User Authentication Using Two Independent Security Elements

Simple SummaryContent extracted from patent full text and abstract with AI.

This patent describes a secure method for user authentication on mobile devices (such as smartphones) by using two independent security elements: one tied to the device's operating system and another tied to the application itself. When an app requests authentication, the operating system verifies the user (e.g., via a biometric or PIN), then a cryptographic challenge-response exchange occurs between the two security elements to confirm successful authentication. Only after this two-step process does the application accept the authentication as valid. This setup strengthens security by ensuring both device-level and application-level authentication with independent control and cryptographic checks.

Use CasesContent extracted from patent full text and abstract with AI.

• Authenticating users for mobile banking or financial apps, where strong security is required.
• Verifying user identity for accessing sensitive healthcare records or services from a mobile device.
• Securing digital IDs or eID applications on smartphones, such as digital driver's licenses or passports.
• Authorizing high-security business or enterprise apps requiring strong user and device verification.
• Enabling secure mobile payments and transactions needing multi-layer authentication.
• Protecting access to confidential corporate resources via mobile devices in BYOD (Bring Your Own Device) environments.

BenefitsContent extracted from patent full text and abstract with AI.

• Enhanced security by requiring successful authentication from two independent elements, reducing risks from compromised hardware or applications.
• Supports secure and flexible authentication for a wide range of applications, including those outside the device manufacturer's control.
• Enables strong separation of security domains between device OS and app, limiting the effect of a security breach in one domain.
• Facilitates compliance with strict regulatory requirements for digital ID, eIDAS, financial services, and healthcare data.
• Supports different authentication factors (biometrics, PINs, etc.) and cryptographic protocols, adaptable to various security needs.
• Can be extended to remote (cloud-based) security elements, allowing additional deployment flexibility and security.
• Allows application developers to leverage built-in device authentication securely, while maintaining their own cryptographic protection.

Technical Classifications (CPCs)

Inventors & Applicants

Patent Abstract

The invention relates to a process for authenticating a user to an application program (108) installed on a mobile terminal (100). The terminal (100) comprises a first security element (110), which is associated with an operating system (106), and a second security element (112), which is independent of the first security element (110) and is associated with the application program (108). The process comprises the following: • upon an authentication request of the application program (108), the operating system (106) authenticates the user by means of an authentication sensor (118) of the terminal (100) and the first security element (110), • a challenge-response process between the first security element (110) and the second security element (112) is executed, a successful execution of the challenge-response process confirming a successful authentication of the user by the operating system (106), • upon a successful execution of the challenge-response process, the successful authentication of the user to the application program (108) is confirmed by the second security element (112).