[go: up one dir, main page]

IES20050147A2 - Securing access authorisation - Google Patents

Securing access authorisation

Info

Publication number
IES20050147A2
IES20050147A2 IES20050147A IES20050147A2 IE S20050147 A2 IES20050147 A2 IE S20050147A2 IE S20050147 A IES20050147 A IE S20050147A IE S20050147 A2 IES20050147 A2 IE S20050147A2
Authority
IE
Ireland
Prior art keywords
series
user
support
electronic resource
terminal
Prior art date
Application number
Inventor
Patrick Mckenna
Original Assignee
Patrick Mckenna
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Patrick Mckenna filed Critical Patrick Mckenna
Priority to IES20050147 priority Critical patent/IES20050147A2/en
Priority to PCT/IE2006/000015 priority patent/WO2006100655A2/en
Priority to EP06711128A priority patent/EP1861804A2/en
Publication of IES20050147A2 publication Critical patent/IES20050147A2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Calculators And Similar Devices (AREA)

Abstract

A system for securing access to an electronic resource is provided, which comprises at least one data processing terminal and a support including at least first and second series of numerical values, said terminal comprising storage means, processing means and display means, said storage means storing a combination of a user reference and an electronic resource user access reference for at least one user and instructions which configure said processing means to generate a third series of random numerical values and request user input in response to said user requesting access to said electronic resource, compare said user input and said electronic resource user access reference upon receiving said user input, and grant access to said electronic resource upon said comparison returning a match, wherein said user input comprises at least one numerical value of said first series identified with positioning said support relative to said display device and comparing corresponding numerical value of said second series with corresponding numerical value of said thirdseries. <Figure 3>

Description

Field of the Invention This invention relates to securing access to an electronic data resource stored in a data processing system. More particularly, this invention relates to a device for encrypting one or more user identifiers in reference to numerical series and a i Background to the Invention i corresponding meth^^J e-Qbf 3j/o° In the so-called information age, an increasing amount of personal and/or user information is disseminated in either isolated or networked data processing terminals, whether as a result of user choice, for instance when registering for online banking services, or as a result of procedural change, such as when government agencies upgrade to computerized systems and records.
The value of this readily-accessible personal or user information is increasing in tandem with the growing ubiquity of highly-distributed networks such as the Internet, as it allows purveyors of goods or services to constantly refine their target markets and extract better revenue from more accurate use of their advertising expenditure. More disturbingly, as the value or nature of this information expands, so it attracts third-party users willing and able to make unauthorized use of all or a portion of this information and therefore the need to implement access authentication methods and systems has long been recognized and many such methods and systems exist in the prior art.
Password authentication schemes constitute the most widely-used methods of access authentication for a user to access electronic data resources, such as her banking details and/.or service provided over the Internet, and this despite growing problems associated with theft of user information, particularly information with an inherent financial value such as credit card or user or bank account details. Indeed, password authentication schemes can be compromised in numerous ways.
Trojan Horse Attacks and Spyware are the most classic and widespread types of attack. A Trojan Horse is an application that is stealthily processed by a data processing system and assists in the performance of illicit transactions, unbeknownst to a user of the data processing system. Trojan Horses may be used either on a standalone terminal sharing multiple IE 0 50 1 47 consecutive users, such as in a public library, but are more commonly used in highlydistributed networks, such as the Internet, by remote unauthorised users and are configured to stealthily load into a data processing system and then collate local data including keys pressed, applications processed, electronic resources accessed over the network as well as l. 5 capture images of graphical user interfaces, for subsequently broadcasting this information over the network, still unbeknownst to the user, to those remote unauthorised users. In this context, Spyware is a colloquialism encompassing both legitimate and illegitimate forms of Trojan Horse applications, which gather information about a user’s terminal and use thereof and relay that information to remote users, such as marketing companies in legitimate cases or l. 10 unauthorised users in illegitimate circumstances.
Phishing Attacks are mounted by highly-organised unauthorised users and comprise largescale, carefully planned defrauding operations. Phishing is a method of using deceptive email and internet sites to retrieve authentication data from unsuspecting users. Such operations l. 15 typically begin with an electronic mail message addressed to a genuine user by an apparently genuine sender, for instance the bank of that user or an Internet transaction website at which said user is registered. The message is configured in wording, appearance and interactive features, such as a pointer to a network address or Uniform Resource Locator, to lead the recipient to an apparently genuine Internet page of this bank or transaction site, which is in 1. 20 fact a false Internet page output by the data processing system of the unauthorized users, at which point the user is requested to input her username and password, which are therefore obtained by the afore-mentioned highly-organised unauthorized users when said user is deceived. l. 25 Man-in-the-Middle Attacks are the hardest attack to carry out, as they need to be performed whist a victim is connected to the network. Such attacks involve a particularly sophisticated form of data processing procedure, colloquially known as hacking, which involves the illegal misuse of Secure Socket Layer Certificates and Keys. 1. 30 The negative impact of any successful attack is threefold: bad publicity for the provider of the electronic resource, loss of confidence by users as a subsequent reaction and financial loss from the attack itself to the provider and/or the users. Loss of customer confidence may reflect not only on the image and turnover of a provider, but also on the Internet as a channel for transacting with sensitive information. For obvious reasons, institutions are keen to reduce 1. 35 their exposure to these risks. It is unfortunate that this type of unauthorized activity will IE 050 1 41 become more intense with the ongoing drive to facilitate the transacting of an ever-increasing amount of goods and service over the Internet.
An improved system and an improved method are therefore required to prevent unauthorized l. 5 users from obtaining user information, particularly access authentication data, by deception, whether a user accidentally or unknowingly provides this information or whether such unauthorized users deliberately attempt to obtain this information by deception.
Object of the Invention 1. 10 It is an object of the present invention to improve the security of access authentication required for a user to access an electronic resource, whether locally or via a network, by decreasing the risk of compromising authentication data.
It is another object of the present invention to provide a method of securing access to an 1. 15 electronic resource at a user terminal.
It is a further object of the present invention to provide a system for securing access to an electronic resource. l. 20 Summary of the Invention According to an aspect of the present invention, a method of securing access to an electronic resource is provided at a user terminal equipped with a display device, which comprises the steps of providing a user with at least first and second series of numerical values on a support; l. 25 storing a combination of a user reference and an electronic resource user access reference for said user; in response to said user requesting access to said electronic resource, generating a third series of random numerical values and requesting user input; upon receiving said user input, comparing said user input and said electronic resource user 1. 30 access reference; and granting access to said electronic resource upon said comparison returning a match, wherein said user input comprises at least one numerical value of said first series identified with positioning said support relative to said display device and comparing corresponding numerical value of said second series with corresponding numerical value of said third series. 1. 35 According to another aspect of the present invention, a system for securing access to an electronic resource is provided, which comprises at least one data processing terminal and a support including at least first and second series of numerical values, said terminal comprising 1. 5 storage means, processing means and display means, said storage means storing a combination of a user reference and an electronic resource user access reference for at least one user and instructions which configure said processing means to generate a third series of random numerical values and request user input in response to said user requesting access to said electronic resource; l. 10 compare said user input and said electronic resource user access reference upon receiving said user input; and grant access to said electronic resource upon said comparison returning a match, wherein said user input comprises at least one numerical value of said first series identified with positioning said support relative to said display device and comparing corresponding l. 15 numerical value of said second series with corresponding numerical value of said third series.
According to a further aspect of the present invention, a support is provided for securing access to an electronic resource, said support comprising at least first and second series of numerical values, said support being operationally positioned relative to the display device of 1. 20 a data processing terminal on which a third series of numerical values is displayed in response to a user requesting access to an electronic resource, wherein said user may compare corresponding numerical value of said second series of said support with corresponding numerical value of said third series and input at least one numerical value of said first series identified by said comparison for granting access to said electronic resource upon the 1. 25 comparison of said user input and an electronic resource user access reference returning a match.
Preferably, the support comprising said first and second series of numerical values is configured with at least one substantially see-through portion between said series, and the step 1. 30 of comparing corresponding numerical value of said second series with corresponding numerical value of said third series advantageously comprises the further step of positioning the see-through portion of the support over the third series on the display device.
The first, second and third series of numerical values may number ten numerical values, each 1. 35 of which is comprised between 0 (zero) and 9 (nine). The third series is advantageously IE 0 5 0 1 47 generated as a random series to uniquely encrypt the electronic resource user access reference for every access authentication procedure. The first, second and third series of numerical values are preferably equally spaced relative to one another both on the support and the display device, to facilitate the comparison therebetween. 1. 5 In an alternative embodiment of the present invention, the terminal is connected to a network and the electronic resource is a data resource stored at a first remote terminal.
In another alternative embodiment of the present invention, the terminal is connected to a 1. 10 network, the electronic resource is a data resource stored locally or at a first remote terminal and the combination of a user reference and an electronic resource user access reference for said user is stored at a second remote terminal.
In yet another alternative embodiment of the present invention, the terminal is connected to a 1. 15 network, the electronic resource is a data resource stored locally or at a first remote terminal, the combination of a user reference and an electronic resource user access reference for said user is stored locally or at a second remote terminal and the third series is generated at said second remote terminal and communicated to the local user over the network. 1. 20 Brief Description of the Drawings The above and other features and advantages of the present invention will be more clearly understood from the following detailed description taken in conjunction with the accompanying illustrations listed below: Figure 1 illustrates an environment comprising a data processing terminal connected to a l. 25 network, at which a user with a support may request access authentication according to the present invention; Figure 2 details the data processing terminal of Figure 1, including a display; Figure 3 details the support of Figure 1; Figure 4 details processing steps performed by the terminal of Figures 1 and 2, including a l. 30 step of outputting a graphical user interface; Figure 5 provides a graphical illustration of the interface of Figure 4·, Figure 6 provides a graphical illustration of the interface of Figure 4 overlaid with the support of Figures I and J; Figure 7 provides a graphical illustration of the interface of Figure 4 overlaid with the support 1. 35 of Figures 1 and 3 according to an alternative embodiment of the present invention; and Figure 8 details processing steps performed by a remote terminal and the terminal of Figures 1 to 6 in an alternative embodiment of the present invention.
Detailed Description of the Drawings 1. 5 An environment is shown in Figure 1, in which a user 101 is equipped with a support 102 provided by a support issuer 103 and may use a first computer terminal 104, for instance a personal computer located at the dwelling or workplace of user 101.
In an alternative embodiment of the present invention, user 101 may use a second computer terminal 105, for instance if terminals 104 and 105 are made available to users in a public 1. 10 access location, such as a library, or if terminals 104 and 105 are workplace terminals which user 101 may use alternatively. In the alternative embodiment, terminal 104 is optionally connected to terminal 105 via a Local Area Network (LAN) 106, which may be implemented as either a wired Ethernet connection or a wireless Ethernet connection (WLAN), known to those killed in the art as a Wi-Fi network. 1. 15 Terminal 104 is optionally connected to a Wide Area Network (WAN) such as the Internet 107 via an Internet Service Provider (ISP) 108, to which it connects via any of a lowbandwidth dial-up modem connection or a high-bandwidth cable or Asynchronous Digital Subscriber Line (ADSL) connection 109. In an alternative embodiment, terminal 105 is likewise optionally connected to the Internet 107, for instance with sharing the connection 1. 20 109 of terminal 104 to ISP 108 over the LAN or WLAN 106.
In yet another alternative embodiment of the present invention, a terminal 110 is located at support issuer 103 and is also connected to the Internet 107.
Therefore, depending upon the particular embodiment of the present invention, terminal 104 may be used as a local data processing system only, or as a locally network-connected (106) l. 25 data-processing system only, or as a data-processing system connected to a plurality of wide and local networks (106, 107), in which embodiment terminal 104 may communicate data to terminal 110 and receive data therefrom.
An example of the terminal 104 shown in Figure 1 is provided in Figure 2. In the example, the l. 30 respective architectures of terminals 104,105 and 110 are substantially similar, for the sake of not unnecessarily complicating the present description, but it will be readily apparent to those skilled in the arts that the invention may not be limited to the example terminal described below.
Terminal 104 is a computer terminal configured with a data processing unit 201, data 1. 35 outputting means such as video display unit (VDU) 202, data inputting means such as a IE 250147 Ί keyboard 203 and a pointing device (mouse) 204, data inputting/outputting means such as an optional modem connection 205A to network 107 or an optional Ethernet connection 205B andto LAN 106 and optionally also to the Internet 107, a first reader/writer 206A for reading data from and writing data to magnetic data-carrying medium 206B, and a second 1. 5 reader/writer 207A for reading data from and writing data to optical data-carrying medium 207B.
Within data processing unit 201, a central processing unit (CPU) 208, such as an Intel Pentium 4 manufactured by the Intel Corporation, provides task co-ordination and data processing functionality. Instructions and data for the CPU 208 are stored in main memory l. 10 209 and a hard disk storage unit 210 facilitates non-volatile storage of data and data processing applications. Network connection 205A is provided by way of a 56k or ADSL modem 211 as a wired connection to the Internet 107. Network connection 205B is provided by way of a Network Interface Card (NIC) 212 as a wired or wireless connection to terminal 105 and optionally to the Internet 107. 1. 15 A universal serial bus (USB) input/output interface 213 facilitates connection to the keyboard and pointing devices 203, 204 and a further serial or parallel input/output interface 214 is provided for legacy purposes.
All of the above devices are connected to a data input/output bus 215, to which said magnetic data-carrying medium reader/writer 206A and optical data-carrying medium reader/writer 1. 20 207B are also connected. A video adapter 216 receives CPU instructions over said bus 213 for outputting processed data to VDU 202, In the embodiment, data processing unit 201 is of the type generally known as a compatible Personal Computer ('PC'), but may equally be any device configured with processing means, output data display means, memory means, input means and wired or wireless network 1. 25 connectivity.
The support 102 issued to user 101 by support issuer 103 is further detailed in Figure 3. The support 102 takes the form of a card, preferably made of a durable plastic material and the dimensions of which are substantially identical to a standard credit card. In the preferred 1. 30 embodiment of the present invention, support issuer 103 issues the card 102 with at least a first series of numerical values 301 and a second series of numerical values 302.
In an alternative embodiment of the present invention shown as a card 102B, the card 102B is configured with a see-through portion 303, located substantially between the first and second series of numerical values 301, 302. 1. 35 Each of the first and second series of numerical values 301, 302 preferably comprises an identical number of numerical values, which is 10 in the example but may be a higher or a lower number. Each of the values themselves are preferably randomly selected between 0 (zero) and 9 (nine), and each of the series 301, 302 is preferably generated as a random series, 1. 5 of 10 randomly-selected values in the example.
In the preferred embodiment of the present invention, the combination of the first and second series 301, 302 forms an encryption and decryption key, stored in a database the terminal 104 with information data of user 101, comprising at least a user reference and an electronic resource user access reference, for instance a user name and a access password respectively, 1. 10 when said support 102 is created and issued to user 101.
In an alternative embodiment of the present invention, the combination of the first and second series 301, 302 forming the encryption and decryption key and information data of user 101, comprising at least a user reference and an electronic resource user access reference, for instance a user name and a access password respectively, stored in a remotely-accessible l. 15 database in the terminal 110 when said support 102 is created and issued to user 101.
In another alternative embodiment of the present invention, shown as card 102C, support issuer 103 is a financial institution and that the card 102C is configured for use as a transaction card, e.g. a credit or debit card to effect payments and/or currency withdrawals, and so is further configured with a magnetic data-carrying strip 304. Further embodiments 1. 20 contemplate the inclusion of a chip (not shown) to configure card 102, 102B or 102C as a smartcard.
Figure 4 details processing steps performed by the terminal 104 for requesting and obtaining access authorization to an electronic resource stored therein. In the preferred embodiment, 1. 25 terminal 104 stores instructions in storage means 210 which are loaded into RAM 209 and processed by CPU 208 when the user 101 inputs data via keyboard or pointing device 203, 204 to signify a request to access an electronic resource at step 401, for instance a database stored in storage means 210 or an application to process same and likewise stored in storage means 210 and which will be loaded into RAM 209 and processed by CPU 208 upon user 101 1. 30 being granted the requested access authorization. The instructions comprise a system module and a random number generator as well as processing user input and the previously-described database, which retains key data and information data relating to user 101.
Upon receiving the user input of step 401, the system module is engaged and generates a third series of random numbers with respective values between 0 and 9, using the random number ]. 35 generator, at step 402. The third series preferably includes the same number of values as the ΙΕ Ο 5 0 ί 4 γ first and second series 301, 302, e.g. 10. The instructions record the generated numbers and, with reference now to Figure 5, output a user interface 501 at step 403. The interface 501 presents the third series of numbers 502 and a plurality of user-selectable buttons, some of which are located in the interface to compliment the use of the support 102. Preferably, a 1. 5 button 503 is generated for each of the numbers of the third series 502, which is substantially vertically aligned therewith. Other buttons include a ‘submit’ button 504 and a ‘cancel’ button 505 and the interface further comprises a text input area 506 for user 101 to input a respective user reference as well as a cipher input area 507 for the instructions to input the enciphered user electronic resource user access reference according to the user interaction with the 1. 10 buttons 503.
At step 404, the user 101 inputs respective user reference data via keyboard and/or pointing device 203, 204 into the text input area 506 and interacts with the buttons 503. With reference now to Figure 6, the user manipulates the support 102 relative to VDU 202 so that each number of the first series 301 is substantially vertically aligned with a corresponding number l. 15 of the third series 502 and the respective configuration of the support 102 and the interface 505 complement one another in such a way as to likewise substantially vertically align each number of the second series 302 with a corresponding button 503.
At step 404 still, the user recalls the first number of a respective electronic resource user access reference and locates the corresponding number 601 in the first series 301. In the 1. 20 example, the first number is “5” and, vertically adjacent to the number 5 is the corresponding number 602 in the third series 502, which is “1”.
Having identified the number “1”, the user 101 compares this number with the second series 302 to locate a number 603 having a corresponding “1” value therein and selects the button 503, 604 immediately above the number “1”. The button is preferably assigned a value other l 25 than 1 within the system module. The user repeats this above sequence until the entire electronic resource user access reference is input, e.g. all 10 numbers of the user’s respective electronic resource user access reference have been enciphered. On completion of the enciphering of the electronic resource user access reference, the user submits the screen to the system module for processing by the instructions with selecting the “submit” button 504. 1. 30 The instructions retrieve the username and ciphered password string presented by the user 101 via the software module and attempt to identify the validity of the username with processing the database, resulting in a first question asked at step 405, as to whether the username has been matched in said database. If the question of step 405 is answered negatively, the instructions output an error message at step 409 and call upon the module to 1. 35 output a new third series 502 and interface at step 402. ΙΕ ν'5ΰ f 47 Alternatively, the question of step 405 is answered positively, i.e. the username is valid, and at step 406 the instructions select the value of the first element of the enciphered user access reference, assign this value to a memory variable - offset and examine the first series 301 at the index indicated by the offset variable, and retrieve the value contained therein from the 1. 5 database. The retrieved value is recorded in the memory variable offsetl. The instructions then examine the value contained in the second series 302 at index offsetl. This constitutes the first deciphered number of the user access reference string. This process continues until completion and the now-entirely deciphered user access reference string is compared against the corresponding user access reference stored in the database, whereby a second question 1. 10 asked at step 407, as to whether the user access reference has been matched in said database. If the question of step 407 is answered negatively, the instructions output an error message at step 409 and call upon the module to output a new third series 502 and interface at step 402. Alternatively, the question of step 407 is answered positively, i.e. the user access reference name is valid, and at step 408 the instructions route the user to the requested electronic 1. 15 resource, i.e. the requested access to the electronic resource is granted.
An alternative embodiment of the present invention is illustrated in Figure 7, in which the support 102 comprises a see-through portion 303 and the interface 501 is configured by the module so that the third series 502 of values can be overlaid with the see-through portion 303 1. 20 when the user manipulates the support 102 relative to VDU 202, so that each number 601 of the first series 301 on support 102 is substantially vertically aligned with a corresponding number 602 of the third series 502, which number 602 on display 202 is directly observable relative to said corresponding number 601 through the transparent portion 303. Further alternative embodiments contemplate respective see-through portions 303 for each number of 1. 25 the third series 502.
An alternative embodiment of the present invention is shown in Figure 8, in which the terminal 110 of support supplier 103 is a remote server and the key data 301, 302, user reference and electronic resource user access reference are stored in a database which is itself 1. 30 stored at said server 110. In the Figure, a portion of the processing steps previously described in Figure 4 are performed by server 110, which is particularly useful when user 101 wants to access a remote electronic resource, for instance over the Internet 107, such as the website of the bank at which said user holds an account and which account may be remotely interacted with via said website, or the website of a retail concern at which said user may remotely effect l. 35 purchases. The processing steps respectively performed by terminal 104 operated by user 101 SE ύ s 0147 are therefore represented as grouped within a logical block 701 and the processing steps respectively performed by server 110 upon user 101 inputting data at step 401 at terminal 104 to access a remote electronic resource are represented as grouped within a logical block 702.
In this alternative embodiment, the instructions are not stored at terminal 104 but are stored at 1. 5 server 110 from which, alternatively, either the system module is downloaded by terminal 104 as any of a browser plug-in, an Active-X plug-in, a Java script, a HTML script or the like further to user 101 performing step 401, or only the user interface 501 is downloaded by terminal 104. The distributed system is described in Figure 8 with data exchanged between remote terminals 104 and 108 over the Internet 107, but it will be readily apparent to those 1. 10 skilled in the art that the distributed system may equally be described in, and the invention extending to, the context of any network, including the example LAN 106.
The present invention therefore improves the security of access authentication required for a user to access an electronic resource, whether locally or via a network, by decreasing the risk 1. 15 of compromising authentication data.with filtering a user access reference, such as a password. The password is altered into another numeric state and this altered numeric state is further interpreted, the interpreted result being entered into the user interface. A user attempting to gain unauthorised access to a local or remote electronic resource, such as personal information of a different user, would need to be in possession of all three factors, 1. 20 the password, the support 102 and the interactive user interface 501 to gain successful access.
The present invention provides a Multiple Factor Authentication solution, which confers a high level of confidence to password- or PIN-based security. According to the present invention, a user’s password is never directly transacted against, or disclosed over networks such as the Internet. The invention solves the problem of users being offered fake screens by users practicing Phishing attacks. If an unauthorized user mimics the genuine interface 501, this interface will offer no hint as to the password or construction of the support 102. If the user is deceived into putting genuine data into an interface 501 developed by an unauthorized user, then that data alone will not suffice to gain genuine access to the targeted electronic 1. 30 resource.
The present invention thus manages the security of the access authorization process without regard or concern for the environment to which it is connected, namely a computer, or through which it is communicated, namely a network. 1. 35 IE 0 5 0 14 7 The words “comprises/comprising” and the words “having/including” when used herein with reference to the present invention are used to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps, components or groups thereof.

Claims (1)

Claims 1. A method of securing access to an electronic resource at a user terminal equipped with a display device, the method comprising the steps of: 1 5 providing a user with at least first and second series of numerical values on a support; storing a combination of a user reference and an electronic resource user access reference for said user; in response to said user requesting access to said electronic resource, generating a third series of random numerical values and requesting user input; l. 10 upon receiving said user input, comparing said user input and said electronic resource user access reference; and granting access to said electronic resource upon said comparison returning a match, wherein said user input comprises at least one numerical value of said first series identified with positioning said support relative to said display device and comparing corresponding l 15 numerical value of said second series with corresponding numerical value of said third series. 2. The method of claim 1, wherein said support further comprises at least one substantially see-through portion. 1. 20 3. The method of claim 2, wherein the step of comparing corresponding numerical value of said second series with conesponding numerical value of said third series comprises the further step of positioning the see-through portion of the support over the third series on the display device. 1. 25 4. The method of any of claims 1 to 3, wherein the first, second and third series of numerical values may number ten numerical values, each of which is randomly comprised between 0 (zero) and 9 (nine). 5. The method of any of claims 1 to 4, wherein the third series is generated as a random 1. 30 series to uniquely encrypt the electronic resource user access reference for every access authentication procedure. 6. The method of any of claims 1 to 5, wherein the first, second and third series of numerical values are substantially equally spaced relative to one another both on the support l. 35 and the display device, to facilitate the comparison therebetween. 7. The method of any of claims 1 to 6, wherein the terminal is connected to a network and the electronic resource is a data resource stored at a first remote terminal. 8. The method of claim 7, wherein the combination of a user reference and an electronic 1. 5 resource user access reference for said user is stored at a second remote terminal. 9. The method of claim 8, wherein the third series is generated at said second remote terminal and communicated to the terminal of the user over the network. l. 10. 10. A method of requesting access to an electronic resource at a user terminal equipped with a display device, the method comprising the steps of: in response to said terminal outputting a third series of random numerical values on said display device and requesting user input, positioning a support having first and second series of random numerical values thereon 1. 15 relative to said first series of random numerical values on said display device; inputting at least one numerical value of said first series identified with comparing corresponding numerical value of said second series with corresponding numerical value of said third series; and submitting said input for requesting access to said electronic resource. 1. 20 11. The method of claim 10, wherein said support further comprises at least one substantially see-through portion. 12. The method of claim 11, wherein said positioning comprises the further step of l. 25 positioning the see-through portion of the support over the third series on the display device. 13. The method of any of claims 10 to 12, wherein the first, second and third series of numerical values may number ten numerical values, each of which is randomly comprised between 0 (zero) and 9 (nine). 1. 30 14. The method of any of claims 10 to 13, wherein the third series is generated as a random series to uniquely encrypt the electronic resource user access reference for every access authentication procedure. 15. The method of any of claims 10 to 14, wherein the first, second and third series of numerical values are substantially equally spaced relative to one another both on the support and the display device, to facilitate the comparison therebetween. 1. 5 16. The method of any of claims 10 to 15, wherein the terminal is connected to a network and the electronic resource is a data resource stored at a first remote terminal. 17. The method of claim 16, wherein the combination of a user reference and an electronic resource user access reference for said user is stored at a second remote terminal. l. io 18. The method of claim 17, wherein the third series is generated at said second remote terminal and communicated to the terminal of the user over the network. 19. A system for securing access to an electronic resource comprising at least one data 1. 15 processing terminal and a support including at least first and second series of numerical values, said terminal comprising storage means, processing means and display means, said storage means storing a combination of a user reference and an electronic resource user access reference for at least one user and instructions which configure said processing means to generate a third series of random numerical values and request user input in response to said 1. 20 user requesting access to said electronic resource; compare said user input and said electronic resource user access reference upon receiving said user input; and grant access to said electronic resource upon said comparison returning a match, wherein said user input comprises at least one numerical value of said first series identified with l. 25 positioning said support relative to said display device and comparing corresponding numerical value of said second series with corresponding numerical value of said third series. 20. The system of claim 19, wherein said support further comprises at least one substantially see-through portion. 1. 30 21. The system of claim 20, wherein the user positions the see-through portion of the support over the third series on the display device to compare corresponding numerical value of said second series with corresponding numerical value of said third series for providing said user input. 1. 35 ΙΕ 050147 22. The system of any of claims 19 to 21, wherein the first, second and third series of numerical values may number ten numerical values, each of which is randomly comprised between 0 (zero) and 9 (nine). 1. 5 23. The system of any of claims 19 to 22, wherein the processing means is further configured to generate the third series as a random series, to uniquely encrypt the electronic resource user access reference for every access authentication procedure. 24. The system of any of claims 19 to 23, wherein the first, second and third series of l. 10 numerical values are substantially equally spaced relative to one another both on the support and the display device, to facilitate the comparison therebetween. 25. The system of any of claims 19 to 24, wherein the terminal is connected to a network and the electronic resource is a data resource stored at a first remote terminal. 1. 15 26. The system of claim 25, wherein the combination of a user reference and an electronic resource user access reference for said user is stored at a second remote terminal. 27. The system of claim 26, wherein the third series is generated at said second remote l. 20 terminal and communicated to the terminal of the user over the network. 28. A support for securing access to an electronic resource comprising at least first and second series of numerical values, said support being operationally positioned relative to the display device of a data processing terminal on which a third series of numerical values is 1. 25 displayed in response to a user requesting access to an electronic resource, wherein said user may compare corresponding numerical value of said second series of said support with corresponding numerical value of said third series and input at least one numerical value of said first series identified by said comparison for granting access to said electronic resource upon the comparison of said user input and an electronic resource user access reference 1. 30 returning a match. 29. The support of claim 28, wherein said support further comprises at least one substantially see-through portion. IE 0 5 014 7 30. The support of claim 29, wherein the at least one substantially see-through portion of the support is operationally positioned relative to the display device so as to overlay said third series on the display device. 1. 5 31. , The support of any of claims 28 to 20, wherein the first, second and third series of numerical values may number ten numerical values, each of which is randomly comprised between 0 (zero) and 9 (nine). 32. The support of any of claims 28 to 31, wherein the first, second and third series of 1. 10 numerical values are substantially equally spaced relative to one another both on the support and the display device, to facilitate the comparison therebetween, 33. The support of any of claims 28 to 32, wherein the terminal is connected to a network and the electronic resource is a data resource stored at a first remote terminal. 1. 15 34. The support of claim 33, wherein the combination of a user reference and an electronic resource user access reference for said user is stored at a second remote terminal. 35. The support of claim 34, wherein the third series is generated at said second remote
1. 20 terminal and communicated to the terminal of the user over the network.
IES20050147 2005-03-21 2005-03-21 Securing access authorisation IES20050147A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
IES20050147 IES20050147A2 (en) 2005-03-21 2005-03-21 Securing access authorisation
PCT/IE2006/000015 WO2006100655A2 (en) 2005-03-21 2006-03-21 Securing access authorisation
EP06711128A EP1861804A2 (en) 2005-03-21 2006-03-21 Securing access authorisation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
IES20050147 IES20050147A2 (en) 2005-03-21 2005-03-21 Securing access authorisation

Publications (1)

Publication Number Publication Date
IES20050147A2 true IES20050147A2 (en) 2007-05-02

Family

ID=36645762

Family Applications (1)

Application Number Title Priority Date Filing Date
IES20050147 IES20050147A2 (en) 2005-03-21 2005-03-21 Securing access authorisation

Country Status (3)

Country Link
EP (1) EP1861804A2 (en)
IE (1) IES20050147A2 (en)
WO (1) WO2006100655A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8738908B2 (en) * 2011-05-10 2014-05-27 Softlayer Technologies, Inc. System and method for web-based security authentication
FR3008837B1 (en) * 2013-07-19 2015-08-07 In Webo Technologies STRONG AUTHENTICATION METHOD

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2654238B1 (en) * 1989-11-07 1992-01-17 Lefevre Jean Pierre METHOD FOR AUTHENTICATING THE IDENTITY OF A PHYSICAL PERSON AND AUTHENTICATING DEVICE FOR IMPLEMENTING THE METHOD.
JPH10307799A (en) * 1997-02-28 1998-11-17 Media Konekuto:Kk Personal identification method and device in computer communication network
JP2004507010A (en) * 2000-08-22 2004-03-04 シーエムエックス テクノロジーズ ピーティーワイ リミテッド Transaction validation

Also Published As

Publication number Publication date
EP1861804A2 (en) 2007-12-05
WO2006100655A2 (en) 2006-09-28
WO2006100655A3 (en) 2007-03-01

Similar Documents

Publication Publication Date Title
RU2518680C2 (en) Verification of portable consumer devices
US9582801B2 (en) Secure communication of payment information to merchants using a verification token
CA2701055C (en) Method of providing assured transactions using secure transaction appliance and watermark verification
US20060123465A1 (en) Method and system of authentication on an open network
US8321353B2 (en) Method of providing transactions employing advertising based verification
US20060136332A1 (en) System and method for electronic check verification over a network
US20040215963A1 (en) Method and apparatus for transffering or receiving data via the internet securely
AU2010292125B2 (en) Secure communication of payment information to merchants using a verification token
US20110202762A1 (en) Method and apparatus for carrying out secure electronic communication
AU2010315111A1 (en) Verification of portable consumer devices for 3-D secure services
US20120095919A1 (en) Systems and methods for authenticating aspects of an online transaction using a secure peripheral device having a message display and/or user input
AU2006200653A1 (en) A digital wallet
US20100058068A1 (en) Secure PIN Character Retrieval and Setting
EP1861804A2 (en) Securing access authorisation
IES85150Y1 (en) Securing access authorisation
JP2002304589A (en) Payment system
Ranum Eletronic Commerce and Security
AU2018214039A1 (en) Verification of portable consumer devices
THATCHER Protecting E-Commerce Systems
Kurylowicz The Origin and Outlook for the Development of Electronic Banking in Poland at the Beginning of the 21st Century

Legal Events

Date Code Title Description
MM4A Patent lapsed