Systems and methods for maintaining split knowledge of web-based accounts
First Claim
1. A computerized method of enabling multi-factor authentication for a web-based account, the method comprising:
- providing a first computing device accessible to a first user and configured with Internet access, a second computing device accessible to the first user, and a backend system accessible to a second user, the backend system in communication with the second computing device via a secure communication network, the backend system having a time-based one-time password (TOTP) token generator and an application programming interface;
creating, by the first user, a web-based account having account details including a username and an account password;
requesting, by the first user, via the first computing device, to enable multi-factor authentication for the web-based account;
displaying, for the first user, via the first computing device, a multi-factor authentication initiation screen including secret information and at least one data field for entering at least one TOTP token;
capturing, by the second computing device, the secret information in memory;
transmitting, by the second computing device, the secret information over the secure communication network to the backend system via the application programming interface;
generating, by the second user, using the TOTP token generator, the at least one TOTP token;
transmitting, by the second user, via the application programming interface, the at least one TOTP token to the second computing device, the second computing device displaying the at least one TOTP token on a token screen;
entering, by the first user, via the multi-factor authentication initiation screen, the at least one TOTP token into a corresponding data field of the at least one data field; and
receiving, by the first computing device, from the web-based account, validation of the at least one TOTP token,wherein only the first user has access to the account password and only the second user has access to the TOTP token generator.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for enabling multi-factor authentication for a web-based account. A first computing device and a second computing device are accessible to a first user. A backend system is accessible to a second user. The backend system communicates with the second computing device via a secure communication network. The first user creates a web-based account and receives a MFA initiation screen including secret information and a field for entering at least one TOTP token. The backend system has a TOTP token generator. The second computing device captures the secret information and transmits it to the backend system. The second user generates at least one TOTP token using the backend system and transmits the at least one TOTP token to the second computing device. The first user enters the at least one TOTP token into the first computing device. The account can then be validated and MFA enabled.
-
Citations
19 Claims
-
1. A computerized method of enabling multi-factor authentication for a web-based account, the method comprising:
-
providing a first computing device accessible to a first user and configured with Internet access, a second computing device accessible to the first user, and a backend system accessible to a second user, the backend system in communication with the second computing device via a secure communication network, the backend system having a time-based one-time password (TOTP) token generator and an application programming interface; creating, by the first user, a web-based account having account details including a username and an account password; requesting, by the first user, via the first computing device, to enable multi-factor authentication for the web-based account; displaying, for the first user, via the first computing device, a multi-factor authentication initiation screen including secret information and at least one data field for entering at least one TOTP token; capturing, by the second computing device, the secret information in memory; transmitting, by the second computing device, the secret information over the secure communication network to the backend system via the application programming interface; generating, by the second user, using the TOTP token generator, the at least one TOTP token; transmitting, by the second user, via the application programming interface, the at least one TOTP token to the second computing device, the second computing device displaying the at least one TOTP token on a token screen; entering, by the first user, via the multi-factor authentication initiation screen, the at least one TOTP token into a corresponding data field of the at least one data field; and receiving, by the first computing device, from the web-based account, validation of the at least one TOTP token, wherein only the first user has access to the account password and only the second user has access to the TOTP token generator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A TOTP enterprise management system comprising:
-
a first computing device accessible to a first user and configured with Internet access, the first computing device configured to (i) create a web-based account having account details including a username and an account password, the web-based account capable of enabling multi-factor authentication, (ii) request to enable multi-factor authentication for the web-based account, (iii) display a multi-factor authentication initiation screen including secret information and at least one data field for entering at least one TOTP token, (iv) receive at least one TOTP token via the at least one data field, and (v) receive from the web-based account validation of the at least one TOTP token; a second computing device accessible to the first user, the second computing device including a mobile application stored in memory of the second computing device, the mobile application configured to (i) capture the secret information in memory, (ii) transmit the secret information via the mobile application, (iii) receive the at least one TOTP token, and (iv) display the at least one TOTP token on a token screen; and a backend server computer accessible to a second user, the backend server computer in communication with the second computing device via a secure communication network, the backend server computer including an application programming interface for communicating with the mobile application of the second computing device, a token generation module for generating the at least one TOTP token based on the secret information and transmitting the at least one TOTP token to the second computing device, and an account database for storing the account details, wherein only the first user has access to the account password and only the second user has access to the token generation module.
-
-
18. A mobile application enabling multi-factor authentication for a web-based account, the web-based account having details including a username and an account password and being accessible to a first user via a first computing device configured with Internet access, the mobile application comprising:
-
a first user-facing module stored in memory of a second computing device and accessible to the first user, the first user-facing module (i) capturing secret information provided by a multi-factor authentication initiation screen displayed via the first computing device, the multi-factor authentication screen including secret information and at least one data field for receiving at least one TOTP token and (ii) transmitting the secret information to a backend system in secure communication with the second computing device via an application programming interface of the backend system; a second user-facing module stored in memory of the second computing device and accessible to the first user, the second user-facing module displaying one or more TOTP tokens generated by and transmitted from a TOTP token generator of the backend system for entering, by the first user, into the multi-factor authentication initiation screen displayed via the first computing device; and a third user-facing module accessible to the first user and stored in memory of the second computing device, the third user-facing module receiving account details for the web-based account, the web-based account providing to the first computing device validation of the one or more TOTP tokens, wherein only the first user has access to the account password and only the second user has access to the TOTP token generator.
-
-
19. A TOTP enterprise management server for enabling multi-factor authentication for a web-based account, the web-based account having account details including a username and an account password and created by and accessible to a first user via a first computing device configured with Internet access, the TOTP enterprise management server in secure communication with a second computing device that is accessible to the first user, the TOTP enterprise management server comprising:
-
an enrollment application programming interface stored in memory of the TOTP enterprise management server and configured to communicate with the second computing device, the enrollment application programming interface receiving secret information from a multi-factor authentication initiation screen displayed for the first user on the first computing device and captured in memory of the second computing device; a TOTP token generating module stored in memory of the TOTP enterprise management server and accessible by a second user, the TOTP generating module in communication with the enrollment application programming interface, the TOTP token generating module generating one or more TOTP tokens based on secret information transmitted from the second computing device, the one or more TOTP tokens being displayed on a token screen of the second computing device, the first user entering the one or more TOTP tokens into one or more corresponding data fields of the multi-factor authentication initiation screen; memory for storing an account database having account information, the account database in communication with the enrollment application programming interface; an administrative module stored in memory of the TOTP enterprise management server, the administrative module in communication with the account database; and a remediation application programming interface stored in memory of the TOTP enterprise management server, the remediation application programming interface in communication with the administrative module and configured to return one or more TOTP tokens based on requests from a user input having the account information, wherein only the first user has access to the account password and only the second user has access to the TOTP token generating module.
-
Specification