Techniques for fractional wireless broadband usage
US-9397899-B2 · Jul 19, 2016 · US
Authentication method and devices for accessing a user account of a service on a data network
US9633221B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9633221-B2 |
| Application number | US-201414546062-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 18, 2014 |
| Priority date | Nov 19, 2013 |
| Publication date | Apr 25, 2017 |
| Grant date | Apr 25, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An authentication method for accessing a user account of a service ( 28 ) on a data network ( 26 ), includes the following steps: reception (E 20 ) by the service ( 28 ) of a request from a consulting device ( 10 ) for the service ( 28 ), the request including a first authentication information element, reception (E 60 ) by the service ( 28 ) of an information element sent by an authentication security device manager ( 34 ), the information received by the service ( 28 ) being based on a second authentication information element originating from a security device ( 16; 18 ) associated with the user account, and authentication by the service ( 28 ), based on the first authentication information element and the information received from the authentication security device manager ( 34 ).
First claim
Opening claim text (preview).
The invention claimed is: 1. An authentication method for accessing a user account of a service on a data network, the authentication method comprising: receiving, by the service, a request from a consulting device for said service, said request including a first authentication information element; receiving, by the service, an information element sent by an authentication security device manager, the information element received by the service being based on a second authentication information element originating from a security device associated with the user account, the second authentication information element being obtained directly from the security device without any user intervention; and authenticating, by the service, based on the first authentication information element and the information element received from the authentication security device manager, wherein the security device and the authentication security device manager communicate wirelessly directly, independently from the consulting device. 2. The authentication method according to claim 1 , wherein the second authentication information element is sent spontaneously by the security device to the authentication security device manager when the authentication security device manager is connected. 3. The authentication method according to claim 2 , wherein said information element received by the service corresponds to the second authentication information element sent by the security device. 4. The authentication method according to claim 2 , wherein the authentication security device manager checks the second authentication information element received from the security device, and the information sent to the service by the authentication security device manager corresponds to the result of the check. 5. The authentication method according to claim 2 , further comprising: sending, by the service, a request to obtain the second authentication information element; and receiving a response to the request from the security device. 6. The authentication method according to claim 1 , wherein said information element received by the service corresponds to the second authentication information element sent by the security device. 7. The authentication method according to claim 1 , wherein the authentication security device manager checks the second authentication information element received from the security device, and the information element sent to the service by the authentication security device manager corresponds to the result of the check. 8. The authentication method according to claim 1 , wherein the second authentication information element includes information localizing the security device. 9. The authentication method according to claim 8 , wherein the localization information includes the address of a gateway between a local network and the data network hosting the service, said local network connecting the security device and the consulting device. 10. The authentication method according to claim 1 , wherein the second authentication information element includes a single-use code based on a secret stored in the security device. 11. The authentication method according to claim 1 , further comprising: initiating, by the security device, the opening of a channel dedicated to communications with the authentication security device manager according to a communication protocol enabling messages to be pushed spontaneously over the dedicated channel; and maintaining the dedicated channel open while the security device is active. 12. The authentication method according to claim 11 , further comprising pushing, by the security device, the second authentication information element periodically over the dedicated, secure channel. 13. The authentication method according to claim 12 , wherein the pushing of the second authentication information element is performed regularly while the security device is active. 14. The authentication method according to claim 1 , wherein the associating the security device and the user account comprises: receiving input on the consulting device of a code presented by the security device, transmitting, by the consulting device of the entered code to the service, and activating the association by the service. 15. A device implementing a service on a data network, the device comprising: one or more processors configured to receive a request from a consulting device of said service, said request including a first authentication information element, receive information sent by an authentication security device manager, the information received by the service being based on a second authentication information element originating from a security device associated with a user account, the second authentication information element being obtained directly from the security device without any user intervention, and authenticate, based on the first authentication information element and the information received from the authentication security device manager, wherein the security device and the authentication security device manager communicate wirelessly directly, independently from the consulting device. 16. An authentication security device manager for accessing a user account of a service on a data network, the authentication device manager comprising: one or more hardware processing devices configured to receive authentication information originating from a security device, the authentication information being obtained directly from the security device without any user intervention, and transmit an information element to the service, based on an authentication information element, wherein the security device and the authentication security device manager communicate wirelessly directly, independently from a consulting device that transmitted a request for the service. 17. A non-transitory microprocessor-readable information medium encoded with instructions of a computer program to cause a processing device to execute the method according to claim 1 .
Assignees
Inventors
Classifications
- H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
Authentication · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
- G06F21/6245Primary
Protecting personal data, e.g. for financial or medical purposes · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9633221B2 cover?
- An authentication method for accessing a user account of a service ( 28 ) on a data network ( 26 ), includes the following steps: reception (E 20 ) by the service ( 28 ) of a request from a consulting device ( 10 ) for the service ( 28 ), the request including a first authentication information element, reception (E 60 ) by the service ( 28 ) of an information element sent by an aut…
- Who is the assignee on this patent?
- Vallee Florian, Guerin Vincent, Oberthur Technologies
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 25 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).