WO2002084456A2 - User identity verification system - Google Patents

User identity verification system Download PDF

Info

Publication number
WO2002084456A2
WO2002084456A2 PCT/GB2002/001645 GB0201645W WO02084456A2 WO 2002084456 A2 WO2002084456 A2 WO 2002084456A2 GB 0201645 W GB0201645 W GB 0201645W WO 02084456 A2 WO02084456 A2 WO 02084456A2
Authority
WO
WIPO (PCT)
Prior art keywords
identification information
user
server
communication medium
client terminal
Prior art date
Application number
PCT/GB2002/001645
Other languages
French (fr)
Other versions
WO2002084456A3 (en
Inventor
David Powers
Original Assignee
Netdesigns Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0109200A external-priority patent/GB0109200D0/en
Priority claimed from GB0111528A external-priority patent/GB0111528D0/en
Priority claimed from GB0126583A external-priority patent/GB0126583D0/en
Priority claimed from GB0126929A external-priority patent/GB0126929D0/en
Application filed by Netdesigns Limited filed Critical Netdesigns Limited
Priority to EP02761938A priority Critical patent/EP1442350A2/en
Publication of WO2002084456A2 publication Critical patent/WO2002084456A2/en
Publication of WO2002084456A3 publication Critical patent/WO2002084456A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data

Definitions

  • the invention relates in general to the field of user identity verification.
  • the invention relates to a method and apparatus for user identification in a client-server system.
  • Common user identity verification systems are based on passwords that are memorised by the user. Such systems may be subverted if the memorised information becomes publicly available.
  • Another problem associated with passwords for user identity verification is that a user may require passwords for a number of separate computer systems, and therefore has to remember not only a number of passwords, but also which password corresponds to which computer system. This can lead to a user adopting a common password for all computer systems. Having a single universal password poses a considerable increase in risk of a security breach at all the systems due to the increased likelihood of the password becoming publicly available, and public awareness that one password may permit access to more than one separate computer system.
  • Other more sophisticated forms of subvision exist, such as local or remote monitoring of key storkes or screen displays .
  • a known alternative user identity verification technique involves the possession of a token, such as a card comprising identification information.
  • the holder of the token can be identified as an authorised user.
  • a token such as a card comprising identification information.
  • the token comprises an optical disc or a smartcard disc.
  • cards can be stolen or duplicated, allowing unauthorised and/or unidentifiable users to access otherwise secure computer systems.
  • An aim of the present invention is to provide a method and apparatus for verifying identity of a user in a manner which is reliable and which is not vulnerable to subversion.
  • Preferred embodiments of the present invention aim to address the problems of the prior art mentioned above.
  • a method of user identity verification in a system comprising a client terminal couplable to a server by a first communication medium, the method comprising: sending a first identification information over the first communication medium from the client terminal to the server; verifying, at the server, that the first identification information corresponds to a stored user profile; returning a second identification information to a user over a second communication medium according to the stored user profile; sending the second identification information to the server via the client terminal; and verifying user identity, at the server, according to presentation of the second identification information.
  • a user identity verification apparatus comprising: a server comprising a user profile store; a client terminal coupled to a server by a first communication medium; a second communication medium coupled to the server for supply of second identification information to a user, the client terminal being arranged in use to receive the first identification information, and to supply the first identification information over the first communication medium to the server; the server being arranged to verify that the first identification information correspond to a user profile in the user profile store and to supply a second identification information to the user over the second communication medium according to the stored user profile; the client terminal being arranged to receive the second identification information from the user and to supply the second identifier information to the server; and the server being arranged to verify user identity according to presentation of the second identification information.
  • the first identification information includes any one of a username, a memorised access code, information read from a token, or any combination thereof.
  • the first communication medium is different from the second communication medium.
  • the third identification information is supplied to the user over the second communication medium through a mobile communication device.
  • the second identification information is transmitted from the client terminal to the server over the first communication medium.
  • the first identification information is derived from at least one second identification information supplied to a user previously.
  • the first information includes a plurality of second identification information supplied to a user previously, and stored on a token.
  • the token is a removable storage device.
  • the second identification information sent to the user over the second communication medium is regenerated by the server.
  • Figure 1 shows a preferred apparatus for user identity verification
  • Figure 2 shows a flowchart illustrating a preferred method for user identity verification.
  • Figure 1 shows a preferred apparatus for verifying identity of a user 1.
  • the apparatus comprises a client terminal 10 coupled to a server 20 over a first communication link 50.
  • the server 20 is also coupled to a second communication link 60.
  • the first communication link 50 is ideally different to the second communication link 60.
  • the first communication link 50 comprises a computer network such as a local area or wide area network, a- virtual private network, or a more open communication link such as the internet.
  • the second communication link is, for example, a telecommunications network, suitably a wireless telephony network or cellular telephony network.
  • Most preferably the second communication link 60 is a GSM cellular network capable of carrying short messages (SMS) .
  • SMS short messages
  • the apparatus of Figure 1 comprises a user profile store 22 at a suitable verification point.
  • the server 20 it is convenient for the server 20 to comprise the user profile store 22, although it is possible for the user profile store 22 to be remote from the server 20.
  • the client terminal 10 is any suitable form of computing platform, such as a desktop computer or mobile computing device such as a laptop or palmtop computer .
  • Figure 2 shows a preferred method for verifying user identity, for use with the apparatus of Figure 1.
  • the client terminal 10 receives first identification information.
  • the first identification information is supplied to the client terminal 10, such as by the user 1 typing a user name and/or memorised access code into a keyboard input device 12- of the client terminal 10.
  • the first identification information is sent from the client terminal 10 to the server 20 over the first communication link 50.
  • the server 20 uses the received first identification information to retrieve a user profile from the user profile store 22. This provides a preliminary identification of the user 1.
  • the server 20 then generates a second identification information, which is returned over the second communication link 60, to reach the user 1, at step 203.
  • the second identification information is transferred to the client terminal 10, such as by the user 1 typing the second identification information into a keyboard input device 12 of the client terminal 10.
  • the client terminal 10 sends the second • • identification information back to the server 20, over the first communication link 50.
  • the server 20 verifies the identity of the user 1 based on the received second identification information.
  • the second communication link 60 is a message transmission system such as an SMS system for use on GSM cellular networks .
  • the second identification information is received by the user 1 such as by using a mobile communications device 40, i.e. a mobile phone.
  • sending the second identification information to the user's mobile phone 40 according to a predetermined user profile in the user profile store 22, allows increased certainty as to the user's identity.
  • Most users tend to carefully guard their mobile communication device 40 and will notice if it is stolen or subject to subversion. Hence, the user will take precautions to avoid unauthorised use of their mobile communication device 40.
  • possession of the mobile communication device 40 allows a high degree of trust to be placed in the user's identity.
  • the first identification information is provided at least in part from a token 30.
  • the token 30 is readily portable and may be carried by the user 1.
  • the user presents the token 30 to a token reader 11 of the client terminal 10.
  • the token reader 11 extracts the first identification information from the token 30.
  • the first identification information may come only from the token 30.
  • the first identification information can be formed by taking identification information from the token 30, and from a user input such as . a user name and/or memorised access code.
  • the first identification information is received and checked by the server 20, and is used to extract a user profile from the user profile store 22.
  • the user profile store 22 contains information which allows a message to be sent over the second communication link 60 to reach the user 1, suitably at their mobile communication device 40.
  • the user profile store contains a predetermined mobile telephone number of the mobile communication device 40.
  • the second identification information is in the form of a password that is randomly generated by the server 20.
  • the randomly generated password contains a short string (e.g. eight to twelve characters) containing a sequence of letters and numbers.
  • the user 1 may then easily manually transfer the password from their mobile communication device by typing the password into a keyboard input device of the client terminal 10.
  • the password can be automatically transferred from the mobile communication device 40 to the client terminal 10, such as by a short range infra-red communication link.
  • the token 30 is a removable storage medium such as a smart card, or preferably a CD or DVD format storage medium.
  • the token 30 comprises an updateable or re-writable storage medium such as a CD-RW or a re-writable DVD. This provides an additional layer of security, as the client terminal 10 can record passwords from previous occasions onto the token 30, i.e. record an incremental identity derived from the previous passwords.
  • the client terminal 10 can then transmit the incremental token identity back to the server 20 via the first communication link 50, and these can also be checked against a list contained in the user profile store 22. Only if the server 20 is satisfied that the first identification information comprising the incremental identity read from the token 30 matches a stored profile in the user profile store 22 is a new password transmitted to the mobile communication device 40 of the user 1. This makes the cloning of tokens a less effective way to defeat the user identity verification system, since a cloned token will become out of date as soon as the real token 30 is used.
  • other security coding can be included with ⁇ the first identification information on the token 30. The other security coding can also be regenerated and stored on the token 30 to add a yet further layer of security.
  • the token 30 suitably stores operating software which allows the identity verification system to run on the client terminal 10.
  • the token 30 by inserting the token 30 into any suitable computer terminal 10, the user
  • Token 30 can also store other information such as promotional and advertising material.
  • the identification information stored by the token 30 and/or the other information can be strongly encrypted.
  • the token 30 and the* mobile communication device 40 can be incorporated into a single unit.
  • the token 30 can in alternative embodiments further comprise a magnetic strip and/or a microprocessor chip to enable a single token 30 to be used for identification in a number of other existing systems.
  • the token may include other visible identification information, such as a photograph identity.
  • the user identity verification system described herein is able to operate at a number of different levels of security.
  • a system administrator is able to select appropriate levels of security according to the needs of particular user or group of users . For some purposes it may be sufficient simply for possession of the token 30 to be an adequate mechanism for identifying the user 1.
  • the transmission of first and second identification information, via the first and second communication links 50, 60 allows a higher degree of certainty.
  • possession of both the token 30 and the mobile communication device 40 is required.
  • a memorised user name or memorised access code is required, which avoids subversion in the event that the token 30 and. the mobile communication device 40 are stolen.
  • the user identification system can be used to control access to buildings in combination with electronic locking mechanisms .
  • Further example applications include authentication for pay-per-view broadcasting systems, or access to a private electronic messaging system.

Abstract

A user identity verification method and apparatus having improved security characteristics are provided. The method and apparatus are suitable for use in a system comprising a client terminal (10) coupled to a server (20) by a first communication medium (50). A user (1) supplies a token (30) comprising first identification information to the client terminal (10), and also supplies identification information such as a memorised username. The supplied first identification information is transmitted over the first communication medium (50) from the client terminal (10) to the server (20). The server verifies that the first identification information corresponds to a stored user profile and then sends a second identification information to the user over a second communication medium (60, 40) such as a GSM network (60) to the user's mobile telephone (40). The user supplies the second identification information to the server (20) via the client terminal (10) and the user's identity is verified at the server according to presentation of the second identification information.

Description

User Identity Verification System
The invention relates in general to the field of user identity verification. In particular, the invention relates to a method and apparatus for user identification in a client-server system.
In the field of computer systems, it is often desired to verify a user's identity, as user identity verification is important to maintain secure systems. Once a user's identity has been verified, an appropriate level of access can be allowed. In addition to allowing access, knowledge of a user's identity allows that user's browsing and/or other habits to be monitored.
Common user identity verification systems are based on passwords that are memorised by the user. Such systems may be subverted if the memorised information becomes publicly available. Another problem associated with passwords for user identity verification is that a user may require passwords for a number of separate computer systems, and therefore has to remember not only a number of passwords, but also which password corresponds to which computer system. This can lead to a user adopting a common password for all computer systems. Having a single universal password poses a considerable increase in risk of a security breach at all the systems due to the increased likelihood of the password becoming publicly available, and public awareness that one password may permit access to more than one separate computer system. Other more sophisticated forms of subvision exist, such as local or remote monitoring of key storkes or screen displays . A known alternative user identity verification technique involves the possession of a token, such as a card comprising identification information. The holder of the token can be identified as an authorised user. One example of this type of system is described in the International Application WO 00/62249 in which the token comprises an optical disc or a smartcard disc. However, cards can be stolen or duplicated, allowing unauthorised and/or unidentifiable users to access otherwise secure computer systems.
An aim of the present invention is to provide a method and apparatus for verifying identity of a user in a manner which is reliable and which is not vulnerable to subversion. Preferred embodiments of the present invention aim to address the problems of the prior art mentioned above.
According to a first aspect of the present invention there is provided a method of user identity verification in a system comprising a client terminal couplable to a server by a first communication medium, the method comprising: sending a first identification information over the first communication medium from the client terminal to the server; verifying, at the server, that the first identification information corresponds to a stored user profile; returning a second identification information to a user over a second communication medium according to the stored user profile; sending the second identification information to the server via the client terminal; and verifying user identity, at the server, according to presentation of the second identification information.
According to a second aspect of the present invention there is provided a user identity verification apparatus comprising: a server comprising a user profile store; a client terminal coupled to a server by a first communication medium; a second communication medium coupled to the server for supply of second identification information to a user, the client terminal being arranged in use to receive the first identification information, and to supply the first identification information over the first communication medium to the server; the server being arranged to verify that the first identification information correspond to a user profile in the user profile store and to supply a second identification information to the user over the second communication medium according to the stored user profile; the client terminal being arranged to receive the second identification information from the user and to supply the second identifier information to the server; and the server being arranged to verify user identity according to presentation of the second identification information.
Preferably, the first identification information includes any one of a username, a memorised access code, information read from a token, or any combination thereof.
Preferably, the first communication medium is different from the second communication medium. Preferably, the third identification information is supplied to the user over the second communication medium through a mobile communication device.
Preferably, the second identification information is transmitted from the client terminal to the server over the first communication medium.
Preferably, the first identification information is derived from at least one second identification information supplied to a user previously.
Preferably, the first information includes a plurality of second identification information supplied to a user previously, and stored on a token.
Preferably, the token is a removable storage device.
Preferably, the second identification information sent to the user over the second communication medium is regenerated by the server.
For a better understanding of the invention, and to show how embodiments of the same may be carri-ed into effect, reference will now be made, by way of example, to the accompanying diagrammatic drawing in which:
Figure 1 shows a preferred apparatus for user identity verification; and
Figure 2 shows a flowchart illustrating a preferred method for user identity verification. Figure 1 shows a preferred apparatus for verifying identity of a user 1. The apparatus comprises a client terminal 10 coupled to a server 20 over a first communication link 50. The server 20 is also coupled to a second communication link 60. The first communication link 50 is ideally different to the second communication link 60. For example, the first communication link 50 comprises a computer network such as a local area or wide area network, a- virtual private network, or a more open communication link such as the internet. The second communication link is, for example, a telecommunications network, suitably a wireless telephony network or cellular telephony network. Most preferably the second communication link 60 is a GSM cellular network capable of carrying short messages (SMS) .
The apparatus of Figure 1 comprises a user profile store 22 at a suitable verification point. In this example it is convenient for the server 20 to comprise the user profile store 22, although it is possible for the user profile store 22 to be remote from the server 20.
It is desired to verify the identity of a user 1 who wishes to gain access to the apparatus, through the client terminal 10. Here, the client terminal 10 is any suitable form of computing platform, such as a desktop computer or mobile computing device such as a laptop or palmtop computer .
Figure 2 shows a preferred method for verifying user identity, for use with the apparatus of Figure 1. Initially, the client terminal 10 receives first identification information. Suitably, the first identification information is supplied to the client terminal 10, such as by the user 1 typing a user name and/or memorised access code into a keyboard input device 12- of the client terminal 10.
At step 201, the first identification information is sent from the client terminal 10 to the server 20 over the first communication link 50.
At step 202, the server 20 uses the received first identification information to retrieve a user profile from the user profile store 22. This provides a preliminary identification of the user 1. The server 20 then generates a second identification information, which is returned over the second communication link 60, to reach the user 1, at step 203.
The second identification information is transferred to the client terminal 10, such as by the user 1 typing the second identification information into a keyboard input device 12 of the client terminal 10.
At step 204, the client terminal 10 sends the second • • identification information back to the server 20, over the first communication link 50.
At step 205, the server 20 verifies the identity of the user 1 based on the received second identification information. Referring again to Figure 1, ideally the second communication link 60 is a message transmission system such as an SMS system for use on GSM cellular networks . Hence, the second identification information is received by the user 1 such as by using a mobile communications device 40, i.e. a mobile phone.
Advantageously, sending the second identification information to the user's mobile phone 40 according to a predetermined user profile in the user profile store 22, allows increased certainty as to the user's identity. Most users tend to carefully guard their mobile communication device 40 and will notice if it is stolen or subject to subversion. Hence, the user will take precautions to avoid unauthorised use of their mobile communication device 40. By sending the second identification information through the mobile communication device, possession of the mobile communication device 40 allows a high degree of trust to be placed in the user's identity.
As a further enhancement of the present invention, it is preferred that the first identification information is provided at least in part from a token 30. Suitably, the token 30 is readily portable and may be carried by the user 1. The user presents the token 30 to a token reader 11 of the client terminal 10. The token reader 11 extracts the first identification information from the token 30.
In this embodiment, the first identification information may come only from the token 30. Alternatively, the first identification information can be formed by taking identification information from the token 30, and from a user input such as . a user name and/or memorised access code.
The first identification information is received and checked by the server 20, and is used to extract a user profile from the user profile store 22. Suitably, the user profile store 22 contains information which allows a message to be sent over the second communication link 60 to reach the user 1, suitably at their mobile communication device 40. For example, the user profile store contains a predetermined mobile telephone number of the mobile communication device 40.
Suitably, the second identification information is in the form of a password that is randomly generated by the server 20. In an example embodiment, the randomly generated password contains a short string (e.g. eight to twelve characters) containing a sequence of letters and numbers. The user 1 may then easily manually transfer the password from their mobile communication device by typing the password into a keyboard input device of the client terminal 10. Alternatively the password can be automatically transferred from the mobile communication device 40 to the client terminal 10, such as by a short range infra-red communication link.
Any suitable event can be used to trigger . the generation of a password by the server 20, e.g. the expiry of a particular time period such as seven days. The trigger may be specific to a particular user, or can cover a. small or large group of users to allow mass renewal of passwords conveniently through software administration. In preferred embodiments, the token 30 is a removable storage medium such as a smart card, or preferably a CD or DVD format storage medium. Ideally, the token 30 comprises an updateable or re-writable storage medium such as a CD-RW or a re-writable DVD. This provides an additional layer of security, as the client terminal 10 can record passwords from previous occasions onto the token 30, i.e. record an incremental identity derived from the previous passwords. The client terminal 10 can then transmit the incremental token identity back to the server 20 via the first communication link 50, and these can also be checked against a list contained in the user profile store 22. Only if the server 20 is satisfied that the first identification information comprising the incremental identity read from the token 30 matches a stored profile in the user profile store 22 is a new password transmitted to the mobile communication device 40 of the user 1. This makes the cloning of tokens a less effective way to defeat the user identity verification system, since a cloned token will become out of date as soon as the real token 30 is used. Furthermore, other security coding can be included with ■ the first identification information on the token 30. The other security coding can also be regenerated and stored on the token 30 to add a yet further layer of security.
The token 30 suitably stores operating software which allows the identity verification system to run on the client terminal 10. Advantageously, by inserting the token 30 into any suitable computer terminal 10, the user
1 is able to operate the identity verification system. Token 30 can also store other information such as promotional and advertising material. The identification information stored by the token 30 and/or the other information can be strongly encrypted. In yet further embodiments, the token 30 and the* mobile communication device 40 can be incorporated into a single unit. Furthermore, the token 30 can in alternative embodiments further comprise a magnetic strip and/or a microprocessor chip to enable a single token 30 to be used for identification in a number of other existing systems. The token may include other visible identification information, such as a photograph identity.
It will be appreciated that the user identity verification system described herein is able to operate at a number of different levels of security. Advantageously, a system administrator is able to select appropriate levels of security according to the needs of particular user or group of users . For some purposes it may be sufficient simply for possession of the token 30 to be an adequate mechanism for identifying the user 1. When a more secure system is desired, the transmission of first and second identification information, via the first and second communication links 50, 60, allows a higher degree of certainty. In a still more secure mode, possession of both the token 30 and the mobile communication device 40 is required. In a still higher security mode, a memorised user name or memorised access code is required, which avoids subversion in the event that the token 30 and. the mobile communication device 40 are stolen. Hence, it is very unlikely that all of the communication device 40, the token 30 and the memorised information will be subverted simultaneously. The method and apparatus for user identify verification described above has many practical applications. As one example, the system is useful in the field of banking, both for identification at cash machines
(automatic teller machines) , and for internet banking.. As another example, the user identification system can be used to control access to buildings in combination with electronic locking mechanisms . Further example applications include authentication for pay-per-view broadcasting systems, or access to a private electronic messaging system.
The. reader's attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference .
All of the features disclosed in this specification
(including any accompanying claims, abstract and drawings) , and/or all • of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive.
Each feature disclosed in this specification
(including any accompanying claims, abstract and drawings) , may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Thus, unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features.
The invention is not restricted to the details of the foregoing embodiment (s) . The invention extends to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.

Claims

Claims
1. A method of user identity verification in a system comprising a client terminal couplable to a server by a first communication medium, the method comprising:
sending a first identification information over the first communication medium from the client terminal to the server;
verifying, at the server, that the first identification information corresponds to a stored user profile;
returning a second identification information to a user over a second communication medium according to the stored user profile;
sending the second identification information to the server via the client terminal; and
verifying user identity, at the server, according to presentation of the second identification information.
2. A user identity verification apparatus comprising:
a server comprising a user profile store;
a client terminal coupled to a server by a first communication medium; a second communication medium coupled to the server for supply of second identification information to a user,
the client terminal being arranged in use to receive the • first identification .information, and to supply the first identification information over the first communication medium to the server;
the server being arranged to verify that the first identification information correspond to a user profile in the user profile store and to supply a second identification information to the user over the second communication medium according to the stored user profile;
the client terminal being arranged to receive the second identification information from the user and to supply the second identifier information to the server; and
the server being arranged to verify user identity according to presentation of the second identification information.
3. The method or apparatus of claims 1 or 2, wherein the first identification information includes any one of a username, a memorised access code, information read from a token, or any combination thereof.
4. The method or apparatus of any preceding claim wherein the first communication medium is different from the second communication medium.
5. The method or apparatus of any preceding claim wherein the • third identification information is supplied to the user over the second communication medium through a mobile communication device.
6. The method or apparatus of any preceding claim wherein the second identification information is transmitted from the client terminal to the server over the first communication medium.
7. The method or apparatus of any preceding claim, wherein the first identification information is derived from at least one second identification information supplied to a user previously.
8. The method or apparatus of claim 7 , wherein the first information includes a plurality of second identification information supplied to a user previously, and stored on a token.
9. The method or the apparatus of any of claims 3 to 9, wherein the token is a removable storage device.
10. The method or apparatus of any preceding claim wherein the second identification information sent to the user over the second communication medium is regenerated by the server.
PCT/GB2002/001645 2001-04-12 2002-04-11 User identity verification system WO2002084456A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP02761938A EP1442350A2 (en) 2001-04-12 2002-04-11 User identity verification system

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
GB0109200.6 2001-04-12
GB0109200A GB0109200D0 (en) 2001-04-12 2001-04-12 Identifier card
GB0111528.6 2001-05-11
GB0111528A GB0111528D0 (en) 2001-05-11 2001-05-11 The identifier
GB0126583A GB0126583D0 (en) 2001-11-06 2001-11-06 The identifier system
GB0126583.4 2001-11-06
GB0126929.9 2001-11-09
GB0126929A GB0126929D0 (en) 2001-11-09 2001-11-09 Identifier card system

Publications (2)

Publication Number Publication Date
WO2002084456A2 true WO2002084456A2 (en) 2002-10-24
WO2002084456A3 WO2002084456A3 (en) 2003-10-30

Family

ID=27447938

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2002/001645 WO2002084456A2 (en) 2001-04-12 2002-04-11 User identity verification system

Country Status (3)

Country Link
EP (1) EP1442350A2 (en)
GB (1) GB2377523B (en)
WO (1) WO2002084456A2 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004061627A1 (en) 2003-01-06 2004-07-22 Sony Corporation Authentication system, authentication server, authentication method, authentication program, terminal, authentication request method, authentication request program, and storage medium
WO2004111809A1 (en) * 2003-06-18 2004-12-23 Telefonaktiebolaget Lm Ericsson (Publ) An arrangement and a method relating to ip network access
EP1580641A2 (en) * 2004-03-24 2005-09-28 Broadcom Corporation Global positioning system (GPS) based secure access
EP1715402A1 (en) * 2005-04-19 2006-10-25 Nahar Anoop Broadband data transmission method
EP1739570A1 (en) * 2004-04-23 2007-01-03 NEC Corporation User authentication system and data providing system using the same
EP1868131A1 (en) * 2006-06-14 2007-12-19 Vodafone Holding GmbH Method and system for secure user authentication
NL1039134C2 (en) * 2011-10-26 2013-05-01 Antonius Johannes Clemens Zon SYSTEM FOR CHECKING A CERTIFICATE OF IDENTIFICATION.
US8650103B2 (en) 2001-10-17 2014-02-11 Ebay, Inc. Verification of a person identifier received online
CN103955637A (en) * 2014-04-09 2014-07-30 可牛网络技术(北京)有限公司 Identification method and device for user identity of mobile terminal
US20150033299A1 (en) * 2013-07-23 2015-01-29 Kaspersky Lab Zao System and methods for ensuring confidentiality of information used during authentication and authorization operations
JP2018180686A (en) * 2017-04-05 2018-11-15 株式会社日本総合研究所 Password verification apparatus for preventing phishing, verification method, and program
WO2020063642A1 (en) * 2018-09-25 2020-04-02 Alibaba Group Holding Limited Reduction of search space in biometric authentication systems

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2397731B (en) * 2003-01-22 2006-02-22 Ebizz Consulting Ltd Authentication system
GB2413467B (en) * 2004-04-24 2008-10-29 David Hostettler Wain Secure network incorporating smart cards
US8893243B2 (en) 2008-11-10 2014-11-18 Sms Passcode A/S Method and system protecting against identity theft or replication abuse
US10250590B2 (en) 2015-08-31 2019-04-02 Samsung Electronics Co., Ltd. Multi-factor device registration for establishing secure communication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5060263A (en) * 1988-03-09 1991-10-22 Enigma Logic, Inc. Computer access control system and method
WO1995019593A1 (en) * 1994-01-14 1995-07-20 Michael Jeremy Kew A computer security system
EP0844551A2 (en) * 1996-10-28 1998-05-27 Brian J. Veneklase Computer security system
US6148404A (en) * 1997-05-28 2000-11-14 Nihon Unisys, Ltd. Authentication system using authentication information valid one-time
EP1107089A1 (en) * 1999-12-11 2001-06-13 Connectotel Limited Strong authentication method using a telecommunications device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4679236A (en) * 1984-12-21 1987-07-07 Davies Richard E Identification verification method and system
US5604803A (en) * 1994-06-03 1997-02-18 Sun Microsystems, Inc. Method and apparatus for secure remote authentication in a public network
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
FR2745136B1 (en) * 1996-02-15 1998-04-10 Thoniel Pascal SECURE IDENTIFICATION METHOD AND DEVICE BETWEEN TWO TERMINALS
US5684951A (en) * 1996-03-20 1997-11-04 Synopsys, Inc. Method and system for user authorization over a multi-user computer system
GB2328310B (en) * 1996-05-15 1999-12-08 Ho Keung Tse Electronic transaction apparatus and method therefor
US6934858B2 (en) * 1999-12-15 2005-08-23 Authentify, Inc. System and method of using the public switched telephone network in providing authentication or authorization for online transactions
DE20001438U1 (en) * 2000-01-28 2001-06-13 Prestele Eugen Cartridge piston
GB2369469B (en) * 2000-11-28 2002-10-23 Swivel Technologies Ltd Secure file transfer method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5060263A (en) * 1988-03-09 1991-10-22 Enigma Logic, Inc. Computer access control system and method
WO1995019593A1 (en) * 1994-01-14 1995-07-20 Michael Jeremy Kew A computer security system
EP0844551A2 (en) * 1996-10-28 1998-05-27 Brian J. Veneklase Computer security system
US6148404A (en) * 1997-05-28 2000-11-14 Nihon Unisys, Ltd. Authentication system using authentication information valid one-time
EP1107089A1 (en) * 1999-12-11 2001-06-13 Connectotel Limited Strong authentication method using a telecommunications device

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8650103B2 (en) 2001-10-17 2014-02-11 Ebay, Inc. Verification of a person identifier received online
EP1486851A1 (en) * 2003-01-06 2004-12-15 Sony Corporation Authentication system, authentication server, authentication method, authentication program, terminal, authentication request method, authentication request program, and storage medium
WO2004061627A1 (en) 2003-01-06 2004-07-22 Sony Corporation Authentication system, authentication server, authentication method, authentication program, terminal, authentication request method, authentication request program, and storage medium
EP1486851A4 (en) * 2003-01-06 2007-03-07 Sony Corp Authentication system, authentication server, authentication method, authentication program, terminal, authentication request method, authentication request program, and storage medium
CN100388151C (en) * 2003-06-18 2008-05-14 艾利森电话股份有限公司 An arrangement and a method relating to IP network access
WO2004111809A1 (en) * 2003-06-18 2004-12-23 Telefonaktiebolaget Lm Ericsson (Publ) An arrangement and a method relating to ip network access
US8108903B2 (en) 2003-06-18 2012-01-31 Telefonaktiebolaget Lm Ericsson (Publ) Arrangement and a method relating to IP network access
EP1580641A2 (en) * 2004-03-24 2005-09-28 Broadcom Corporation Global positioning system (GPS) based secure access
EP1739570A4 (en) * 2004-04-23 2010-03-24 Nec Corp User authentication system and data providing system using the same
EP1739570A1 (en) * 2004-04-23 2007-01-03 NEC Corporation User authentication system and data providing system using the same
JP2007006455A (en) * 2005-04-19 2007-01-11 Nahar Anoop Method of transmitting wide band data
EP1715402A1 (en) * 2005-04-19 2006-10-25 Nahar Anoop Broadband data transmission method
EP1868131A1 (en) * 2006-06-14 2007-12-19 Vodafone Holding GmbH Method and system for secure user authentication
NL1039134C2 (en) * 2011-10-26 2013-05-01 Antonius Johannes Clemens Zon SYSTEM FOR CHECKING A CERTIFICATE OF IDENTIFICATION.
US20150033299A1 (en) * 2013-07-23 2015-01-29 Kaspersky Lab Zao System and methods for ensuring confidentiality of information used during authentication and authorization operations
US9059990B2 (en) * 2013-07-23 2015-06-16 Kaspersky Lab Zao System and methods for ensuring confidentiality of information used during authentication and authorization operations
US9300674B2 (en) 2013-07-23 2016-03-29 Kaspersky Lab Ao System and methods for authorizing operations on a service using trusted devices
CN103955637A (en) * 2014-04-09 2014-07-30 可牛网络技术(北京)有限公司 Identification method and device for user identity of mobile terminal
JP2018180686A (en) * 2017-04-05 2018-11-15 株式会社日本総合研究所 Password verification apparatus for preventing phishing, verification method, and program
WO2020063642A1 (en) * 2018-09-25 2020-04-02 Alibaba Group Holding Limited Reduction of search space in biometric authentication systems
US10984223B2 (en) 2018-09-25 2021-04-20 Advanced New Technologies Co., Ltd. Reduction of search space in biometric authentication systems
US11093732B2 (en) 2018-09-25 2021-08-17 Advanced New Technologies Co., Ltd. Reduction of search space in biometric authentication systems

Also Published As

Publication number Publication date
EP1442350A2 (en) 2004-08-04
GB2377523A8 (en) 2003-05-12
GB2377523A (en) 2003-01-15
GB0208362D0 (en) 2002-05-22
WO2002084456A3 (en) 2003-10-30
GB2377523B (en) 2003-11-26

Similar Documents

Publication Publication Date Title
EP1969880B1 (en) System and method for dynamic multifactor authentication
JP5133248B2 (en) Offline authentication method in client / server authentication system
US8365988B1 (en) Dynamic credit card security code via mobile device
US8997177B2 (en) Graphical encryption and display of codes and text
US20020087892A1 (en) Authentication method and device
TWI526037B (en) Method and system for abstrcted and randomized one-time use passwords for transactional authentication
US20090013402A1 (en) Method and system for providing a secure login solution using one-time passwords
US10204217B2 (en) System and method for replacing common identifying data
US20080216172A1 (en) Systems, methods, and apparatus for secure transactions in trusted systems
MX2007007511A (en) Authentication device and/or method.
WO2002084456A2 (en) User identity verification system
WO2010011731A2 (en) Methods and systems for secure key entry via communication networks
EP1604257B1 (en) A method and system for identifying an authorized individual by means of unpredictable single-use passwords
JP2008537210A (en) Secured data communication method
EP3579595B1 (en) Improved system and method for internet access age-verification
CN102822835A (en) Personal portable secured network access system
US20050005128A1 (en) System for controlling access to stored data
CA2611549C (en) Method and system for providing a secure login solution using one-time passwords
JP2007065789A (en) Authentication system and method
US20090164802A1 (en) Memory management method
Proctor et al. Human factors in information security methods
session SAAAAAA SkS U33" flgis;,--CL) tSee
IES85150Y1 (en) Securing access authorisation

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWE Wipo information: entry into national phase

Ref document number: 2002761938

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002761938

Country of ref document: EP

NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP