Method for authentication and signature of a user in an application service, using a mobile telephone as a second factor in addition to and independently of a first factor

摘要

The invention relates to a method for the two-factor authentication of a user in an application service running on an application server. The first authentication factor is a PIN authentication code known only by the user and the application service, and the second authentication factor is the mobile communication terminal of the user on which is installed a reliability application obtained from a reliable third party or certified by the same. The reliability application is capable of generating, using the PIN authentication code and a secret key shared only with the reliable third party, a single use authentication code for each authentication of the user in the application service.

主权项

1. A method for the two-factor authentication of a user with an application service executed on an application server, wherein the first authentication factor is a personal identification number (“PIN”) authentication code known only to the user and the application service, and the second authentication factor is a mobile communication terminal of the user on which is installed a reliability application obtained from a reliable third party or certified by the reliable third party, said reliability application generating, using said PIN authentication code and a secret key shared only with the reliable third party, a single-use authentication code for each authentication of the user with the application service, wherein the authentication of the user with the application service comprises the following steps:
following the entry of the PIN authentication code by the user, generating the single-use authentication code by means of the reliability application installed on the mobile communication terminal of the user using the PIN authentication code and the secret key shared only with the reliable third party; communicating the single-use authentication code obtained to the application service; transmitting by the application service of the single-use authentication code in a reduced form to the reliable third party; verifying the single-use authentication code by the reliable third party; notifying of the result of the authentication by the reliable third party to the application service; wherein the method further comprises, prior to the authentication of the user, registering the user with the server of the reliable third party, said registration comprising the steps of: registering the user with the server of the reliable third party; downloading and installing the reliability application in the mobile communication terminal; activating said reliability application in order to make said reliability application functional for subsequent operations of authentication of the user with the application server, wherein the registration phases up to the activation of the user with the reliable third party are performed via the application service and comprise the following steps: the user declaring a mobile number of the mobile communication terminal of the user to the application service; requesting by the application service the registration of the user with the reliable third party by communicating to the reliable third party the mobile number of the user; allocating an authenticity code to the user by the reliable third party followed by a step of sending the authenticity code to the application service; communicating the authenticity code to the user by the application service; sending by the reliable third party of a Short Message Service (“SMS”) message to the user, said SMS message containing parameters for loading and installing the reliability application on the mobile communication terminal; loading and installing the reliability application on the mobile communication terminal of the user; activating the reliability application after verification of the authenticity code; generating the secret key by the reliability application; transmitting securely the secret key and of said parameters to the server of the reliable third party; verifying the secret key and the parameters received by the reliable third party and initializing of the registration of the user; sending by the reliable third party of a message of confirmation of the activation to the reliability application, wherein the activation of the reliability application is executed at the time of the first execution of the reliability application and comprises the following steps: displaying of the authenticity code on the screen of the mobile communication terminal for verification by the user of conformity thereof with the authenticity code displayed during the mobile communication terminal registration step; in response to receiving by the mobile communication terminal a confirmation by the user of agreement of the authenticity code displayed with the authenticity code expected; generating the secret key by the reliability application; constructing a message, from a withdrawal identifier, of the secret key and the authenticity code; enciphering of said message by means of the public key of the reliable third party; positioning to zero of a single counter of single-use passwords of the mobile communication terminal; transmitting the message that is enciphered to the server of the reliable third party; in response to the reception of the message by the server of the reliable third party, deciphering of said enciphered message, using a private key of the reliable third party, so that to extract the secret key generated in the mobile communication terminal and to share the secret key between the reliability application and the server of the reliable third party; verifying the authenticity code extracted from the deciphered message; positioning to zero of a counter for the single-use passwords at the server of the reliable third party; transmitting to the mobile communication terminal of a message of correct completion of the activation of the reliability application.