Terminal for strong authentication of a user
Abstract
A method for negotiating reciprocal access to secured data in a computing terminal comprising authenticating, by an application in the computing terminal, the first party by means of transmitting authentication data read on the computing terminal to an application server of the computing terminal configured to store data in the computing terminal, authenticating, by the application, the second party, accepting, by the second party, a negotiation request, defining and sending, by the second party, proposed conditions of access to the secured data, negotiating and accepting, by the first party and the second party, the conditions for access to the secured data, and creating, by the application server, a negotiated digital certificate for the first party and a negotiated digital certificate for the second party, wherein each of the negotiated digital certificates is encrypted with a public key, wherein the public key is configured to control access to the secured data.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for negotiating reciprocal access to secured data in a computing terminal between a first party and a second party, the method comprising:
authenticating, by an application in the computing terminal, the first party by means of transmitting authentication data read on the computing terminal to an application server of the computing terminal, the application server configured to store data in the computing terminal; authenticating, by the application, the second party; accepting, by the second party, a negotiation request; defining and sending, by the second party, proposed conditions of access to the secured data; negotiating and accepting, by the first party and the second party, the conditions for access to the secured data, wherein the acceptance is signed and transmitted to the application server; and creating, by the application server, a negotiated digital certificate for the first party and a negotiated digital certificate for the second party, wherein each of the negotiated digital certificates is encrypted with a public key, wherein the public key is configured to control access to the secured data.
2 . The method of claim 1 , wherein the first party is a proprietary entity and the second party is a user.
3 . The method of claim 1 , wherein the first party is a user and the second party is a proprietary entity.
4 . The method of claim 1 , further comprising authenticating, by the application in the computing terminal, the second party by means of a geolocation signal.
5 . The method of claim 1 , further comprising proposing, by the second party, a cryptographic protocol for transmission of the secured data.
6 . The method of claim 1 , wherein the public key is configured to provide information identifying the first party.
7 . The method of claim 1 , wherein the computing terminal is configured to erase stored data of the first party at the end of a terminal utilization session so as to allow the computing terminal to be used successively by multiple parties without allowing access to personal data to the multiple parties.
8 . The method of claim 7 , wherein the computing terminal further comprises:
a reader for reading the first party's authentication parameters; a receiver for receiving the geolocation signal; and a processor configured to (i) extract date and time information from the geolocation signal received by the receiver, (ii) generate the encrypted authentication data including the authentication parameters, the extracted date and the time, and (iii) control the real-time transmission of the encrypted authentication data via the communication interface to the network server for the authentication of a party.
9 . The method of claim 8 , wherein a database of the application server has a plurality of symmetrical encryption keys configured to store encrypted secured data therein.
10 . The method of claim 8 , wherein the reader of the authentication parameters is one of a fingerprint reader, a retinal reader, and a keyboard configured to receive a personal identification.
11 . The method of claim 1 , wherein the application server is further configured to generate for the first party a private digital certificate and a public digital certificate.
12 . The method of claim 1 , wherein the authentication data comprises biometrical data.
13 . The method of claim 1 , wherein the computing terminal further comprises a hardware symmetrical encryption key configured to broadcast the secured data to the second party.
14 . A method for providing access to a user's private digital certificate in a computing terminal, the method comprising:
launching, by the user, an application at the computing terminal; detecting, by the computing terminal, the presence of an authentication terminal, the authentication terminal configured to enable strong authentication of the user; reading, by the authentication terminal, authentication information entered by the user; transmitting, by the authentication terminal, the read authentication information to the computing terminal, the read authentication information encrypted with a first symmetrical encryption key; transmitting, by the computing terminal, the encrypted authentication information to an application server of the computing terminal, the application server configured to store data in the computing terminal; generating, by the application server, a private digital certificate and a public digital certificate for the user; and comparing, by the application server, the encrypted read authentication information with an authentication reference stored in the computing terminal, the authenticated reference associated with a second symmetrical encryption key configured to encrypt the private digital certificate.
15 . The method of claim 14 , wherein the authentication data comprises biometrical data.
16 . The method of claim 14 , further comprising transmitting the read authentication information to the computing terminal by means of the first symmetrical encryption key.
17 . The method of claim 14 , further comprising:
storing, by the application server, the private digital certificate for decryption by means of the second symmetrical encryption key; storing, by the application server, the first symmetrical encryption key; mounting, by a memory in the application server, values contained in the private digital certificate; and loading, by the memory, a pair of asymmetrical encryption keys to enable encryption or decryption of a negotiated digital certificate for the secured data.
18 . The method of claim 14 , wherein the computing terminal further comprises:
a reader for reading the user's authentication parameters; a receiver for receiving the geolocation signal; and a processor configured to (i) extract date and time information from the geolocation signal received by the receiver, (ii) generate the encrypted authentication data including the authentication parameters, the extracted date and the time, and (iii) control the real-time transmission of the encrypted authentication data via the communication interface to the network server for the authentication of the user.
19 . The method of claim 18 , wherein the reader of the authentication parameters is one or more of a fingerprint reader, a retinal reader, and a keyboard configured to receive a personal identification.Join the waitlist — get patent alerts
Track US2016112417A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.