A (en) | System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens | |
CA2023872C (en) | Databaseless security system | |
US5371796A (en) | Data communication system | |
US4310720A (en) | Computer accessing system | |
US5499297A (en) | System and method for trusted path communications | |
US5636280A (en) | Dual key reflexive encryption security system | |
US4691355A (en) | Interactive security control system for computer communications and the like | |
US6134661A (en) | Computer network security device and method | |
US6130621A (en) | Method and apparatus for inhibiting unauthorized access to or utilization of a protected device | |
CA2183629C (en) | Method and apparatus for utilizing a token for resource access | |
US5317637A (en) | Data exchange system with a check of the apparatus for its authentication status | |
US20060101047A1 (en) | Method and system for fortifying software | |
EP0246823A2 (en) | Data communication systems and methods | |
JPH10341224A (en) | Authentication method in data transmission system and system to execute the authentication method | |
AU5157600A (en) | Method of authenticating a tag | |
CN1561506A (en) | Portable device and method for accessing data key actuated devices | |
US5208447A (en) | Method for testing a terminal communicating with chip cards | |
EP0645688A1 (en) | Method for the identification of users of telematics servers | |
US20040181673A1 (en) | Method and apparatus for preventing unauthorized access to data and for destroying data upon receiving an unauthorized data access attempt | |
EP1188104A1 (en) | Identification device for authenticating a user |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AM AT AU BB BG BR BY CA CH CN CZ DE DK EE ES FI GB GE HU JP KE KG KP KR KZ LK LR LT LU LV MD MG MN MW MX NL NO NZ PL PT RO RU SD SE SI SK TJ TT UA US UZ VN |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): KE MW SD SZ AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
ENP | Entry into the national phase |
Ref country code: US Ref document number: 1996 682504 Date of ref document: 19960909 Kind code of ref document: A Format of ref document f/p: F |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: CA |
|
NENP | Non-entry into the national phase |
Ref country code: GB Free format text: 950112 A 9614521 |