| 摘要 |
A computer, such as a Windows-based PC (10), has associated with it a Subscriber Identity Module (or SIM) (12), such as of the type used in a GSM cellular telephone system. The SIM (12) can be authenticated by the telephone network (16), in the same way as for authenticating SIMs of telephone handset users in the network, and can in this way authenticate the user of the PC (10) or the PC (10) itself. Such authentication can, for example, permit use of the PC (10) in relation to a particular application (22) which is released to the PC (10) after the authentication is satisfactorily completed. The application may be released to the PC (10) by a third party after and in response to the satisfactory completion of the authentication process. A charge for the session can be debited to the user by the telecommunications network and then passed on to the third party. |
| 主权项 |
1. A method for utilizing an authentication service provided for a telecommunications system to carry out an authentication process for authenticating a transaction with an entity by one of a plurality of users operating a data processing apparatus that is communicatively coupled to the telecommunications system, the method comprising:
storing, by the authentication service, for each user of the plurality of users, on a data store accessible by the authentication service, a respective predetermined authentication information of the user; wherein the stored respective predetermined authentication information for each user corresponds to respective actual authenticating information of an identification mechanism registered with the telecommunications system in association with a telecommunications terminal of the user; establishing a communication between a transaction manager implemented by the data processing apparatus and an application service provided by the entity; initiating, by the data processing apparatus, a desired transaction with the entity for a first user operating the data processing apparatus; transmitting, by the transaction manager of the data processing apparatus, data related to the desired transaction from the data processing apparatus to the application service; receiving, by the application service, the data related to the desired transaction transmitted from the data processing apparatus; generating, by the application service, based on the received data related to the desired transaction, transaction data relating to the desired transaction; creating a connection between the application service and the authentication service via a common network; transmitting, by the application service, the generated transaction data to the authentication service; receiving a request for authentication of the desired transaction for the first user; receiving, by the transaction manager of the data processing apparatus, an indication of the respective actual authenticating information of the identification mechanism associated with the telecommunications terminal of the first user; transmitting, by the transaction manager of the data processing apparatus, to the authentication service, the received indication of the respective actual authenticating information of the identification mechanism associated with the telecommunications terminal of the first user; wherein transmitting the received indication of the respective actual authenticating information of the identification mechanism associated with the telecommunications terminal of the first user to the authentication service does not require use of the telecommunications terminal of the first user; receiving, by the authentication service, the transmitted indication of the respective actual authenticating information of the identification mechanism associated with the telecommunications terminal of the first user; determining, by the authentication service, whether there is a match between the respective predetermined authentication information of the first user stored in the data store and the respective actual authenticating information of the identification mechanism associated with the telecommunications terminal of the first user; based on a determination, by the authentication service, that there is a match between the respective predetermined authentication information of the first user stored in the data store and the respective actual authenticating information of the identification mechanism associated with the telecommunications terminal of the first user, transmitting a communication of the match to the transaction manager of the data processing apparatus; receiving, by the transaction manager of the data processing apparatus, the transmitted communication of the match from the authentication service; and completing, by the transaction manager of the data processing apparatus, the desired transaction for the first user with the entity via the data processing apparatus. |
