Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1999-08-18
2003-03-04
Trammell, James P. (Department: 3621)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S074000
Reexamination Certificate
active
06529886
ABSTRACT:
TECHNICAL DOMAIN
This invention relates to an authentication process with an access control and/or payment system for voice or information services offered by a service provider, who may or may not be a telecommunications operator.
The reference configuration illustrated in the figure shows a conventional device related to:
1°) client equipment (telephone or IT terminal);
2°) service provider equipment (for example order point for operator network services, voice server, Internet server belonging to a service provider, etc.);
3°) an access control and/or payment server.
This reference configuration is applicable to exchanges considered throughout the rest of this description. Functions 2°) and 3°) may or may not be related to the same operator/service provider.
In this type of device, a transaction involving access control and/or payment takes place as follows:
(I) A communication is set up between the client and the service provider.
(II) The service provider checks the customer's access rights and/or whether or not there is a useable account (customer account to be invoiced or prepaid account), with the access and/or payment server; possibly to obtain further data such as the maximum credit for the account considered.
(III) The service is provided.
(IV) The service provider may or may not send charging data to the access control and/or payment server.
The following security requirements have been identified for this type of transaction:
Customer Anonymity Towards Third Parties
In this case, a third party means:
1°) Any person who could access exchanges between the customer and the service provider. It must be impossible to use identification and authentication data transmitted during these exchanges to determine the customer's identity or even to determine what communications relate to a particular customer.
2°) The service provider itself, if it does not perform the access control and/or billing control function. If these functions are separate, it may be necessary to prevent the service provider from determining the identity of customers, or even preparing statistics based on grouping of transactions for a particular customer. In this case the identity of the customer (or the account used), which is essential for the access control and/or the payment for the service, must not be available to the service provider, either in plain text or in the form of a static pseudonym.
Customer Identity Authentication During Phase (II)
This authentication ensures that the customer, whose customer number and account number are given in the identification data transmitted to the control system (through the service provider), has actually set a communication with the service provider. An active authentication is essential in order to prevent frauds by replaying old data.
Furthermore, an additional security service may also be offered optionally:
Customer Data Authentication
For example, the access control and/or the payment server can use this function to make sure that the customer accepts the amount of the service in the case in which the data on which the authentication is calculated represent this amount.
State of Prior Art
At the present time, most devices with secret keys performing an authentication use an “identification-authentication” type scheme (typically name+password) and consequently there is no anonymity.
Devices guaranteeing anonymity at the same time as legal access to a resource are rare and are systematically based on the use of a public key, as described in article reference [1] at the end of the description, but this implies fairly long exchanges (at least 512 bits). However, the customer may only have a telephone and may be put into contact with a human operator or a voice or non-voice server at the service provider. The customer may also have a microcomputer without a modem. In this case, it is impossible to ask him to type an excessively long sequence of characters on his keyboard, or to say it orally.
In the process according to the invention, due to strong constraints on the length of the identification-authentication type scheme (typically name+password) and consequently there is no anonymity.
Devices guaranteeing anonymity at the same time as legal access to a resource are rare and are systematically based on the use of a public key, as described in article reference [1] at the end of the description, but this implies fairly long exchanges (at least 512 bits). However, the customer may only have a telephone and may be put into contact with a human operator or a voice or non-voice server at the service provider. The customer may also have a microcomputer without a modem. In this case, it is impossible to ask him to type an excessively long sequence of characters on his keyboard, or to say it orally.
In the process according to the invention, due to strong constraints on the length of the identification-authentication message, the use of an authentication method using a public key (which would result in messages more than 100 digits long) is unthinkable. Furthermore, it is impossible to use the conventional technique for authentication of a random number emitted by the network, which would require a two-directional exchange.
The purpose of the invention is an authentication process that can solve the problems described above. Document reference [2] describes a method and a device enabling identification of a mobile user in a communication network. This method consists of encrypting the user's identifier and/or his password and a synchronization indication, preferably over a fixed time interval, by using a secret single-directional function and sending the encrypted message called the “dynamic user identifier” to a user center in which it is recorded. This method ensures that the user remains anonymous towards third parties; third parties are incapable of identifying the user or following his movements. This method enables a user who moves from a home area to another area to inform the user center for this area and his home area center.
Document reference [3] describes various methods of protecting information, objects and other resources located in networks and in distributed systems. In particular, this document describes single directional authentication methods. In one of these methods, an electronic card issued to a user periodically generates a new random number by encrypting a real time clock read with a secret key hidden inside the card. The resulting random number is then used as a “single use” password. A host computer which has a copy of the secret key on each user card can perform the same encryption to verify the random numbers that it receives. These cards can send a “challenge” word such as {user name, password, date, time} to the host computer, encrypted with a built up secret key shared with the computer.
DESCRIPTION OF THE INVENTION
This invention relates to an authentication system with an access control and/or payment system that maintains anonymity towards a third party, characterized in that an authentication sequence that is completely different in each transaction is transmitted using a single directional authentication protocol, such that it is impossible for a third party to determine the identity of the customer, or even to determine which transactions are sent by the same customer.
Advantageously, a counter in the customer's authenticator incremented by one unit at each authentication attempt is used, the authentication data transmitted during each access being the current value C of the customer's counter and an authentication code CA with d digits, calculated starting from the customer's secret authentication key K
customer
and the counter C using an authentication algorithm A, the code CA being given by the following relation:
CA=A
(
K
customer
, C
)
If the customer would like to “sign” the data M, the parameter M also appears in the authentication calculation, the authentication code CA being given by the relation:
CA=A
(
K
custo
Arditti David
Bontron Nicolas
Campana Mireille
Gilbert Henri
Leclercq Thierry
France Telecom
Oblon & Spivak, McClelland, Maier & Neustadt P.C.
Trammell James P.
Worjloh Jalatee
LandOfFree
Authenticating method for an access and/or payment control... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authenticating method for an access and/or payment control..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authenticating method for an access and/or payment control... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3005552