SYSTEM AND METHOD FOR AUTHENTICATING A USER

摘要

A method for a user authentication implementing a first server connected to a public network, and a second server connected to the first server but not connected to the public network, this method comprising a step of enrolment comprising: receiving by the first server an reference identifier and of a reference password, and transmitting this information to the second server, loading a security parameter by the second server, and calculating a first cryptogram by a one-way function Hash on the reference identifier, the reference password, and the security parameter, encrypting at least the reference identifier and the password by using an asymmetrical encryption method, and storing the encrypted data by the second server, returning the first cryptogram to the first server and storing said cryptogram by the first server, and a verification step of an user comprising: receiving by the first server of the current identifier and of the current password, and transmission of said information to the second server, calculating a second cryptogram by the one-way function Hash on the current identifier, the current password, and the security parameter by the second server, returning the second cryptogram to the first server and verification that the first cryptogram is included in the database, if not, generating an error message.

主权项

1. A method for user authentication performed by a first server connected to a public network and a second server, connected to the first server but not connected to the public network, the method comprising:
an enrolment step comprising:
receiving by the first server a reference identifier and a reference password;transmitting the reference identifier and the reference password to the second server;loading a security parameter by the second server;calculating a first reference cryptogram by a one-way function on the reference identifier, the reference password, and the security parameter by the second server; andreturning the first reference cryptogram to the first server and storing said reference cryptogram in the first server; and a verification step of a user comprising: receiving by the first server the current identifier and the current password; transmitting the current identifier and the current password to the second server; calculating a second cryptogram by the one-way function on the current identifier, the current password and the security parameter by the second server; and returning the second cryptogram to the first server, performing a verification that the second cryptogram is included in the database of the first server, and generating an error message if the second cryptogram is not included in the database of the first server.