Process of authentication for an access to a web site

摘要

A Process of reinforced authentication based on data collection of hardware components contained in a system having steps of enrolment authentication. A web site is connected to and a web page received. A list of hardware components is detected and collected. A subset of the list constituting digital information of reference (DDNA) is generated by a hash operation applied to the raw data. The DDNA is used with a received seed of an authentication server to generate a unique use password (OTP).

主权项

1. A method of authentication based on the data collection representative of hardware components contained in a user system, for a data processing system (I.H.S.) of a user, said user system communicating with a web site and an authentication server, said method comprising the following steps:
requesting connection by said user system to said web site via a software browser; receiving by said user system of a web page and an executable code via said software browser in response to said connection; requesting connection by said user system via said software browser to said authentication server in order to request the authentication parameters serving for the generation of a one-time password (OTP); transmitting from said authentication server of information representative of a list of the types of eligible hardware components for the calculation of digital information of reference, digital DNA (DDNA) to said user system; requesting by said user system a challenge from said authentication server; generating to said user system from said authentication server a first challenge; transmitting by said user system authentication information to said authentication server, said information comprises:
a LOGIN of the user;a hash of a PIN code of the user;an identifier of the first received challenge; checking by said authentication server of said authentication information transmitted by said user system; in the event of success of said verification, requesting by said user system of the description and the DDNA stored on said authentication server, said DDNA being associated with hardwares to be present in the user system; transmitting to said user system by said authentication server of the description and the type of DDNA stored on said server; determining by said user system, a list of hardwares to be tested on said user system; for each hardware component corresponding to said list, achieve the following steps;
transmission of a request for challenge to said authentication server;reception of a challenge of said authentication server;transmission of a response including:
an identifier of connection (login) associated to the connection to the web site;a fingerprint based on said DDNA of a tested hardware component;a hash; checking authentication elements by the authentication server and transmission of a response to said user system comprising an identifier of session (sessionID2); transmitting by the user system of a request for passport associated to said sessionID2; transmitting by said authentication server of the passport in an encrypted form; decoding by said user system of said passport and access to said web site.