GB2434663A - Mutual authentication using a pair of one-time passwords - Google Patents
Mutual authentication using a pair of one-time passwords Download PDFInfo
- Publication number
- GB2434663A GB2434663A GB0600703A GB0600703A GB2434663A GB 2434663 A GB2434663 A GB 2434663A GB 0600703 A GB0600703 A GB 0600703A GB 0600703 A GB0600703 A GB 0600703A GB 2434663 A GB2434663 A GB 2434663A
- Authority
- GB
- United Kingdom
- Prior art keywords
- party
- user
- transaction
- passwords
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 20
- 238000004891 communication Methods 0.000 claims description 10
- 230000001413 cellular effect Effects 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 claims description 3
- 230000000007 visual effect Effects 0.000 claims description 2
- 238000004422 calculation algorithm Methods 0.000 description 10
- 230000003068 static effect Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- H04L29/06789—
-
- H04L29/06816—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides methods and systems for authenticating the parties to a transaction over a computer network. A first party to the transaction is provided with a pair of one-time passwords (OTP) and a second party is independently provided with the same pair of one-time passwords. The first party transmits a first one of the one-time passwords to the second party and the second party transmits the other of the one-time passwords to the first party. Each party can then authenticate the other by comparing the received one-time password with the password they have been provided (but which they have not transmitted). Where the transaction is between a user and a server, preferably the one-time passwords provided to the user are generated using a non-dedicated hand held device such as a mobile phone. The received password may be displayed to the user so that the comparison can be made visually.
Description
<p>1 2434663 One-time Password Authentication</p>
<p>Field of the Invention</p>
<p>The present invention relates to one-time password (OTP) authentication methods and systems for authenticating parties to a transaction over a computer network. The invention is particularly suited to authenticating parties communicating over a public network such as the Internet.</p>
<p>Background</p>
<p>An increasing number of personal and business transactions are being carried out over the Internet. The Internet is a very efficient mechanism for communication between parties to a transaction but suffers from the draw back that there is potentially a great deal of uncertainty as to the authenticity of the parties to the transaction. Typically the parties to a transaction will be a user (private or business) on the one hand and a server associated with a commercial organisation (e.g. a financial institution or online commerce website) on the other hand. The user interacts with one or more automated services running on the server to complete a transaction.</p>
<p>It is now very common for the user to authenticate themselves to the server. In simple systems this may be achieved using a static password. The user identifies themselves to the server with a user name and also provides their password. The server then authenticates the user by ensuring that the password that has been provided is correct for the user in question (as identified by their user name). Systems using static passwords are, however, not very secure. The password may be relatively easily compromised using key logging software for example or simply by a third party observing a user when they are entering their password.</p>
<p>To increase the security of systems using static passwords is it known to use more than one static password and/or a user may only be asked for selected parts (e.g. letters or digits) of a password in any one transaction to avoid key logging software capturing complete passwords.</p>
<p>Other more sophisticated systems tend to use one-time passwords (OTP) to authenticate users. One-time passwords are generated at the time of use and are only valid at that time.</p>
<p>A user of a system with OTP authentication will typically possess an OTP calculator', a dedicated device that operates to generate the necessary OTP based on a predefined algorithm In some instances, the user will be required to enter a PIN or other user-specific identification code into the OTP device, as an input to the algorithm, to generate the OTP. In this way, even if the device itself is stolen, it cannot be used. Although the use of OTP authentication offers enhances security, the requirement that the user must be issued with a dedicated OTP calculator, and the costs and practical issues associated with this, means that such systems are not widely deployed Server authentication, that is the server authenticating itself to the user, is still less common but the demand for it is growing as a result of factors such as the rapidly increasing incidences of Phishing and other Internet-based fraud. Certificate based (especially PKI -Public Key Infrastructure -certificate) authentication is the main form of server authentication used.</p>
<p>However, it is not well understood by a majority of users and is therefore open to abuse.</p>
<p>Another scheme for server authentication for web-based transactions is the display on a web page during the transaction of text, graphics or some other content that has been supplied by or pre-selected by the user. The principal is that if the user sees the e.g. phrase or image that they have supplied or chosen then they know that the web page they are viewing, and hence the server it originates from is authentic. Examples include Cyota Inc.'s "eStamp"TM product CRrM) and Passmark Security LLC's "PassMark"concept described in their WO 2004/102338.</p>
<p>These approaches are, however, also vulnerable to being spoofed as it is possible to capture the user's chosen image or pass phrase at the user's client using image logging or screen capture software The captured image or pass phrase can then be reused fraudulently in e.g. a Phishing attack.</p>
<p>Summary of Invention</p>
<p>The present invention proposes the exchange of one-time passwords to authenticate both parties to a transaction over a computer network. In preferred embodiments, at least one of the parties uses a non-dedicated handheld device to generate the one-time passwords.</p>
<p>Preferred non-dedicated devices include mobile (e.g. cellular) telephones, personal digital assistants (PDAs) or other general purpose handheld computers.</p>
<p>The term "transaction" used herein does not necessarily mean a commercial transaction involving a payment, although it includes this. The term includes the sending and or receiving of any network message (e.g. request and/or response) or other data to or from either or both of the parties. Generally the transaction, subsequent to authentication of the parties, will involve an exchange of network messages or other data but in some embodiments the communication may be one way only once the authentication process is complete.</p>
<p>"Non-dedicated" devices are devices that have an intended primary purpose other than the provision of one-time passwords.</p>
<p>In a first aspect, the present invention provides a method of authenticating the parties to a transaction over a computer network, the method comprising: a first party to the transaction being provided with a pair of one-time passwords; a second party to the transaction being independently provided with the same pair of one-time passwords; and the first party transmitting a first one of the one-time passwords to the second party and the second party transmitting the other of the one-time passwords to the first party.</p>
<p>Each party can confirm the authenticity of the other party by comparing the one-time password received from the other party with the corresponding one-time password that they have been provided with. If the passwords match, the other party can be assumed to be authentic.</p>
<p>Typically one of the parties to the transaction will be a user participating in the transaction via a client device connected or connectable to the computer network. The client device may, for example, be a desktop, laptop or handheld personal computer or a mobile telecommunications device such as a cellular or satellite telephone. The connection from the client device to the network may be a wired or a wireless connection. The network will typically be a public network such as the Internet for example.</p>
<p>The other party to the transaction will typically be a server connected to or connectable to the computer network.</p>
<p>The one-time passwords provided to at least one of the parties to the transaction are preferably generated using an OTP generating device separate from the device via which that party connects to the computer network. The OTP generating device is preferably a portable hand held.</p>
<p>The OTP generating device may be a dedicated device but more preferably it is a non-dedicated device, such as a mobile (e.g. cellular) telephone, PDA or other handheld personal computer. A single, non-dedicated device such as this can be used for generating one-time password pairs for any number of online services, applications or other products.</p>
<p>Where the transaction is between a user and a server, the user will generally possess an OTP generating device to provide them with their pairs of one-time passwords, whereas the one-time passwords will typically be provided to the server by an application running on the server or another device connected to the server.</p>
<p>The one-time passwords are generated in accordance with an algorithm, the same algorithm being used to provide the pairs of one-time passwords to both parties. The two passwords of each pair may be generated using two distinct calculations using the same or different algorithms (if the same algorithms are used, at least one if the inputs will be different between the two calculations in order that the two passwords of the pair are not the same).</p>
<p>Alternatively, the pair of passwords may be generated using a single calculation employing an algorithm that provides two password outputs.</p>
<p>The one-time passwords may be generated in accordance with the OATH (Open Authentication) One-Time Password standard.</p>
<p>Once the parties have been authenticated, it may in some instances be desirable to digitally sign subsequent communications between the parties, e.g. for non-repudiation purposes.</p>
<p>Preferably communications passing in both directions are signed, but in some cases it may only be communications passing in one direction that are signed (e.g. from client to server or vice versa). Advantageously, one or both of the parties can digitally sign such communications using a one-time password generated contemporaneously with the transmission of the respective communication and that is preferably generated from the data that is to be signed.</p>
<p>In a second aspect, the invention provides a system, operable in accordance with the method of the first aspect above, for authenticating first and second parties to a transaction over a computer network, the system comprising: a first party authentication system; and a second party authentication system; each of the first party authentication system and second party authentication system comprising a one-time password generator for generating a pair of one-time passwords, a transmitter for transmitting via the computer network, manual keyboard entry or visual screen display one of the pair of one-time passwords to the other authentication system, and a receiver for receiving the one-time password transmitted by the other authentication system.</p>
<p>Preferably one or both of the first party and second party authentication systems further comprise a comparator for comparing the received one-time password with one of the passwords of the locally generated pair. Where one of the parties is a user (i.e. a person) an alternative is for their respective authentication system to include a display for displaying the received one-time password so that the comparison can be made visually by the user.</p>
<p>Preferably the first party is a user and the second party is a server.</p>
<p>The authentication system for each party may be a single unitary device, for example a server computer or personal computer. It is preferred, however, that at least where one of the parties is a user, their function of their associated authentication system is divided between at least two devices, with the one-time password generator being provided by a separate device, preferably a handheld device.</p>
<p>For example, in a preferred embodiment, the transmission and reception functions of a user's authentication system are provided by a personal computer that communicates with the server via the computer network, whilst the one-time password generator is a separate non-dedicated device such as a mobile (e.g. cellular) telephone, PDA or other handheld personal computer.</p>
<p>The password generator device may be interfaced to the personal computer in any appropriate manner to transfer one of the one-time passwords to the computer for transmission to the server. Conveniently, this interface' may simply be provided by the user viewing the password on a display of the password generator and manually inputting it to the personal computer using a conventional input device (keyboard, mouse, tablet, etc).</p>
<p>In a third aspect, the invention provides a one-time password generator comprising a non-dedicated password generator device having a memory, a processor and a display, and a password generating application installed in the memory of the device, the application being executable by the processor of the device to generate a pair of one-time passwords and to display the generated pair of passwords on the display of the device.</p>
<p>The invention also provides computer software comprising the password generating application of the third aspect above, either alone or on a computer readable medium.</p>
<p>In another aspect, the invention provides a computer program comprising code that is executable on a computer or computer network to cause the computer or computer network to operate in accordance with the method of the first aspect above. The invention also provides a computer readable medium comprising this computer program.</p>
<p>Brief Description of Drawings</p>
<p>Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings, in which: Fig I shows schematically a system in accordance with an embodiment of the present invention, and Fig. 2 illustrates a method of operating the system of fig. 1</p>
<p>Description of Embodiment</p>
<p>Figure 1 illustrates a system for completing a transaction between a user 2 and an online service resident on a server 4 The service may, for example, be a banking service, an e-commerce service or an information service. In such transactions it can be important to verify the authenticity of both the user 2 and the server 4.</p>
<p>Preferred embodiments of the present invention propose to achieve this authentication by using a two-way exchange of one-time passwords. Each of the user 2 and the server 4 is provided with a pair of one-time passwords, referred to in the following as OTP 1' and OTP 2'. One of the passwords is sent from the user 2 to the server 4 and the other from the server 4 to the user 2. If the same algorithm is used to generate both password pairs, which will be the case is both parties to the transaction are authentic, then the passwords will match. If the passwords do not match, then the transaction can be terminated before there is any significant exchange of data (e.g. personal details) between the user and the server.</p>
<p>The user 2 interacts with the server 4 using a personal computer 6 or other device that can communicate with the server 4 via the Internet 10 or some other communications network.</p>
<p>The user also has a separate password generating device 8, which in this example is a non-dedicated device such as a mobile (e g. cellular or satellite) telephone, PDA or other handheld computer.</p>
<p>The password generating device has a password generating application installed on it, incorporating the algorithm for generating the one-time password pairs at the request of the user. For example the user may select an item from a menu in the device's graphical user interface or press a predetermined key or keys or a sequence of keys to launch the application and cause it to generate a pair of passwords. The passwords may only be valid for a limited period of time. If a transaction with the server 4 is not initiated within this period then a new pair of passwords must be generated. Additionally or alternatively, the passwords may be valid only for a single use.</p>
<p>Fig. 2 illustrates the authentication method used in the system of fig. 1.</p>
<p>First, having decided they wish to complete a transaction with the server 4, the user 2 executes the password generating application on their e.g. mobile telephone 8 to generate a pair of one-time passwords (OTP 1 and OTP 2). The user 2 then initiates the transaction with the server 4 using their personal computer 6 For instance, they may open a web browser application and navigate to a particular web page associated with the particular service on the server in which they are interested As part of the process of initiating the transaction with the server 4 the user will be required to submit to the server a user name or some other unique identifier along with a specific one of the one-time passwords that they have generated, OTP I in the present case.</p>
<p>The server receives OTP 1 and the user ID. Based on the identity of the user, the server then executes a password generation application running on or accessible to the server to generate its own pair of one-time passwords. The server password generation application uses the same algorithm as used by the user's password generating device 8, so in principle the same pair of passwords is generated (OTP 1, OTP 2).</p>
<p>The server 4 then compares OTPI received from the user 2 with OTP I that it has generated itself. If they match, the server has confirmation that the user is authentic. If they do not match the user is not authentic or some error has occurred and the transaction is terminated.</p>
<p>The user may be sent an error message in these circumstances.</p>
<p>Assuming the passwords do match, the authentication process continues with the server sending OTP 2 to the user's personal computer (for instance, displaying it in a web page in the browser application). The user 2 can then check whether OTP 2 received from the server matches OTP 2 that they have generated locally, simply by comparing the password displayed on the web page with the corresponding password on the display of their e.g. mobile telephone 8. If the passwords match then the user knows that the server is authentic and can proceed with the transaction If not, the user can choose to terminate the transaction.</p>
<p>One or more subsequent data transmissions between the parties during the course of the transaction may be digitally signed using one-time passwords as digital signatures. For instance, the server can provide a data item to be signed to the use, the user can input the data to their one-time password generator to generate a new OTP, which can then be sent to the server where it can be verified The skilled person will appreciate that the specific embodiment described above is given by way of example only. Many and various modifications are possible within the scope of the invention.</p>
Claims (1)
- <p>Claims 1. A method of authenticating the parties to a transaction overa computer network, the method comprising: a first party to the transaction being provided with a pair of one-time passwords; a second party to the transaction being independently provided with the same pair of one-time passwords; and the first party transmitting a first one of the one-time passwords to the second party and the second party transmitting the other of the one-time passwords to the first party.</p><p>2. A method according to claim 1, wherein one of the parties to the transaction is a user participating in the transaction via a client device connected or connectable to the computer network.</p><p>3. A method according to claim 2, wherein the other party to the transaction is a server connected to or connectable to the computer network.</p><p>4. A method according to any one of the preceding claims, wherein the one-time passwords provided to at least one of the parties to the transaction are generated using an OTP generating device separate from the device via which that party connects to the computer network.</p><p>5. A method according to claim 4, wherein the OTP generating device is a portable hand held device.</p><p>6. A method according to claim 5, wherein the OTP generating device is a non-dedicated device, such as a mobile (e.g. cellular) telephone, PDA or other handheld personal : * computer. * S.. S'S.</p><p>* 30 7. A method according to any one of the preceding claims, wherein once the parties ** ,* have been authenticated, subsequent communications between the parties are digitally signed * S. * * * using a one-time password generated contemporaneously with the transmission of the respective communication. 0** * S S</p><p>* 35 8. A system for authenticating first and second parties to a transaction over a computer *::::* network, the system comprising: a first party authentication system; and a second party authentication system; each of the first party authentication system and second party authentication system comprising a one-time password generator for generating a pair of one-time passwords, a transmitter for transmitting via the computer network, manual keyboard entry or visual screen display one of the pair of one-time passwords to the other authentication system, and a receiver for receiving the one-time password transmitted by the other authentication system.</p><p>9. A system according to claim 8, wherein one or both of the first party and second party authentication systems further comprise a comparator for comparing the received one-time password with one of the passwords of the locally generated pair.</p><p>10. A system according to claim 8, wherein one of the parties is a user (i.e. a person) and their respective authentication system includes a display for displaying the received one-time password so that the comparison can be made visually by the user.</p><p>11. A system according to any one of claims 8 to 10, wherein the first party is a user and the second party is a server.</p><p>12. A system according to claim 8, wherein one of the parties is a user, transmission and reception functions of the user's authentication system being provided by a personal computer that communicates with the server via the computer network and the one-time password generator being a separate non-dedicated device such as a mobile (e.g. cellular) telephone, FDA or other handheld personal computer.</p><p>13. A one-time password generator comprising a non-dedicated password generator device having a memory, a processor and a display, and a password generating application installed in the memory of the device, the application being executable by the processor of the device to generate a pair of 30 one-time passwords and to display the generated pair of passwords on the display of the ** device.</p><p>* *. a * a * * 14. A computer program comprising code that is executable on a digital processing device to cause the digital processing device to operate as a one-time password generator * a * * 35 according to claim 13. **** * S S...</p><p>15. A computer program comprising code that is executable on a computer or computer network to cause the computer or computer network to operate in accordance with the method of any one of claims 1 to 7.</p>
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0600703A GB2434663B (en) | 2006-01-13 | 2006-01-13 | One-time password authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0600703A GB2434663B (en) | 2006-01-13 | 2006-01-13 | One-time password authentication |
Publications (3)
Publication Number | Publication Date |
---|---|
GB0600703D0 GB0600703D0 (en) | 2006-02-22 |
GB2434663A true GB2434663A (en) | 2007-08-01 |
GB2434663B GB2434663B (en) | 2010-12-15 |
Family
ID=35998017
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0600703A Expired - Fee Related GB2434663B (en) | 2006-01-13 | 2006-01-13 | One-time password authentication |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2434663B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010127945A1 (en) * | 2009-05-07 | 2010-11-11 | Haute Ecole Specialisee Bernoise | Authentication method |
US20110035593A1 (en) * | 2005-06-29 | 2011-02-10 | Microsoft Corporation | Establishing secure mutual trust using an insecure password |
US8281375B2 (en) * | 2007-01-05 | 2012-10-02 | Ebay Inc. | One time password authentication of websites |
US8543829B2 (en) | 2007-01-05 | 2013-09-24 | Ebay Inc. | Token device re-synchronization through a network solution |
WO2024160464A1 (en) * | 2023-01-31 | 2024-08-08 | Eaton Intelligent Power Limited | Method, system, computer program and computer readable storage medium for allowing a user action on an industrial device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001031840A1 (en) * | 1999-10-29 | 2001-05-03 | Nokia Corporation | Method and arrangement for reliably identifying a user in a computer system |
WO2004070506A2 (en) * | 2003-02-06 | 2004-08-19 | Consiglio Nazionale Delle Ricerche - Infm Istituto Nazionale Per La Fisica Della Materia | A method and system for identifying an authorized individual by means of unpredictable single-use passwords |
JP2006004020A (en) * | 2004-06-15 | 2006-01-05 | Masakatsu Morii | One-time password authentication system and method |
GB2430850A (en) * | 2005-09-29 | 2007-04-04 | Hewlett Packard Development Co | Using One-Time Pad (OTP) data to evidence the possession of a particular attribute |
-
2006
- 2006-01-13 GB GB0600703A patent/GB2434663B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001031840A1 (en) * | 1999-10-29 | 2001-05-03 | Nokia Corporation | Method and arrangement for reliably identifying a user in a computer system |
WO2004070506A2 (en) * | 2003-02-06 | 2004-08-19 | Consiglio Nazionale Delle Ricerche - Infm Istituto Nazionale Per La Fisica Della Materia | A method and system for identifying an authorized individual by means of unpredictable single-use passwords |
JP2006004020A (en) * | 2004-06-15 | 2006-01-05 | Masakatsu Morii | One-time password authentication system and method |
GB2430850A (en) * | 2005-09-29 | 2007-04-04 | Hewlett Packard Development Co | Using One-Time Pad (OTP) data to evidence the possession of a particular attribute |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8332643B2 (en) * | 2005-06-29 | 2012-12-11 | Microsoft Corporation | Establishing secure mutual trust using an insecure password |
US20110035593A1 (en) * | 2005-06-29 | 2011-02-10 | Microsoft Corporation | Establishing secure mutual trust using an insecure password |
US8973114B2 (en) | 2007-01-05 | 2015-03-03 | Ebay, Inc. | One time password authentication of websites |
US8281375B2 (en) * | 2007-01-05 | 2012-10-02 | Ebay Inc. | One time password authentication of websites |
US8543829B2 (en) | 2007-01-05 | 2013-09-24 | Ebay Inc. | Token device re-synchronization through a network solution |
US9398003B2 (en) | 2007-01-05 | 2016-07-19 | Ebay Inc. | Token device re-synchronization through a network solution |
US9479497B2 (en) | 2007-01-05 | 2016-10-25 | Ebay Inc. | One time password authentication of websites |
US9680825B2 (en) | 2007-01-05 | 2017-06-13 | Ebay Inc. | Token device re-synchronization through a network solution |
US10084774B2 (en) | 2007-01-05 | 2018-09-25 | Ebay Inc. | Token device re-synchronization through a network solution |
US10778671B2 (en) | 2007-01-05 | 2020-09-15 | Ebay Inc. | Token device re-synchronization through a network solution |
US8868918B2 (en) | 2009-05-07 | 2014-10-21 | Haute Ecole Specialisee Bernoise | Authentication method |
WO2010127945A1 (en) * | 2009-05-07 | 2010-11-11 | Haute Ecole Specialisee Bernoise | Authentication method |
WO2024160464A1 (en) * | 2023-01-31 | 2024-08-08 | Eaton Intelligent Power Limited | Method, system, computer program and computer readable storage medium for allowing a user action on an industrial device |
Also Published As
Publication number | Publication date |
---|---|
GB2434663B (en) | 2010-12-15 |
GB0600703D0 (en) | 2006-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1710980B1 (en) | Authentication services using mobile device | |
US11108558B2 (en) | Authentication and fraud prevention architecture | |
US8825548B2 (en) | Secure authentication between multiple parties | |
EP2859488B1 (en) | Enterprise triggered 2chk association | |
EP2213044B1 (en) | Method of providing assured transactions using secure transaction appliance and watermark verification | |
CN101897165B (en) | Method of authentication of users in data processing systems | |
EP2859489B1 (en) | Enhanced 2chk authentication security with query transactions | |
CA2736582C (en) | Authorization of server operations | |
US8429730B2 (en) | Authenticating users and on-line sites | |
US20140101741A1 (en) | Method and system for mobile device based authenticationservices environment | |
CN102906776A (en) | A method for mutual authentication of a user and service provider | |
EP2404255A1 (en) | Method and computer program for generation and verification of otp between server and mobile device using multiple channels | |
US20140223185A1 (en) | Action verification methods and systems | |
CN101334884A (en) | Method and system for enhancing bank transfer safety | |
KR20120034572A (en) | Authentication method and authentication system | |
KR101139407B1 (en) | Security authentication method and system | |
GB2434663A (en) | Mutual authentication using a pair of one-time passwords | |
CN106559215A (en) | A kind of apparatus and method of Network Bank security transaction | |
EP3379856A1 (en) | Method of user authentication into third-party applications, using a mobile device | |
JP5135331B2 (en) | PC external signature apparatus having wireless communication capability | |
WO2011060739A1 (en) | Security system and method | |
RU2641219C1 (en) | Method of processing data for cashless payment | |
KR20160001737A (en) | System and method for cloud mobile certification | |
EP3116159A1 (en) | Method and apparatus for securing data transmission | |
TW201134176A (en) | A method of mutual authentication combining variable password system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20170113 |