[go: up one dir, main page]

WO2009101549A2 - Procédé et dispositif mobile permettant d'enregistrer et d'authentifier un utilisateur auprès d'un fournisseur de services - Google Patents

Procédé et dispositif mobile permettant d'enregistrer et d'authentifier un utilisateur auprès d'un fournisseur de services Download PDF

Info

Publication number
WO2009101549A2
WO2009101549A2 PCT/IB2009/050459 IB2009050459W WO2009101549A2 WO 2009101549 A2 WO2009101549 A2 WO 2009101549A2 IB 2009050459 W IB2009050459 W IB 2009050459W WO 2009101549 A2 WO2009101549 A2 WO 2009101549A2
Authority
WO
WIPO (PCT)
Prior art keywords
service provider
mobile device
user
digital identity
challenge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2009/050459
Other languages
English (en)
Other versions
WO2009101549A3 (fr
Inventor
Alberto Gasparini
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2009101549A2 publication Critical patent/WO2009101549A2/fr
Publication of WO2009101549A3 publication Critical patent/WO2009101549A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • Object of the present invention is to devise and make available to the user a registration and authentication method that solve the above mentioned inconveniences with respect to the known techniques therefore satisfying the said need for security and privacy of user personal data.
  • the present invention provides a mechanism for effective and secure user registration and authentication by means of a mobile device, such as a personal digital assistant or a mobile phone.
  • a mobile device such as a personal digital assistant or a mobile phone.
  • This invention also provides a related mechanism for creating, storing and managing digital identities in the same mobile device.
  • the invention can be realized by any combination of software, firmware and hardware modules installed or embedded on a mobile device.
  • the registration method of a user with a service provider includes the following steps: [0013] - creating and storing on a mobile device at least one digital identity;
  • [0014] - establishing a communication between the mobile device and the service provider; [0015] - exchanging specific information between the mobile device and the service provider in order to generate some secret information uniquely associated to the chosen user digital identity and to the service provider; [0016] -• storing the said generated secret information on the mobile device and at the service provider.
  • the registration method includes the following steps: [0018] - supplying to the mobile device some information related to and identifying the service provider; [0019] - generating through the mobile device some secret data uniquely associated to a chosen user digital identity and to the above-mentioned service provider; [0020] - sending to the service provider the generated secret data together with the username or other identifying information related to the chosen user digital identity; and
  • the service provider information is delivered to the mobile device through a page of the service site (e.g. web page).
  • the service provider delivers to the user an address or a reference to an address where the user can download the service provider information. This address or reference to it is delivered in an encoded form through a page of the service site and it is read and decoded from the mobile device.
  • the mobile device is equipped with a camera and the terminal through which the user is accessing the service has a graphical user interface (i.e. a screen and the ability to show characters as well as images on .it) .
  • the service provider prompts for user registration displaying on the terminal screen an image (i.e. typically a 2D-barcode image) encoding some identifying data (e.g. service provider domain name).
  • the user takes a picture of the image with his mobile device's camera.
  • the mobile device decodes the acquired image, it extracts and saves contained data and shows the list of user digital identities available for the registration: the user selects the appropriate digital identity to be registered with the service provider being accessed. If the service provider being accessed and the user mobile device can communicate through some kind of network (e.g. internet), the mobile device sends the selected digital identity and some related secure material (e.g. PKI certificate, username and password) directly to service provider. Otherwise the mobile device displays the secure material or part of it on its screen: the user types the data shown on mobile device display onto the terminal and completes registration.
  • some kind of network e.g. internet
  • the authentication method of a user with a service provider which he has registered through the above mentioned registration method includes the following steps:
  • [0026] -generating, by the service provider side, a challenge that contains enough information for the user to identify the service provider and/or to generate a secure response that uniquely identify the user; • [0027] - encoding the challenge; [0028] - delivering the encoded challenge to the user; [0029] - the user acquiring the challenge with his mobile device;
  • the challenge contains a service provider identifier; the mobile device extracts from the challenge this identifier and ⁇ automatically selects the user digital identity registered with that service provider.
  • the service provider prompts for user authentication displaying on the terminal screen an image (i.e. typically a 2D-barcode image) that encodes some newly generated data known as "challenge".
  • an image i.e. typically a 2D-barcode image
  • the user takes a picture of the image with his mobile device's camera.
  • the mobile device decodes the acquired image extracting contained data: from such data it identifies which service provider is prompting for authentication among those already known and stored on the mobile device. It then retrieves the user digital identity registered with that service provider.
  • the mobile device uses the challenge and/or the secure material associated with the retrieved digital identity to generate a secure response. If the service provider being accessed and the user mobile device can communicate through some kind of network (e.g.
  • the mobile device sends back the secure response directly to the service provider. Otherwise, the mobile device displays the secure response or part of it on its screen: the user types the data displayed on the mobile device onto the terminal and completes the authentication.
  • the mobile device and the terminal are NFC devices, i.e. they are connected to or equipped with an NFC module. If the mobile device is a passive NFC device, then the terminal should be an active NFC device; if the mobile device is an active NFC device, then the terminal should be a passive NFC device. This way an NFC channel exists between the terminal and the mobile device.
  • the service provider prompts for user registration sending its identity data (e.g.
  • the service provider domain name When prompted for registration from the terminal, the user brings the mobile device near it in order to establish the NFC channel and the communication to take place.
  • the mobile device receives, decodes and stores the servi'ce provider data and shows the list of user digital identities available for the registration: the user selects the appropriate digital identity to be registered. If the service provider being accessed and the user mobile device can communicate through some kind of network (e.g. internet), the mobile device sends back the selected digital identity and some related secure material (e.g. PKI certificate, username and password) directly to the service provider: it sends the data either through the NFC channel and/or through any other supported communication channel (e.g. http connection) that can reach the service provider.
  • some kind of network e.g. internet
  • the mobile device displays the secure material or part of it on its screen: the user types the data shown on mobile device display onto the terminal and completes registration.
  • the service provider prompts- for user authentication sending the "challenge" to the terminal and from it to the mobile device through the existing NFC connection.
  • the user brings the mobile device near it in order to establish the NFC channel and the communication to take place.
  • the mobile device receives and decodes the data: from this data it identifies which service provider is prompting for authentication among those already known and stored on the mobile device.
  • the mobile device retrieves the user digital identity registered with that service provider and it uses the challenge and/or the secure material associated with the retrieved user digital identity to generate a secure response. If the service provider being accessed and the user mobile device can communicate through some kind of network (e.g. internet), the mobile device sends back the secure response directly to the service provider. Otherwise, the mobile device displays the secure response or part of it on its screen: the user types the data shown on mobile device display onto the terminal and completes authentication. [0037]
  • the user digital identities stored on the mobile device may be protected by a password or a PIN.
  • the communications between the mobile device and terminal may be encrypted to prevent snooping.
  • the invention provides also a mechanism to manage user digital identities that is to create and store on the mobile device a new digital identity or to certify, modify or delete an existing one.
  • the user can create a new digital identity typing directly on the mobile device the data of the identity.
  • the user can create a digital identity elsewhere (e.g. terminal) and send it to the mobile device through some kind of communication channel supported by the device (e.g. Bluetooth) .
  • the user can also modify an existing digital identity in the same way.
  • the mobile device may in turn send the modified version to all the service providers the modified digital identity is registered with.
  • the user can delete an existing digital identity.
  • the mobile device may in turn inform of the -deletion all the service providers the deleted digital identity is registered with.
  • the mobile device creates a PKI certificate signing request (i.e. CSR) based on the data of the identity, sends it to some certification authority through some kind of communication channel supported by the device (e.g. SMS), receives the related certificate and stores it associated to the digital identity whose data was used to create it.
  • CSR PKI certificate signing request
  • SMS some kind of communication channel supported by the device
  • FIG. 1 is a schematic illustration of an exemplary system architecture to implement the registration/authentication method in accordance with the present invention
  • FIG. 1 is a block diagram of an exemplary mobile device in accordance with the present invention
  • FIG. 1 illustrates a pictorial representation of the system architecture shown in Figure 1
  • Figure 4 illustrates a pictorial representation of an exemplary system architecture in accordance with an alternative embodiment of the present invention
  • FIG. 5 illustrates an exemplary flow diagram of an exemplary simple registration process in accordance with the present invention
  • FIG. 6 illustrates an exemplary flow diagram of an exemplary certified registration process in accordance with the present invention
  • FIG. 7 illustrates an exemplary flow diagram of an exemplary authentication process in accordance with the present invention
  • FIG. 8 is a schematic illustration of an exemplary system architecture to implement the registration/authentication method in accordance with an alternative embodiment of the present invention
  • FIG. 9 is a schematic illustration of another exemplary system architecture to implement the registration/authentication in accordance with an alternative embodiment of the present invention
  • FIG. 10 illustrates a pictorial representation of the system architecture shown in Figure 9
  • FIG. 11 illustrates a pictorial representation of another exemplary system architecture in accordance with an alternative embodiment of the present invention
  • FIG. 12 is a schematic illustration of another exemplary system architecture to implement the registration/authentication method in accordance with an alternative embodiment of the present invention
  • FIG. 13-18 are example screens of display of the mobile device illustrating the user interface windows for the identity management and the registration and authentication processes in accordance with the present invention.
  • the present invention will be described herein in terms of functional block components, screen shots, J optional selections and various processing steps.
  • Such functional blocks may be realized by any number of hardware, firmware and/or software components configured to perform the specified functions.
  • the present invention may employ various integrated circuit components, e.g. memory elements, processing elements, logic elements, look up tables and similar, which may carry out a variety of functions under the control of one or more microprocessors or other control devices.
  • the software components of the present invention may be implemented by any programming and/or scripting language such as C, C++, Java, Perl, JavaScript, extensible markup language (i.e.
  • Protocol is a generic sequence of operations, processing and/or communication steps as well as the data structures and codes involved in those operations and/or steps.
  • a well known example of protocol is the Hypertext Transfer Protocol (i.e. HTTP) which is one of the protocols which Internet is based on.
  • Network is a generic set of electronic devices and/or computers' connected together, including the connections and communication protocols between them. The connections may include wire, wireless communication links, fiber optic cables and the like.
  • a well known example of network is Internet. Unless noted, this invention does not restrict to, or prescribe, any particular type of network.
  • Terminal is a generic electronic device having a user interface (e.g. personal computer) through which a person can access and use a service, an application and/or content. Unless noted, this invention does not restrict to, or prescribe, any particular type of terminal .
  • Service a generic service, application and/or content that can be accessed and used through some functioning terminal. Unless noted, this invention does not restrict to, or prescribe, any particular type of service .
  • Service provider is any subject that supplies a service (e.g. a bank, which supplies an online banking service) .
  • the service provider may be the terminal itself (e.g. a computer, which provides access to a specific content stored on it) .
  • this invention does not restrict to, or prescribe, any particular type of service provider.
  • User is any subject that accesses and uses a service trough some functioning terminal.
  • Service site is the user interface of a service through which a user can access and use the service (e.g. a web site for an online service, an ATM user interface) . Unless noted, this invention does not restrict to, or prescribe, any particular type of service site.
  • Digital identity is a set of data that in some context describes and uniquely identifies a subject. A subject is, for example, a user or a service provider. A subject can have one or more digital identities; any digital identity refers to one and only one subject.
  • Identity card a generic representation of a digital identity data according to some predefined format (e.g. VCard format) . Unless noted, this invention does not restrict to or prescribe any particular format.
  • User account is a set of user personal data that are stored and used by a service provider to describe and uniquely identify a user. Typically a user account reflects the digital identity that the user registered with the service provider.
  • Registration is the process of enrollment of a subject (e.g. a person) in the service user group of the service that the subject wants to access and use.
  • the registration usually requires a subject to supply his identifying data (e.g. first name, last name, e-mail) to the service provider and typically ends with the creation of a related user account. If the process completes successfully the subject who has applied for registration becomes a registered user of the service.
  • Authentication also known as "log in” process, is the process through which the service provider recognizes a subject as being one of the legitimate registered users of the service it provides. If the process completes successfully the subject, i.e. the user, is allowed to access and use the service.
  • the authentication typically entails a subject to provide service provider with enough information (e.g. username and password) to recognize him as a legitimate user with some degree of certainty. The safer is the authentication process, the higher is the degree of certainty.
  • Server is a set of one or more electronic devices through which the service provider supplies its service. Unless noted, this invention does not restrict to, or prescribe, any particular type or number of servers.
  • Digital certificate is a set of data that binds a PKI public key to a digital identity in a secure and unique way. An example of digital certificate is an X509 certificate, commonly used on Internet to certify the user and service provider identity. Unless noted, this invention does not restrict to, or prescribe, any particular type of certificate.
  • NFC is a short-range, wireless, contactless communication technique that allows communications to take place between devices which either touch or are momentarily held close together. The technology works via magnetic field induction and operates on an unlicensed radio frequency band. NFC enables devices to share information either in one direction or both. NFC is an open platform technology based on Radio Frequency Identification technology and is an approved ISO standard (ISO/IEC 18092 and 21481) .
  • Figure 1 is a schematic illustration of the devices involved in the registration and authentication of a user with a service provider, in accordance with a preferred embodiment of the invention.
  • the user has a mobile device 10, preferably equipped with a camera 12 and connected to a service provider 14 through a network B.
  • a terminal 16 is connected through the network A.
  • the terminal 16 may be for example a personal computer or an ATM.
  • the service provider 14 is represented by its own server 15 connected to the terminal 16 and to the mobile device 10 through the networks A and B.
  • the server 15 provides a service such as, for example, an on-line banking service, an e-commerce service or the access to some kind of qualified content.
  • the network A that connects the terminal 16 to the service provider 14 may be different from the network B that connects the mobile device 10 to the service provider 14.
  • the user accesses and uses the service supplied by the service provider 14 through the terminal 16.
  • the mobile device 10 includes a registration module 20, an authentication module 22, an identity management module 24 and a permanent memory 26 to store the user digital identities.
  • the registration module 20 and the authentication module 22 manage respectively the registration and the authentication process as explained in the following paragraphs.
  • the identity management module 24 manages the creation, modification, deletion and any other operation related to user's and service provider's digital identities stored on the mobile device.
  • the identity management module 24 enables the user to create on his mobile phone one or more digital identities.
  • Created identities appear as a set of digital identity cards. Each card carries a number of standard fields (as defined by some standard, e.g. vCard) dedicated to personal data and a small set of private field that stores information about secrets and digital certificates associated to the identity.
  • Each user digital identity is associated with the list of service providers it is registered with. Each digital identity resides in the permanent storage 26 of the mobile device.
  • Each user digital identity can be certified by a service provider or by a trusted third party authority, as described in the following paragraphs .
  • the modules that implement the invention may be integrated with all or part of the other hardware (e.g. camera, NFC element), software (e.g. web browser) or firmware components of the mobile device 10.
  • the Figure 3 shows a pictorial representation of an embodiment of the invention in which the terminal 16 has a screen 30 and a graphical user interface (i.e. GUI, which is a user interface that is able to show not only characters but also images) .
  • the mobile device 10 may be, for example, a mobile phone, a handheld computer or a personal digital assistant (i.e. PDA).
  • PDA personal digital assistant
  • the mobile device 10 is equipped with a camera 12 and carries the user digital identities.
  • the terminal and the mobile device are connected through some kind of network A, B (e.g. Internet) to the server 15 of the service provider 14.
  • the Figure 4 shows an alternative embodiment of the invention, in which the mobile device 10 is not directly connected to the service provider 14.
  • transmission of data needed for the registration and authentication processes from the service provider 14 to the mobile device 10 takes place through images 40 displayed on the service site 38 on the terminal 16 and acquired by the mobile device 10 through its camera 12.
  • the mobile device 10 displays the data to be sent to the service provider 14 on its screen: data are effectively sent to the service provider 14 when the user types them on the service site shown on the terminal and submits them to the service provider.
  • Lack of connection between the mobile device 10 and the service provider 14 may happen' for several reasons: the mobile device could be offline (i.e.
  • the flowchart of Figure 5 shows the operations of the mobile device during the registration process in accordance with the preferred embodiment of the present invention.
  • the service provider 14 prompts for user registration displaying on the service site 38 on the screen 30 of the terminal 16 an image 40 (i.e. a 2D- barcode image) that encodes the service provider identifying data or a reference to them.
  • the registration process starts when the prospective user takes a picture of the image 40 shown on the screen 30 of the terminal 16 using the camera 12 of his mobile device 10 (step 100) .
  • the mobile device 10 acquires the image: the registration module 20 on the device 10 receives and decodes the acquired image, extracting the service provider data (step 102) .
  • a check is made in order to establish if a reference to service provider identifying data is received (step 104) .
  • This reference may be, for example, a URL or a URI (URL, i.e. Universal Resource Locator; URI, i.e. Universal Resource Identifier) pointing to the Internet location where to download the data from.
  • the registration module resolves the reference accessing the network (step 106) and downloading the data using the given URL or URI (step 108) . If a reference is not received, data fully describing and identifying the service provider are received.
  • the mobile device 10 shows the service provider data on the screen for the user review and acceptance (step 110) .
  • a check is made (step 112) in order to establish if the received service provider data are trustworthy according to some trust criterion (e.g. they are signed with a valid and trusted key) . If data are not deemed trustworthy they are discarded and the registration process ends (step 114).
  • the registration module 20 collaborating with the identity management module 24, retrieves the user digital identities stored on the mobile devices and available for registration: the mobile device displays the list of available user digital identities on its screen (step 116) .
  • the user selects the identity to be registered with the service provider (step 118) .
  • the registration module 20 receives the choice of the user and generates some secure and secret material (e.g. secret key) associated to the selected digital identity (step 120) .
  • a check is made as to whether the mobile device is directly connected to the service provider. If the mobile device is connected to the service provider through some kind of network or connection, the registration module sends the selected user digital identity data and the associated secure material to the service provider (step 122).
  • the mobile device If the mobile device is not connected to the service provider, it shows on its screen the user digital identity data and/or the associated secure material or part of it, leaving to the user the task to type the information in the registration form of the service site shown on the terminal (step 124).
  • the registration module 20, collaborating with identity management module 24, creates a new digital identity for the service provider which the user has registered with and stores it in the device permanent storage, associating it to the user digital identity used in the registration (step 126) . This ends the registration process.
  • the registration module 20 receives the choice of the user ⁇ and generates a couple of asymmetric keys (i.e. PKI keys) (step 220) . It also generates a PKI certificate signing request (i.e. CSR) based on the public key just created and the data of the selected user digital identity. The CSR and the keys are associated to the selected user digital identity (step 222) . The registration module 20 sends the CSR and the related user digital identity data to the service provider 14 (step 224) .
  • asymmetric keys i.e. PKI keys
  • CSR PKI certificate signing request
  • the registration module 20 Based on the service provider data the registration module 20, collaborating with identity management module 24, also creates a new digital identity for the service provider which the user is registering with and stores it in the permanent storage of the mobile device (step 226) .
  • the service provider (or some other certification authority which the CSR is forwarded to) receives the CSR and, based on it, produces a valid public key certificate that it sends back to the mobile device (step 228) .
  • a flowchart is shown illustrating the operations of the mobile device 10 during the authentication process in accordance with one embodiment of the present invention.
  • the service provider 14 prompts for user authentication displaying on the screen 30 of the terminal 16 an image (i.e. a 2D-barcode image) that encodes some newly generated unique data called "challenge".
  • the challenge may include, for example, the service provider unique identifier and/or a randomly generated unique number (e.g. nonce) and/or a digital signature: in general, it contains enough information to indentify the service provider and/or to create a secure response that can identify the user with certainty.
  • the authentication process starts when the prospective user takes a picture of the image shown on the terminal screen using his mobile device camera (step 300).
  • the mobile device 10 acquires the image: the authentication module 22 on the device 10 receives and decodes the acquired image, extracts the encoded data and verifies their authenticity and integrity (e.g. verifying its signature) . From the same data the authentication module 22 extracts the challenge (step 302) and checks whether it contains enough information to identify the service provider among the providers already known and stored on the mobile device (step 304) . If it does not contain enough information to determine the service provider, the mobile device shows the list of stored service providers on its display (step 306) leaving to the user the task of choosing the service provider with which he is authenticating (step 307) . If it contains enough information to determine the service provider, the authentication module 22 automatically identifies the service provider among those stored on the device.
  • the authentication module 22 receives and decodes the acquired image, extracts the encoded data and verifies their authenticity and integrity (e.g. verifying its signature) . From the same data the authentication module 22 extracts the challenge (step 302) and checks whether it contains enough information to identify the service provider among the providers already known
  • the authentication module 22, collaborating with the identity management module 24, retrieves from permanent storage 26 the user digital identity registered with the given service provider (step 308). Based on the challenge and secure material associated to the retrieved user digital identity, the authentication module 22 generates a secure response (step 310).
  • the secure response may contain, for example, the challenge signed with the user private key or it may simply contain some hash of the challenge combined with some other secret shared by the user and the service provider.
  • a check is made as to whether .the mobile device is directly connected to service provider. If the mobile device is connected to the service provider through some communication channel, the authentication module sends the secure response back to the service (step 312) . If the mobile device is not connected to the service provider, the authentication module shows on the mobile device screen the secure response or part of it, leaving to the user the task to type the information in the authentication form of the service site shown on the terminal (step 314). This ends the authentication process .
  • Figure 8 shows a variant of the preferred embodiment of the invention where the terminal itself 160 is the service provider: the service may be the access to some protected resource of the terminal (e.g. files, directories, databases) .
  • the terminal 160 has a screen 30 and a graphical user interface.
  • the mobile device 10 is equipped with a camera 12 and carries the user digital identities.
  • the mobile device 10 may be connected to the terminal 160 through some kind of network or connection 170 (e.g. WLAN, Bluetooth) . If the mobile device 10 is not directly connected to the terminal, transmission of all the data from the terminal to the mobile device implied by the registration and authentication processes may take place through images displayed on the terminal screen and acquired by the mobile device through its camera.
  • some kind of network or connection 170 e.g. WLAN, Bluetooth
  • FIG. 9 shows an alternative embodiment of the invention where, with respect to the embodiment shown in figure 1, the mobile device 10 and the terminal 16 are equipped with an NFC module and therefore connected by an NFC channel.
  • a pictorial representation of the same alternative embodiment of the invention shows the terminal 16 being connected to an NFC device.
  • the terminal may be equipped with an embedded NFC module.
  • the mobile device 10 is also equipped with an NFC module.
  • the mobile device carries the user digital identities.
  • the terminal and the mobile device are connected to some network, e.g. Internet.
  • the service provider server is connected to the mobile device and the terminal through the same networks.
  • FIG 11 shows another embodiment of the invention in which, differently from the above-mentioned embodiment, the mobile device 10 is not directly connected to the service provider 14.
  • the mobile device 10 has two alternatives to send data to the service provider 14: the first is showing them on its display so that the user can type them on the service site shown on the terminal and submitting them to the service provider. The second is by sending them back to the terminal using the existing NFC channel and letting the terminal transmit them to the service provider.
  • the mobile device could be offline (i.e.
  • Figure 12 shows a variant of the alternative embodiment of the invention where the terminal itself 160 is the service provider: the service may be the access to some protected resource of the terminal (e.g. files, directories, databases) .
  • the terminal may be connected to an external NFC device 50.
  • the terminal may be equipped with an embedded NFC module.
  • the mobile device is also equipped with an NFC module 50.
  • the terminal and the mobile device are connected through an NFC channel 55: they may also be connected through some other type of network or connection B (e.g. WLAN, Bluetooth) .
  • the communications between the mobile device and the terminal may take place through the NFC channel 55 or through the alternative communication channel B which connects them.
  • the registration and authentication processes proceed as stated for the alternative embodiment of the invention, with the terminal as a substitute for the service provider.
  • the communications between the mobile device and terminal, between the terminal and the service provider and between the mobile device and the service provider may be encrypted to prevent snooping.
  • the terminal and the mobile device may use, for instance, SSL to protect their communications over HTTP with the service provider.
  • the modules installed on the mobile device i.e. registration and authentication module
  • the user digital identities stored on the mobile device may be protected by a password or a PIN.
  • any use of the digital identity may require the user to type the password or PIN: this prevents the use of the digital identities stored on it by a thief, when the mobile device is stolen.
  • the password or PIN that protects digital identities may be replaced by a stronger protection method, like an iris scan through the mobile device camera or some other biometric recognition methods. In this way the user does not have to remember any password or pin to access and use his digital identities on the mobile device: the mobile device authenticates him simply through his unique biometric data.
  • the identity management module 24 enables the user to modify one of his digital identities stored on the mobile device; the same module may autonomously send to each service provider with which the identity is registered the modified version of the digital identity. Some restrictions apply when the digital identity has been certified by a service provider or some other authority. In this case the user can not modify the digital identity without enrolling in a new certification process with the authority that certified the identity.
  • the identity management module 24 enables the user to delete one of his digital identities stored on the mobile device; deleting a user digital identity may imply unregistering it with every service provider with which it has been registered. In this case, the identity management module in collaboration with the registration module may autonomously inform of the deletion each service provider where the identity has been registered, using one of the communication channels available on the mobile device, for example sending it an SMS or accessing a specific URL.
  • the identity management module may create and store a service provider digital identity based on the service provider identifying data received during the registration process.
  • the identity management module enables the user to delete the service provider digital identities stored on the mobile device; deleting a service provider digital identity may imply unregistering the user with it.
  • the identity management module in collaboration with the registration module may autonomously inform of the deletion the relate ' d service provider using one of the available communication channels (e.g. SMS, Internet).
  • the identity management module enables the user to review which of his digital identities are registered with a given service provider. The same module enables the user to review the list of service providers a given 5. user digital identity is registered with.
  • the identity management module 24 collaborates with the registration module 20 and authorization module 22 during the registration and authorization process, respectively. In these processes,0 given S. service provider identifier, the identity management module retrieves the user digital identity registered with the related service provider.
  • the identity management module enables the user to export a single digital identity or5 the entire content of the identity database in a ciphered format and import it into a different mobile device. This allows the user to preserve his data even when he changes mobile device.
  • Example screens of display for an identity0 management, registration and authentication module are shown in Figure 13-18.
  • Figure 13 shows a screen comprising an identity card window 60 that includes a title bar 61, which may display the name of the identity5 or some other related title, a toolbar 62, which may display a number of buttons, and, in the central part, the data 63 of the selected digital identity, for example name, nickname, address, telephone number, e-mail.
  • the toolbar 62 may include a button 64 to edit the selected field of the digital identity, a button 65 to register or certify the selected digital identity, a button 66 to review the service providers which the identity is registered with, a button 67 to add one or more fields (e.g. organization, ⁇ photo) and a button 68 to delete an existing field.
  • Figure 14 shows a screen comprising the user digital identity list window 70 that includes a title bar 71, a toolbar 72 and, in the central part, a list 73 of digital identities stored on the mobile device.
  • the toolbar 72 may include a button 74 to open the selected digital identity detail window, a button 75 to register or certify the selected digital identity, a button 76 to search among the stored digital identities, a button 77 to add a new digital identity and a button 78 to delete an existing one.
  • Figure 15 shows a screen comprising an identity field edit window 80 that includes a title bar 81, a menu bar 82 and, in the central part, the field 83 to edit with its value 84.
  • the menu bar may contain an item to confirm the field value (i.e. OK) and an item to discard the changes made (i.e. Cancel).
  • Figure 16 shows a screen comprising a registration window 90 that, includes a title bar 91, a button 92 to confirm registration, a button 92 to abandon the registration and in the central part a summary of the service provider 93 and the user digital identity 94 involved in the process.
  • Figure 17 shows a screen comprising an authentication window 400 that includes a title bar 401, a button 402 to confirm authentication, a button 403 to abandon the authentication and in the central part a summary of the service provider 404 and the user digital identity 405 involved in the authentication process.
  • Figure 18 shows a screen comprising an authentication result window 500 that includes a title bar 501, a button 502 to end the authentication process and in the central part the secure response 503 generated by the authentication module.
  • the method according the invention reduces the registration and authentication processes to a simple gesture like waving the mobile device near the terminal (i.e. "touching" the terminal with the mobile device) or taking a snapshot of an image shown on the terminal screen. This spares the user to remember and type his credentials (e.g. username and password) and saves him from piracy and identity theft.
  • the proposed system also promotes identity portability allowing the user to reuse the same identity on several service providers and on several machines.
  • identities are stored on the user's mobile device, which typically is strictly personal. Hence the user can carry always with him his own digital identities. This is a guarantee of reuse and privacy.
  • the method gives users the possibility to track identities usage and dependencies: this improves user's awareness and confidence.
  • the near field interaction on which the whole system is based implies simply to wave the mobile device near the terminal or to take a snapshot of an image shown on the terminal; both of these operations are simple and intuitive.
  • the proposed method does not require any configuration by the user to be used, since no configuration is needed to establish an NFC channel between the terminal and the mobile device or to take a snapshot. This saves the user from tricky configuration processes in which to set the value of incomprehensible technical parameters.
  • NFC technologies as such are themselves intuitive and easy to use: this automatically generates trust and confidence in the user, who always feels in control of what is happening. Moreover, the short range in which communication takes place reduces to a minimum privacy breach risks: therefore the system can be used with equal confidence at home or at a kiosk in a public place.
  • the method has an intuitive graphical user interface that makes user' s interaction simple and fun.
  • the system is not only an authentication token; it also offers the capability of storing and managing user' s personal data and credentials for multiple online services. Unlike a simple authentication token, it gives the user the control over the set of information given to each service provider; this is interesting for users concerned with their privacy. It gives also the possibility to reuse personal data and credentials, saving time and annoyance in the registration process.
  • the possibility to use even simple optical technologies allows the system to adapt to a multitude of different technological contexts. In the poorest ones, where no NFC reader is available, user can use his mobile device camera. In the most advanced ones, user can take full advantage of the system using NFC technologies (e.g. RFID) . In those cases the system gives its best fully automating some processes and making them transparent to the user.
  • System security may rely on the security of the mobile device smart card that preserves every secret and key of the application.
  • the authentication process is based on a challenge/response protocol.
  • the response is generated either from a secret shared between user and service provider during a simple registration or from the user's private key, the public key of which had been certified by service provider during a certified registration.
  • Certified registration has one important advantage over simple .registration: the user's digital identity involved in the registration becomes "certified", which means that a digital certificate guarantees its validity. This is particularly useful in a federated environment, that is an environment in which a set of service providers use and trust common certification/identity servers and in some cases share the registration/authentication process; in fact, in such an environment the user could use a certified identity to authenticate to a service provider whom he never registered with but who trusts the service provider that certified the presented identity [00116] Thus, certified registration allows the system to integrate and work equally well in a federated identity environment.
  • the proposed registration and authentication methods are as secure as the safest authentication devices (i.e. smart card, RSA token) and can be used in any context in which these same devices can be used.
  • safest authentication devices i.e. smart card, RSA token
  • the proposed invention including the registration and authentication methods above-mentioned, is implemented by software installed on a mobile device. This implies negligible distribution cost and no need for the user to adopt an additional device to authenticate himself with the service provider.
  • the proposed invention is more intuitive and easy to use than the present authentication devices. It does not require the adoption of cumbersome and difficult to manage proprietary technologies. It supports either symmetric or asymmetric keys; therefore it is quite easy to integrate it with existing infrastructures.
  • the invention does not includes only an authentication method, but it includes also a compact identity management tool that enables the user to manage and control the use of his digital identities and automates some procedures related to the registration and authentication processes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé d'enregistrement d'un utilisateur auprès d'un fournisseur de services, comportant les étapes consistant à créer et à mémoriser dans un dispositif mobile au moins une identité numérique; à établir une communication entre le dispositif mobile et le fournisseur de services; à échanger des informations entre le dispositif mobile et le fournisseur de services afin de produire certaines données secrètes associées à la fois à une identité numérique choisie et au fournisseur de services; et à mémoriser lesdites données secrètes à la fois dans le dispositif mobile et auprès du fournisseur de services. L'invention concerne également un procédé d'authentification comportant les étapes comprenant la création, par le fournisseur de services, d'un défi contenant un identifiant de fournisseur de services; le codage du défi; la distribution du défi codé à l'utilisateur; l'acquisition du défi par l'intermédiaire du dispositif mobile; l'extraction de l'identifiant du fournisseur de services; la sélection automatique de l'identité numérique enregistrée auprès dudit fournisseur de services; la production d'une réponse au défi et le renvoi de la réponse et de l'identifiant de l'identité numérique choisie au fournisseur de services.
PCT/IB2009/050459 2008-02-11 2009-02-05 Procédé et dispositif mobile permettant d'enregistrer et d'authentifier un utilisateur auprès d'un fournisseur de services Ceased WO2009101549A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITBS2008A000031 2008-02-11
ITBS20080031 ITBS20080031A1 (it) 2008-02-11 2008-02-11 Metodo e telefono mobile per registrare e autenticare un utente presso un service provider

Publications (2)

Publication Number Publication Date
WO2009101549A2 true WO2009101549A2 (fr) 2009-08-20
WO2009101549A3 WO2009101549A3 (fr) 2009-10-08

Family

ID=40291477

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2009/050459 Ceased WO2009101549A2 (fr) 2008-02-11 2009-02-05 Procédé et dispositif mobile permettant d'enregistrer et d'authentifier un utilisateur auprès d'un fournisseur de services

Country Status (2)

Country Link
IT (1) ITBS20080031A1 (fr)
WO (1) WO2009101549A2 (fr)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2405622A1 (fr) * 2010-07-08 2012-01-11 Scalado AB Communication de dispositif
EP2421217A1 (fr) * 2010-08-16 2012-02-22 Research In Motion Limited Système de communication fournissant une authentification sans fil pour un accès privé aux données et procédés apparentés
EP2434720A1 (fr) * 2010-09-22 2012-03-28 IB-Tietotaulu Gestion des tâches par une connexion de communication
WO2012129529A1 (fr) * 2011-03-24 2012-09-27 Fedex Corporate Services, Inc. Systèmes et procédés de signature électronique pour colis livré
US20120314090A1 (en) * 2011-06-10 2012-12-13 Schayne Jallow Location specific personalized enterprise services using video signature of an electronic display
WO2013043141A1 (fr) * 2011-07-29 2013-03-28 Avea Iletisim Hizmetleri Anonim Sirketi (Teknoloji Merkezi) Système et procédé d'authentification par appel vidéo
WO2013051916A1 (fr) * 2011-10-04 2013-04-11 Relative Cc, Sia Procédé pour la détermination de l'identité d'un utilisateur
WO2013054102A1 (fr) * 2011-10-10 2013-04-18 Intercede Limited Vérification d'identité
EP2602735A1 (fr) * 2011-12-09 2013-06-12 Research In Motion Limited Authentification sécurisée
US8464960B2 (en) 2011-06-30 2013-06-18 Verisign, Inc. Trusted barcodes
EP2611096A1 (fr) * 2011-12-28 2013-07-03 Gemalto SA Procédé d'authentification d'utilisateur en utilisant un deuxième terminal mobile
WO2014022778A1 (fr) * 2012-08-03 2014-02-06 Vasco Data Security, Inc. Procédé d'authentification pratique pour l'utilisateur et appareil utilisant une application d'authentification mobile
US8701166B2 (en) 2011-12-09 2014-04-15 Blackberry Limited Secure authentication
US8869248B2 (en) 2010-08-16 2014-10-21 Blackberry Limited Communication system providing wireless authentication for private data access and related methods
WO2015043744A1 (fr) * 2013-09-30 2015-04-02 Giesecke & Devrient Gmbh Procédé, dispositifs et système d'authentification vis-à-vis d'un serveur
WO2015050890A1 (fr) * 2013-10-01 2015-04-09 Motorola Mobility Llc Systèmes et procédés de gestion de justificatifs d'identité entre des dispositifs électroniques
WO2015042668A3 (fr) * 2013-09-06 2015-05-21 Lin.K N.V. Procédé et système d'authentification mobile pour fournir un accès authentifié à des services et des applications fonctionnant avec internet
EP2834959A4 (fr) * 2012-04-01 2015-11-11 Authentify Inc Authentification sécurisée dans un système multipartite
US20160360403A1 (en) * 2015-01-05 2016-12-08 Ebid,Products & Solutions, S.L. Procedure for generating a digital identity of a user of a mobile device, digital identity of the user, and authentication procedure using said digital identity of the user
BE1024035B1 (nl) * 2012-04-27 2017-10-31 Lin.K.N.V. Mobiel authenticatiesysteem
RU2701041C1 (ru) * 2018-11-15 2019-09-24 Илья Владимирович Редкокашин Способ автоматизированной регистрации
US10594487B2 (en) 2017-07-27 2020-03-17 International Business Machines Corporation Password management and verification with a blockchain
US11716207B1 (en) * 2016-09-08 2023-08-01 Cable Television Laboratories, Inc. System and method for a dynamic-PKI for a social certificate authority

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6725269B1 (en) * 1999-12-02 2004-04-20 International Business Machines Corporation System and method for maintaining multiple identities and reputations for internet interactions
WO2004095316A1 (fr) * 2003-04-24 2004-11-04 Koninklijke Philips Electronics N.V. Lancement d'une communication de donnees par capture d'image
WO2005116909A1 (fr) * 2004-05-31 2005-12-08 Alexander Michael Duffy Dispositif, systeme et procedes de prise en charge de processus d'authentification
US7788729B2 (en) * 2005-03-04 2010-08-31 Microsoft Corporation Method and system for integrating multiple identities, identity mechanisms and identity providers in a single user paradigm
JP4660398B2 (ja) * 2005-12-23 2011-03-30 株式会社東芝 ユーザー認証システムと、このユーザー認証システムで使用される提供用サーバ装置、携帯通信装置、利用者用携帯通信装置、承認者用携帯通信装置および認証用サーバ装置と、これらの装置のためのプログラム

Cited By (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2405622A1 (fr) * 2010-07-08 2012-01-11 Scalado AB Communication de dispositif
US10020997B2 (en) 2010-07-08 2018-07-10 Nokia Technologies Oy Device communication
US10200257B2 (en) 2010-07-08 2019-02-05 Nokia Technologies Oy Indirect device communication
US8869248B2 (en) 2010-08-16 2014-10-21 Blackberry Limited Communication system providing wireless authentication for private data access and related methods
CN102377769B (zh) * 2010-08-16 2015-10-14 黑莓有限公司 提供针对私有数据访问的无线认证的通信系统及相关方法
CN102377769A (zh) * 2010-08-16 2012-03-14 捷讯研究有限公司 提供针对私有数据访问的无线认证的通信系统及相关方法
EP2421217A1 (fr) * 2010-08-16 2012-02-22 Research In Motion Limited Système de communication fournissant une authentification sans fil pour un accès privé aux données et procédés apparentés
KR101304006B1 (ko) * 2010-08-16 2013-09-04 리서치 인 모션 리미티드 개인 정보 엑세스를 위한 무선 인증을 제공하는 통신 시스템 및 관련 방법
EP2434720A1 (fr) * 2010-09-22 2012-03-28 IB-Tietotaulu Gestion des tâches par une connexion de communication
WO2012129529A1 (fr) * 2011-03-24 2012-09-27 Fedex Corporate Services, Inc. Systèmes et procédés de signature électronique pour colis livré
US8898083B2 (en) 2011-03-24 2014-11-25 Fedex Corporate Services, Inc. Systems and methods for electronically signing for a delivered package
US20120314090A1 (en) * 2011-06-10 2012-12-13 Schayne Jallow Location specific personalized enterprise services using video signature of an electronic display
US9094454B2 (en) * 2011-06-10 2015-07-28 Zone24X7 Inc. Location specific personalized enterprise services using video signature of an electronic display
US8464960B2 (en) 2011-06-30 2013-06-18 Verisign, Inc. Trusted barcodes
US9213930B2 (en) 2011-06-30 2015-12-15 Verisign, Inc. Secure barcodes
WO2013043141A1 (fr) * 2011-07-29 2013-03-28 Avea Iletisim Hizmetleri Anonim Sirketi (Teknoloji Merkezi) Système et procédé d'authentification par appel vidéo
US20140359299A1 (en) * 2011-10-04 2014-12-04 Relative Cc, Sia Method for Determination of User's Identity
WO2013051916A1 (fr) * 2011-10-04 2013-04-11 Relative Cc, Sia Procédé pour la détermination de l'identité d'un utilisateur
EP2764655A4 (fr) * 2011-10-04 2015-08-12 Relative Cc Sia Procédé pour la détermination de l'identité d'un utilisateur
WO2013054102A1 (fr) * 2011-10-10 2013-04-18 Intercede Limited Vérification d'identité
US8701166B2 (en) 2011-12-09 2014-04-15 Blackberry Limited Secure authentication
EP2602735A1 (fr) * 2011-12-09 2013-06-12 Research In Motion Limited Authentification sécurisée
EP2611096A1 (fr) * 2011-12-28 2013-07-03 Gemalto SA Procédé d'authentification d'utilisateur en utilisant un deuxième terminal mobile
US9641520B2 (en) 2012-04-01 2017-05-02 Early Warning Services, Llc Secure authentication in a multi-party system
US9398012B2 (en) 2012-04-01 2016-07-19 Authentify, Inc. Secure authentication in a multi-party system
EP2834959A4 (fr) * 2012-04-01 2015-11-11 Authentify Inc Authentification sécurisée dans un système multipartite
US9742763B2 (en) 2012-04-01 2017-08-22 Early Warning Services, Llc Secure authentication in a multi-party system
EP2834729A4 (fr) * 2012-04-01 2016-02-17 Authentify Inc Authentification sécurisée dans un système multi-partie
BE1024035B1 (nl) * 2012-04-27 2017-10-31 Lin.K.N.V. Mobiel authenticatiesysteem
US20140040628A1 (en) * 2012-08-03 2014-02-06 Vasco Data Security, Inc. User-convenient authentication method and apparatus using a mobile authentication application
CN104662864B (zh) * 2012-08-03 2018-03-09 威斯科数据安全国际有限公司 使用了移动认证应用的用户方便的认证方法和装置
WO2014022778A1 (fr) * 2012-08-03 2014-02-06 Vasco Data Security, Inc. Procédé d'authentification pratique pour l'utilisateur et appareil utilisant une application d'authentification mobile
CN104662864A (zh) * 2012-08-03 2015-05-27 威斯科数据安全国际有限公司 使用了移动认证应用的用户方便的认证方法和装置
US9710634B2 (en) 2012-08-03 2017-07-18 Vasco Data Security, Inc. User-convenient authentication method and apparatus using a mobile authentication application
WO2015042668A3 (fr) * 2013-09-06 2015-05-21 Lin.K N.V. Procédé et système d'authentification mobile pour fournir un accès authentifié à des services et des applications fonctionnant avec internet
US20160219039A1 (en) * 2013-09-06 2016-07-28 Mario Houthooft Mobile Authentication Method and System for Providing Authenticated Access to Internet-Sukpported Services and Applications
WO2015043744A1 (fr) * 2013-09-30 2015-04-02 Giesecke & Devrient Gmbh Procédé, dispositifs et système d'authentification vis-à-vis d'un serveur
US9729547B2 (en) 2013-10-01 2017-08-08 Google Technology Holdings LLC Systems and methods for credential management between electronic devices
WO2015050890A1 (fr) * 2013-10-01 2015-04-09 Motorola Mobility Llc Systèmes et procédés de gestion de justificatifs d'identité entre des dispositifs électroniques
US9363251B2 (en) 2013-10-01 2016-06-07 Google Technology Holdings LLC Systems and methods for credential management between electronic devices
US20160360403A1 (en) * 2015-01-05 2016-12-08 Ebid,Products & Solutions, S.L. Procedure for generating a digital identity of a user of a mobile device, digital identity of the user, and authentication procedure using said digital identity of the user
US11716207B1 (en) * 2016-09-08 2023-08-01 Cable Television Laboratories, Inc. System and method for a dynamic-PKI for a social certificate authority
US10594487B2 (en) 2017-07-27 2020-03-17 International Business Machines Corporation Password management and verification with a blockchain
US10666442B2 (en) 2017-07-27 2020-05-26 International Business Machines Corporation Password management and verification with a blockchain
RU2701041C1 (ru) * 2018-11-15 2019-09-24 Илья Владимирович Редкокашин Способ автоматизированной регистрации
WO2020101529A1 (fr) * 2018-11-15 2020-05-22 Илья Владимирович РЕДКОКАШИН Procédés d'enregistrement automatisé

Also Published As

Publication number Publication date
WO2009101549A3 (fr) 2009-10-08
ITBS20080031A1 (it) 2009-08-12

Similar Documents

Publication Publication Date Title
WO2009101549A2 (fr) Procédé et dispositif mobile permettant d'enregistrer et d'authentifier un utilisateur auprès d'un fournisseur de services
US10142114B2 (en) ID system and program, and ID method
US9038196B2 (en) Method for authenticating a user requesting a transaction with a service provider
US9741033B2 (en) System and method for point of sale payment data credentials management using out-of-band authentication
US9047455B2 (en) Method for reading attributes from an ID token
US9338163B2 (en) Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
US8087068B1 (en) Verifying access to a network account over multiple user communication portals based on security criteria
US20180295121A1 (en) Secure element authentication
US20120066501A1 (en) Multi-factor and multi-channel id authentication and transaction control
US20080059797A1 (en) Data Communication System, Agent System Server, Computer Program, and Data Communication Method
TW201741922A (zh) 一種基於生物特徵的安全認證方法及裝置
WO2005107137A2 (fr) Methode et appareil pour authentifier les utilisateurs utilisant au moins deux facteurs
KR20030074483A (ko) 서비스 제공자 장치로부터 네트워크를 통하여 서비스이용자 장치에 서비스를 제공하는 서비스 제공 시스템
US20240129139A1 (en) User authentication using two independent security elements
WO2010050192A1 (fr) Procédé de réémission de mot de passe
EP1574978A1 (fr) Systeme de controle d'informations personnelles, systeme de mediation et terminal
JP2007527059A (ja) ユーザ、およびコンピュータシステムから受信された通信の認証のための方法および装置
US20120131347A1 (en) Securing of electronic transactions
WO2007108397A1 (fr) Systeme de communication, serveur, dispositif de terminal client et procede de communication
KR20070076575A (ko) 고객 인증처리 방법
KR20070076576A (ko) 결제승인처리방법
KR20090006815A (ko) 고객 인증처리 방법
KR20070077481A (ko) 고객 인증 중계처리 서버
KR20060112167A (ko) 고객 인증중계 방법 및 시스템과 이를 위한 서버와기록매체
JP2006259958A (ja) ネットワークアクセス方法及び情報端末

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09710529

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09710529

Country of ref document: EP

Kind code of ref document: A2