[go: up one dir, main page]

WO2007108034A2 - Method for enabling communication among processing equipment - Google Patents

Method for enabling communication among processing equipment Download PDF

Info

Publication number
WO2007108034A2
WO2007108034A2 PCT/IT2007/000197 IT2007000197W WO2007108034A2 WO 2007108034 A2 WO2007108034 A2 WO 2007108034A2 IT 2007000197 W IT2007000197 W IT 2007000197W WO 2007108034 A2 WO2007108034 A2 WO 2007108034A2
Authority
WO
WIPO (PCT)
Prior art keywords
processor
user
password
passwords
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IT2007/000197
Other languages
French (fr)
Other versions
WO2007108034A3 (en
Inventor
Valerio Pastore
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2007108034A2 publication Critical patent/WO2007108034A2/en
Publication of WO2007108034A3 publication Critical patent/WO2007108034A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1475Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored

Definitions

  • the present invention relates to a method for enabling communication among processing equipment, and particularly, but not limited thereto, it relates to the enabling of protected services on an Internet network .
  • key loggers which are able to capture all that is written on a computer: username, password, email, etc.
  • the object of the present invention is to provide a communication enabling method that at least partially overcomes the problems outlined above with reference to conventional communication methods .
  • the object of the present invention is achieved by a communication enabling method as described in attached claim 1.
  • a communication enabling method as described in attached claim 1.
  • a server-to server acknowledgment on the Internet Valpas box server and provider server
  • Fig. 1 illustrates in a very schematic manner a particular example of a communication network in which the inventive method can be implemented
  • Fig. 2 illustrates a screen displayable by a processor of such network in accordance with an exemplary operation of the inventive method
  • Fig. 3 to 7 illustrate examples of the architecture of various work areas of an Internet site that allows implementing the method in accordance with the invention
  • Fig. 8 illustrates a further screen displayable by a processor in said network in accordance with another exemplary operation of the inventive method.
  • Fig. 1 shows a communication network 1000 (such as an Internet network) comprising a service center 100 provided with a server 101.
  • Server 101 allows managing a first web site 102 to which connect on the basis of a predefined address, such as, for instance, the www.valpasbox. com address .
  • the communication network 1000 also comprises at least one first processing equipment 103 assigned to a user Ul of the service offered by center 100.
  • the processing equipment 103 is, preferably, a personal computer capable of being at least conventionally connected to site 102.
  • this first personal computer 103 is the computer installed at user's Ul home or office, i.e. it is under user's control and shows adequate security requirements visa-vis violations from outside.
  • At least one second processing equipment 104 is provided, which can be used by the user Ul but is not under his/her direct control.
  • this second processing equipment 104 is a personal computer of the kind installed in an environment different from the user's Ul home or office, such as those stations installed in Internet-cafes, personal computers of acquaintances, or those installed in outside TOTEMs.
  • the second personal computer 104 can be connected to web sites managed by respective servers associated with corresponding providers, which provide various kind of services such as, typically, email services (mailbox, 105 and 106 in Fig. 1) or file storage (files storage, 107 in Fig. 1) .
  • Fig. 1 known websites as www.hotmail . com, www.yahoo . com, www.xbinary. com are indicated, only by way of example.
  • the providers associated with these on-line services have signed an agreement with service center 100, and can establish a connection with service center 100 server 101.
  • the second personal computer 104 non proprietary for user Ul, there may ⁇ be installed software (i.e. viruses) able to retrieve confidential data and input from user Ul, such as passwords, to access user Ul account available by one of sites 105, 106 and 107.
  • software i.e. viruses
  • user Ul can connect to first site 102, login (for instance, free) and create his/her username.
  • user Ul has access to a web page from which he/she may benefit from a series of functions among which the possibility to enter differentiated password lists, storable in a database manageable by service center 100 server 101.
  • the user may enter a password sequence (words, numbers or alphanumeric codes) .
  • a password sequence words, numbers or alphanumeric codes
  • the inventive method provides two types of passwords available to user Ul: one type called “one-shot” and another type, called “time-shot” .
  • To the one shot classification belong once-only valid passwords, i.e. usable once only by the user and then disabled.
  • the user accesses the one-shot section, he/she enters the desired passwords and confirms the list created to complete storage.
  • To the time-shot classification belong passwords to which a specific validity duration is associated.
  • the user accesses the time-shot section, besides entering the desired passwords, he/she may associate with them a validity period.
  • the user Ul points out the on-line services for which he/she desires using the passwords PSWs (one-shot and time-shot) .
  • PSWs passwords
  • user Ul will select the name of the available service (for instance, 105, 106 and 107 mentioned above, or others as Home banking, in the Internet reserved access stand-alone software etc..) and will be able to specify the respective username identifying the user at one of sites 105 - 107 (for instance, USERNAME 1) and a specific password PSWS USERNAME 1 related thereto.
  • the service offered by center 100 may be made further protected and safe thanks to a custom timing system with which one can specify the time intervals during which all stored passwords (one-shot or time- shot) are non-usable.
  • a custom timing system with which one can specify the time intervals during which all stored passwords (one-shot or time- shot) are non-usable.
  • code lines and related documentation are delivered by the service center, which allow them to provide the communication between their own servers and server 101.
  • the user Ul connects, via the personal computer 104 to a site of interest, from which he/she opens a "Hotmail access" window (Fig. 2) .
  • the "Hotmail access" window indicates: a field Cl for writing the e-mail address of user Ul, a field C2 for entering a specific password PSWS, and a field C3 (associated in Fig. 2 to a name indicative of the service of center 100, for example, Valpasbox) .
  • user Ul types an access code ACC in field C3 in the form of a string made up with: another login username to the inventive service provided by site 102 (for instance, USERNAMEU) , followed by a star * and by one of the one-shot or time-shot passwords PSWs (for instance, PSWl) .
  • the provider managing site 105 instead of controlling the password PSWl entered in its own servers, sends a related unequivocal identification code IUC (that identifies the provider itself) and a verification request VRM (Fig. 1) to the service center server 101 including username USERNAME 1 and access code ACC, i.e. USERNAMEU and recorded password PSWl.
  • IUC unequivocal identification code
  • VRM verification request
  • the service center 100 receives the verification request VRM and makes sure at least about password PSWl validity.
  • the server 101 can send a confirmation message to server 105.
  • server 101 verifies, via the unequivocal identification received code IUC, that the source provider signed an agreement with service center 100, and checks that USERNAMEl was entered inside user Ul enabled services List (Fig. 6a) .
  • server 101 sends to site 105 provider an OK confirmation, transmitting the specific password PSWS associated to username USERNAME1 previously entered by user Ul in the enabled service list section of site 102 (Fig. 6a) .
  • the server 101 disables it (by deleting it or, for instance, marking it in a way that renders it automatically invalid) .
  • password PSWl is a time- shot password
  • server 101 starts the duration period associated with the access code being used, at the end of which it is disabled.
  • the provider identifies the received PSWS associated with the USERNAMEl entered in Cl field. If the identification is successful, user Ul can use the service offered by site 105 provider.
  • the latter sends a denial message to the server 105 of the requesting provider in the form of an error code defined by service center 100, communicating that identification password is invalid.
  • the identification password PSWl may be invalid due to a never recorded one-shot or time-shot password, a disabled one-shot or time-shot password, a service center 100 username non existing in site 102 , a non existing username within the service list of site 102 enabled by user Ul.
  • the message sending procedure between the server 101 and those 105 - 107 of the associated providers takes place in a protected mode, thanks to exclusive use of supplied code and an encrypted communication channel (eg. HTTPS, SSL) .
  • HTTPS HyperText Transfer Protocol
  • SSL Secure Sockets Layer
  • passwords stored within server 101 are encrypted in two different security levels, according to the specific indications configured by user Ul during the input step (decryptable encryption and not) .
  • user Ul may select a service offered option (safe Timing) according to which the above described service is active only for a predetermined time period of the day.
  • server 101 returns an OFFTIME string that alerts provider that service is temporarily unavailable according to user made configuration.
  • Stored passwords entered within server 101 may be supplied by sending an SMS directly from service center 100.
  • the user registered with the service may send anytime an SMS to a dedicated service center 100 number, specifying the password type he/she desires to receive: one-shot, time-shot or generic password within enabled service List (Fig. 6a) .
  • Server 101 identifies the number wherefrom the request is carried out and checks whether it belongs to one of the service registered users. If the check is successful, service center 100 sends the password by SMS to the user that made the request.
  • Password sending by SMS is possible only when a minimum or medium protection level is associated with the requested password type; if the protection level applied to the requested password is maximum, service center 100 does not perform sending any password.
  • the service center 100 does not follow up the request.
  • the service used with credit cards follows a procedure fully similar to the one described in case of use with a Service provider (hot mail) , except that in case of identification at server 101 of password PSWl, the server itself sends to requesting server the DBCs (card banking data), i.e. all information relative to the credit card associated therewith.
  • DBCs card banking data
  • Fig. 6b the List of enabled credit cards section (Fig. 6b) , inside that one can store credit card data one desires to use for on-line transactions using service center 100.
  • service center 100 Thereby, at the time that one is asked to input one's own credit card number in those sites in which it is possible to carry out payments by the Internet, one can use the service according to the invention indicating an access code ACCl, consisting of the username related to the service center service (for instance, USERNAMERU1) followed by one of the recorded passwords PSWn, for instance, a one-shot password PSWl' .
  • an access code ACCl consisting of the username related to the service center service (for instance, USERNAMERU1) followed by one of the recorded passwords PSWn, for instance, a one-shot password PSWl' .
  • user Ul may specify the following data: circuit to which the credit card belongs, card number, owner first and last name, date of expiration, security code, associated one-shot password list (selected within a list that contains all one-shot passwords available and previously stored within the one-shot List section) .
  • All credit cards contained within such section may be used in those sites that allow carrying out online transactions relying upon banking systems that have signed an agreement with service center 100.
  • Such aforementioned data can be recorded by the user by means of the computer 103 or, for instance, by sending one or more SMS to service center 100.
  • CC6 access code ACCl
  • user Ul decides to carry out payment using service center 100, user Ul will not enter any information in fields CCl, CC2, CC3, CC4, but will only indicate in field CC6 access code ACCl, for instance, USERNAMERUl*PSWl' .
  • the bank server 109 instead of controlling the password PSWl' entered in its own servers, sends (Fig. 1) a univocal identification code IUC and a verification request VRM to service center server 101.
  • Service center 100 and, particularly, server 101 checks sent string ACCl validity.
  • server 101 If sent string ACCl matches a user registered with the service, server 101, through the identification unequivocal received code IUC checks that the source banking institution server has signed an agreement with the service center and that the one- shot password forming the PSWl' is associated to a credit card previously recorded within the credit card List section.
  • the server 102 sends a confirmation to the requesting banking Institution server 109, transmitting all data related to the credit card (DBC) which are required to complete the transaction.
  • DBC credit card
  • server 101 disables it, (by deleting it or, for instance, marking it in such a way as to make it automatically invalid) .
  • the banking institution After the confirmation message by server 101 through sending DBCs, the banking institution carries out their identification. If the check is successful, user Ul can complete the payment procedure.
  • the data relating to the credit cards recorded in the enabled credit card List section can be supplied by sending an SMS directly to service center 100.
  • site 102 embodiments Detailed examples of site 102 embodiments.
  • Service offered by site 102 is designated in this example by the non-limiting name of Valpas box.
  • a field for entering the login to access the service consisting of configuration username*password (password valid only for Valpas box site)
  • One-shot password list (Fig. 4) password, status (available/already in use) , check box (for multiple selection) , properties (creation and storage date, use date) o Time-shot password list (Fig. 5) password, status (available/already in use) , Timing (stand-by/expires within/expired) check box (for multiple selection) , properties
  • New task Modify task, Delete task, Task On/Off
  • a button renders effective the effected configuration.
  • - Modify active in sections: one-shot password List, time-shot password List, enabled service List, enabled credit Card List
  • the old password and the new password require to be entered.
  • Only in one-shot password List, Time-shot password List sections it is further possible to assign it a new protection level (minimum-green, medium-orange, maximum-red) .
  • time-shot password the previously entered duration can be changed in the modification form.
  • a button renders effective the information entered.
  • Restore active in sections: one-shot password List, time-shot password List
  • Feature to reuse an already used (one-shot) or expired (time-shot) password a message alerts that it is not recommendable reusing an already used password and suggests an alternative one.
  • Send active in sections: one-shot password List, time-shot password List, enabled service List, enabled credit Card List
  • Feature to send by SMS a previously stored password with a low protection level (green) or medium (orange) and belonging to the selected list in the work area.
  • the password is sent to the number indicated during the login step to the Valpas box service.
  • the first N sendouts by SMS of the selected password are free: for the following ones payment is necessary.
  • the maximum protection level passwords red
  • a message asks for confirmation prior to perform the operation that is going to be performed. If the selection is confirmed, the system displays a specific password that has been previously stored with a medium security level and belonging to the selected list in the work area. A Close button performs the operation associated thereto.
  • Valpas box service Feature to add a new item to those that define the time intervals within which Valpas box service is available and accessible. By pressing this button one can select a day, a precise time interval or the parameters of an occurrence that define service activity duration. After specifying selected data a confirmation button makes entered information effective.
  • a higher security level can be provided for all those data that have been stored within the server 101 of service center 100 and entered by the user Ul via the site 102.
  • the service center 100 is the storehouse where all information desired to be made inaccessible and confidential is contained: this means that, in case of unauthorized access to the server, all the one-shot and time-shot passwords stored therein, all the data relating to the enabled services and credit cards recorded by the users using the Valpas box service may be viewed.
  • a protection of the data stored within the server 101 of the service center 100 is ensured by having recourse to a public key cryptography (USERNAMERU, which is one of the elements composing the string ACC) , not stored in any server, and to a private key owned by the service center 100: without the combined use of both public and private keys, any information entered in site 102 is not decryptable, and thus results to be unusable.
  • a public key cryptography (USERNAMERU, which is one of the elements composing the string ACC)
  • the information passage is carried out similarly to what has been described above, but it is made possible only due to the combined use of a public key and a private key, which allow the service center 100 to decode the data contained in the server 101 and then use them (for example, in the on-line-, credit card- services, etc.)
  • the use of the public key for the cryptography of the entered items is carried out upstream of the entire process carrying out the transmission of information between the service center 100 and enabled services, thus offering a real protection for all information entered within site 102.
  • the user Ul when the user Ul records via the site 102 a new one-shot or time-shot password, a new item in the enabled service List (username, password and provider associated thereto) or a credit card data, the user Ul will have to state his/her own USERN.AMERU, which is the public key allowing the service center 100 to decrypt the data contained in the server 101: upon record confirmation, the public key (USERNAMERU) is used by the server 101 of the service center 100 to encrypt the data entered by the user Ul and then store the latter within the server 101.
  • the information stored is completely unbreakable, because the public key (USERNAMERU) , is not stored in any database, if not in an unreadable format, and it is the only tool that makes the data entered via the site 102 usable.
  • the protection level (green, orange, red) at which the data are to be stored within the server 101 of the service center 100 is not required to be reported: all data entered via the site 102 (Valpas Box) are recorded at an individual protection level other than the three levels (green, orange, red) described above.
  • the new protection level is characterized by the possibility of being decrypted only using the public key that corresponds to the USERNAMERU, not stored within the server 101 of the service center 100, if not in an unreadable manner.
  • the user Ul when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o One-shot password o One-shot password confirmation o Comments relating to the new password entered, which will be used as a help for remembering it .
  • USERNAMERU Username Valpas Box
  • One-shot password o One-shot password confirmation
  • Comments relating to the new password entered which will be used as a help for remembering it .
  • time-shot password list section when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o Password time-shot o Time-shot password list o Comments relating to the new password entered, which will be used as a help for remembering it . o Validity duration of the entered password.
  • USERNAMERU Username Valpas Box
  • Password time-shot o
  • Time-shot password list o Comments relating to the new password entered, which will be used as a help for remembering it .
  • the user Ul when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o Provider name o Service name o Service password o Comments relating to the new password entered, which will be used as a help for remembering it .
  • USERNAMERU Username Valpas Box
  • Provider name o Service name
  • Service password o Comments relating to the new password entered, which will be used as a help for remembering it .
  • the data stored in the server 101 of the service center 100 cannot be displayed at all by consulting the lists reported in the site 102 (One-shot password list, Time-shot password list, Enabled Service List and Recorded Credit Card List) .
  • the comments stored upon centering the new items can be consulted to remember the data that have been entered.
  • the service center 100 it is possible to know the one-shot passwords, time-shot passwords and other entered data only by SMS, by sending a specific request to the service center 100, including the Valpas Box username (USERNAMERU) , which identifies the public key with which the data stored in the server 101 of the service center 100 can be decrypted.
  • the password required is sent by SMS from the service center 100 to the enabled user Ul.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for enabling a connection between a first user-processor (104) and a second processor (105) is described, comprising: recording one or more passwords associated to a user (U1) in a management processor (101); sending by the user and via the first processor (104) a selected password (PSW1) to the second processor (105); sending by the second processor (105; 109) and to the management processor (101) a acknowledgment request (VEM) including the selected password; verifying by the management processor (101) that the received selected password (PSW1) is comprised among one or more recorded passwords; disabling the received selected password among said one or more recorded passwords; sending by the management processor and to the second processor (105) a message indicative of the acknowledgment of the selected password.

Description

Method for enabling communication among processing equipment Field of the invention
The present invention relates to a method for enabling communication among processing equipment, and particularly, but not limited thereto, it relates to the enabling of protected services on an Internet network . Background of the art
When a computer is used from a station different than one's own, an amount of confidential information is left in the system memory without noticing it.
Therefore to-day there is software, called key loggers, which are able to capture all that is written on a computer: username, password, email, etc...
There are various situation where one can risk his/her own privacy due to these viruses; for instance when one's own personal email is read on a friend's or acquaintance's computer, at an Internet cafe, at office etc..
Object of the Invention
The object of the present invention is to provide a communication enabling method that at least partially overcomes the problems outlined above with reference to conventional communication methods . Summary of the Invention
The object of the present invention is achieved by a communication enabling method as described in attached claim 1. Particularly, but not limited thereto, with the inventive method one can use some special identification passwords to reserved areas of any provider in the world access in a 100% secure manner, through a server-to server acknowledgment on the Internet (Valpas box server and provider server) . According to a preferred aspect, with the method according to the invention, it is no longer necessary to use the specific different passwords associated with the various services with which one is registered.
Specific embodiments of the invention are as defined in the dependent claims 2 to 20. It is also an object of the present invention a communication network as defined in claim 21. Brief Description of the Figures
The advantages and further aspects of the invention will appear more clearly from the description below of preferred embodiments thereof, which is given as a non-limiting example, with reference to the annexed drawings, in which: Fig. 1 illustrates in a very schematic manner a particular example of a communication network in which the inventive method can be implemented;
Fig. 2 illustrates a screen displayable by a processor of such network in accordance with an exemplary operation of the inventive method;
Fig. 3 to 7 illustrate examples of the architecture of various work areas of an Internet site that allows implementing the method in accordance with the invention;
Fig. 8 illustrates a further screen displayable by a processor in said network in accordance with another exemplary operation of the inventive method. Detailed Description of Preferred Embodiments
Fig. 1 shows a communication network 1000 (such as an Internet network) comprising a service center 100 provided with a server 101. Server 101 allows managing a first web site 102 to which connect on the basis of a predefined address, such as, for instance, the www.valpasbox. com address .
The communication network 1000 also comprises at least one first processing equipment 103 assigned to a user Ul of the service offered by center 100. The processing equipment 103 is, preferably, a personal computer capable of being at least conventionally connected to site 102. For instance, this first personal computer 103 is the computer installed at user's Ul home or office, i.e. it is under user's control and shows adequate security requirements visa-vis violations from outside.
In communications network 1000 at least one second processing equipment 104 is provided, which can be used by the user Ul but is not under his/her direct control. By way of example, this second processing equipment 104 is a personal computer of the kind installed in an environment different from the user's Ul home or office, such as those stations installed in Internet-cafes, personal computers of acquaintances, or those installed in outside TOTEMs. The second personal computer 104 can be connected to web sites managed by respective servers associated with corresponding providers, which provide various kind of services such as, typically, email services (mailbox, 105 and 106 in Fig. 1) or file storage (files storage, 107 in Fig. 1) .
In Fig. 1 known websites as www.hotmail . com, www.yahoo . com, www.xbinary. com are indicated, only by way of example. The providers associated with these on-line services have signed an agreement with service center 100, and can establish a connection with service center 100 server 101.
It is to be noted that in the second personal computer 104, non proprietary for user Ul, there may¬ be installed software (i.e. viruses) able to retrieve confidential data and input from user Ul, such as passwords, to access user Ul account available by one of sites 105, 106 and 107.
Referring to this exemplary situation, the operative mode of the communication method implemented in accordance with an example of the inventive service will be now described.
To use the service, user Ul can connect to first site 102, login (for instance, free) and create his/her username.
At the end of the login operation, user Ul has access to a web page from which he/she may benefit from a series of functions among which the possibility to enter differentiated password lists, storable in a database manageable by service center 100 server 101.
The user may enter a password sequence (words, numbers or alphanumeric codes) . Advantageously, the inventive method provides two types of passwords available to user Ul: one type called "one-shot" and another type, called "time-shot" .
To the one shot classification belong once-only valid passwords, i.e. usable once only by the user and then disabled. When the user accesses the one-shot section, he/she enters the desired passwords and confirms the list created to complete storage.
To the time-shot classification belong passwords to which a specific validity duration is associated. When the user accesses the time-shot section, besides entering the desired passwords, he/she may associate with them a validity period.
In an Internet site 102 dedicated section, the user Ul points out the on-line services for which he/she desires using the passwords PSWs (one-shot and time-shot) . To enable the use of the service center 100 password, user Ul will select the name of the available service (for instance, 105, 106 and 107 mentioned above, or others as Home banking, in the Internet reserved access stand-alone software etc..) and will be able to specify the respective username identifying the user at one of sites 105 - 107 (for instance, USERNAME 1) and a specific password PSWS USERNAME 1 related thereto.
The service offered by center 100 may be made further protected and safe thanks to a custom timing system with which one can specify the time intervals during which all stored passwords (one-shot or time- shot) are non-usable. To unlock the temporarily- interrupted service, one can, according to a preferred embodiment, give a respective associated command by SMS.
To the providers managing the sites 105 - 106, and which have decided to integrate the option provided by the service center 100 within their own system, code lines and related documentation are delivered by the service center, which allow them to provide the communication between their own servers and server 101.
Referring to an exemplary operation of the method in accordance with the invention, let us consider the case in which user Ul desires to access a protected Internet site, for instance hotmail site 105, using the second non proprietary personal computer 104.
The user Ul connects, via the personal computer 104 to a site of interest, from which he/she opens a "Hotmail access" window (Fig. 2) . The "Hotmail access" window indicates: a field Cl for writing the e-mail address of user Ul, a field C2 for entering a specific password PSWS, and a field C3 (associated in Fig. 2 to a name indicative of the service of center 100, for example, Valpasbox) .
User Ul enters in field Cl the correct address that it desires to access, i.e. the aforementioned username USERNAMEl. Note that the specific password PSWS in field C2 is other than the PSWs entered in the service list, but it is the password that user Ul will use while he/she operates on his/her own computer 103 or on a computer of whose security he/she is sure.
Therefore, user Ul will not input in field C2 the direct password, but he/she will input in field C3 a password being a part of the. passwords PSWs that have been previously recorded and that are managed by service center 100.
Particularly, it can be provided that user Ul types an access code ACC in field C3 in the form of a string made up with: another login username to the inventive service provided by site 102 (for instance, USERNAMEU) , followed by a star * and by one of the one-shot or time-shot passwords PSWs (for instance, PSWl) . By way of example, a string of type: USERNAME*PSW1 (=ACC) is entered in field C3.
The provider managing site 105, instead of controlling the password PSWl entered in its own servers, sends a related unequivocal identification code IUC (that identifies the provider itself) and a verification request VRM (Fig. 1) to the service center server 101 including username USERNAME 1 and access code ACC, i.e. USERNAMEU and recorded password PSWl.
The service center 100, and particularly, server 101, receives the verification request VRM and makes sure at least about password PSWl validity. When the password PSWl received by server 101 matches one of the recorded passwords PSWs, the server 101 can send a confirmation message to server 105.
According to a preferred embodiment, after having verified access code ACC (both username USERNAMEU, and password PSWl) , server 101 verifies, via the unequivocal identification received code IUC, that the source provider signed an agreement with service center 100, and checks that USERNAMEl was entered inside user Ul enabled services List (Fig. 6a) .
If all checks gave positive outcome, then server 101 sends to site 105 provider an OK confirmation, transmitting the specific password PSWS associated to username USERNAME1 previously entered by user Ul in the enabled service list section of site 102 (Fig. 6a) .
If the recorded password PSWl is a one-shot type, the server 101 disables it (by deleting it or, for instance, marking it in a way that renders it automatically invalid) . When password PSWl is a time- shot password, server 101 starts the duration period associated with the access code being used, at the end of which it is disabled.
Following the confirmation message by server 101 through sending the PSWS, the provider identifies the received PSWS associated with the USERNAMEl entered in Cl field. If the identification is successful, user Ul can use the service offered by site 105 provider.
It is important to notice that even if the password PSWl entered in the C3 field together with the access code ACC should be stored by unauthorized people through personal computer 104, this password would have already expired its validity (one-shot case) or would have a highly limited validity in time (time-shot case) , thereby resulting in practice useless for the unauthorized one that wishes accessing user's Ul confidential data.
If the recorded password PSWl sent with the request VRM is not acknowledged by server 101, the latter sends a denial message to the server 105 of the requesting provider in the form of an error code defined by service center 100, communicating that identification password is invalid. As an example, there may be a denial message in the following cases: the identification password PSWl may be invalid due to a never recorded one-shot or time-shot password, a disabled one-shot or time-shot password, a service center 100 username non existing in site 102 , a non existing username within the service list of site 102 enabled by user Ul.
In such cases, anyone who entered an invalid access code in C3 field would be un-enabled accessing user Ul data.
Note that, advantageously, the message sending procedure between the server 101 and those 105 - 107 of the associated providers takes place in a protected mode, thanks to exclusive use of supplied code and an encrypted communication channel (eg. HTTPS, SSL) .
Moreover, preferably, passwords stored within server 101 are encrypted in two different security levels, according to the specific indications configured by user Ul during the input step (decryptable encryption and not) .
According to a particular embodiment, user Ul, may select a service offered option (safe Timing) according to which the above described service is active only for a predetermined time period of the day. In case of using the service outside that, server 101 returns an OFFTIME string that alerts provider that service is temporarily unavailable according to user made configuration.
Note that notwithstanding present invention is useful in particular when user also uses other non proprietary computers (or other communication processing device types) , this service is also implementable between computers 103 and 104 belonging to a same control body, for example the same firm, but usually assigned to different users .
It is useful to highlight other optional features implementable by the inventive method. For instance, in case the registered user forgets one or more passwords entered in site 101, and it is not safe accessing to it to check the lists contained therein, he/she may request them from service center 100 by SMS.
Stored passwords entered within server 101 may be supplied by sending an SMS directly from service center 100. To perform the request, the user registered with the service may send anytime an SMS to a dedicated service center 100 number, specifying the password type he/she desires to receive: one-shot, time-shot or generic password within enabled service List (Fig. 6a) .
Server 101 identifies the number wherefrom the request is carried out and checks whether it belongs to one of the service registered users. If the check is successful, service center 100 sends the password by SMS to the user that made the request.
Password sending by SMS is possible only when a minimum or medium protection level is associated with the requested password type; if the protection level applied to the requested password is maximum, service center 100 does not perform sending any password.
If the phone number from which the request is carried out is not found among the registered users to the service, the service center 100 does not follow up the request.
Users using the service in accordance with the invention may use an exclusive system capable of offering a number of advantages among which:
1) availability always and anywhere in the world of a really secure access to Internet services protected by personal identification systems;
2) having an individual password provider, by means of a virtual secure safe, easy to manage and directly accessible via the Internet from any platform;
3) exploiting the advantages of a secure, widespread and free system.
Moreover, Internet sites, software houses, service providers that have integrated within their system the option according to the invention use a new and competitive feature that allows them to:
A) provide users with a higher security system than presently existing ones;
B) be a part of a wider and wider service community bound by the implementation of this system;
C) offer competitive advantages of a free to users service and technologically ahead as compared with present security standards .
Description of a further particular embodiment of present invention
An embodiment of the present invention related to an on-line service of credit cards use will be described.
The service used with credit cards follows a procedure fully similar to the one described in case of use with a Service provider (hot mail) , except that in case of identification at server 101 of password PSWl, the server itself sends to requesting server the DBCs (card banking data), i.e. all information relative to the credit card associated therewith.
On the Internet it is possible to purchase and pay on-line services by credit card: at the time one is asked to input information relative to the credit card that one desires to use it is possible that such data be intercepted or recorded by unauthorized users, therefore exposing the safety of one's personal data, and therefore making frauds and unauthorized transactions possible.
Thanks to the inventive methodology, one can effect on-line transactions by credit card without specifying in a direct way the card number with which one desires to carry out the payment .
In site 102 is also available the List of enabled credit cards section (Fig. 6b) , inside that one can store credit card data one desires to use for on-line transactions using service center 100. Thereby, at the time that one is asked to input one's own credit card number in those sites in which it is possible to carry out payments by the Internet, one can use the service according to the invention indicating an access code ACCl, consisting of the username related to the service center service (for instance, USERNAMERU1) followed by one of the recorded passwords PSWn, for instance, a one-shot password PSWl' .
In the section in which the enabled to service credit card numbers should be entered, user Ul may specify the following data: circuit to which the credit card belongs, card number, owner first and last name, date of expiration, security code, associated one-shot password list (selected within a list that contains all one-shot passwords available and previously stored within the one-shot List section) .
All credit cards contained within such section may be used in those sites that allow carrying out online transactions relying upon banking systems that have signed an agreement with service center 100.
Such aforementioned data (or also the login data) can be recorded by the user by means of the computer 103 or, for instance, by sending one or more SMS to service center 100.
Referring to an exemplary operation of the method according to the invention, let us assume that user Ul desires to carry out an on-line purchase by credit card, connecting for instance to site 108 www. ticketone . it, using the second non proprietary computer 104.
If user Ul selects Credit Card as payment method for carrying out the transaction, then the site ticketone.it connects to server 109 of the banking Institution that will carry out the on-line payment operations. Referring to Fig. 8, if such Institution 109 has signed an agreement with service center 100, a field reserved to entering access code ACCl (CC6) will also appear in the fields where it is asked to enter credit card type (CCl) , card number (CC2) , owner name (CC3) , card expiration date (CC4) .
If user Ul decides to carry out payment using service center 100, user Ul will not enter any information in fields CCl, CC2, CC3, CC4, but will only indicate in field CC6 access code ACCl, for instance, USERNAMERUl*PSWl' .
Advantageously, it can be provided that for service use with credit cards one may use only one- shot password previously stored within the site 102 one-shot password List section and associated to the selected credit card.
The bank server 109, instead of controlling the password PSWl' entered in its own servers, sends (Fig. 1) a univocal identification code IUC and a verification request VRM to service center server 101.
Service center 100, and, particularly, server 101 checks sent string ACCl validity.
If sent string ACCl matches a user registered with the service, server 101, through the identification unequivocal received code IUC checks that the source banking institution server has signed an agreement with the service center and that the one- shot password forming the PSWl' is associated to a credit card previously recorded within the credit card List section.
If all checks are successful, then the server 102 sends a confirmation to the requesting banking Institution server 109, transmitting all data related to the credit card (DBC) which are required to complete the transaction.
Because the password contained in string PSWl' may be only one-shot type, server 101 disables it, (by deleting it or, for instance, marking it in such a way as to make it automatically invalid) .
After the confirmation message by server 101 through sending DBCs, the banking institution carries out their identification. If the check is successful, user Ul can complete the payment procedure.
The data relating to the credit cards recorded in the enabled credit card List section can be supplied by sending an SMS directly to service center 100. Detailed examples of site 102 embodiments.
For description completion, some exemplary structural and architectural features of site 102 relative to the service according to the invention will be given below. Service offered by site 102 is designated in this example by the non-limiting name of Valpas box.
• Home page • Site 102 (Valpas box) main screen includes:
1. A field for entering the login to access the service consisting of configuration username*password (password valid only for Valpas box site)
2. Button to access to the service login form; by- pressing the Turn on your Valpas box associated link, the login form appears on which the following personal information have to be entered:
- First name
- Last name
- Valpas box username
- Valpas box password
- Valpas box password confirmation
- Mobile phone number (for communications by SMS)
- E-mail address
- Country
- Sex
- Privacy data handling acceptance
- Contract terms acceptance
3. Button to access on-line guide containing the features and operation of the service.
• Registered users' area: (see Pig. 3) The page is partitioned in three main areas:
A. Menu
Area of possible access to various service sections : o One-shot password list o Time-shot password list o Enabled services list o Enabled credit cards list o Safe timing • Safe status
In the menu lower part one may always check the present service status: available Valpas box, indicates that service is active and allows server-to-server communication; unavailable Valpas box, indicates inactive service: a label suggests the user to search the safe Timing section to check for the configured tasks. B. Work area
Depending on the menu section selected, the information associated appears arranged in columns list within this area o One-shot password list (Fig. 4) password, status (available/already in use) , check box (for multiple selection) , properties (creation and storage date, use date) o Time-shot password list (Fig. 5) password, status (available/already in use) , Timing (stand-by/expires within/expired) check box (for multiple selection) , properties
(creation and storage date, use date) , validity duration. o Enabled service list (Fig. 6a) service name, username, password, properties
(input date) , check box (for multiple selection) . o Enabled Credit Card list (Fig. 6b)
Circuit, Owner name, Card number,
Expiration, Security code, one-shot associated password list. o Safe timing (Fig. .7)
Task list with service activation hour, date and time intervals details; task status (on/off) . Display specifications
There exist systems able to intercept screens of what have been done on a computer: as the information contained in the screens might be intercepted, aiming at ensuring the highest security standards, the password lists stored in the individual service sections can be either displayable or not depending on user defined specific parameters. Passwords may be either displayable, protected (accessible by the Display and Send commands) or un-displayable, depending on the user specified protection level during the input or modification steps . C. Command bar
Depending upon the selected Menu section, the operations list that may be performed on data contained in the work area appears within this area. o One-shot password list (Fig. 4)
Add, Delete, Modify, Restore, Send MSM, Display o Time-shot password list (Fig. 5)
Add, Delete, Modify, Restore, Send SMS, Display o Enabled service list (Fig. 6a)
Add, Delete, Modify, Send SMS, Display o Enabled credit card list
Add, Delete, Modify, Send SMS, Display o Safe timing (Fig. 7)
New task, Modify task, Delete task, Task On/Off
Description of the above available features :
Add (active in sections: one-shot password List, time-shot password List, enabled service List)
Features to add a new password to the list in work area. By pressing this key a new password input form appears: during typing in, the entered characters are un-displayable due to screening (only dots are visible) . To confirm, it is necessary to enter the new selected password once again. During this step, only in the one-shot password List and time-shot password List sections, it is required that the protection level one desires to apply to the password entered is also indicated: o Green > minimum security level input password is displayable in the work area o Orange > medium security level input password is only displayable using Send and Display commands o Red > maximum security level a message alerts the user that by applying this security degree it will be no longer possible displaying the stored password. Upon selection confirmation, the input password will be no longer displayable in any way.
In the enabled service List and enabled credit Card List sections, due to predefined configuration, all passwords are stored with a medium (orange) security level.
A button renders effective the effected configuration.
- - Delete (active in sections: one-shot password List, time-shot password List, enabled service List, enabled credit Card List) ; Feature to delete the selected password from within the list in the work area.
- Modify (active in sections: one-shot password List, time-shot password List, enabled service List, enabled credit Card List) : Feature to modify the selected password by means of a form: during typing in, the entered characters are un-displayable due to screening (only dots are visible) . To carry out a modification, the old password and the new password require to be entered. To confirm, it is necessary to enter the new selected password once again. Only in one-shot password List, Time-shot password List sections it is further possible to assign it a new protection level (minimum-green, medium-orange, maximum-red) . In case of time-shot password, the previously entered duration can be changed in the modification form. A button renders effective the information entered.
Restore (active in sections: one-shot password List, time-shot password List) : Feature to reuse an already used (one-shot) or expired (time-shot) password: a message alerts that it is not recommendable reusing an already used password and suggests an alternative one.
Send (active in sections: one-shot password List, time-shot password List, enabled service List, enabled credit Card List) : Feature to send by SMS a previously stored password with a low protection level (green) or medium (orange) and belonging to the selected list in the work area. The password is sent to the number indicated during the login step to the Valpas box service. The first N sendouts by SMS of the selected password are free: for the following ones payment is necessary. The maximum protection level passwords (red) cannot be sent by SMS because un-decryptable.
- Display (active in sections: one-shot password List, time-shot password List, enabled service List, enabled credit Card List) ;
For security reasons, a message asks for confirmation prior to perform the operation that is going to be performed. If the selection is confirmed, the system displays a specific password that has been previously stored with a medium security level and belonging to the selected list in the work area. A Close button performs the operation associated thereto.
New task (Active in safe Timing section) :
Feature to add a new item to those that define the time intervals within which Valpas box service is available and accessible. By pressing this button one can select a day, a precise time interval or the parameters of an occurrence that define service activity duration. After specifying selected data a confirmation button makes entered information effective.
Modify task (Active in safe Timing section) :
Feature to modify safe timing configuration parameters . - Delete task (Active in safe Timing section) :
Feature to delete an item defining safe timing configuration parameters.
- Activate/Deactivate task (Active in safe Timing section) :
Feature to hang up or restart an item in which the safe timing configuration parameters have been previously entered.
Description of a variant embodiment of the invention
According to a preferred embodiment that can be used with each embodiment described above, a higher security level can be provided for all those data that have been stored within the server 101 of service center 100 and entered by the user Ul via the site 102.
It should be observed that, according to the procedure described in the cases as illustrated above, all the information contained within the server 101 of the service center 100 (one-shot and time-shot passwords, username and password of the enabled services and credit card data) may be viewed by those who have the chance of accessing the server of the service center 100.
The service center 100, in fact, is the storehouse where all information desired to be made inaccessible and confidential is contained: this means that, in case of unauthorized access to the server, all the one-shot and time-shot passwords stored therein, all the data relating to the enabled services and credit cards recorded by the users using the Valpas box service may be viewed.
An alternative method for preserving and managing the data stored within the servers 101 of the service center 100 is described below, which is capable of ensuring that the data stored therein will be completely unusable without the authorization of the user registered with the service.
A protection of the data stored within the server 101 of the service center 100 is ensured by having recourse to a public key cryptography (USERNAMERU, which is one of the elements composing the string ACC) , not stored in any server, and to a private key owned by the service center 100: without the combined use of both public and private keys, any information entered in site 102 is not decryptable, and thus results to be unusable.
According to this alternative embodiment, the information passage is carried out similarly to what has been described above, but it is made possible only due to the combined use of a public key and a private key, which allow the service center 100 to decode the data contained in the server 101 and then use them (for example, in the on-line-, credit card- services, etc.)
The use of the public key for the cryptography of the entered items is carried out upstream of the entire process carrying out the transmission of information between the service center 100 and enabled services, thus offering a real protection for all information entered within site 102.
With reference to the methodology, when the user Ul records via the site 102 a new one-shot or time-shot password, a new item in the enabled service List (username, password and provider associated thereto) or a credit card data, the user Ul will have to state his/her own USERN.AMERU, which is the public key allowing the service center 100 to decrypt the data contained in the server 101: upon record confirmation, the public key (USERNAMERU) is used by the server 101 of the service center 100 to encrypt the data entered by the user Ul and then store the latter within the server 101. The information stored is completely unbreakable, because the public key (USERNAMERU) , is not stored in any database, if not in an unreadable format, and it is the only tool that makes the data entered via the site 102 usable.
Contrarily to a particular embodiment described above, the protection level (green, orange, red) at which the data are to be stored within the server 101 of the service center 100 is not required to be reported: all data entered via the site 102 (Valpas Box) are recorded at an individual protection level other than the three levels (green, orange, red) described above.
The new protection level is characterized by the possibility of being decrypted only using the public key that corresponds to the USERNAMERU, not stored within the server 101 of the service center 100, if not in an unreadable manner.
As all data stored via the site 102 cannot be displayed within the site at all, when a new item is entered, some comments can be stored, which will help the user Ul to remember the data he/she has entered.
In the one-shot password list section, when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o One-shot password o One-shot password confirmation o Comments relating to the new password entered, which will be used as a help for remembering it .
In the time-shot password list section, when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o Password time-shot o Time-shot password list o Comments relating to the new password entered, which will be used as a help for remembering it . o Validity duration of the entered password.
In the enabled service list section, when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o Provider name o Service name o Service password o Comments relating to the new password entered, which will be used as a help for remembering it .
In the recorded Credit Card List section, when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case : o Credit card type o Card number o Owner name o Card expiration date o Three-digit security code o Username Valpas Box (USERNAMERU) o One-shot or Time-shot password selected among those already stored within the respective section o Comments relating to the associated credit card, which will be used as a help for remembering it.
With this new level of protection, the data stored in the server 101 of the service center 100 cannot be displayed at all by consulting the lists reported in the site 102 (One-shot password list, Time-shot password list, Enabled Service List and Recorded Credit Card List) . The comments stored upon centering the new items can be consulted to remember the data that have been entered.
In this example, it is possible to know the one-shot passwords, time-shot passwords and other entered data only by SMS, by sending a specific request to the service center 100, including the Valpas Box username (USERNAMERU) , which identifies the public key with which the data stored in the server 101 of the service center 100 can be decrypted. The password required is sent by SMS from the service center 100 to the enabled user Ul.

Claims

Claims
1. A method for enabling a connection between a first processor (104) and a second processor (105; 109) , comprising: recording (101) one or more user (Ul) associated passwords in a management processor; sending by the user and via the first processor (104) , a selected password (PSWl) to the second processor (105; 109) ; sending by the second processor (105; 109) and to the management processor (101) a acknowledgment request (VRM) including the selected password (PSWl) ; checking by the management processor (101) that the received selected password (PSWl) is included among one or more recorded passwords; disabling among said one or more recorded passwords the received selected password; sending by the management processor and to the second processor (105; 109) a message indicative of the selected password acknowledgment or non- acknowledgment .
2. The method according to claim 1, comprising: performing by the second processor (105) enabling of the first processor (104) to access the resources managed by second computer relative to said user to enable a respective user-service, when said message indicates that acknowledgment has been made.
3. The method according to claim 2, comprising performing by the second processor (105) an operation for inhibiting the first computer (104) from accessing the resources managed by the second computer, when said message indicates that acknowledgment has been made.
4. The method according to claim 1 , wherein said one or more passwords include at least one one-shot type password for which said operation of disabling the selected password takes place substantially immediately after acknowledgment has been made.
5. The method according to claim 1, wherein said one or more passwords include at least one time-shot password for which said operation of disabling the selected password takes place after a non null predetermined time period.
6. The method according to claim 1, wherein said computers operate in a telecommunications network.
7. The method according to claim 6, wherein the telecommunications network is an Internet network.
8. The method according to claim 1, wherein said second processor can allow enabling the first processor (104) to access resources managed by the second processor and related to said user on the basis of a further password acknowledgeable by said second processor .
9. The method according to claim 2, wherein said resources comprise software and data belonging to the group of: electronic mail services, electronic documents (files) storing services, banking services and other services that require confidential access.
10. The method according to claim 1, wherein sending by the user and via the first processor (104) comprises: typing in said selected password, by means of a user interface of the first processor.
11. The method according to claim 1, wherein said step of sending the selected password by means of the first processor (104) , further includes sending by the user a first username associated with that user and said management processor to the second processor (105) .
12. The method according to claim 11, wherein the acknowledgment request (VRM) includes sending, by the second processor an identification code of the second processor and a second username associated with said user and second processor to the management processor.
13. The method according to claim 12, wherein the verifying step further comprises: verifying if the identification code of the second processor and said first and second usernames are present in a database operatively associated with the management processor.
14. The method according to at least one of the preceding claims, wherein: sending by the user and via the first processor (104) , a selected password to the second computer (109) includes connecting by the user and by means of the first processor (104) to an intermediate computer (108) to send the selected password (PSWl) ; the intermediate computer being in communication with said second processor (109) to transmit at least said selected password.
15. The method according to claim 1, wherein the step of recording in a management processor (101) one or more user (Ul) associated passwords is performed by the user connecting to said management processor by means of a proprietary computer.
16. The method according to claim 1, wherein the step of recording in a management processor (101) one or more user/ (Ul) associated passwords also comprises recording auxiliary data.
17. The method according to claim 2 and 16 , wherein said auxiliary data comprise an identification code of the user-service type to be enabled.
18. The method according to claim 1 or 17, wherein said auxiliary data are sent to a receiving equipment associated to the management processor by means of one or more SMS messages transmitted by the user.
19. The method according to claim 17, wherein the service to be enabled is an on-line transaction service and said identification code includes a user credit card number.
20. The method according to claim 1, wherein said step of recording in the management processor (101) one or more user (Ul) associated passwords comprises encrypting said one or more passwords on the basis of a public key selected by said user, the management processor being capable of decrypting said one or more passwords on the basis of a private key.
21. A communication network (1000) comprising first and second processors, and. a management processor, said processors being configured so as to implement the method for enabling the communication described by at least one of the preceding claims.
PCT/IT2007/000197 2006-03-22 2007-03-19 Method for enabling communication among processing equipment Ceased WO2007108034A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITMI20060528 ITMI20060528A1 (en) 2006-03-22 2006-03-22 METHOD OF ENABLING THE COMMUNICATION BETWEEN PROCESSING DEVICES
ITMI2006A000528 2006-03-22

Publications (2)

Publication Number Publication Date
WO2007108034A2 true WO2007108034A2 (en) 2007-09-27
WO2007108034A3 WO2007108034A3 (en) 2007-11-22

Family

ID=38521170

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2007/000197 Ceased WO2007108034A2 (en) 2006-03-22 2007-03-19 Method for enabling communication among processing equipment

Country Status (2)

Country Link
IT (1) ITMI20060528A1 (en)
WO (1) WO2007108034A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8967371B2 (en) 2009-02-03 2015-03-03 Leslie Donald Dunn Stub shaft and bearing assembly and conveyor idler roller incorporating same

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7558964B2 (en) * 2005-09-13 2009-07-07 International Business Machines Corporation Cued one-time passwords

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8967371B2 (en) 2009-02-03 2015-03-03 Leslie Donald Dunn Stub shaft and bearing assembly and conveyor idler roller incorporating same

Also Published As

Publication number Publication date
WO2007108034A3 (en) 2007-11-22
ITMI20060528A1 (en) 2007-09-23

Similar Documents

Publication Publication Date Title
US10614650B2 (en) System and method for managing distributed encrypted combination over-locks from a remote location
US8656180B2 (en) Token activation
US8555079B2 (en) Token management
US8972719B2 (en) Passcode restoration
US8713661B2 (en) Authentication service
JP5802137B2 (en) Centralized authentication system and method with secure private data storage
JP4434738B2 (en) Stored value data object safety management system and method, and user device for the system
US8839391B2 (en) Single token authentication
US10475115B2 (en) System and method for managing distributed encrypted combination over-locks from a remote location
US11232513B2 (en) System and method for securing and removing over-locks
US20120066757A1 (en) Accessing data based on authenticated user, provider and system
US20120066517A1 (en) Dispersed secure data storage and retrieval
EP1604257B1 (en) A method and system for identifying an authorized individual by means of unpredictable single-use passwords
US9294918B2 (en) Method and system for secure remote login of a mobile device
US11416919B2 (en) System and method for retrieving an unlock code via electronic messaging
US12014294B2 (en) System and method for transmitting unlock codes based on event triggers
US20170154329A1 (en) Secure transaction system and virtual wallet
US12131373B2 (en) System and method for facilitating access to self-storage units
WO2007108034A2 (en) Method for enabling communication among processing equipment
JP2005065035A (en) Agent authentication system using IC card
WO2013085666A1 (en) Token management
JP2005084822A (en) Unauthorized utilization notification method, and unauthorized utilization notification program
CN1997954A (en) Securing of electronic transactions
EP4307258A1 (en) System and method for randomly generating and associating unlock codes and lock identifiers
JP2007179214A (en) Network service anonymous billing system

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE