Secure authentication of a user using a mobile device
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/32
H04W-012/06
G06Q-020/02
G06Q-020/32
G06Q-020/38
G06Q-020/40
G06F-021/41
출원번호
US-0476886
(2012-05-21)
등록번호
US-9642005
(2017-05-02)
발명자
/ 주소
Fosmark, Klaus S.
Perry, Jr., William A.
출원인 / 주소
Nexiden, Inc.
인용정보
피인용 횟수 :
1인용 특허 :
26
초록▼
A computer-readable medium embodies a computer program for authenticating a user. The computer program comprises computer-readable program code for: generating a first message including an identifier for a session, sending the first message through an interface associated with the session, receiving
A computer-readable medium embodies a computer program for authenticating a user. The computer program comprises computer-readable program code for: generating a first message including an identifier for a session, sending the first message through an interface associated with the session, receiving a response message including the identifier for the session, a user identifier, and at least a portion encrypted using a private key associated with a mobile device associated with the user, and authenticating the user in response to identifying that the response message includes at least the portion encrypted using the private key associated with the mobile device.
대표청구항▼
1. A non-transitory computer-readable medium embodying a computer program for authenticating a user based on a mobile device by a server data processing system, the computer program comprising computer-readable program code for: generating, by the server data processing system, a first message inclu
1. A non-transitory computer-readable medium embodying a computer program for authenticating a user based on a mobile device by a server data processing system, the computer program comprising computer-readable program code for: generating, by the server data processing system, a first message including a first session identifier uniquely identifying a session established between the server data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device;sending the first message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system;in a first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving a response message including a second session identifier, a user identifier, and a digital signature based on a private key of the mobile device associated with the user, the response message being received through an interface that is separate from the user data processing system; matching the first session identifier and the second session identifier; and identifying that the response message includes the digital signature based on the private key of the mobile device; andin a second authentication mode that is different than the first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving, from the user data processing system through the session, an authentication code generated by the mobile device. 2. The computer-readable medium of claim 1, the computer program further comprising computer-readable program code for: encoding the first message into an optically-scannable image. 3. The computer-readable medium of claim 2, wherein the session is a web session on a website and the optically-scannable image is presented on a login web page of the website as the physical interface of the user data processing system. 4. The computer-readable medium of claim 1, wherein the first message is sent using one of: a near field communications (NFC) link and a limited distance point-to-point radio. 5. The computer-readable medium of claim 1, wherein the computer-readable program code for authenticating the user for the session comprises computer-readable program code for: sending, using the server data processing system associated with a third party, an approval message to a data processing system associated with an entity, wherein the response message is received by the server data processing system associated with the third party. 6. The computer-readable medium of claim 1, wherein the first message is transmitted as audio. 7. The computer-readable medium of claim 1, wherein the computer-readable program code for authenticating the user for the session comprises computer-readable program code for: determining whether the response message was received within a threshold amount of time since the first message was generated; andauthenticating the user for the session in response to determining that the response message was received within the threshold amount of time. 8. The computer-readable medium of claim 1, the computer program further comprising computer-readable program code for: identifying when a period of time has lapsed since the first message was generated;generating a second message including a third session identifier for the session in response to identifying that the period of time has lapsed; andsending the second message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system. 9. The computer-readable medium of claim 1, the computer program further comprising computer-readable program code for registering, before generating and sending the first message, a public key associated with the mobile device; wherein the computer-readable program code for authenticating the user for the session in response to identifying that the response message includes the digital signature based on the private key of the mobile device comprises computer-readable program code for authenticating the user for the session in response to identifying that the digital signature is validated with the registered public key associated with the mobile device. 10. The computer-readable medium of claim 9, further comprising computer-readable program code for using the user identifier to identify the registered public key associated with the mobile device. 11. The computer-readable medium of claim 1, wherein the authentication code is generated and sent, by the server data processing system, in a second message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system. 12. The computer-readable medium of claim 11, wherein the authentication message is encrypted with a public key associated with the mobile device. 13. A non-transitory computer-readable medium embodying a computer program for facilitating authentication of a user by a mobile device, the computer program comprising computer-readable program code for: receiving, by the mobile device, through a physical interface associated with a session, a first message including a session identifier uniquely identifying the session, the session established between a server data processing system and a user data processing system, the user data processing system including the physical interface, the user data processing system separate from the mobile device;in a first authentication mode, facilitating, by the mobile device, authentication of the user for the session identified by the unique session identifier based on generating, by the mobile device, a response message including the unique session identifier, a user identifier, and a digital signature based on a private key of the mobile device associated with the user; and sending, by the mobile device, the response message through an interface separate from the user data processing system to a specified party to request authentication of the user for the session that is on the user data processing system and identified by the unique session identifier; andin a second authentication mode that is different than the first authentication mode, facilitating, by the mobile device, authentication of the user for the session identified by the unique session identifier based on displaying, by the mobile device, an authentication code for entry of the authentication code into the user data processing system through the session, the entry of which via the user data processing system through the session requests authentication of the user for the session identified by the unique session identifier. 14. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for: identifying the first message from an optically-scannable image. 15. The computer-readable medium of claim 14, wherein the session is a web session on a website and the optically-scannable image is presented on a login web page of the website as the physical interface of the user data processing system. 16. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for receiving the first message using one of: a near field communications (NFC) link and a limited distance point-to-point radio. 17. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for: requesting an input from the user to verify that the user is an authorized user of the mobile device. 18. The computer-readable medium of claim 17, wherein the input is at least one of a personal identification number, a password, a biometric input, a predefined gesture on a touch screen of the mobile device, and a predefined pattern of movement of the mobile device. 19. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for: displaying a list of user identifiers for the user in response to identifying that the user has more than one user identifier for authentication; andreceiving a selection of the user identifier to be included in the response message. 20. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for: displaying a request for confirmation of the request for the authentication of the user for the session,wherein sending the response message to request authentication of the user for the session is performed in response to receiving a user input comprising the confirmation. 21. The computer-readable medium of claim 13, wherein the response message is encrypted using a public key associated with the specified party. 22. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for identifying the first message from audio received by the mobile device. 23. A non-transitory computer-readable medium embodying a computer program for facilitating authentication of a user based on a mobile device by a third party data processing system, the computer program comprising computer-readable program code for: receiving, by the third party data processing system, a request for authentication from an entity data processing system associated with an entity, the entity associated with a first session identifier uniquely identifying a session established between the entity data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device;in a first authentication mode, facilitating, by the third party data processing system, authentication of the user for the session based on receiving, from the mobile device, a message including a second session identifier, a user identifier, and a digital signature based on a private key of the mobile device; and in response to matching the first session identifier received from the mobile device with the second session identifier associated with the entity, sending a response message to the entity data processing system associated with the entity; andin a second authentication mode that is different than the first authentication mode, facilitating, by the third party data processing system, authentication of the user for the session based on receiving, from the entity data processing system via the user data processing system through the session, an authentication code generated by the mobile device; and sending a response message to the entity data processing system associated with the entity. 24. The computer-readable medium of claim 23, wherein the request for authentication received from the entity data processing system includes the first session identifier associated with the entity. 25. The computer-readable medium of claim 23, the computer program further comprising computer-readable program code for sending the first session identifier associated with the entity to the entity data processing system in response to receiving the request for authentication. 26. A server data processing system for authenticating a user based on a mobile device, the server data processing system comprising: at least one memory configured to store program code;at least one communication unit; andat least one processor configured to execute the program code to cause the data processing system to: generate a first message including a first session identifier uniquely identifying a session established between the server data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device;send, via the at least one communication unit, the first message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system;in a first authentication mode, authenticate the user for the session based on receipt, via the at least one communication unit, of a response message including a second session identifier, a user identifier, and a digital signature based on a private key of a mobile device associated with the user, the response message being received through an interface that is separate from the user data processing system; the first session identifier and the second session identifier matching; and identification that the response message includes the digital signature based on the private key of the mobile device; andin a second authentication mode that is different than the first authentication mode, authenticate the user for the session based on receipt, from the user data processing system through the session, an authentication code generated by the mobile device. 27. The server data processing system of claim 26, wherein the at least one processor is further configured to execute the program code to cause the server data processing system to encode the first message into an optically-scannable image.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (26)
Adams, Neil Patrick, Assignment and distribution of access credentials to mobile communication devices.
Pyle, Harry S.; Lieberman, Bruce Louis; Simon, Daniel R.; Simonnet, Guillaume; Dollar, William, Establishing secure mutual trust using an insecure password.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.