1. Field of the Invention The present invention relates to a server for authenticating a user of a terminal for accessing a service delivered by a service provider via an agent by dynamically selecting an authentication procedure via a telecommunication network. To be more precise, the authentication procedure corresponds to an authentication selected as a function of at least one service provider, the terminal, the network and an authentication security level.
2. Description of the Prior Art
The many existing authentication systems differ in terms of their security levels and authentication procedures. Standard authentication by means of an identifier (also known as a login) and a password is static, that is to say the same identifier and password are transmitted over the network for successive authentications. This authentication may suffer from piracy of the password and thereby offer a low level of authentication security.
Authentication by “random number (challenge)/response” is dynamic. It is based on a principle of one-time password (OTP). There is then no point in entering a password as the password cannot be used again. When a user wishes to be authenticated by a server, the server generates a “random number”, called as challenge, and sends it to the terminal of the user. The user enters the password and applies it by means of encryption and hashing algorithms. The terminal of the user transmits the OTP to the server, which then has the information necessary for authenticating the user.
Authentication based on certificates is also dynamic and uses asymmetrical public key cryptographic algorithms. A certificate comprises a user identity, a public key and a private key that are certified by a certification authority. The private key is kept secret by the user and stored in the terminal of the user. A password entered or spoken, a biometric imprint or a confidential code may be necessary to activate the private key. In practice, after activation of the private key, a server transmits a challenge to the user terminal. The user terminal signs the challenge with the user's corresponding private key and transmits it to the server. The server then authenticates the user using the user's public key. For example, authentication by electronic signature is based on certificates.
As authentication, procedures are generally complex and constraining to put into place, a service provider agent can provide, in a transparent way, user authentication procedures on behalf of his clients, known as “providers”. For example, a provider offering a real time information service on the internet uses an agent to manage all aspects of the user authentication procedure. The authentication procedures of the agent are generally identical throughout the network for all providers that are clients of the agent. Moreover, a provider cannot easily modify the authentication procedure of his choice as a function of the combination of the terminal (mobile, PC, TV, PDA) and the telecommunication network (GPRS, internet) used by users.