×

Server-assisted authentication

  • US 10,091,190 B2
  • Filed: 12/11/2015
  • Issued: 10/02/2018
  • Est. Priority Date: 12/11/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, by a user device, a request to access a website server, the request including a password of the user;

    generating, in response to receiving the request to access the website server and by the user device, a first set of account data;

    transmitting, by the user device, a subset of the first set of account data to a key server sub-system, wherein the subset of the first set of account data includes an authentication token request transcript, wherein the authentication token request transcript is a message and a dataset, and wherein the message and the dataset are derived, at least in part, from the password;

    receiving, by the user device and from the key server sub-system, a first authentication token segment;

    generating, by the user device, a second authentication token segment;

    generating, by the user device, a full authentication token based, at least in part, on;

    a first set of authentication key segments of a plurality of authentication key segments, the authentication token request transcript,the first authentication token segment; and

    the second authentication token segment;

    transmitting, by the user device, the full authentication token to the website server; and

    granting, by the key server sub-system, access for the user device to the website server, wherein the transmitting the full authentication token further comprises transmitting a message to website server, wherein storing a subset of the first set of account data further includes storing a second set of authentication key segments, a device secret, an account identifier, and a public key, wherein a first set of account data includes a password that includes a low entropy value, wherein the low entropy password is a voiceprint, a fingerprint, and a retinal scan, wherein generating a second set of account data, responsive to a request from a user to access a website server, further comprises;

    validating the authentication token using the public key and the message;

    receiving a checker from the key server sub-system to verify proper receipt of the subset of the first set of transmitted account data, wherein the verification is verifying the full authentication token based, at least in part, on a comparison between a generated checker and the received checker;

    storing the subset of the first set of account data; and

    deleting a portion of the subset of the first set of account data.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×