US2016112417A1PendingUtilityA1

Terminal for strong authentication of a user

Assignee: ATTIA JONATHANPriority: Apr 21, 2008Filed: Jun 25, 2015Published: Apr 21, 2016
Est. expiryApr 21, 2028(~1.8 yrs left)· nominal 20-yr term from priority
H04L 63/0435H04L 63/062H04L 63/0823H04L 63/0876H04L 63/0861H04L 63/08H04L 63/083H04W 12/63H04L 9/321H04L 9/3263H04L 9/3231H04L 2463/082H04L 2209/601H04W 12/06H04L 9/3297H04L 2209/80H04W 12/61
36
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method for negotiating reciprocal access to secured data in a computing terminal comprising authenticating, by an application in the computing terminal, the first party by means of transmitting authentication data read on the computing terminal to an application server of the computing terminal configured to store data in the computing terminal, authenticating, by the application, the second party, accepting, by the second party, a negotiation request, defining and sending, by the second party, proposed conditions of access to the secured data, negotiating and accepting, by the first party and the second party, the conditions for access to the secured data, and creating, by the application server, a negotiated digital certificate for the first party and a negotiated digital certificate for the second party, wherein each of the negotiated digital certificates is encrypted with a public key, wherein the public key is configured to control access to the secured data.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for negotiating reciprocal access to secured data in a computing terminal between a first party and a second party, the method comprising:
 authenticating, by an application in the computing terminal, the first party by means of transmitting authentication data read on the computing terminal to an application server of the computing terminal, the application server configured to store data in the computing terminal;   authenticating, by the application, the second party;   accepting, by the second party, a negotiation request;   defining and sending, by the second party, proposed conditions of access to the secured data;   negotiating and accepting, by the first party and the second party, the conditions for access to the secured data, wherein the acceptance is signed and transmitted to the application server; and   creating, by the application server, a negotiated digital certificate for the first party and a negotiated digital certificate for the second party, wherein each of the negotiated digital certificates is encrypted with a public key, wherein the public key is configured to control access to the secured data.   
     
     
         2 . The method of  claim 1 , wherein the first party is a proprietary entity and the second party is a user. 
     
     
         3 . The method of  claim 1 , wherein the first party is a user and the second party is a proprietary entity. 
     
     
         4 . The method of  claim 1 , further comprising authenticating, by the application in the computing terminal, the second party by means of a geolocation signal. 
     
     
         5 . The method of  claim 1 , further comprising proposing, by the second party, a cryptographic protocol for transmission of the secured data. 
     
     
         6 . The method of  claim 1 , wherein the public key is configured to provide information identifying the first party. 
     
     
         7 . The method of  claim 1 , wherein the computing terminal is configured to erase stored data of the first party at the end of a terminal utilization session so as to allow the computing terminal to be used successively by multiple parties without allowing access to personal data to the multiple parties. 
     
     
         8 . The method of  claim 7 , wherein the computing terminal further comprises:
 a reader for reading the first party's authentication parameters;   a receiver for receiving the geolocation signal; and   a processor configured to (i) extract date and time information from the geolocation signal received by the receiver, (ii) generate the encrypted authentication data including the authentication parameters, the extracted date and the time, and (iii) control the real-time transmission of the encrypted authentication data via the communication interface to the network server for the authentication of a party.   
     
     
         9 . The method of  claim 8 , wherein a database of the application server has a plurality of symmetrical encryption keys configured to store encrypted secured data therein. 
     
     
         10 . The method of  claim 8 , wherein the reader of the authentication parameters is one of a fingerprint reader, a retinal reader, and a keyboard configured to receive a personal identification. 
     
     
         11 . The method of  claim 1 , wherein the application server is further configured to generate for the first party a private digital certificate and a public digital certificate. 
     
     
         12 . The method of  claim 1 , wherein the authentication data comprises biometrical data. 
     
     
         13 . The method of  claim 1 , wherein the computing terminal further comprises a hardware symmetrical encryption key configured to broadcast the secured data to the second party. 
     
     
         14 . A method for providing access to a user's private digital certificate in a computing terminal, the method comprising:
 launching, by the user, an application at the computing terminal;   detecting, by the computing terminal, the presence of an authentication terminal, the authentication terminal configured to enable strong authentication of the user;   reading, by the authentication terminal, authentication information entered by the user;   transmitting, by the authentication terminal, the read authentication information to the computing terminal, the read authentication information encrypted with a first symmetrical encryption key;   transmitting, by the computing terminal, the encrypted authentication information to an application server of the computing terminal, the application server configured to store data in the computing terminal;   generating, by the application server, a private digital certificate and a public digital certificate for the user; and   comparing, by the application server, the encrypted read authentication information with an authentication reference stored in the computing terminal, the authenticated reference associated with a second symmetrical encryption key configured to encrypt the private digital certificate.   
     
     
         15 . The method of  claim 14 , wherein the authentication data comprises biometrical data. 
     
     
         16 . The method of  claim 14 , further comprising transmitting the read authentication information to the computing terminal by means of the first symmetrical encryption key. 
     
     
         17 . The method of  claim 14 , further comprising:
 storing, by the application server, the private digital certificate for decryption by means of the second symmetrical encryption key;   storing, by the application server, the first symmetrical encryption key;   mounting, by a memory in the application server, values contained in the private digital certificate; and   loading, by the memory, a pair of asymmetrical encryption keys to enable encryption or decryption of a negotiated digital certificate for the secured data.   
     
     
         18 . The method of  claim 14 , wherein the computing terminal further comprises:
 a reader for reading the user's authentication parameters;   a receiver for receiving the geolocation signal; and   a processor configured to (i) extract date and time information from the geolocation signal received by the receiver, (ii) generate the encrypted authentication data including the authentication parameters, the extracted date and the time, and (iii) control the real-time transmission of the encrypted authentication data via the communication interface to the network server for the authentication of the user.   
     
     
         19 . The method of  claim 18 , wherein the reader of the authentication parameters is one or more of a fingerprint reader, a retinal reader, and a keyboard configured to receive a personal identification.

Join the waitlist — get patent alerts

Track US2016112417A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.