[go: up one dir, main page]

WO2001015381A1 - User authentication system using second connection path - Google Patents

User authentication system using second connection path Download PDF

Info

Publication number
WO2001015381A1
WO2001015381A1 PCT/KR2000/000924 KR0000924W WO0115381A1 WO 2001015381 A1 WO2001015381 A1 WO 2001015381A1 KR 0000924 W KR0000924 W KR 0000924W WO 0115381 A1 WO0115381 A1 WO 0115381A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
user authentication
authentication
connection path
connection
Prior art date
Application number
PCT/KR2000/000924
Other languages
French (fr)
Inventor
Hyeong Nyeon Kim
Original Assignee
Danal Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Danal Co., Ltd. filed Critical Danal Co., Ltd.
Priority to AU67352/00A priority Critical patent/AU6735200A/en
Publication of WO2001015381A1 publication Critical patent/WO2001015381A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to a user authentication system using a second connection path, and more particularly, to a user authentication system for ensuring reliability and stability much higher than an existing user authentication system, in which a final user authentication is performed via a second connection path such as a telephone communications network different from a first connection path through which a user gains access to a system.
  • a second connection path such as a telephone communications network different from a first connection path through which a user gains access to a system.
  • a user authentication system receives an input identification (ID) and an input password for gaining access to a particular service system, and performs a user authentication with a result obtained by comparing the input ID and password with an ID and a password of a corresponding user which have been stored in advance in the system. Also, to prevent hacking personal credit information or transmission data on a connection path, data such as an ID, password or contents which are transmitted between a user terminal and a service provider system is further encrypted and decrypted or scrambled or descrambled, using a predetermined encryption algorithm.
  • an object of the present • invention to provide a user authentication system having a remarkably enhanced reliability and stability, in which an interception of user information for authentication by a hacker on a general connection path is prevented, and even though user information for authentication has been intercepted, only an authorized user is assuredly distinguished and authenticated.
  • a user authentication system having a first connection path for a user, characterized in that the user authentication system processes a user demand via the first connection path within a predetermined range and performs a user authentication by use of a second connection path, if a demand departing from the predetermined range is requested.
  • the second connection path is embodied using a telephone network and a communications system.
  • an authentication via the existing first connection path is applied as a first authentication which allows for a connection to the system in order to process a user demand within the predetermined range
  • an authentication via the second connection path proposed in the present invention is applied as a final user authentication allowing for an accessing or updating important information departing from the predetermined range.
  • the first and second authentication methods differ distinctively from a simple double authentication method doubly authenticating a user via the same connection path, in the technological configuration and functional effect, which is apparent to a person who has an ordinary skill in the art.
  • FIG. 1 is a block diagram showing a user authentication system by use of a second connection path according to a preferred embodiment of the present invention.
  • FIG. 2 is a flow-chart view for explaining a user authentication method of the FIG. 1 system.
  • FIG. 1 is a block diagram showing a user authentication system by use of a second connection path according to a preferred embodiment of the present invention.
  • the user authentication system shown in FIG. 1 illustrates a preferred embodiment of the case that a second authentication scheme using a second connection path, which refers specifically to a telephone communications network, is combined with an existing authentication scheme using a first connection path.
  • the present invention is not however limited thereto.
  • the principal configuration of FIG. 1 is not however limited thereto.
  • a user interface unit 10 having user terminals 11 and 12 which are individually connected to a respectively different connection path
  • a service provider system 20 for processing a demand from a user via a first connection path within a predetermined range, and performing a final user authentication by use of a second connection path if a demand departing from the predetermined range is requested, to thereby provide a relevant service
  • a resource 40 represents a resource object demanding an access of an authorized user or an updating of the user authentication information, in the case that the final user authentication has been performed by a user authentication and service provider unit 21.
  • the resource object demanding the final user authentication corresponds to all objects requiring a user authentication procedure such as a general data file, a DB table, a bank account, and a directory service.
  • the first user terminal 11 in the user interface unit 10 is a user interface connected to the service provider system 20 via the first connection path, for demanding a predetermined service to and from a user.
  • the second user terminal 12 is a user interface connected to the service provider system 20 via the second connection path and the communication connect and control system 30, for inputting the final user authentication information to the systems upon the demand of the service provider system 20 and the communication connect and control system 30.
  • each connection path is realized in various forms according to a service pattern provided from the system.
  • each connection path For example, a PSTN (Public Switched Telephone Network), an ISDN (Integrated Services Digital Network), a WAN (Wide Area Network), a LAN (Local Area Network), a mobile radio communications network, or a blue tooth which is a most likelihood direct communications network is applied as each connection path.
  • each user terminal connected to each connection path is a telephone, a personal computer (PC), an ATM terminal, a mobile phone such as a cellular phone and a PCS, or a terminal incorporated with the Bluetooth for a one-to-one immediate radio communication.
  • the service provider system 20 includes a user authentication and service provider 21 , an authentication database 22 and a telephone authentication database 23 using a telephone network, and provides a service having a different level by a predetermined authentication step.
  • the provided service has a variety of modified service patterns.
  • the service pattern is a predetermined paid service such as an Internet electronic commerce, an Internet mud game service, an Internet audio-on-demand service, an Internet video-on-demand service, and a predetermined program use service.
  • the present invention is not limited thereto.
  • the authentication database 22 stores and manages user IDs and first passwords.
  • a user connects the authentication database 22 to the service provider system 20, via a first user terminal 11 and a first connection path, to use a service within the predetermined range.
  • the authentication database 22 is used to determine whether or not a service use is allowed within a predetermined range.
  • the telephone authentication database 23 stores and manages user Ids, telephone numbers and second passwords.
  • the telephone authentication database 23 is used to finally authenticate whether a corresponding user has an authorized right, if a demand departing from a predetermined range is requested to the system 20.
  • the second password can be pre-set in advance. Also, the second password can be temporarily given by the system or user whenever the final authentication is demanded.
  • the telephone number of a corresponding user can be used as a user ID.
  • a processing departing from a predetermined range in the system means an access to and an updating of important information that should not be disclosed to an illegal user, a paid service, and so on, which go beyond simple inspection of the information.
  • the important information can be a resource object shown in FIG. 1. If an ID of a user and a first primary password are input from a first user terminal 11 via a first connection path, the user authentication and service provider 21 compares them with those of a corresponding user which are stored in the authentication database 22. As a result, if they match with each other, a user demand is processed within a predetermined range.
  • the user authentication and service provider 21 transfers a telephone number of the corresponding user stored in a telephone authentication database 23 to a communication connection system (ARS) 31 , if a demand departing from the predetermined range is requested from a user.
  • the communication connection system 31 dials up a telephone number of the user via a second connection path, connects with the user, receives user authentication information such as a second password, and transfers the received user authentication information to the user authentication and service provider 21.
  • the user authentication and service provider 21 compares the user authentication information, that is, the second password transferred from the communication connection system 31, with those stored in the telephone authentication database 23. As a result, if they match, the user is finally authenticated that the corresponding user has an authorized right, and the relevant service is provided.
  • the communication connection and control system 30 includes the communication connection system 31 having an ARS processing function basically, and can further include a connection control system 32.
  • the communication connection and control system 30 is installed in the inside of the service provider system 20, or in a communication service company such as a general telephone base station or a mobile communication base station, which is located in the outside of the service provider system 20.
  • the connection control system 32 is a means for checking a final user authentication and connection details of a user for use of the relevant service, and stores and controls telephone number related use details such as a telephone, an inherent number of a second user terminal 12, a number of times of the user inputs, a connection time, a second password for the user who wrongly inputs, to thereby perform a final user authentication, and/or user authentication details related to a predetermined paid service use.
  • telephone number related use details such as a telephone, an inherent number of a second user terminal 12, a number of times of the user inputs, a connection time, a second password for the user who wrongly inputs, to thereby perform a final user authentication, and/or user authentication details related to a predetermined paid service use.
  • the user authentication system operates in an application layer which is the highest layer among a network protocol, and operates even in any hierarchical protocols such as TCP/IP, OSI, SNA, DNA and so on, which are used in all communications between respective portions.
  • the user authentication system operates in any encryption technique such as SSL, PCT, KEBEROS and so on in other lower layers and a virtual private network service (VPN).
  • VPN virtual private network service
  • a user manipulates the first user terminal 11 , to gain access to the service provider system 20 via the first connection path at first, and performs a work within an allowable range preset in the service provider system 20 (step 10).
  • the user authentication and service provider 21 compares an ID and a first password of a user input via the first connection path with those of the corresponding user stored in the authentication DB 22, to thereby perform a first user authentication. It is preferable that the first user authentication is used for authenticating a user for a predetermined service that does not require a thorough security.
  • the first user authentication can be used in the case when the user accesses a home page on the network and inspects known information which is not the important information such as inspection of basic service details, personal particulars and paid services. If the above system access is primarily allowed, the user authentication and service provider 21 judges whether a user authentication is needed (step 20). That is, if a user demand via the first connection path does not depart off the predetermined allowable range, a work within the predetermined allowable range can continue. However, if a user demand corresponds to an access to or updating important information departing from the range preset in the system, it is judged that a final user authentication is required.
  • step 20 if the final user authentication is demanded, the user authentication and service provider 21 demands that a second password is temporarily input to the first user terminal 11 via the first connection path (step 21). If the second password randomly determined by the user is input to the user authentication and service provider 21 via the first connection path (step 22), the user authentication and service provider 21 stores and controls the input user second password in a record of the corresponding user in the telephone authentication database 23 (step 23).
  • the second password randomly produced by the user via the first connection path is temporarily stored and controlled, whenever a final user authentication is demanded, to accordingly cause a stronger security level to be enhanced.
  • the technological features of the present invention are not limited thereto. That is, the user second password which is stored in the telephone authentication DB 23 for use in final user authentication is preset, and the user second password can be notified to the user randomly. Also, the second password can be received from the user via the second connection path and the second user terminal 12.
  • the second password can be set identically with the first password, but it is more preferable that the second password is assigned randomly as a security demand level of a site is higher.
  • the secondary password transferred to the system on the first connection path can be encrypted based on a predetermined algorithm, while the final user authentication system according to the present invention does not need to perform an encryption, which is one of the merits of the present invention.
  • the reason is because confirmation of the second password for the final user authentication is performed via the second connection path and the second user terminal 12 having a user telephone number stored in the system. Even if a hacker intercepts the second password transferred to the system via the first connection path, the hacker should invade the service provider system 20 and find out a telephone number of the corresponding user. Further, only in the case that the hacker duplicates the second user terminal 12 having the telephone number, or possesses the second user terminal 12 where the telephone number has been set, it is possible to perform an illegal final user authentication.
  • the user authentication and service provider 21 reads out a telephone number of a corresponding user stored in the telephone authentication DB 23 and transfers the read result to the communication connection system 31 (step 24). Accordingly, the communication connection system 31 where an ARS (Automatic Response System) processing is possible calls up the second user terminal 12 via the second connection path by the transferred user telephone number and demands that the user input the second password (step 25).
  • ARS Automatic Response System
  • the communication connection system 31 can transfer a message for making the user input the second password, using a SMS (Short Message Service), a WAP (wireless Application Protocol) and a ME (Mobile Explore), as well as the ARS.
  • the communication connection system 31 can transfer a signal for automatically activating a wireless Internet browser together with the message.
  • the user can access a wireless Internet server (not shown) to confirm a message, without activating the wireless Internet browser separately.
  • the user having received the message manipulates the second user terminal 12, and inputs the user second password to the communication connection system 31 via the second connection path (step 26).
  • the second password of the corresponding user is preset in the memory in the second user terminal 12 and the communication connection system 31 reads out the information from the memory automatically, which conveniences the user.
  • the encryption transfer of the user information such as the second password via the second connection path is not essential but optional, as in the first connection path.
  • the communication connection system 31 transfers the second password input from the second user terminal 12 via the second connection path to the user authentication and service provider 21 (step 27).
  • a connection control system 32 connected to the communication connection system 31 stores and controls the communication details via the telephone number, in which the communication details are used as supervisory trace of illegal users and basic data for billing paid service uses.
  • connection control system 32 for recording security information.
  • the supervised details are taken custody in a database, together with data related to the inherent number of the second user terminal 12, the number of times of inputs, the connection time, the wrongly input second password transferred together with the telephone number automatically from the second user terminal 12, to thereby trace the illegal user in the case that a problem occurs.
  • the database provides a basis on which the service provider charges transaction cost to the telephone number of the customer, in which case the telephone company can make a bill of and receive a product price in addition to the transaction cost, on behalf of the service provider.
  • a separate connection control and account system is constructed in the telephone service provider company (a general telephone base station and a mobile communication base station), and also constructed on the system capable of performing a reliable connection and supervision.
  • the user authentication and service provider 21 compares the user second password transferred via the second connection path with the user second password stored temporarily via the first connection path (step 28). As a result, if they match with each other, the user connected to the system via the first connection path is authenticated that the user is an authorized user having an authorized right, and thus the user authentication and service provider 21 provides the corresponding user with a requested service (step 29). As an example, a user who has been authenticated finally in step 29 can be allowed to gain access to the resource object 40 or update the information.
  • the resource object 40 which is accessed or updated according to the final user authentication can be important data related to personal credit card information, bank account, product transaction details, and personal privacy.
  • the processing is performed according to a particularly determined rule or rolls back an existing transaction of the corresponding user in the system (step 30). Besides, even in the case that a response time from the second user terminal 12 excesses a designated time, a processing can be performed as in step 30.
  • the user authentication system using the second connection path according to the present invention performs a user authentication via a connection path different from the first connection path, which is used for service use, to thereby enhance reliability of the user authentication.
  • the hacker since a hacker intercepts all user information transferred on the two connection paths, the hacker should possess the telephone number of the authorized user and the second user terminal 12 connected to the telephone number. Therefore, a security level and reliability and stability of the user authentication system are remarkably enhanced in comparison with the existing ones.
  • the user or the service provider system 20 assigns the second password of the authorized user randomly. Accordingly, whenever a user authentication is demanded, a different password is assigned, which makes the second password intercepted by a hacker during user authentication meaningless.
  • the second user terminal 12 shown in FIG. 1 is embodied with a multi- telephone-number system having at least two telephone numbers.
  • authentication dedicated telephone numbers of the multi- telephone-number system are stored in the telephone authentication DB 23.
  • this method does not respond to the authentication demand in the case that a user authentication is demanded with an inherent number, but connects with the inherent number only when the user authentication is demanded with the authentication dedicated telephone number, to thereby perform an authentication.
  • the user authentication system according to the present invention connected with the multi- telephone-number system can communicate with a terminal having an inherent number only in the case that another authentication dedicated telephone number, not the inherent number is used as the second connection path for the final user authentication.
  • the present invention provides the best security system and thus provides a security effect and reliability that is much more remarkably enhanced than the existing technology.
  • a user iris information or finger print information is used as user authentication information using the second connection path, that is, the second password.
  • the second user terminal 12 should be embodied as a terminal capable of recognizing the user iris or fingerprint and also the authentication corresponding thereto should be set in the system.
  • an authorized card owner certifies and completes a corresponding transaction, by using a second user terminal 12 such as a mobile phone, even when a cash card or credit card of the user is rent to another person, to thereby enable a creditable transaction, with safe and in comfort.
  • the user authentication system according to the present invention performs a final user authentication via a second connection path different from a first connection path which is used for service utilization, to thereby provide ensure reliability and stability much higher than an existing user authentication system.
  • the second password different from the first password for the existing user authentication is used to perform a final user authentication. Accordingly, dangerousness of hacking is minimized to enable a reliable communication transaction. In this case, even if a hacker intercepts a first password, the hacker cannot complete a transaction only in the case that he or she should hold the second user terminal in which the telephone number of an authorized user has been set, to thereby provide a stronger security effect.
  • the user authentication system according to the present invention is associated with the multi-telephone-number system and used together, a stability and reliability of the user authentication system can be more remarkably secured.
  • the user authentication system according to the present invention is widely distributed and used, reliability and stability of an electronic commerce using a communications network is remarkably secured, to thereby greatly mitigate a sense of unease of a general user, and provide an effect of promoting a relevant industrial development.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A user authentication system using a second connection path, is used for an electronic commerce, an internet stock transaction, a phone banking, in which if a user requests a demand departing from a predetermined range, a user authentication is performed by use of a second connection path. It is preferable that the second connection path is embodied using a telephone network and a communications system. Also, an existing authentication method and an authentication method according to the present invention are organically combined with each other, to perform a user authentication, in which case it is preferable that the authentication via the existing first connection path is applied as a first authentication which allows for a simple connection to the system, and the authentication via the second connection path proposed in the present invention is applied as a final user authentication allowing for an accessing or updating important information departing from the predetermined range. The user authentication system provides reliability and stability much higher than an existing user authentication system, so that a user can transact a comfortable and creditable commerce in an electronic commerce using a communications network, and an effect of promoting a relevant industrial development can be provided.

Description

USER AUTHENTICATION SYSTEM USING SECOND CONNECTION
PATH
DESCRIPTION
TECHNICAL FIELD
The present invention relates to a user authentication system using a second connection path, and more particularly, to a user authentication system for ensuring reliability and stability much higher than an existing user authentication system, in which a final user authentication is performed via a second connection path such as a telephone communications network different from a first connection path through which a user gains access to a system.
BACKGROUND ART
In general, a user authentication system receives an input identification (ID) and an input password for gaining access to a particular service system, and performs a user authentication with a result obtained by comparing the input ID and password with an ID and a password of a corresponding user which have been stored in advance in the system. Also, to prevent hacking personal credit information or transmission data on a connection path, data such as an ID, password or contents which are transmitted between a user terminal and a service provider system is further encrypted and decrypted or scrambled or descrambled, using a predetermined encryption algorithm.
Meanwhile, according to abrupt development and distribution of the Internet, an electronic commerce, a home banking and a home office work are increasing. Accordingly, a relevant information industry is also under development. To prevent personal credit information and important information from being leaked and damaged by hackers having extremely specialized hacking capability in the information industry, a variety of security systems and user authentication systems are under development. Among them, a password encryption system has a technological limitation fundamentally. Accordingly, there is no help with respect to a hacking technique of high degree hackers, although a security system such as a firewall has been developed. In particular, in the case that hackers possessing a high degree hacking technique steal transmission data such as an ID and a password on a connection path, and decrypt the received transmission data, the service provider system cannot help performing a user authentication for an unauthorized user although a perfect firewall exists. Thus, a technological limitation of the existing user authentication system, a gradually intelligent hacking technique, and an increasing hacking possibility stimulate an unstable psychology in connection with utilization of an electronic commerce service of general users. As a result, the relevant industries are not greatly developed.
DISCLOSURE OF INVENTION
To solve the prior art problems, it is an object of the present • invention to provide a user authentication system having a remarkably enhanced reliability and stability, in which an interception of user information for authentication by a hacker on a general connection path is prevented, and even though user information for authentication has been intercepted, only an authorized user is assuredly distinguished and authenticated.
To accomplish the above object of the present invention, according to a first aspect of the present invention, there is provided a user authentication system having a first connection path for a user, characterized in that the user authentication system processes a user demand via the first connection path within a predetermined range and performs a user authentication by use of a second connection path, if a demand departing from the predetermined range is requested. It is preferable that the second connection path is embodied using a telephone network and a communications system. Also, in the case that an existing authentication method and an authentication method according to the present invention is organically combined with each other, it is preferable that an authentication via the existing first connection path is applied as a first authentication which allows for a connection to the system in order to process a user demand within the predetermined range, and an authentication via the second connection path proposed in the present invention is applied as a final user authentication allowing for an accessing or updating important information departing from the predetermined range. Here, the first and second authentication methods differ distinctively from a simple double authentication method doubly authenticating a user via the same connection path, in the technological configuration and functional effect, which is apparent to a person who has an ordinary skill in the art.
BRIEF DESCRIPTION OF DRAWINGS
The above object and other advantages of the present invention will become more apparent by describing the preferred embodiment thereof in more detail with reference to the accompanying drawings in which: FIG. 1 is a block diagram showing a user authentication system by use of a second connection path according to a preferred embodiment of the present invention; and
FIG. 2 is a flow-chart view for explaining a user authentication method of the FIG. 1 system.
BEST MODE FOR CARRYING OUT THE INVENTION
Preferred embodiments of the present invention will be described in more detail with reference to the accompanying drawings. FIG. 1 is a block diagram showing a user authentication system by use of a second connection path according to a preferred embodiment of the present invention. In particular, the user authentication system shown in FIG. 1 illustrates a preferred embodiment of the case that a second authentication scheme using a second connection path, which refers specifically to a telephone communications network, is combined with an existing authentication scheme using a first connection path. The present invention is not however limited thereto. The principal configuration of FIG. 1 includes a user interface unit 10 having user terminals 11 and 12 which are individually connected to a respectively different connection path, a service provider system 20 for processing a demand from a user via a first connection path within a predetermined range, and performing a final user authentication by use of a second connection path if a demand departing from the predetermined range is requested, to thereby provide a relevant service, and a communication connect and control system 30, located between the user interface unit 10 and the service provider system 20, for calling up the second user terminal 12 connected to a telephone number of a corresponding user if an authentication of the final user is demanded and transferring user authentication information responsive to the demand of the user authentication information to the service provider system 20. Also, a resource 40 represents a resource object demanding an access of an authorized user or an updating of the user authentication information, in the case that the final user authentication has been performed by a user authentication and service provider unit 21. Here, the resource object demanding the final user authentication corresponds to all objects requiring a user authentication procedure such as a general data file, a DB table, a bank account, and a directory service.
More specifically, the first user terminal 11 in the user interface unit 10 is a user interface connected to the service provider system 20 via the first connection path, for demanding a predetermined service to and from a user. The second user terminal 12 is a user interface connected to the service provider system 20 via the second connection path and the communication connect and control system 30, for inputting the final user authentication information to the systems upon the demand of the service provider system 20 and the communication connect and control system 30. Here, each connection path is realized in various forms according to a service pattern provided from the system. For example, a PSTN (Public Switched Telephone Network), an ISDN (Integrated Services Digital Network), a WAN (Wide Area Network), a LAN (Local Area Network), a mobile radio communications network, or a blue tooth which is a most likelihood direct communications network is applied as each connection path. Also, each user terminal connected to each connection path is a telephone, a personal computer (PC), an ATM terminal, a mobile phone such as a cellular phone and a PCS, or a terminal incorporated with the Bluetooth for a one-to-one immediate radio communication.
The service provider system 20 includes a user authentication and service provider 21 , an authentication database 22 and a telephone authentication database 23 using a telephone network, and provides a service having a different level by a predetermined authentication step. Here, the provided service has a variety of modified service patterns. For example, the service pattern is a predetermined paid service such as an Internet electronic commerce, an Internet mud game service, an Internet audio-on-demand service, an Internet video-on-demand service, and a predetermined program use service. However, the present invention is not limited thereto.
The authentication database 22 stores and manages user IDs and first passwords. A user connects the authentication database 22 to the service provider system 20, via a first user terminal 11 and a first connection path, to use a service within the predetermined range. The authentication database 22 is used to determine whether or not a service use is allowed within a predetermined range. The telephone authentication database 23 stores and manages user Ids, telephone numbers and second passwords. The telephone authentication database 23 is used to finally authenticate whether a corresponding user has an authorized right, if a demand departing from a predetermined range is requested to the system 20. Here, the second password can be pre-set in advance. Also, the second password can be temporarily given by the system or user whenever the final authentication is demanded. Also, the telephone number of a corresponding user can be used as a user ID. Here, a processing departing from a predetermined range in the system means an access to and an updating of important information that should not be disclosed to an illegal user, a paid service, and so on, which go beyond simple inspection of the information. The important information can be a resource object shown in FIG. 1. If an ID of a user and a first primary password are input from a first user terminal 11 via a first connection path, the user authentication and service provider 21 compares them with those of a corresponding user which are stored in the authentication database 22. As a result, if they match with each other, a user demand is processed within a predetermined range. The user authentication and service provider 21 transfers a telephone number of the corresponding user stored in a telephone authentication database 23 to a communication connection system (ARS) 31 , if a demand departing from the predetermined range is requested from a user. The communication connection system 31 dials up a telephone number of the user via a second connection path, connects with the user, receives user authentication information such as a second password, and transfers the received user authentication information to the user authentication and service provider 21. The user authentication and service provider 21 compares the user authentication information, that is, the second password transferred from the communication connection system 31, with those stored in the telephone authentication database 23. As a result, if they match, the user is finally authenticated that the corresponding user has an authorized right, and the relevant service is provided.
The communication connection and control system 30 includes the communication connection system 31 having an ARS processing function basically, and can further include a connection control system 32. The communication connection and control system 30 is installed in the inside of the service provider system 20, or in a communication service company such as a general telephone base station or a mobile communication base station, which is located in the outside of the service provider system 20. The connection control system 32 is a means for checking a final user authentication and connection details of a user for use of the relevant service, and stores and controls telephone number related use details such as a telephone, an inherent number of a second user terminal 12, a number of times of the user inputs, a connection time, a second password for the user who wrongly inputs, to thereby perform a final user authentication, and/or user authentication details related to a predetermined paid service use. By doing so, in the case that an unauthorized user illegally duplicates the second user terminal 12 to attempt a user authentication, such an illegal duplication and use are traced and the traced result is used as information for billing related to a paid service use.
Further, the user authentication system according to the present invention operates in an application layer which is the highest layer among a network protocol, and operates even in any hierarchical protocols such as TCP/IP, OSI, SNA, DNA and so on, which are used in all communications between respective portions. Also, the user authentication system operates in any encryption technique such as SSL, PCT, KEBEROS and so on in other lower layers and a virtual private network service (VPN). Furthermore, whether or nor a firewall for increasing a security level which can be installed between the respective portions in the whole system, a clustering and a load- balancing executed for a stable operation of a server, a multi-tier via a middle ware are provided, does not influence operation of the user authentication system according to the present invention.
In the user authentication system of FIG. 1 having the above configuration, a preferred method of performing a final user authentication by use of the second connection path will be described with reference to FIG. 2.
Referring to FIG. 2, a user manipulates the first user terminal 11 , to gain access to the service provider system 20 via the first connection path at first, and performs a work within an allowable range preset in the service provider system 20 (step 10). Here, the user authentication and service provider 21 compares an ID and a first password of a user input via the first connection path with those of the corresponding user stored in the authentication DB 22, to thereby perform a first user authentication. It is preferable that the first user authentication is used for authenticating a user for a predetermined service that does not require a thorough security. As an example, the first user authentication can be used in the case when the user accesses a home page on the network and inspects known information which is not the important information such as inspection of basic service details, personal particulars and paid services. If the above system access is primarily allowed, the user authentication and service provider 21 judges whether a user authentication is needed (step 20). That is, if a user demand via the first connection path does not depart off the predetermined allowable range, a work within the predetermined allowable range can continue. However, if a user demand corresponds to an access to or updating important information departing from the range preset in the system, it is judged that a final user authentication is required.
In step 20, if the final user authentication is demanded, the user authentication and service provider 21 demands that a second password is temporarily input to the first user terminal 11 via the first connection path (step 21). If the second password randomly determined by the user is input to the user authentication and service provider 21 via the first connection path (step 22), the user authentication and service provider 21 stores and controls the input user second password in a record of the corresponding user in the telephone authentication database 23 (step 23).
In the second password establishment process having steps 21 through 23, the second password randomly produced by the user via the first connection path is temporarily stored and controlled, whenever a final user authentication is demanded, to accordingly cause a stronger security level to be enhanced. However, the technological features of the present invention are not limited thereto. That is, the user second password which is stored in the telephone authentication DB 23 for use in final user authentication is preset, and the user second password can be notified to the user randomly. Also, the second password can be received from the user via the second connection path and the second user terminal 12. In addition, the second password can be set identically with the first password, but it is more preferable that the second password is assigned randomly as a security demand level of a site is higher. In particular, the secondary password transferred to the system on the first connection path can be encrypted based on a predetermined algorithm, while the final user authentication system according to the present invention does not need to perform an encryption, which is one of the merits of the present invention. The reason is because confirmation of the second password for the final user authentication is performed via the second connection path and the second user terminal 12 having a user telephone number stored in the system. Even if a hacker intercepts the second password transferred to the system via the first connection path, the hacker should invade the service provider system 20 and find out a telephone number of the corresponding user. Further, only in the case that the hacker duplicates the second user terminal 12 having the telephone number, or possesses the second user terminal 12 where the telephone number has been set, it is possible to perform an illegal final user authentication.
When the user second password is temporarily set in the telephone authentication DB 23 according to steps 21 through 23, the user authentication and service provider 21 reads out a telephone number of a corresponding user stored in the telephone authentication DB 23 and transfers the read result to the communication connection system 31 (step 24). Accordingly, the communication connection system 31 where an ARS (Automatic Response System) processing is possible calls up the second user terminal 12 via the second connection path by the transferred user telephone number and demands that the user input the second password (step 25). Here, in the case that a user mobile phone number and a user wireless internet phone number are stored in the telephone authentication DB 23, the communication connection system 31 can transfer a message for making the user input the second password, using a SMS (Short Message Service), a WAP (wireless Application Protocol) and a ME (Mobile Explore), as well as the ARS. Particularly, in the case of the wireless Internet phone, the communication connection system 31 can transfer a signal for automatically activating a wireless Internet browser together with the message. Thus, the user can access a wireless Internet server (not shown) to confirm a message, without activating the wireless Internet browser separately. The user having received the message manipulates the second user terminal 12, and inputs the user second password to the communication connection system 31 via the second connection path (step 26). Here, in the case that the second password stored in the telephone authentication DB 23 has been determined in advance, the second password of the corresponding user is preset in the memory in the second user terminal 12 and the communication connection system 31 reads out the information from the memory automatically, which conveniences the user. Here, the encryption transfer of the user information such as the second password via the second connection path is not essential but optional, as in the first connection path. The communication connection system 31 transfers the second password input from the second user terminal 12 via the second connection path to the user authentication and service provider 21 (step 27). A connection control system 32 connected to the communication connection system 31 stores and controls the communication details via the telephone number, in which the communication details are used as supervisory trace of illegal users and basic data for billing paid service uses. In more detail, working process related to the communication details and/or user authentication is supervised and recorded by a connection control system 32 for recording security information. The supervised details are taken custody in a database, together with data related to the inherent number of the second user terminal 12, the number of times of inputs, the connection time, the wrongly input second password transferred together with the telephone number automatically from the second user terminal 12, to thereby trace the illegal user in the case that a problem occurs. Also, the database provides a basis on which the service provider charges transaction cost to the telephone number of the customer, in which case the telephone company can make a bill of and receive a product price in addition to the transaction cost, on behalf of the service provider. Thus, to use the above proxy billing and reception method, a separate connection control and account system is constructed in the telephone service provider company (a general telephone base station and a mobile communication base station), and also constructed on the system capable of performing a reliable connection and supervision.
The user authentication and service provider 21 compares the user second password transferred via the second connection path with the user second password stored temporarily via the first connection path (step 28). As a result, if they match with each other, the user connected to the system via the first connection path is authenticated that the user is an authorized user having an authorized right, and thus the user authentication and service provider 21 provides the corresponding user with a requested service (step 29). As an example, a user who has been authenticated finally in step 29 can be allowed to gain access to the resource object 40 or update the information. Here, the resource object 40 which is accessed or updated according to the final user authentication can be important data related to personal credit card information, bank account, product transaction details, and personal privacy. Meanwhile, in the case that a comparison result tells that they do not match with each other in step 28, the processing is performed according to a particularly determined rule or rolls back an existing transaction of the corresponding user in the system (step 30). Besides, even in the case that a response time from the second user terminal 12 excesses a designated time, a processing can be performed as in step 30. As described above, the user authentication system using the second connection path according to the present invention performs a user authentication via a connection path different from the first connection path, which is used for service use, to thereby enhance reliability of the user authentication. Further, in the user authentication system using the second connection path according to the present invention, although a hacker intercepts all user information transferred on the two connection paths, the hacker should possess the telephone number of the authorized user and the second user terminal 12 connected to the telephone number. Therefore, a security level and reliability and stability of the user authentication system are remarkably enhanced in comparison with the existing ones.
Also, the user or the service provider system 20 assigns the second password of the authorized user randomly. Accordingly, whenever a user authentication is demanded, a different password is assigned, which makes the second password intercepted by a hacker during user authentication meaningless.
As another preferred embodiment of the present invention, the second user terminal 12 shown in FIG. 1 is embodied with a multi- telephone-number system having at least two telephone numbers. In this case, authentication dedicated telephone numbers of the multi- telephone-number system are stored in the telephone authentication DB 23. In demanding the user authentication, this method does not respond to the authentication demand in the case that a user authentication is demanded with an inherent number, but connects with the inherent number only when the user authentication is demanded with the authentication dedicated telephone number, to thereby perform an authentication. Therefore, even in the worst case, that is, even in the case that an unauthorized user duplicates the second user terminal 12 having the authorized user inherent telephone number and possesses the duplicated result, the user authentication system according to the present invention connected with the multi- telephone-number system can communicate with a terminal having an inherent number only in the case that another authentication dedicated telephone number, not the inherent number is used as the second connection path for the final user authentication. As a result, the present invention provides the best security system and thus provides a security effect and reliability that is much more remarkably enhanced than the existing technology.
In the case of still another modified embodiment of the present invention, a user iris information or finger print information is used as user authentication information using the second connection path, that is, the second password. In this case, the second user terminal 12 should be embodied as a terminal capable of recognizing the user iris or fingerprint and also the authentication corresponding thereto should be set in the system. In the case that the user authentication system according to the present invention is applied, an authorized card owner certifies and completes a corresponding transaction, by using a second user terminal 12 such as a mobile phone, even when a cash card or credit card of the user is rent to another person, to thereby enable a creditable transaction, with safe and in comfort.
Meanwhile, a number of modified embodiments which are not referred to are apparent to one having an ordinary skill in the art who understands well the technological concept and the above-described embodiments of the present invention, within the technological scope of the technological concept of the present invention. INDUSTRIAL APPLICABILITY
As described above, the user authentication system according to the present invention performs a final user authentication via a second connection path different from a first connection path which is used for service utilization, to thereby provide ensure reliability and stability much higher than an existing user authentication system. Also, when the user authentication system according to the present invention is more organically combined with the existing user authentication system, the second password different from the first password for the existing user authentication is used to perform a final user authentication. Accordingly, dangerousness of hacking is minimized to enable a reliable communication transaction. In this case, even if a hacker intercepts a first password, the hacker cannot complete a transaction only in the case that he or she should hold the second user terminal in which the telephone number of an authorized user has been set, to thereby provide a stronger security effect.
Also, in the case that the user authentication system according to the present invention is associated with the multi-telephone-number system and used together, a stability and reliability of the user authentication system can be more remarkably secured.
In the case that the user authentication system according to the present invention is widely distributed and used, reliability and stability of an electronic commerce using a communications network is remarkably secured, to thereby greatly mitigate a sense of unease of a general user, and provide an effect of promoting a relevant industrial development.

Claims

1. A user authentication system having a first connection path for a user, characterized in that said user authentication system processes a user demand via the first connection path within a predetermined range; and performs a user authentication by use of a second connection path, if a demand departing from the predetermined range is requested.
2. The user authentication system of claim 1 , wherein said user authentication system comprises: a service provider system for processing the user demand from a user communication terminal via the first connection path within a predetermined range, and performing a user authentication, if a demand departing from the predetermined range is requested; and a communication connection and control system for connecting with the user communication terminal via the second connection path according to the user authentication execution of the service provider system, demanding the authentication information for user authentication, and transferring the user authentication information in response to the demanded authentication information to the service provider system.
3. The user authentication system of claim 2, wherein said service provider system comprises: an authentication database storing data for user authentication; a user authentication and service provider unit for providing an accessed user via the first connection path with a service, and obtaining authentication information of a corresponding user via the communication connection and control system connected to the second connection path, in the case that the user requests a demand departing from a predetermined range, to thereby perform user authentication; and a telephone authentication database storing user authentication information via the second connection path.
4. The user authentication system of claim 2, wherein said communication connection and control system comprises a communication connection system connected to the second connection path, for communicating with a user communication terminal connected to the second connection path according to the user authentication execution of the service provider system, to obtain user authentication information and provide the user authentication information to the service provider system.
5. The user authentication system of claim 4, wherein said communication connection and control system further comprises a connection control system for recording and controlling communication details via the second connection path, in order to make a bill of a service use according to the user authentication and a trace of an illegal user.
6. The user authentication system of claim 2, wherein said user communication terminal uses a multi-telephone-number system having at least two telephone numbers, in which the first and second connection paths are assigned and operated with telephone numbers distinctive with each other.
PCT/KR2000/000924 1999-08-21 2000-08-18 User authentication system using second connection path WO2001015381A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU67352/00A AU6735200A (en) 1999-08-21 2000-08-18 User authentication system using second connection path

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1019990034850A KR100392792B1 (en) 1999-08-21 1999-08-21 User authentication system and method using a second channel
KR1999/34850 1999-08-21

Publications (1)

Publication Number Publication Date
WO2001015381A1 true WO2001015381A1 (en) 2001-03-01

Family

ID=19608225

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2000/000924 WO2001015381A1 (en) 1999-08-21 2000-08-18 User authentication system using second connection path

Country Status (3)

Country Link
KR (1) KR100392792B1 (en)
AU (1) AU6735200A (en)
WO (1) WO2001015381A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003084127A1 (en) 2002-03-30 2003-10-09 Min-Gyu Han An instant log-in method for authentificating a user and settling bills by using two different communication channels and a system thereof
WO2003091860A1 (en) * 2002-04-26 2003-11-06 Andawari Gmbh Method for authenticating and/or authorising a person
GB2397731A (en) * 2003-01-22 2004-07-28 Ebizz Consulting Ltd Authenticating a user access request to a secure service over a primary communication channel using data sent over a secondary communication channel
WO2006136752A2 (en) 2005-06-23 2006-12-28 France Telecom System for management of authentication data received by sms for access to a service
US7231657B2 (en) 2002-02-14 2007-06-12 American Management Systems, Inc. User authentication system and methods thereof
WO2007074319A1 (en) * 2005-12-28 2007-07-05 France Telecom Method for authenticating a user in relation to a remote server, system implementing said method, client terminal and computer program
WO2008060820A3 (en) * 2006-10-19 2008-11-27 Qualcomm Inc System and method for authenticating remote server access
GB2465613A (en) * 2008-11-21 2010-05-26 Avaya Inc First authentication over a first channel accesses a first resource, second more secure resource requiring second authentication over second channel
EP2400689A4 (en) * 2009-03-09 2012-08-15 Huawei Tech Co Ltd Method, device and system for authentication
US10567385B2 (en) 2010-02-25 2020-02-18 Secureauth Corporation System and method for provisioning a security token
WO2022067123A1 (en) * 2020-09-25 2022-03-31 Sonos, Inc. Intelligent setup for playback devices
US11894975B2 (en) 2004-06-05 2024-02-06 Sonos, Inc. Playback device connection
US11995374B2 (en) 2016-01-05 2024-05-28 Sonos, Inc. Multiple-device setup
US12155527B2 (en) 2011-12-30 2024-11-26 Sonos, Inc. Playback devices and bonded zones

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5940799A (en) * 1997-09-15 1999-08-17 Motorola, Inc. System and method for securing speech transactions
WO2001046833A2 (en) 1999-12-23 2001-06-28 Logistics.Com, Inc. Bid positioning system
KR20010069156A (en) * 2000-01-12 2001-07-23 유완상 Cutoff method of lewd chatting on the Internet chatting sites
KR20010076997A (en) * 2000-01-29 2001-08-17 김덕우 Security method using a phone in the network
KR20000049657A (en) * 2000-04-18 2000-08-05 황용안 Phonenumber And Fingerprint Proof Type Tele-banking Service System
KR20000064199A (en) * 2000-08-29 2000-11-06 주영준 Internet security system for providing notification service of server connection states and sever security to the user at real time and the management method thereof
KR20000072433A (en) * 2000-09-04 2000-12-05 오재연 Anti-hacking Technique using mobile data terminal and temporary password
AU2002222725A1 (en) * 2000-12-06 2002-06-18 Min-Suh Kim Electronic financial transaction system and method providing real-time authentication service through wire/wireless communication network
KR100724351B1 (en) * 2000-12-12 2007-06-04 엘지전자 주식회사 User authentication method and device using wireless communication device
KR100457195B1 (en) * 2000-12-15 2004-11-16 주식회사 케이티 Method of the network access of a bluetooth terminal through the bluetooth access point for the interface of the network
KR20010070826A (en) * 2001-06-11 2001-07-27 이보형 Firewall system using iris recognition and processing method thereof
KR100434205B1 (en) * 2001-07-26 2004-06-04 펜타시큐리티시스템 주식회사 Multi-layered intrusion detection engine
JP3683848B2 (en) * 2001-11-20 2005-08-17 コナミ株式会社 Network system
KR100946410B1 (en) * 2005-09-23 2010-03-15 주식회사 한국사이버결제 Mobile phone payment method and system with the consent of others
US7866551B2 (en) 2007-02-15 2011-01-11 Visa U.S.A. Inc. Dynamic payment device characteristics
US8359630B2 (en) 2007-08-20 2013-01-22 Visa U.S.A. Inc. Method and system for implementing a dynamic verification value
WO2010005681A1 (en) 2008-06-16 2010-01-14 Visa U.S.A. Inc. System and method for authorizing financial transactions with online merchants

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0436799A2 (en) * 1989-11-13 1991-07-17 Alcatel Stk A/S Communication network with key distribution
KR0126855B1 (en) * 1994-12-12 1998-04-01 양승택 Message transmission control method that conforms to two security policies
KR0144788B1 (en) * 1995-07-04 1998-08-01 양승택 The encryption system of personal communication for next generation using representative
KR19990045099A (en) * 1997-11-04 1999-06-25 가네꼬 히사시 Network access systems
JPH11289329A (en) * 1998-01-22 1999-10-19 Yeda Res & Dev Co Ltd Verification type search tree
KR20000016713A (en) * 1996-06-17 2000-03-25 도날드 디. 먼둘 Apparatus and method for secure communication based on channel characteristics
KR20000022713A (en) * 1998-09-02 2000-04-25 포만 제프리 엘 Virtual client to gateway connection over multiple physical connections

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5745556A (en) * 1995-09-22 1998-04-28 At&T Corp. Interactive and information data services telephone billing system
KR970056183A (en) * 1995-12-30 1997-07-31 김광호 Security method and suitable device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0436799A2 (en) * 1989-11-13 1991-07-17 Alcatel Stk A/S Communication network with key distribution
KR0126855B1 (en) * 1994-12-12 1998-04-01 양승택 Message transmission control method that conforms to two security policies
KR0144788B1 (en) * 1995-07-04 1998-08-01 양승택 The encryption system of personal communication for next generation using representative
KR20000016713A (en) * 1996-06-17 2000-03-25 도날드 디. 먼둘 Apparatus and method for secure communication based on channel characteristics
KR19990045099A (en) * 1997-11-04 1999-06-25 가네꼬 히사시 Network access systems
JPH11289329A (en) * 1998-01-22 1999-10-19 Yeda Res & Dev Co Ltd Verification type search tree
KR20000022713A (en) * 1998-09-02 2000-04-25 포만 제프리 엘 Virtual client to gateway connection over multiple physical connections

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7231657B2 (en) 2002-02-14 2007-06-12 American Management Systems, Inc. User authentication system and methods thereof
EP1490996A4 (en) * 2002-03-30 2010-01-13 Momocash Inc An instant log-in method for authentificating a user and settling bills by using two different communication channels and a system thereof
WO2003084127A1 (en) 2002-03-30 2003-10-09 Min-Gyu Han An instant log-in method for authentificating a user and settling bills by using two different communication channels and a system thereof
US8024567B2 (en) 2002-03-30 2011-09-20 Momocash Inc. Instant log-in method for authentificating a user and settling bills by using two different communication channels and a system thereof
WO2003091860A1 (en) * 2002-04-26 2003-11-06 Andawari Gmbh Method for authenticating and/or authorising a person
DE10218729A1 (en) * 2002-04-26 2003-11-27 Andawari Gmbh Methods for authenticating and / or authorizing people
DE10218729B4 (en) * 2002-04-26 2004-05-27 Andawari Gmbh Methods for authenticating and / or authorizing people
GB2397731A (en) * 2003-01-22 2004-07-28 Ebizz Consulting Ltd Authenticating a user access request to a secure service over a primary communication channel using data sent over a secondary communication channel
GB2397731B (en) * 2003-01-22 2006-02-22 Ebizz Consulting Ltd Authentication system
US12224898B2 (en) 2004-06-05 2025-02-11 Sonos, Inc. Wireless device connection
US11909588B2 (en) 2004-06-05 2024-02-20 Sonos, Inc. Wireless device connection
US11894975B2 (en) 2004-06-05 2024-02-06 Sonos, Inc. Playback device connection
WO2006136752A2 (en) 2005-06-23 2006-12-28 France Telecom System for management of authentication data received by sms for access to a service
JP2008547100A (en) * 2005-06-23 2008-12-25 フランス テレコム Service access authentication data management system
US8639289B2 (en) 2005-06-23 2014-01-28 France Telecom System for management of authentication data received by SMS for access to a service
WO2006136752A3 (en) * 2005-06-23 2007-05-24 France Telecom System for management of authentication data received by sms for access to a service
WO2007074319A1 (en) * 2005-12-28 2007-07-05 France Telecom Method for authenticating a user in relation to a remote server, system implementing said method, client terminal and computer program
WO2008060820A3 (en) * 2006-10-19 2008-11-27 Qualcomm Inc System and method for authenticating remote server access
US7979054B2 (en) 2006-10-19 2011-07-12 Qualcomm Incorporated System and method for authenticating remote server access
US8265600B2 (en) 2006-10-19 2012-09-11 Qualcomm Incorporated System and method for authenticating remote server access
GB2465613A (en) * 2008-11-21 2010-05-26 Avaya Inc First authentication over a first channel accesses a first resource, second more secure resource requiring second authentication over second channel
EP2400689A4 (en) * 2009-03-09 2012-08-15 Huawei Tech Co Ltd Method, device and system for authentication
US10567385B2 (en) 2010-02-25 2020-02-18 Secureauth Corporation System and method for provisioning a security token
US12155527B2 (en) 2011-12-30 2024-11-26 Sonos, Inc. Playback devices and bonded zones
US11995374B2 (en) 2016-01-05 2024-05-28 Sonos, Inc. Multiple-device setup
WO2022067123A1 (en) * 2020-09-25 2022-03-31 Sonos, Inc. Intelligent setup for playback devices

Also Published As

Publication number Publication date
AU6735200A (en) 2001-03-19
KR100392792B1 (en) 2003-07-28
KR19990078937A (en) 1999-11-05

Similar Documents

Publication Publication Date Title
WO2001015381A1 (en) User authentication system using second connection path
JP4364431B2 (en) Method, arrangement and apparatus for authenticating through a communication network
US6259909B1 (en) Method for securing access to a remote system
US7350230B2 (en) Wireless security module
EP1703406B1 (en) Data communicating apparatus and method for managing memory of data communicating apparatus
US6799272B1 (en) Remote device authentication system
US9530165B2 (en) Financial transaction system
US20020095573A1 (en) Method and apparatus for authenticated dial-up access to command controllable equipment
US20050187901A1 (en) Consumer-centric context-aware switching model
CN102006271A (en) IP address secure multi-channel authentication for online transactions
EP1451786A1 (en) A method of distributing a public key
JPH11507451A (en) System for detecting unauthorized account access
US7865719B2 (en) Method for establishing the authenticity of the identity of a service user and device for carrying out the method
WO2002059727A2 (en) Security system and method for providing a user with an authorisation code for accessing a service
CN108604269A (en) For the device and method of certification, and it is applied to identical computer program and recording medium
CN1333610A (en) Method for identifying user
KR20050053967A (en) Authorization system and method for utilizing one time password based on time synchronization
JP2001350724A (en) User authentication method
WO2007100202A1 (en) Authentication system for online financial transactions and user terminal for authentication of online financial transactions
US7240079B2 (en) Method and arrangement for securing a digital data file having financial value, terminal operating in the arrangement, and software application employing the method
JP2001298774A (en) Wireless phone use authentication method
KR200211327Y1 (en) The user-authentication system through second connecting path
JP4503341B2 (en) Electronic money deposit machine and authentication method thereof
JP2002236670A (en) How to provide security content
KR20050019318A (en) Method for preventing illegal use of web-site service information registered and System using the same

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU BR CA CN GB IN JP RU SG US

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: JP