[go: up one dir, main page]

WO2007108034A2 - Procede rendant possible la communication parmi des equipements de traitement - Google Patents

Procede rendant possible la communication parmi des equipements de traitement Download PDF

Info

Publication number
WO2007108034A2
WO2007108034A2 PCT/IT2007/000197 IT2007000197W WO2007108034A2 WO 2007108034 A2 WO2007108034 A2 WO 2007108034A2 IT 2007000197 W IT2007000197 W IT 2007000197W WO 2007108034 A2 WO2007108034 A2 WO 2007108034A2
Authority
WO
WIPO (PCT)
Prior art keywords
processor
user
password
passwords
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IT2007/000197
Other languages
English (en)
Other versions
WO2007108034A3 (fr
Inventor
Valerio Pastore
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2007108034A2 publication Critical patent/WO2007108034A2/fr
Publication of WO2007108034A3 publication Critical patent/WO2007108034A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1475Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored

Definitions

  • the present invention relates to a method for enabling communication among processing equipment, and particularly, but not limited thereto, it relates to the enabling of protected services on an Internet network .
  • key loggers which are able to capture all that is written on a computer: username, password, email, etc.
  • the object of the present invention is to provide a communication enabling method that at least partially overcomes the problems outlined above with reference to conventional communication methods .
  • the object of the present invention is achieved by a communication enabling method as described in attached claim 1.
  • a communication enabling method as described in attached claim 1.
  • a server-to server acknowledgment on the Internet Valpas box server and provider server
  • Fig. 1 illustrates in a very schematic manner a particular example of a communication network in which the inventive method can be implemented
  • Fig. 2 illustrates a screen displayable by a processor of such network in accordance with an exemplary operation of the inventive method
  • Fig. 3 to 7 illustrate examples of the architecture of various work areas of an Internet site that allows implementing the method in accordance with the invention
  • Fig. 8 illustrates a further screen displayable by a processor in said network in accordance with another exemplary operation of the inventive method.
  • Fig. 1 shows a communication network 1000 (such as an Internet network) comprising a service center 100 provided with a server 101.
  • Server 101 allows managing a first web site 102 to which connect on the basis of a predefined address, such as, for instance, the www.valpasbox. com address .
  • the communication network 1000 also comprises at least one first processing equipment 103 assigned to a user Ul of the service offered by center 100.
  • the processing equipment 103 is, preferably, a personal computer capable of being at least conventionally connected to site 102.
  • this first personal computer 103 is the computer installed at user's Ul home or office, i.e. it is under user's control and shows adequate security requirements visa-vis violations from outside.
  • At least one second processing equipment 104 is provided, which can be used by the user Ul but is not under his/her direct control.
  • this second processing equipment 104 is a personal computer of the kind installed in an environment different from the user's Ul home or office, such as those stations installed in Internet-cafes, personal computers of acquaintances, or those installed in outside TOTEMs.
  • the second personal computer 104 can be connected to web sites managed by respective servers associated with corresponding providers, which provide various kind of services such as, typically, email services (mailbox, 105 and 106 in Fig. 1) or file storage (files storage, 107 in Fig. 1) .
  • Fig. 1 known websites as www.hotmail . com, www.yahoo . com, www.xbinary. com are indicated, only by way of example.
  • the providers associated with these on-line services have signed an agreement with service center 100, and can establish a connection with service center 100 server 101.
  • the second personal computer 104 non proprietary for user Ul, there may ⁇ be installed software (i.e. viruses) able to retrieve confidential data and input from user Ul, such as passwords, to access user Ul account available by one of sites 105, 106 and 107.
  • software i.e. viruses
  • user Ul can connect to first site 102, login (for instance, free) and create his/her username.
  • user Ul has access to a web page from which he/she may benefit from a series of functions among which the possibility to enter differentiated password lists, storable in a database manageable by service center 100 server 101.
  • the user may enter a password sequence (words, numbers or alphanumeric codes) .
  • a password sequence words, numbers or alphanumeric codes
  • the inventive method provides two types of passwords available to user Ul: one type called “one-shot” and another type, called “time-shot” .
  • To the one shot classification belong once-only valid passwords, i.e. usable once only by the user and then disabled.
  • the user accesses the one-shot section, he/she enters the desired passwords and confirms the list created to complete storage.
  • To the time-shot classification belong passwords to which a specific validity duration is associated.
  • the user accesses the time-shot section, besides entering the desired passwords, he/she may associate with them a validity period.
  • the user Ul points out the on-line services for which he/she desires using the passwords PSWs (one-shot and time-shot) .
  • PSWs passwords
  • user Ul will select the name of the available service (for instance, 105, 106 and 107 mentioned above, or others as Home banking, in the Internet reserved access stand-alone software etc..) and will be able to specify the respective username identifying the user at one of sites 105 - 107 (for instance, USERNAME 1) and a specific password PSWS USERNAME 1 related thereto.
  • the service offered by center 100 may be made further protected and safe thanks to a custom timing system with which one can specify the time intervals during which all stored passwords (one-shot or time- shot) are non-usable.
  • a custom timing system with which one can specify the time intervals during which all stored passwords (one-shot or time- shot) are non-usable.
  • code lines and related documentation are delivered by the service center, which allow them to provide the communication between their own servers and server 101.
  • the user Ul connects, via the personal computer 104 to a site of interest, from which he/she opens a "Hotmail access" window (Fig. 2) .
  • the "Hotmail access" window indicates: a field Cl for writing the e-mail address of user Ul, a field C2 for entering a specific password PSWS, and a field C3 (associated in Fig. 2 to a name indicative of the service of center 100, for example, Valpasbox) .
  • user Ul types an access code ACC in field C3 in the form of a string made up with: another login username to the inventive service provided by site 102 (for instance, USERNAMEU) , followed by a star * and by one of the one-shot or time-shot passwords PSWs (for instance, PSWl) .
  • the provider managing site 105 instead of controlling the password PSWl entered in its own servers, sends a related unequivocal identification code IUC (that identifies the provider itself) and a verification request VRM (Fig. 1) to the service center server 101 including username USERNAME 1 and access code ACC, i.e. USERNAMEU and recorded password PSWl.
  • IUC unequivocal identification code
  • VRM verification request
  • the service center 100 receives the verification request VRM and makes sure at least about password PSWl validity.
  • the server 101 can send a confirmation message to server 105.
  • server 101 verifies, via the unequivocal identification received code IUC, that the source provider signed an agreement with service center 100, and checks that USERNAMEl was entered inside user Ul enabled services List (Fig. 6a) .
  • server 101 sends to site 105 provider an OK confirmation, transmitting the specific password PSWS associated to username USERNAME1 previously entered by user Ul in the enabled service list section of site 102 (Fig. 6a) .
  • the server 101 disables it (by deleting it or, for instance, marking it in a way that renders it automatically invalid) .
  • password PSWl is a time- shot password
  • server 101 starts the duration period associated with the access code being used, at the end of which it is disabled.
  • the provider identifies the received PSWS associated with the USERNAMEl entered in Cl field. If the identification is successful, user Ul can use the service offered by site 105 provider.
  • the latter sends a denial message to the server 105 of the requesting provider in the form of an error code defined by service center 100, communicating that identification password is invalid.
  • the identification password PSWl may be invalid due to a never recorded one-shot or time-shot password, a disabled one-shot or time-shot password, a service center 100 username non existing in site 102 , a non existing username within the service list of site 102 enabled by user Ul.
  • the message sending procedure between the server 101 and those 105 - 107 of the associated providers takes place in a protected mode, thanks to exclusive use of supplied code and an encrypted communication channel (eg. HTTPS, SSL) .
  • HTTPS HyperText Transfer Protocol
  • SSL Secure Sockets Layer
  • passwords stored within server 101 are encrypted in two different security levels, according to the specific indications configured by user Ul during the input step (decryptable encryption and not) .
  • user Ul may select a service offered option (safe Timing) according to which the above described service is active only for a predetermined time period of the day.
  • server 101 returns an OFFTIME string that alerts provider that service is temporarily unavailable according to user made configuration.
  • Stored passwords entered within server 101 may be supplied by sending an SMS directly from service center 100.
  • the user registered with the service may send anytime an SMS to a dedicated service center 100 number, specifying the password type he/she desires to receive: one-shot, time-shot or generic password within enabled service List (Fig. 6a) .
  • Server 101 identifies the number wherefrom the request is carried out and checks whether it belongs to one of the service registered users. If the check is successful, service center 100 sends the password by SMS to the user that made the request.
  • Password sending by SMS is possible only when a minimum or medium protection level is associated with the requested password type; if the protection level applied to the requested password is maximum, service center 100 does not perform sending any password.
  • the service center 100 does not follow up the request.
  • the service used with credit cards follows a procedure fully similar to the one described in case of use with a Service provider (hot mail) , except that in case of identification at server 101 of password PSWl, the server itself sends to requesting server the DBCs (card banking data), i.e. all information relative to the credit card associated therewith.
  • DBCs card banking data
  • Fig. 6b the List of enabled credit cards section (Fig. 6b) , inside that one can store credit card data one desires to use for on-line transactions using service center 100.
  • service center 100 Thereby, at the time that one is asked to input one's own credit card number in those sites in which it is possible to carry out payments by the Internet, one can use the service according to the invention indicating an access code ACCl, consisting of the username related to the service center service (for instance, USERNAMERU1) followed by one of the recorded passwords PSWn, for instance, a one-shot password PSWl' .
  • an access code ACCl consisting of the username related to the service center service (for instance, USERNAMERU1) followed by one of the recorded passwords PSWn, for instance, a one-shot password PSWl' .
  • user Ul may specify the following data: circuit to which the credit card belongs, card number, owner first and last name, date of expiration, security code, associated one-shot password list (selected within a list that contains all one-shot passwords available and previously stored within the one-shot List section) .
  • All credit cards contained within such section may be used in those sites that allow carrying out online transactions relying upon banking systems that have signed an agreement with service center 100.
  • Such aforementioned data can be recorded by the user by means of the computer 103 or, for instance, by sending one or more SMS to service center 100.
  • CC6 access code ACCl
  • user Ul decides to carry out payment using service center 100, user Ul will not enter any information in fields CCl, CC2, CC3, CC4, but will only indicate in field CC6 access code ACCl, for instance, USERNAMERUl*PSWl' .
  • the bank server 109 instead of controlling the password PSWl' entered in its own servers, sends (Fig. 1) a univocal identification code IUC and a verification request VRM to service center server 101.
  • Service center 100 and, particularly, server 101 checks sent string ACCl validity.
  • server 101 If sent string ACCl matches a user registered with the service, server 101, through the identification unequivocal received code IUC checks that the source banking institution server has signed an agreement with the service center and that the one- shot password forming the PSWl' is associated to a credit card previously recorded within the credit card List section.
  • the server 102 sends a confirmation to the requesting banking Institution server 109, transmitting all data related to the credit card (DBC) which are required to complete the transaction.
  • DBC credit card
  • server 101 disables it, (by deleting it or, for instance, marking it in such a way as to make it automatically invalid) .
  • the banking institution After the confirmation message by server 101 through sending DBCs, the banking institution carries out their identification. If the check is successful, user Ul can complete the payment procedure.
  • the data relating to the credit cards recorded in the enabled credit card List section can be supplied by sending an SMS directly to service center 100.
  • site 102 embodiments Detailed examples of site 102 embodiments.
  • Service offered by site 102 is designated in this example by the non-limiting name of Valpas box.
  • a field for entering the login to access the service consisting of configuration username*password (password valid only for Valpas box site)
  • One-shot password list (Fig. 4) password, status (available/already in use) , check box (for multiple selection) , properties (creation and storage date, use date) o Time-shot password list (Fig. 5) password, status (available/already in use) , Timing (stand-by/expires within/expired) check box (for multiple selection) , properties
  • New task Modify task, Delete task, Task On/Off
  • a button renders effective the effected configuration.
  • - Modify active in sections: one-shot password List, time-shot password List, enabled service List, enabled credit Card List
  • the old password and the new password require to be entered.
  • Only in one-shot password List, Time-shot password List sections it is further possible to assign it a new protection level (minimum-green, medium-orange, maximum-red) .
  • time-shot password the previously entered duration can be changed in the modification form.
  • a button renders effective the information entered.
  • Restore active in sections: one-shot password List, time-shot password List
  • Feature to reuse an already used (one-shot) or expired (time-shot) password a message alerts that it is not recommendable reusing an already used password and suggests an alternative one.
  • Send active in sections: one-shot password List, time-shot password List, enabled service List, enabled credit Card List
  • Feature to send by SMS a previously stored password with a low protection level (green) or medium (orange) and belonging to the selected list in the work area.
  • the password is sent to the number indicated during the login step to the Valpas box service.
  • the first N sendouts by SMS of the selected password are free: for the following ones payment is necessary.
  • the maximum protection level passwords red
  • a message asks for confirmation prior to perform the operation that is going to be performed. If the selection is confirmed, the system displays a specific password that has been previously stored with a medium security level and belonging to the selected list in the work area. A Close button performs the operation associated thereto.
  • Valpas box service Feature to add a new item to those that define the time intervals within which Valpas box service is available and accessible. By pressing this button one can select a day, a precise time interval or the parameters of an occurrence that define service activity duration. After specifying selected data a confirmation button makes entered information effective.
  • a higher security level can be provided for all those data that have been stored within the server 101 of service center 100 and entered by the user Ul via the site 102.
  • the service center 100 is the storehouse where all information desired to be made inaccessible and confidential is contained: this means that, in case of unauthorized access to the server, all the one-shot and time-shot passwords stored therein, all the data relating to the enabled services and credit cards recorded by the users using the Valpas box service may be viewed.
  • a protection of the data stored within the server 101 of the service center 100 is ensured by having recourse to a public key cryptography (USERNAMERU, which is one of the elements composing the string ACC) , not stored in any server, and to a private key owned by the service center 100: without the combined use of both public and private keys, any information entered in site 102 is not decryptable, and thus results to be unusable.
  • a public key cryptography (USERNAMERU, which is one of the elements composing the string ACC)
  • the information passage is carried out similarly to what has been described above, but it is made possible only due to the combined use of a public key and a private key, which allow the service center 100 to decode the data contained in the server 101 and then use them (for example, in the on-line-, credit card- services, etc.)
  • the use of the public key for the cryptography of the entered items is carried out upstream of the entire process carrying out the transmission of information between the service center 100 and enabled services, thus offering a real protection for all information entered within site 102.
  • the user Ul when the user Ul records via the site 102 a new one-shot or time-shot password, a new item in the enabled service List (username, password and provider associated thereto) or a credit card data, the user Ul will have to state his/her own USERN.AMERU, which is the public key allowing the service center 100 to decrypt the data contained in the server 101: upon record confirmation, the public key (USERNAMERU) is used by the server 101 of the service center 100 to encrypt the data entered by the user Ul and then store the latter within the server 101.
  • the information stored is completely unbreakable, because the public key (USERNAMERU) , is not stored in any database, if not in an unreadable format, and it is the only tool that makes the data entered via the site 102 usable.
  • the protection level (green, orange, red) at which the data are to be stored within the server 101 of the service center 100 is not required to be reported: all data entered via the site 102 (Valpas Box) are recorded at an individual protection level other than the three levels (green, orange, red) described above.
  • the new protection level is characterized by the possibility of being decrypted only using the public key that corresponds to the USERNAMERU, not stored within the server 101 of the service center 100, if not in an unreadable manner.
  • the user Ul when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o One-shot password o One-shot password confirmation o Comments relating to the new password entered, which will be used as a help for remembering it .
  • USERNAMERU Username Valpas Box
  • One-shot password o One-shot password confirmation
  • Comments relating to the new password entered which will be used as a help for remembering it .
  • time-shot password list section when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o Password time-shot o Time-shot password list o Comments relating to the new password entered, which will be used as a help for remembering it . o Validity duration of the entered password.
  • USERNAMERU Username Valpas Box
  • Password time-shot o
  • Time-shot password list o Comments relating to the new password entered, which will be used as a help for remembering it .
  • the user Ul when entering a new password, the user Ul will have to state, in a non-limiting and exemplary manner in this case: o Username Valpas Box (USERNAMERU) o Provider name o Service name o Service password o Comments relating to the new password entered, which will be used as a help for remembering it .
  • USERNAMERU Username Valpas Box
  • Provider name o Service name
  • Service password o Comments relating to the new password entered, which will be used as a help for remembering it .
  • the data stored in the server 101 of the service center 100 cannot be displayed at all by consulting the lists reported in the site 102 (One-shot password list, Time-shot password list, Enabled Service List and Recorded Credit Card List) .
  • the comments stored upon centering the new items can be consulted to remember the data that have been entered.
  • the service center 100 it is possible to know the one-shot passwords, time-shot passwords and other entered data only by SMS, by sending a specific request to the service center 100, including the Valpas Box username (USERNAMERU) , which identifies the public key with which the data stored in the server 101 of the service center 100 can be decrypted.
  • the password required is sent by SMS from the service center 100 to the enabled user Ul.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé rendant possible une connexion entre un premier utilisateur-processeur (104) et un second utilisateur-processeur (105), comprenant : enregistrement d'un ou plusieurs mots de passe associés à un utilisateur (U1) dans un processeur de gestion (101) ; envoi par l'utilisateur au second processeur (105) et via le premier processeur (104) d'un mot de passe sélectionné (PSW1) ; envoi par le second processeur (105 ; 109) et au processeur de gestion (101) d'une demande d'acceptation (VEM) comprenant le mot de passe sélectionné ; vérification par le processeur de gestion (101) du fait que le mot de passe sélectionné reçu (PSW1) est compris parmi un ou plusieurs mots de passe enregistrés ; désactivation du mot de passe sélectionné reçu parmi ledit ou lesdits mots de passe enregistrés ; envoi par le processeur de gestion et au second processeur (105) d'un message indiquant l'acceptation du mot de passe sélectionné.
PCT/IT2007/000197 2006-03-22 2007-03-19 Procede rendant possible la communication parmi des equipements de traitement Ceased WO2007108034A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITMI20060528 ITMI20060528A1 (it) 2006-03-22 2006-03-22 Metodo di abilitazione della comunicazione fra apparati elaboratori
ITMI2006A000528 2006-03-22

Publications (2)

Publication Number Publication Date
WO2007108034A2 true WO2007108034A2 (fr) 2007-09-27
WO2007108034A3 WO2007108034A3 (fr) 2007-11-22

Family

ID=38521170

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2007/000197 Ceased WO2007108034A2 (fr) 2006-03-22 2007-03-19 Procede rendant possible la communication parmi des equipements de traitement

Country Status (2)

Country Link
IT (1) ITMI20060528A1 (fr)
WO (1) WO2007108034A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8967371B2 (en) 2009-02-03 2015-03-03 Leslie Donald Dunn Stub shaft and bearing assembly and conveyor idler roller incorporating same

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7558964B2 (en) * 2005-09-13 2009-07-07 International Business Machines Corporation Cued one-time passwords

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8967371B2 (en) 2009-02-03 2015-03-03 Leslie Donald Dunn Stub shaft and bearing assembly and conveyor idler roller incorporating same

Also Published As

Publication number Publication date
WO2007108034A3 (fr) 2007-11-22
ITMI20060528A1 (it) 2007-09-23

Similar Documents

Publication Publication Date Title
US10614650B2 (en) System and method for managing distributed encrypted combination over-locks from a remote location
US8656180B2 (en) Token activation
US8555079B2 (en) Token management
US8972719B2 (en) Passcode restoration
US8713661B2 (en) Authentication service
JP5802137B2 (ja) 安全なプライベート・データ記憶装置を有する集中型の認証システム、および方法
JP4434738B2 (ja) ストアドバリューデータオブジェクト安全管理のシステムおよび方法ならびにそのシステム用ユーザ装置
US8839391B2 (en) Single token authentication
US10475115B2 (en) System and method for managing distributed encrypted combination over-locks from a remote location
US11232513B2 (en) System and method for securing and removing over-locks
US20120066757A1 (en) Accessing data based on authenticated user, provider and system
US20120066517A1 (en) Dispersed secure data storage and retrieval
EP1604257B1 (fr) Procede et systeme d'identification d'une personne autorisee au moyen de mots de passe a usage unique non previsibles
US9294918B2 (en) Method and system for secure remote login of a mobile device
US11416919B2 (en) System and method for retrieving an unlock code via electronic messaging
US12014294B2 (en) System and method for transmitting unlock codes based on event triggers
US20170154329A1 (en) Secure transaction system and virtual wallet
US12131373B2 (en) System and method for facilitating access to self-storage units
WO2007108034A2 (fr) Procede rendant possible la communication parmi des equipements de traitement
JP2005065035A (ja) Icカードを利用した代理者認証システム
WO2013085666A1 (fr) Gestion de jeton
JP2005084822A (ja) 不正利用通知方法、および不正利用通知プログラム
CN1997954A (zh) 保护电子交易
EP4307258A1 (fr) Système et procédé de génération et d'association aléatoire de codes de déverrouillage et d'identifiants de serrures
JP2007179214A (ja) ネットワークサービス匿名課金システム

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE