US20020034301A1 - Network authentication - Google Patents
Network authenticationDownload PDFInfo
- Publication number
- US20020034301A1 US20020034301A1US09/928,491US92849101AUS2002034301A1US 20020034301 A1US20020034301 A1US 20020034301A1US 92849101 AUS92849101 AUS 92849101AUS 2002034301 A1US2002034301 A1US 2002034301A1
- Authority
- US
- United States
- Prior art keywords
- cryptographic module
- mobile communications
- communications device
- communications
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
- G06F21/43—User authentication using separate channels for security data wireless channels
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/065—Continuous authentication
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Definitions
- This inventionrelates to the field of computer security, and in particular to the authentication of a user over a computer network.
- U.S. Pat. No. 5,784,463describes a system in which a computer system is secured against authorized access, while date exchanged by a user with the computer system is encrypted when it is sent over the public network.
- U.S. Pat. No. 5,784,463describes the use of an authentication token, which may be a hardware device or which may be a software module, which allows the user to authenticate himself to the remote computer.
- shared secret keysprovide mutual authentication between the two users.
- the shared secret keysare generated only at the time of registration, and are distributed using a public key/private key cryptographic system.
- This systemhas the disadvantage that, before a computer user can take part in secure online transactions using the described system, he must obtain a separate authentication token. Further there is a cost associated with the distribution of such tokens, either to pay for the additional hardware, or to supply information for the software module.
- an existing communications devicecan be used as an authentication token.
- a communications device which has a cryptographic module for use in mobile communicationscan be used as an authentication token.
- the devicemay be a device which can operate under the Wireless Application Protocol, that is, a WAP-enabled device, such as a mobile phone.
- WAP-enabled devicesinclude components which are used in public key/private key cryptographic systems as a part of their standard communication functions. These components therefore advantageously allow the device to be used as an authentication token when communicating with a remote server.
- the devicecan use Wireless Transport Layer Security (WTLS) for mobile communications, and employs its cryptographic module when in use as an authentication token.
- WTLSWireless Transport Layer Security
- FIG. 1is a schematic illustration of a network in which the present invention can be implemented.
- FIG. 2is a flow chart showing a first authentication method in accordance with the invention.
- FIG. 3is a flow chart showing a second authentication method in accordance with the invention.
- FIG. 1shows a system in accordance with the invention, which allows a user to communicate securely over the internet.
- the userhas a WAP-enabled device, for example, a mobile phone 10 .
- the mobile phone 10communicates over a wireless interface through a wireless modem 15 with a WAP Gateway 20 .
- the WAP Gateway 20for example, converts signals between different protocols used over the wireless network and over the wired networks which are involved.
- the WAP Gateway 20has an interface for connection to a Wireless Telephony Application (WTA) server 30 , which provides telephony-related functions, such as handling voice calls or text messages.
- WTAWireless Telephony Application
- WAP-enabled devicesOne specific use of WAP-enabled devices is to access the internet, and in particular to access the information on web pages which are specifically designed for that purpose.
- the WAP Gateway 20also includes an interface for connection to a Wireless Applications Environment (WAE) server 40 .
- WAEWireless Applications Environment
- the WAE server 40is in turn connected to the internet 50 .
- Data which may be accessed by a WAP-enabled deviceare stored on a web server 52 .
- the internetis made up of very many servers of this type, storing such information.
- WMLWireless Markup Language
- Wireless Transport Layer SecurityIn order to provide security between the WAP-enabled client device 10 and the WAP Gateway 20 , Wireless Transport Layer Security (WTLS) can be used. This provides confidentiality for users, by encrypting messages which are transmitted over the wireless interface, and also provides authentication, by means of digital certificates.
- WTLSWireless Transport Layer Security
- the WAP-enabled device 10includes a cryptographic module, which uses an embedded public key and private key on handshake for authentication, then generates symmetric session keys, which are used to encode messages before transmission and to decode received messages,
- the cryptographic modulecan be realised in hardware or in software in the phone 10 , or may be provided on an external smart card, or the phone 10 may also include a Wireless Identity Module (WIM) card, which is used to identify the subscriber.
- WIMWireless Identity Module
- the cryptographic module of the phoneand other features which are used to provide secure communication using the Wireless Application Protocol, also allow the phone 10 to be used as an authentication token for other communications.
- the cryptographic moduleis embodied in hardware
- the necessary informationis provided on an integrated circuit in the device.
- WPKIWireless Public Key Infrastructure
- WTLSWireless Public Key Infrastructure
- authenticationcan take place at the WAP Gateway 20 using the device 10 as an authentication token, and can also take place at the modem 15 and/or at the web server 52 .
- the modemcan have an associated authentication server 17
- the WAP Gatewaycan have an associated authentication server 22
- a web server 52can have an associated authentication server 54 .
- the authentication server 54 associated with a web server 52can be directly connected thereto, or (as shown in FIG. 1) can be connected thereto over the internet.
- Carrying out additional authentications in this waycan provide additional security.
- using the device as an authentication token to carry out authentications at the WAP Gatewayavoids the need for the user to enter a password, which increases the convenience for the user.
- FIG. 2shows the operation of the device 10 as an authentication token in the WAP environment. This operation will be described here with reference to a situation in which the device 10 is authenticated to the authentication server 17 associated with the modem 15 . However, as mentioned above, authentication can take place in a similar way at many points in the network.
- step 70the user starts the WAP browser software in the device 10 , and attempts to communicate through the modem 15 .
- the modem 15requires authentication, and the device 10 detects this requirement at step 72 .
- the deviceverifies the identity of the user. As part of this procedure, the device gives a prompt to the user, asking the user to identify himself. One possibility is to require the user to enter a Personal Identification Number (PIN).
- PINPersonal Identification Number
- the device 10can also use a form of biometrics to provide user authentication.
- the device 10can include means for examining a physical feature which uniquely or nearly uniquely identifies a user, such as his fingerprints or voice recognition or another biometric technique, and allowing the user access to the system only if that physical feature is found to match the intended user.
- the tokencan authenticate itself to the modem 15 , at step 76 .
- the tokenperforms the necessary calculations, and, at step 78 , information is provided to the WAP browser software, for example allowing it to respond to challenges from the authentication server 17 , or to generate a password based on offline information.
- Such an authentication proceduremay be used in the WAP environment in many situations.
- the usermay use the device 10 to authenticate himself to a bank machine, or to a further device which controls access to a building or area.
- the device 10can be used as an authentication token when a user wishes to access the internet 50 using a personal computer 60 .
- a personal computerhas the advantage, compared with current mobile devices, that it has a wider range of input options (such as a full size keyboard and a mouse), and has a larger display for retrieved data.
- the personal computer 60is provided with a wired broadband connection to the internet 50 .
- Possible uses of a personal computer 60in conjunction with the internet 50 , include retrieving data from servers to which there is intended to be restricted access, and carrying out online transactions, which may include transmitting confidential user information to a third party computer.
- the third party computerfrom which information is to be retrieved, or to which information is to be transmitted, has an associated authentication server 54 .
- FIG. 2shows the PC connected to the internet 50 through a modem 56 , which has an associated authentication server 58 .
- the description belowrefers to authentication towards the authentication server, but the same procedure can be used to authenticate towards the authentication server 58 .
- Secure communications between the personal computer 60 and the authentication server 54can then be achieved using an authentication token, as is generally known.
- the authentication tokencan use the cryptographic components of a device, which also uses those components in, for example, WTLS communications.
- FIG. 3shows the operation of the device 10 as an authentication token in conjunction with the PC 60 .
- step 80the user starts the application which requires authentication, and the authentication functionality of the device 10 is started.
- the deviceverifies the identity of the user.
- the usermay be required to enter a Personal Identification Number (PIN), while, to provide an additional layer of security, the device 10 can also use a form of biometrics to provide user authentication.
- PINPersonal Identification Number
- the tokencan authenticate itself to the web server, at step 84 .
- the tokenuses the selected authentication protocol, the token performs the necessary calculations to generate the required passwords, and, at step 86 , information is sent to the authentication server 54 .
- the authentication serverissues a challenge to the user.
- the authentication tokenencrypts the challenge with the user's private key, and returns it to the authentication server.
- the returned challengeis then decrypted by the authentication server with the user's public key, and the authentication server verifies that the decrypted challenge is the same as the original challenge.
- the necessary passwordcan in effect be generated automatically by the WAP-enabled device 10 , using the public key infrastructure provided by the cryptographic module of the device, on the basis of the identity of the user confirmed by the wireless identity module in the device.
- the WAP-enabled device 10can be used an authentication token for multiple authentication servers, including authentication servers from multiple manufacturers. All that is necessary is for an authentication server and the device 10 to be able to operate the same authentication protocols.
- the cryptographic module in the devicecan be used in any suitable method for generating passwords and encrypting communications, although use of Wireless Public Key Infrastructure is preferred.
- the WAP-enabled deviceallows the use of digital signatures, for the purposes of non-repudiation. This same functionality can also be re-used when the device is being used as an authentication token.
- connectionbetween the personal computer 60 and the WAP-enabled mobile phone 10 .
- the connectionmay be wired, or, advantageously, communications between the personal computer 60 and mobile phone 10 can take place using the Bluetooth short-range radio transmission protocol.
- commandsmay be transferred to and from the device using the AT protocol.
- passwords which are generated in the mobile phone 10 acting a the authentication tokenare transferred to the personal computer 60 , and can be automatically sent to the authentication server.
- a manual operationis also possible, in which the necessary authentication calculations are carried out in the authentication token, and the required password or passwords are displayed on a screen of the device, and can be manually entered by the user through the keyboard of the personal computer, and can then be sent to the authentication server.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
- This invention relates to the field of computer security, and in particular to the authentication of a user over a computer network.[0001]
- It is desirable to be able to transmit confidential and personal information over unsecured public computer networks, such as the internet. To allow this, it is necessary to provide a secure registration system, which allows an individual user to have confidence that personal information transmitted over the network will remain confidential. Conversely, a service provider may wish to ensure that only some computer users are able to access specific information.[0002]
- U.S. Pat. No. 5,784,463 describes a system in which a computer system is secured against authorized access, while date exchanged by a user with the computer system is encrypted when it is sent over the public network.[0003]
- More specifically, U.S. Pat. No. 5,784,463 describes the use of an authentication token, which may be a hardware device or which may be a software module, which allows the user to authenticate himself to the remote computer. In this prior art system, shared secret keys provide mutual authentication between the two users. The shared secret keys are generated only at the time of registration, and are distributed using a public key/private key cryptographic system.[0004]
- This system has the disadvantage that, before a computer user can take part in secure online transactions using the described system, he must obtain a separate authentication token. Further there is a cost associated with the distribution of such tokens, either to pay for the additional hardware, or to supply information for the software module.[0005]
- In accordance with a preferred aspect of the invention, an existing communications device can be used as an authentication token.[0006]
- In a preferred embodiment of the invention, a communications device which has a cryptographic module for use in mobile communications, can be used as an authentication token. For example, the device may be a device which can operate under the Wireless Application Protocol, that is, a WAP-enabled device, such as a mobile phone. This has the advantage that WAP-enabled devices include components which are used in public key/private key cryptographic systems as a part of their standard communication functions. These components therefore advantageously allow the device to be used as an authentication token when communicating with a remote server. Advantageously, the device can use Wireless Transport Layer Security (WTLS) for mobile communications, and employs its cryptographic module when in use as an authentication token.[0007]
- It should be emphasised that the term “comprises/comprising” when used in this specification is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps, components or groups thereof.[0008]
- FIG. 1 is a schematic illustration of a network in which the present invention can be implemented.[0009]
- FIG. 2 is a flow chart showing a first authentication method in accordance with the invention.[0010]
- FIG. 3 is a flow chart showing a second authentication method in accordance with the invention.[0011]
- FIG. 1 shows a system in accordance with the invention, which allows a user to communicate securely over the internet. As is conventional, the user has a WAP-enabled device, for example, a[0012]
mobile phone 10. Themobile phone 10 communicates over a wireless interface through awireless modem 15 with aWAP Gateway 20. The WAP Gateway20, for example, converts signals between different protocols used over the wireless network and over the wired networks which are involved. - As an example, the WAP Gateway[0013]20 has an interface for connection to a Wireless Telephony Application (WTA)
server 30, which provides telephony-related functions, such as handling voice calls or text messages. - One specific use of WAP-enabled devices is to access the internet, and in particular to access the information on web pages which are specifically designed for that purpose.[0014]
- Thus, the WAP[0015]
Gateway 20 also includes an interface for connection to a Wireless Applications Environment (WAE)server 40. The WAEserver 40 is in turn connected to theinternet 50. Data which may be accessed by a WAP-enabled device are stored on aweb server 52. As is well known, the internet is made up of very many servers of this type, storing such information. - As is known, content on web pages which are intended to be accessed by web-enabled devices is conventionally written using Wireless Markup Language (WML), a language which is designed to meet the constraints which typically apply in this environment, namely the relatively low bandwidth available in the wireless interface, and the generally small available display sizes on the handheld WAP-enabled devices such as mobile phones.[0016]
- In order to enhance services written in WML, a scripting language WMLScript, can be used.[0017]
- In order to provide security between the WAP-enabled[0018]
client device 10 and the WAP Gateway20, Wireless Transport Layer Security (WTLS) can be used. This provides confidentiality for users, by encrypting messages which are transmitted over the wireless interface, and also provides authentication, by means of digital certificates. - In order to provide this WTLS functionality, the WAP-enabled[0019]
device 10 includes a cryptographic module, which uses an embedded public key and private key on handshake for authentication, then generates symmetric session keys, which are used to encode messages before transmission and to decode received messages, - For example, the cryptographic module can be realised in hardware or in software in the[0020]
phone 10, or may be provided on an external smart card, or thephone 10 may also include a Wireless Identity Module (WIM) card, which is used to identify the subscriber. - In accordance with preferred embodiments of the present invention, the cryptographic module of the phone, and other features which are used to provide secure communication using the Wireless Application Protocol, also allow the[0021]
phone 10 to be used as an authentication token for other communications. - In the case where the cryptographic module is embodied in hardware, the necessary information is provided on an integrated circuit in the device. Where the Wireless Public Key Infrastructure (WPKI) is used to distribute the parameters for WTLS, it can also be used to distribute the parameters required for use as an authentication token.[0022]
- When communicating in the WAP environment, for example, authentication can take place at the WAP Gateway[0023]20 using the
device 10 as an authentication token, and can also take place at themodem 15 and/or at theweb server 52. Thus, the modem can have an associatedauthentication server 17, the WAP Gateway can have an associatedauthentication server 22, and aweb server 52 can have an associatedauthentication server 54. Theauthentication server 54 associated with aweb server 52 can be directly connected thereto, or (as shown in FIG. 1) can be connected thereto over the internet. - Carrying out additional authentications in this way can provide additional security. In addition, using the device as an authentication token to carry out authentications at the WAP Gateway avoids the need for the user to enter a password, which increases the convenience for the user.[0024]
- FIG. 2 shows the operation of the[0025]
device 10 as an authentication token in the WAP environment. This operation will be described here with reference to a situation in which thedevice 10 is authenticated to theauthentication server 17 associated with themodem 15. However, as mentioned above, authentication can take place in a similar way at many points in the network. - At[0026]
step 70, the user starts the WAP browser software in thedevice 10, and attempts to communicate through themodem 15. In this case, themodem 15 requires authentication, and thedevice 10 detects this requirement atstep 72. - At[0027]
step 74, the device verifies the identity of the user. As part of this procedure, the device gives a prompt to the user, asking the user to identify himself. One possibility is to require the user to enter a Personal Identification Number (PIN). However, to provide an additional layer of security, thedevice 10 can also use a form of biometrics to provide user authentication. Thus, for example, thedevice 10 can include means for examining a physical feature which uniquely or nearly uniquely identifies a user, such as his fingerprints or voice recognition or another biometric technique, and allowing the user access to the system only if that physical feature is found to match the intended user. - Once the user has authenticated himself to the token, the token can authenticate itself to the[0028]
modem 15, atstep 76. Thus, using a selected authentication protocol, the token performs the necessary calculations, and, atstep 78, information is provided to the WAP browser software, for example allowing it to respond to challenges from theauthentication server 17, or to generate a password based on offline information. - More details about an authentication protocol which may be used can be found in the document “Entity Authentication Using Public Key Cryptography”, Federal Information Processing Standards Publication FIPS PUB 196 of February 1997.[0029]
- Such an authentication procedure may be used in the WAP environment in many situations. For example, the user may use the[0030]
device 10 to authenticate himself to a bank machine, or to a further device which controls access to a building or area. - In an alternative embodiment of the invention, the[0031]
device 10 can be used as an authentication token when a user wishes to access theinternet 50 using apersonal computer 60. - As is well known, a personal computer has the advantage, compared with current mobile devices, that it has a wider range of input options (such as a full size keyboard and a mouse), and has a larger display for retrieved data. Further, the[0032]
personal computer 60 is provided with a wired broadband connection to theinternet 50. Possible uses of apersonal computer 60, in conjunction with theinternet 50, include retrieving data from servers to which there is intended to be restricted access, and carrying out online transactions, which may include transmitting confidential user information to a third party computer. As described above, the third party computer, from which information is to be retrieved, or to which information is to be transmitted, has an associatedauthentication server 54. - Also, FIG. 2 shows the PC connected to the[0033]
internet 50 through amodem 56, which has an associatedauthentication server 58. The description below refers to authentication towards the authentication server, but the same procedure can be used to authenticate towards theauthentication server 58. - Secure communications between the[0034]
personal computer 60 and theauthentication server 54 can then be achieved using an authentication token, as is generally known. In accordance with the invention, the authentication token can use the cryptographic components of a device, which also uses those components in, for example, WTLS communications. - FIG. 3 shows the operation of the[0035]
device 10 as an authentication token in conjunction with thePC 60. - At[0036]
step 80, the user starts the application which requires authentication, and the authentication functionality of thedevice 10 is started. - At[0037]
step 82, the device verifies the identity of the user. As described with reference to FIG. 2, the user may be required to enter a Personal Identification Number (PIN), while, to provide an additional layer of security, thedevice 10 can also use a form of biometrics to provide user authentication. - Once the user has authenticated himself to the token, the token can authenticate itself to the web server, at[0038]
step 84. Using the selected authentication protocol, the token performs the necessary calculations to generate the required passwords, and, atstep 86, information is sent to theauthentication server 54. - Again, a suitable authentication protocol is described in the document “Entity Authentication Using Public Key Cryptography”, Federal Information Processing Standards Publication FIPS PUB 196 of February 1997.[0039]
- In outline, when the user first contacts the[0040]
authentication server 54, the authentication server issues a challenge to the user. The authentication token encrypts the challenge with the user's private key, and returns it to the authentication server. The returned challenge is then decrypted by the authentication server with the user's public key, and the authentication server verifies that the decrypted challenge is the same as the original challenge. - Thus, there is no requirement for a user to enter a password to be able to access confidential information which is on the[0041]
authentication server 54. The necessary password can in effect be generated automatically by the WAP-enableddevice 10, using the public key infrastructure provided by the cryptographic module of the device, on the basis of the identity of the user confirmed by the wireless identity module in the device. - In this way, the WAP-enabled[0042]
device 10 can be used an authentication token for multiple authentication servers, including authentication servers from multiple manufacturers. All that is necessary is for an authentication server and thedevice 10 to be able to operate the same authentication protocols. - It will be appreciated that, for example with appropriate software in the device, it can use any suitable authentication algorithm. The cryptographic module in the device can be used in any suitable method for generating passwords and encrypting communications, although use of Wireless Public Key Infrastructure is preferred.[0043]
- The WAP-enabled device allows the use of digital signatures, for the purposes of non-repudiation. This same functionality can also be re-used when the device is being used as an authentication token.[0044]
- In the case where the[0045]
device 10 is used as an authentication token for a personal computer, described above with reference to FIG. 3, there is preferably a connection between thepersonal computer 60 and the WAP-enabledmobile phone 10. The connection may be wired, or, advantageously, communications between thepersonal computer 60 andmobile phone 10 can take place using the Bluetooth short-range radio transmission protocol. - When there is a connection between the[0046]
personal computer 50 and the WAP-enabledmobile phone 10, whether this is wireless or wired, and the personal computer requires to use thephone 10 as an authentication token, this functionality of the phone must be started. This can be carried out automatically by means of a specific command sent from the personal computer to the phone, and may alternatively or additionally be carried out in response to a specific keypress on the keyboard of the phone. - When used with a personal computer in this way, commands may be transferred to and from the device using the AT protocol. Thus, for example, passwords which are generated in the[0047]
mobile phone 10 acting a the authentication token are transferred to thepersonal computer 60, and can be automatically sent to the authentication server. - However, a manual operation is also possible, in which the necessary authentication calculations are carried out in the authentication token, and the required password or passwords are displayed on a screen of the device, and can be manually entered by the user through the keyboard of the personal computer, and can then be sent to the authentication server.[0048]
- There is thus disclosed an authentication token which is readily available, since it re-uses functionality and infrastructure which already exist for WAP-enabled devices.[0049]
Claims (27)
1. A method of authenticating communications, the method comprising:
using a mobile communications device, which includes a cryptographic module for use in mobile communication, as an authentication token.
2. A method of authenticating communications as claimed inclaim 1 , wherein the mobile communications device is a WAP-enabled device.
3. A method of authenticating communications as claimed inclaim 1 or2, wherein the use of the mobile communications device as an authentication token includes using public key encryption of communications.
4. A method of authenticating communications as claimed inclaim 1 ,2 or3, wherein the mobile communications device uses the cryptographic module for Wireless Transport Layer Security communications.
5. A method of authenticating communications as claimed inclaim 1 ,2,3 or4, wherein the mobile communications device is used as an authentication token for a computer, and authenticates communications between the computer and an authentication server.
6. A method of authenticating communications as claimed inclaim 5 , comprising providing a wired connection between the mobile communications device and the computer.
7. A method of authenticating communications as claimed inclaim 5 , comprising providing a wireless connection between the mobile communications device and the computer.
8. A mobile communications device, comprising a cryptographic module, the cryptographic module being usable:
(a) for encoding wireless communications from the device;
(b) for authenticating a user of the device towards an authentication server.
9. A mobile communications device as claimed inclaim 8 , the cryptographic module being usable for authenticating a user of a separate computer towards the authentication server.
10. A mobile communications device as claimed inclaim 9 , having a short-range wireless communications transceiver, for sending signals to and receiving signals from the computer.
11. A mobile communications device as claimed inclaim 10 , wherein the short-range wireless communications transceiver uses Bluetooth wireless technology.
12. A mobile communications device as claimed in one of claims8-11, wherein the cryptographic module is usable to support wireless communications using Wireless Transport Layer Security.
13. A mobile communications device as claimed in one of claims8-12, having means for allowing biometric identification of a user.
14. A mobile communications device as claimed in one of claims8-13, wherein the cryptographic module uses public key cryptography.
15. A mobile communications device as claimed in one of claims8-14, comprising means for sending and transmitting data using WAP.
16. A mobile communications device as claimed in one of claims8-15, wherein the cryptographic module is realised in hardware in the device.
17. A mobile communications device as claimed in one of claims8-15, wherein the cryptographic module is realised in software in the device
18. A mobile communications device as claimed in one of claims8-15, wherein the cryptographic module is provided on an external smart card.
19. A mobile communications device as claimed in one of claims8-15, wherein the cryptographic module comprises a Wireless Identity Module (WIM) card.
20. A mobile communications device as claimed inclaim 19 , wherein the cryptographic module comprises a Wireless Identity Module (WIM) card which allows communications using Wireless Transport Layer Security.
21. A WAP-enabled mobile communications device, which is capable of use as an authentication token.
22. A communications network, comprising:
at least one WAP gateway, which is enabled to encrypt communications on the basis of Wireless Transport Layer Security;
at least one authentication server operable in a first authentication protocol; and
a WAP-enabled client device, including a cryptographic module, the cryptographic module being usable for encrypting communications with the WAP gateway using Wireless Transport Layer Security, and the cryptographic module being further usable as an authentication token for authenticating a user of the device towards the authentication server, using the first authentication protocol.
23. A network as claimed inclaim 22 , wherein the cryptographic module is realised in hardware in the client device.
24. A network as claimed inclaim 22 , wherein the cryptographic module is realised in software in the client device.
25. A network as claimed inclaim 22 , wherein the cryptographic module is provided on an external smart card.
26. A network as claimed inclaim 22 , wherein the cryptographic module comprises a Wireless Identity Module (WIM) card.
27. A network as claimed in any of claims22-26, comprising a computer, the client device having a connection to the computer such that it acts as an authentication token therefor.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/928,491US20020034301A1 (en) | 2000-08-15 | 2001-08-14 | Network authentication |
| US11/261,177US8165299B2 (en) | 2000-08-15 | 2005-10-28 | Network authentication |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0020095AGB2366139B (en) | 2000-08-15 | 2000-08-15 | Network authentication |
| GB0020095.6 | 2000-08-15 | ||
| US22689500P | 2000-08-23 | 2000-08-23 | |
| US09/928,491US20020034301A1 (en) | 2000-08-15 | 2001-08-14 | Network authentication |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/261,177DivisionUS8165299B2 (en) | 2000-08-15 | 2005-10-28 | Network authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20020034301A1true US20020034301A1 (en) | 2002-03-21 |
Family
ID=26244841
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US09/928,491AbandonedUS20020034301A1 (en) | 2000-08-15 | 2001-08-14 | Network authentication |
| US11/261,177Expired - Fee RelatedUS8165299B2 (en) | 2000-08-15 | 2005-10-28 | Network authentication |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/261,177Expired - Fee RelatedUS8165299B2 (en) | 2000-08-15 | 2005-10-28 | Network authentication |
Country Status (4)
| Country | Link |
|---|---|
| US (2) | US20020034301A1 (en) |
| EP (1) | EP1323323A1 (en) |
| AU (1) | AU2001283949A1 (en) |
| WO (1) | WO2002015626A1 (en) |
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020035699A1 (en)* | 2000-07-24 | 2002-03-21 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network |
| US20020078367A1 (en)* | 2000-10-27 | 2002-06-20 | Alex Lang | Automatic configuration for portable devices |
| US20020085719A1 (en)* | 2000-07-24 | 2002-07-04 | Bluesocket, Inc. | Method and system for enabling centralized control of wireless local area networks |
| US20020114303A1 (en)* | 2000-12-26 | 2002-08-22 | Crosbie David B. | Methods and systems for clock synchronization across wireless networks |
| US20020194499A1 (en)* | 2001-06-15 | 2002-12-19 | Audebert Yves Louis Gabriel | Method, system and apparatus for a portable transaction device |
| US20020197979A1 (en)* | 2001-05-22 | 2002-12-26 | Vanderveen Michaela Catalina | Authentication system for mobile entities |
| US20030087629A1 (en)* | 2001-09-28 | 2003-05-08 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks |
| US20030093671A1 (en)* | 2001-11-13 | 2003-05-15 | International Business Machines Corporation | Method and system for authentication of a user |
| US20030126271A1 (en)* | 2001-12-27 | 2003-07-03 | Mowry Kevin Curtis | Method and apparatus for enabling an external function from a WAP environment |
| WO2004066219A1 (en)* | 2003-01-22 | 2004-08-05 | Francotyp-Postalia Ag & Co. Kg | Mobile data transmission method and system |
| US20040267665A1 (en)* | 2003-06-24 | 2004-12-30 | Lg Telecom, Ltd. | System for providing banking services by use of mobile communication |
| US20050053241A1 (en)* | 2003-04-04 | 2005-03-10 | Chen-Huang Fan | Network lock method and related apparatus with ciphered network lock and inerasable deciphering key |
| US20050166263A1 (en)* | 2003-09-12 | 2005-07-28 | Andrew Nanopoulos | System and method providing disconnected authentication |
| US20050250515A1 (en)* | 2004-05-10 | 2005-11-10 | Mitsubishi Denki Kabushiki Kaisha | Local public information system |
| US20050268096A1 (en)* | 2004-05-28 | 2005-12-01 | Roger Kilian-Kehr | Client authentication using a challenge provider |
| US20060090197A1 (en)* | 2004-10-22 | 2006-04-27 | Software Ag | Authentication method and devices |
| WO2006049520A1 (en)* | 2004-11-02 | 2006-05-11 | Oracle International Corporation | Systems and methods of user authentication |
| US20070136796A1 (en)* | 2005-12-13 | 2007-06-14 | Microsoft Corporation | Wireless authentication |
| WO2007071009A1 (en)* | 2005-12-23 | 2007-06-28 | Bce Inc. | Wireless device authentication between different networks |
| EP1832998A1 (en)* | 2006-03-07 | 2007-09-12 | Hitachi, Ltd. | Method of interfacing between electronic devices, method of operating a portable storage device, electronic device and electronic system |
| US20080086424A1 (en)* | 2006-10-05 | 2008-04-10 | Sivakumar Jambunathan | Guest Limited Authorization For Electronic Financial Transaction Cards |
| EP2061244A1 (en)* | 2007-09-27 | 2009-05-20 | Vodafone Group PLC | Protection of broadcast content with key distribution using telecommunications network |
| US20090289757A1 (en)* | 2008-05-23 | 2009-11-26 | Ballard Claudio R | System for remote control using a wap-enabled device |
| US20090320118A1 (en)* | 2005-12-29 | 2009-12-24 | Axsionics Ag | Security Token and Method for Authentication of a User with the Security Token |
| US8254734B2 (en) | 2008-03-07 | 2012-08-28 | Veedims, Llc | Virtual electronic switch system |
| US8303337B2 (en) | 2007-06-06 | 2012-11-06 | Veedims, Llc | Hybrid cable for conveying data and power |
| US20130138716A1 (en)* | 2011-11-28 | 2013-05-30 | At&T Intellectual Property I, Lp | Apparatus and method for providing activity monitoring and analysis |
| US8526311B2 (en) | 2007-06-06 | 2013-09-03 | Veedims, Llc | System for integrating a plurality of modules using a power/data backbone network |
| US20130282400A1 (en)* | 2012-04-20 | 2013-10-24 | Woundmatrix, Inc. | System and method for uploading and authenticating medical images |
| US20140282958A1 (en)* | 2001-08-21 | 2014-09-18 | Bookit Oy Ajanvarauspalvelu | Multi-factor authentication techniques |
| US8976541B2 (en) | 2011-08-31 | 2015-03-10 | Potens Ip Holdings Llc | Electrical power and data distribution apparatus |
| US20150271159A1 (en)* | 2014-03-18 | 2015-09-24 | Em Microelectronic-Marin S.A. | Authentication by use of symmetric and asymmetric cryptography |
| US9178880B1 (en)* | 2012-06-30 | 2015-11-03 | Emc Corporation | Gateway mediated mobile device authentication |
| US9250660B2 (en) | 2012-11-14 | 2016-02-02 | Laserlock Technologies, Inc. | “HOME” button with integrated user biometric sensing and verification system for mobile device |
| US9485236B2 (en) | 2012-11-14 | 2016-11-01 | Verifyme, Inc. | System and method for verified social network profile |
| US11076010B2 (en) | 2016-03-29 | 2021-07-27 | Ricoh Company, Ltd. | Service providing system, service delivery system, service providing method, and non-transitory recording medium |
| US11108772B2 (en) | 2016-03-29 | 2021-08-31 | Ricoh Company, Ltd. | Service providing system, service delivery system, service providing method, and non-transitory recording medium |
| US11128623B2 (en)* | 2016-03-29 | 2021-09-21 | Ricoh Company, Ltd. | Service providing system, service delivery system, service providing method, and non-transitory recording medium |
| US20220182388A1 (en)* | 2020-12-08 | 2022-06-09 | Michael Boodaei | Transfer of trust between authentication devices |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030131114A1 (en)* | 2001-10-12 | 2003-07-10 | Scheidt Edward M. | Portable electronic authenticator cryptographic module |
| SE0400425L (en)* | 2004-02-24 | 2004-11-30 | Tagmaster Ab | Authorization procedure |
| DE102004051403B4 (en)* | 2004-10-21 | 2007-03-08 | Siemens Ag | Mobile communication terminal with authentication device, network device containing such device and authentication method |
| KR20060069611A (en)* | 2004-12-17 | 2006-06-21 | 한국전자통신연구원 | User Authentication Method in Heterogeneous Network Using Signature of Mobile Communication Terminal |
| US8543814B2 (en) | 2005-01-12 | 2013-09-24 | Rpx Corporation | Method and apparatus for using generic authentication architecture procedures in personal computers |
| FR2895186A1 (en)* | 2005-12-20 | 2007-06-22 | France Telecom | METHOD AND SYSTEM FOR UPDATING ACCESS CONDITIONS OF A TELECOMMUNICATION DEVICE TO SERVICES ISSUED BY A TELECOMMUNICATION NETWORK |
| US8046596B2 (en)* | 2007-06-21 | 2011-10-25 | Emc Corporation | Reset-tolerant authentication device |
| WO2009093036A2 (en) | 2008-01-25 | 2009-07-30 | Qinetiq Limited | Quantum cryptography apparatus |
| GB0801395D0 (en) | 2008-01-25 | 2008-03-05 | Qinetiq Ltd | Network having quantum key distribution |
| GB0801408D0 (en) | 2008-01-25 | 2008-03-05 | Qinetiq Ltd | Multi-community network with quantum key distribution |
| GB0801492D0 (en) | 2008-01-28 | 2008-03-05 | Qinetiq Ltd | Optical transmitters and receivers for quantum key distribution |
| US8111145B2 (en) | 2008-03-07 | 2012-02-07 | Veedims, Llc | Starter control and indicator system |
| USD638033S1 (en) | 2008-03-07 | 2011-05-17 | Ballard Claudio R | Air intake assembly |
| US20090260071A1 (en)* | 2008-04-14 | 2009-10-15 | Microsoft Corporation | Smart module provisioning of local network devices |
| GB0809044D0 (en) | 2008-05-19 | 2008-06-25 | Qinetiq Ltd | Multiplexed QKD |
| GB0809045D0 (en) | 2008-05-19 | 2008-06-25 | Qinetiq Ltd | Quantum key distribution involving moveable key device |
| GB0809038D0 (en) | 2008-05-19 | 2008-06-25 | Qinetiq Ltd | Quantum key device |
| GB0819665D0 (en) | 2008-10-27 | 2008-12-03 | Qinetiq Ltd | Quantum key dsitribution |
| GB0822254D0 (en) | 2008-12-05 | 2009-01-14 | Qinetiq Ltd | Method of performing authentication between network nodes |
| GB0822253D0 (en) | 2008-12-05 | 2009-01-14 | Qinetiq Ltd | Method of establishing a quantum key for use between network nodes |
| GB0822356D0 (en) | 2008-12-08 | 2009-01-14 | Qinetiq Ltd | Non-linear optical device |
| NO332479B1 (en)* | 2009-03-02 | 2012-09-24 | Encap As | Procedure and computer program for verifying one-time password between server and mobile device using multiple channels |
| GB0917060D0 (en) | 2009-09-29 | 2009-11-11 | Qinetiq Ltd | Methods and apparatus for use in quantum key distribution |
| US8887250B2 (en)* | 2009-12-18 | 2014-11-11 | Microsoft Corporation | Techniques for accessing desktop applications using federated identity |
| USD662869S1 (en) | 2010-06-01 | 2012-07-03 | Ballard Claudio R | Automotive wheel center nut |
| GB201020424D0 (en) | 2010-12-02 | 2011-01-19 | Qinetiq Ltd | Quantum key distribution |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5280527A (en)* | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
| US5778071A (en)* | 1994-07-12 | 1998-07-07 | Information Resource Engineering, Inc. | Pocket encrypting and authenticating communications device |
| US5784463A (en)* | 1996-12-04 | 1998-07-21 | V-One Corporation | Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method |
| US5907815A (en)* | 1995-12-07 | 1999-05-25 | Texas Instruments Incorporated | Portable computer stored removable mobile telephone |
| US5943423A (en)* | 1995-12-15 | 1999-08-24 | Entegrity Solutions Corporation | Smart token system for secure electronic transactions and identification |
| US6041409A (en)* | 1997-04-25 | 2000-03-21 | Zunquan; Liu | Device and method for data integrity and authentication |
| US6061346A (en)* | 1997-01-17 | 2000-05-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Secure access method, and associated apparatus, for accessing a private IP network |
| US6463534B1 (en)* | 1999-03-26 | 2002-10-08 | Motorola, Inc. | Secure wireless electronic-commerce system with wireless network domain |
Family Cites Families (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU1265195A (en)* | 1993-12-06 | 1995-06-27 | Telequip Corporation | Secure computer memory card |
| US5668876A (en)* | 1994-06-24 | 1997-09-16 | Telefonaktiebolaget Lm Ericsson | User authentication method and apparatus |
| DE19630920C1 (en)* | 1996-07-31 | 1997-10-16 | Siemens Ag | Subscriber authentication and/or data encryption method |
| EP0898397A2 (en) | 1997-08-22 | 1999-02-24 | Nokia Mobile Phones Ltd. | Method for sending a secure communication in a telecommunications system |
| GB9800443D0 (en) | 1998-01-10 | 1998-03-04 | Ncipher Corp Limited | Cryptographic token |
| FI980427L (en)* | 1998-02-25 | 1999-08-26 | Ericsson Telefon Ab L M | Method, arrangement and device for authentication |
| FR2785119B1 (en) | 1998-10-27 | 2000-12-08 | Gemplus Card Int | METHOD AND SYSTEM FOR MANAGING RISK IN A MOBILE TELEPHONY NETWORK |
| US20020124176A1 (en) | 1998-12-14 | 2002-09-05 | Michael Epstein | Biometric identification mechanism that preserves the integrity of the biometric information |
| AU3475000A (en) | 1999-01-29 | 2000-08-18 | General Instrument Corporation | Key management for telephone calls to protect signaling and call packets betweencta's |
| FI990601A0 (en)* | 1999-03-17 | 1999-03-17 | Sonera Oy | Method and system in a telecommunications system |
| GB9914262D0 (en) | 1999-06-18 | 1999-08-18 | Nokia Mobile Phones Ltd | WIM Manufacture certificate |
| WO2001017310A1 (en)* | 1999-08-31 | 2001-03-08 | Telefonaktiebolaget L M Ericsson (Publ) | Gsm security for packet data networks |
| FI110224B (en)* | 1999-09-17 | 2002-12-13 | Nokia Corp | Monitoring system |
| US6993658B1 (en)* | 2000-03-06 | 2006-01-31 | April System Design Ab | Use of personal communication devices for user authentication |
| US7310734B2 (en)* | 2001-02-01 | 2007-12-18 | 3M Innovative Properties Company | Method and system for securing a computer network and personal identification device used therein for controlling access to network components |
| US20020141586A1 (en)* | 2001-03-29 | 2002-10-03 | Aladdin Knowledge Systems Ltd. | Authentication employing the bluetooth communication protocol |
| US20040203800A1 (en)* | 2002-10-24 | 2004-10-14 | John Myhre | System and method for content delivery using alternate data paths in a wireless network |
| US20040123152A1 (en)* | 2002-12-18 | 2004-06-24 | Eric Le Saint | Uniform framework for security tokens |
- 2001
- 2001-07-18AUAU2001283949Apatent/AU2001283949A1/ennot_activeAbandoned
- 2001-07-18WOPCT/EP2001/008320patent/WO2002015626A1/enactiveApplication Filing
- 2001-07-18EPEP01962861Apatent/EP1323323A1/ennot_activeWithdrawn
- 2001-08-14USUS09/928,491patent/US20020034301A1/ennot_activeAbandoned
- 2005
- 2005-10-28USUS11/261,177patent/US8165299B2/ennot_activeExpired - Fee Related
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5280527A (en)* | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
| US5778071A (en)* | 1994-07-12 | 1998-07-07 | Information Resource Engineering, Inc. | Pocket encrypting and authenticating communications device |
| US5907815A (en)* | 1995-12-07 | 1999-05-25 | Texas Instruments Incorporated | Portable computer stored removable mobile telephone |
| US5943423A (en)* | 1995-12-15 | 1999-08-24 | Entegrity Solutions Corporation | Smart token system for secure electronic transactions and identification |
| US5784463A (en)* | 1996-12-04 | 1998-07-21 | V-One Corporation | Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method |
| US6061346A (en)* | 1997-01-17 | 2000-05-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Secure access method, and associated apparatus, for accessing a private IP network |
| US6041409A (en)* | 1997-04-25 | 2000-03-21 | Zunquan; Liu | Device and method for data integrity and authentication |
| US6463534B1 (en)* | 1999-03-26 | 2002-10-08 | Motorola, Inc. | Secure wireless electronic-commerce system with wireless network domain |
Cited By (66)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7260638B2 (en) | 2000-07-24 | 2007-08-21 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network |
| US20020085719A1 (en)* | 2000-07-24 | 2002-07-04 | Bluesocket, Inc. | Method and system for enabling centralized control of wireless local area networks |
| US7146636B2 (en) | 2000-07-24 | 2006-12-05 | Bluesocket, Inc. | Method and system for enabling centralized control of wireless local area networks |
| US20020035699A1 (en)* | 2000-07-24 | 2002-03-21 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network |
| US20020078367A1 (en)* | 2000-10-27 | 2002-06-20 | Alex Lang | Automatic configuration for portable devices |
| US7373656B2 (en)* | 2000-10-27 | 2008-05-13 | Sandisk Il Ltd. | Automatic configuration for portable devices |
| US20020114303A1 (en)* | 2000-12-26 | 2002-08-22 | Crosbie David B. | Methods and systems for clock synchronization across wireless networks |
| US7126937B2 (en) | 2000-12-26 | 2006-10-24 | Bluesocket, Inc. | Methods and systems for clock synchronization across wireless networks |
| US20020197979A1 (en)* | 2001-05-22 | 2002-12-26 | Vanderveen Michaela Catalina | Authentication system for mobile entities |
| US20020194499A1 (en)* | 2001-06-15 | 2002-12-19 | Audebert Yves Louis Gabriel | Method, system and apparatus for a portable transaction device |
| US20140282958A1 (en)* | 2001-08-21 | 2014-09-18 | Bookit Oy Ajanvarauspalvelu | Multi-factor authentication techniques |
| US9578022B2 (en)* | 2001-08-21 | 2017-02-21 | Bookit Oy Ajanvarauspalvelu | Multi-factor authentication techniques |
| US20030087629A1 (en)* | 2001-09-28 | 2003-05-08 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks |
| US7042988B2 (en) | 2001-09-28 | 2006-05-09 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks |
| US20060234678A1 (en)* | 2001-09-28 | 2006-10-19 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks |
| US20030093671A1 (en)* | 2001-11-13 | 2003-05-15 | International Business Machines Corporation | Method and system for authentication of a user |
| US7360238B2 (en)* | 2001-11-13 | 2008-04-15 | International Business Machines Corporation | Method and system for authentication of a user |
| WO2003058461A1 (en)* | 2001-12-27 | 2003-07-17 | Motorola Inc. | Method and apparatus for enabling an external function from a wap environment |
| US20030126271A1 (en)* | 2001-12-27 | 2003-07-03 | Mowry Kevin Curtis | Method and apparatus for enabling an external function from a WAP environment |
| WO2004066219A1 (en)* | 2003-01-22 | 2004-08-05 | Francotyp-Postalia Ag & Co. Kg | Mobile data transmission method and system |
| US20050053241A1 (en)* | 2003-04-04 | 2005-03-10 | Chen-Huang Fan | Network lock method and related apparatus with ciphered network lock and inerasable deciphering key |
| US7471794B2 (en)* | 2003-04-04 | 2008-12-30 | Qisda Corporation | Network lock method and related apparatus with ciphered network lock and inerasable deciphering key |
| US20040267665A1 (en)* | 2003-06-24 | 2004-12-30 | Lg Telecom, Ltd. | System for providing banking services by use of mobile communication |
| US7885870B2 (en)* | 2003-06-24 | 2011-02-08 | Lg Uplus Corp. | System for providing banking services by use of mobile communication |
| US20050166263A1 (en)* | 2003-09-12 | 2005-07-28 | Andrew Nanopoulos | System and method providing disconnected authentication |
| US8966276B2 (en)* | 2003-09-12 | 2015-02-24 | Emc Corporation | System and method providing disconnected authentication |
| US20050250515A1 (en)* | 2004-05-10 | 2005-11-10 | Mitsubishi Denki Kabushiki Kaisha | Local public information system |
| US7421267B2 (en)* | 2004-05-10 | 2008-09-02 | Kenichiro Oka | Local public information system |
| US20050268096A1 (en)* | 2004-05-28 | 2005-12-01 | Roger Kilian-Kehr | Client authentication using a challenge provider |
| US7673141B2 (en)* | 2004-05-28 | 2010-03-02 | Sap Aktiengesellschaft | Client authentication using a challenge provider |
| US20110214172A1 (en)* | 2004-10-22 | 2011-09-01 | Eckehard Hermann | Authentication Over a Network Using One-Way Tokens |
| US20060090197A1 (en)* | 2004-10-22 | 2006-04-27 | Software Ag | Authentication method and devices |
| US8312525B2 (en) | 2004-10-22 | 2012-11-13 | Software Ag | Authentication over a network using one-way tokens |
| US8028331B2 (en) | 2004-10-22 | 2011-09-27 | Software Ag | Source access using request and one-way authentication tokens |
| WO2006049520A1 (en)* | 2004-11-02 | 2006-05-11 | Oracle International Corporation | Systems and methods of user authentication |
| US20080016347A1 (en)* | 2004-11-02 | 2008-01-17 | Oracle International Corporation | Systems and Methods of User Authentication |
| US8601264B2 (en) | 2004-11-02 | 2013-12-03 | Oracle International Corporation | Systems and methods of user authentication |
| US8191161B2 (en)* | 2005-12-13 | 2012-05-29 | Microsoft Corporation | Wireless authentication |
| US20070136796A1 (en)* | 2005-12-13 | 2007-06-14 | Microsoft Corporation | Wireless authentication |
| US20090217048A1 (en)* | 2005-12-23 | 2009-08-27 | Bce Inc. | Wireless device authentication between different networks |
| US8959598B2 (en) | 2005-12-23 | 2015-02-17 | Bce Inc. | Wireless device authentication between different networks |
| WO2007071009A1 (en)* | 2005-12-23 | 2007-06-28 | Bce Inc. | Wireless device authentication between different networks |
| US8341714B2 (en)* | 2005-12-29 | 2012-12-25 | Axsionics Ag | Security token and method for authentication of a user with the security token |
| US20090320118A1 (en)* | 2005-12-29 | 2009-12-24 | Axsionics Ag | Security Token and Method for Authentication of a User with the Security Token |
| EP1832998A1 (en)* | 2006-03-07 | 2007-09-12 | Hitachi, Ltd. | Method of interfacing between electronic devices, method of operating a portable storage device, electronic device and electronic system |
| US7739197B2 (en)* | 2006-10-05 | 2010-06-15 | International Business Machines Corporation | Guest limited authorization for electronic financial transaction cards |
| US20080086424A1 (en)* | 2006-10-05 | 2008-04-10 | Sivakumar Jambunathan | Guest Limited Authorization For Electronic Financial Transaction Cards |
| US8526311B2 (en) | 2007-06-06 | 2013-09-03 | Veedims, Llc | System for integrating a plurality of modules using a power/data backbone network |
| US8303337B2 (en) | 2007-06-06 | 2012-11-06 | Veedims, Llc | Hybrid cable for conveying data and power |
| EP2061244A1 (en)* | 2007-09-27 | 2009-05-20 | Vodafone Group PLC | Protection of broadcast content with key distribution using telecommunications network |
| US8254734B2 (en) | 2008-03-07 | 2012-08-28 | Veedims, Llc | Virtual electronic switch system |
| CN102090059A (en)* | 2008-05-23 | 2011-06-08 | 克劳迪奥·R·巴拉德 | System for remote control of devices using WAP |
| US20090289757A1 (en)* | 2008-05-23 | 2009-11-26 | Ballard Claudio R | System for remote control using a wap-enabled device |
| US8976541B2 (en) | 2011-08-31 | 2015-03-10 | Potens Ip Holdings Llc | Electrical power and data distribution apparatus |
| US20130138716A1 (en)* | 2011-11-28 | 2013-05-30 | At&T Intellectual Property I, Lp | Apparatus and method for providing activity monitoring and analysis |
| US20130282400A1 (en)* | 2012-04-20 | 2013-10-24 | Woundmatrix, Inc. | System and method for uploading and authenticating medical images |
| US9178880B1 (en)* | 2012-06-30 | 2015-11-03 | Emc Corporation | Gateway mediated mobile device authentication |
| US9250660B2 (en) | 2012-11-14 | 2016-02-02 | Laserlock Technologies, Inc. | “HOME” button with integrated user biometric sensing and verification system for mobile device |
| US9485236B2 (en) | 2012-11-14 | 2016-11-01 | Verifyme, Inc. | System and method for verified social network profile |
| US20150271159A1 (en)* | 2014-03-18 | 2015-09-24 | Em Microelectronic-Marin S.A. | Authentication by use of symmetric and asymmetric cryptography |
| US9774576B2 (en)* | 2014-03-18 | 2017-09-26 | Em Microelectronic-Marin S.A. | Authentication by use of symmetric and asymmetric cryptography |
| US11076010B2 (en) | 2016-03-29 | 2021-07-27 | Ricoh Company, Ltd. | Service providing system, service delivery system, service providing method, and non-transitory recording medium |
| US11108772B2 (en) | 2016-03-29 | 2021-08-31 | Ricoh Company, Ltd. | Service providing system, service delivery system, service providing method, and non-transitory recording medium |
| US11128623B2 (en)* | 2016-03-29 | 2021-09-21 | Ricoh Company, Ltd. | Service providing system, service delivery system, service providing method, and non-transitory recording medium |
| US20220182388A1 (en)* | 2020-12-08 | 2022-06-09 | Michael Boodaei | Transfer of trust between authentication devices |
| US11777942B2 (en)* | 2020-12-08 | 2023-10-03 | Transmit Security Ltd. | Transfer of trust between authentication devices |
Also Published As
| Publication number | Publication date |
|---|---|
| US8165299B2 (en) | 2012-04-24 |
| AU2001283949A1 (en) | 2002-02-25 |
| WO2002015626A1 (en) | 2002-02-21 |
| EP1323323A1 (en) | 2003-07-02 |
| US20060053281A1 (en) | 2006-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8165299B2 (en) | Network authentication | |
| US20020056044A1 (en) | Security system | |
| EP1807966B1 (en) | Authentication method | |
| US8082591B2 (en) | Authentication gateway apparatus for accessing ubiquitous service and method thereof | |
| US7366904B2 (en) | Method for modifying validity of a certificate using biometric information in public key infrastructure-based authentication system | |
| EP2481230B1 (en) | Authentication method, payment authorisation method and corresponding electronic equipments | |
| US20140101743A1 (en) | Method for authenticating a user to a service of a service provider | |
| MXPA06006588A (en) | System and method of seeure information transfer. | |
| US20020181701A1 (en) | Method for cryptographing information | |
| CN1977559B (en) | Method and system for protecting information exchanged during communication between users | |
| JP2002215582A (en) | Method and device for authentication | |
| US20030076961A1 (en) | Method for issuing a certificate using biometric information in public key infrastructure-based authentication system | |
| JP2011010313A (en) | Method, system and portable terminal for checking correctness of data | |
| US7690027B2 (en) | Method for registering and enabling PKI functionalities | |
| JP3927142B2 (en) | Remote control system and relay device | |
| US20020018570A1 (en) | System and method for secure comparison of a common secret of communicating devices | |
| GB2408129A (en) | User authentication via short range communication from a portable device (eg a mobile phone) | |
| CN112020716A (en) | Remote biometric identification | |
| KR100858146B1 (en) | Personal authentication method and device using mobile communication terminal and subscriber identification module | |
| WO2001011817A2 (en) | Network user authentication protocol | |
| GB2366139A (en) | Network authentication | |
| JP2002077143A (en) | Authentication method | |
| KR20030001721A (en) | System and method for certificating a smart card over network | |
| US20030131114A1 (en) | Portable electronic authenticator cryptographic module | |
| KR101945945B1 (en) | Authentication Method Using by Dynamic ID and Device Capable of Processing the Authentication Method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:TELEFONAKTIEBOLAGET LM ERICSSON (PUBL), SWEDEN Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ANDERSSON, STEFAN;REEL/FRAME:012353/0088 Effective date:20011121 | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |