Multi-user strong authentication token

US 10,171,246 B2
Filed: 09/21/2016
Issued: 01/01/2019
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method to secure a user'"'"'s interaction with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:

obtaining transaction data;

displaying the obtained transaction data on a display of the personal computing device for review by the user, wherein an authentication application that is running on the personal computing device displays the obtained transaction data in a transaction data presentation area of the display of the personal computing device;

obtaining a dynamic credential associated with the transaction data;

making the dynamic credential available for verification; and

ensuring at the personal computing device that no window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data presentation area,wherein the transaction data presentation area comprises the entirety or a part of a transaction data displaying window of the authentication application on the display of the personal computing device,the method further comprising the step of ensuring at the personal computing device that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data displaying window, including the authentication application calling one or more operating system functions of an operating system of the personal computing device to ensure or enforce that the transaction data displaying window remains on top.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, methods and systems to secure remotely accessible applications using authentication devices are disclosed. More in particular apparatus, methods and systems are disclosed for thwarting overlay attacks against authentication applications for displaying transaction data and for generating signatures over these transaction data.

Citations

62 Claims

1. A method to secure a user'"'"'s interaction with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:
- obtaining transaction data;
  
  displaying the obtained transaction data on a display of the personal computing device for review by the user, wherein an authentication application that is running on the personal computing device displays the obtained transaction data in a transaction data presentation area of the display of the personal computing device;
  
  obtaining a dynamic credential associated with the transaction data;
  
  making the dynamic credential available for verification; and
  
  ensuring at the personal computing device that no window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data presentation area,wherein the transaction data presentation area comprises the entirety or a part of a transaction data displaying window of the authentication application on the display of the personal computing device,the method further comprising the step of ensuring at the personal computing device that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data displaying window, including the authentication application calling one or more operating system functions of an operating system of the personal computing device to ensure or enforce that the transaction data displaying window remains on top.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein the step of the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top, comprises the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top while the transaction data displaying window is displaying the transaction data or until the authentication application has received an indication of the user'"'"'s approval or rejection of the displayed transaction data.
  - 3. The method of claim 1 wherein the step of obtaining the dynamic credential associated with the transaction data comprises generating the dynamic credential by cryptographically combining the transaction data with a cryptographic key that comprises or is derived from a secret stored in the personal computing device.

4. A personal computing device to secure a user'"'"'s interaction with a remotely accessible computer-based application, the personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
- wherein the authentication application is configured to cause the personal computing device to;
  
  obtain transaction data;
  
  display the obtained transaction data on the display for review by the user in a transaction data presentation area of the display;
  
  obtain a dynamic credential associated with the transaction data;
  
  make the dynamic credential available for verification; and
  
  ensure that no window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data presentation area;
  
  and wherein the transaction data presentation area comprises the entirety or a part of a transaction data displaying window of the authentication application on the display of the personal computing device, and wherein the authentication application is further configured to cause the personal computing device to ensure that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data displaying window by calling one or more operating system functions of the operating system software to ensure or enforce that the transaction data displaying window remains on top.
- View Dependent Claims (5, 61)
- - 5. The personal computing device of claim 4 wherein the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top, comprises the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top while the transaction data displaying window is displaying the transaction data or until the authentication application has received an indication of the user'"'"'s approval or rejection of the displayed transaction data through the user input interface.
  - 61. The personal computing device of claim 4 wherein obtaining the dynamic credential associated with the transaction data comprises generating the dynamic credential by cryptographically combining the transaction data with a cryptographic key that comprises or is derived from a secret stored in the personal computing device.

6. A system to secure a user'"'"'s interaction with a remotely accessible computer-based application, the system comprising:
- a remote application server for hosting the remotely accessible computer-based application, an access device for allowing said user'"'"'s interaction with a remotely accessible computer-based application, a credential verification server for verifying validity of a dynamic credential associated with transaction data of the remotely accessible computer-based application, and a personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
  
  wherein the authentication application is configured to cause the personal computing device to;
  
  obtain the transaction data;
  
  display the obtained transaction data on the display for review by the user in a transaction data presentation area of the display;
  
  obtain the dynamic credential associated with the transaction data;
  
  make the dynamic credential available for verification; and
  
  ensure that no window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data presentation area;
  
  and wherein the transaction data presentation area comprises the entirety or a part of a transaction data displaying window of the authentication application on the display of the personal computing device, and wherein the authentication application is further configured to cause the personal computing device to ensure that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data displaying window by calling one or more operating system functions of the operating system software to ensure or enforce that the transaction data displaying window remains on top.
- View Dependent Claims (7, 62)
- - 7. The system of claim 6 wherein the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top, comprises the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top while the transaction data displaying window is displaying the transaction data or until the authentication application has received an indication of the user'"'"'s approval or rejection of the displayed transaction data through the user input interface.
  - 62. The system of claim 6 wherein obtaining the dynamic credential associated with the transaction data comprises generating the dynamic credential by cryptographically combining the transaction data with a cryptographic key that comprises or is derived from a secret stored in the personal computing device.

8. A method to secure a user'"'"'s interaction with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:
- obtaining transaction data;
  
  displaying, by an authentication application running on the personal computing device, the obtained transaction data in a transaction data presentation area of the authentication application on a display of the personal computing device for review by the user;
  
  obtaining a dynamic credential associated with the transaction data;
  
  making the dynamic credential available for verification; and
  
  ensuring that at least the step of making the dynamic credential available for verification is not performed or cannot be successfully performed if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by another window that is not displayed by the authentication application;
  
  the method further comprising the steps of;
  
  providing at the personal computing device, while performing the step of displaying the obtained transaction data, an approval indication mechanism for the user to indicate an approval or rejection by the user and obtaining by using this mechanism from the user an indication of the user'"'"'s approval or rejection, wherein performing at least the step of making the dynamic credential available for verification is conditional on the authentication application receiving through said approval indication mechanism the indication of the user'"'"'s approval; and
  
  ensuring that the approval indication mechanism is disabled if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window;
  
  wherein the step of ensuring that the approval indication mechanism is disabled if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window comprises the authentication application calling one or more operating system functions that cause the operating system of the personal computing device to block or not pass to the approval indication mechanism a user input event that indicates a user'"'"'s approval when the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 9. The method of claim 8 wherein at least the step of making the dynamic credential available for verification is not performed or cannot be successfully performed at least as long as the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by a window that is not a window of the authentication application.
  - 10. The method of claim 8 further comprising an overlay detection step of the authentication application detecting or verifying whether the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window.
  - 11. The method of claim 10 wherein the overlay detection step comprises the authentication application calling one or more operating system functions of the operating system of the personal computing device to detect whether the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window.
  - 12. The method of claim 8 comprising an overlay detection step of the authentication application detecting or verifying whether the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window and the step of ignoring an indication of the user'"'"'s approval that has been obtained by the approval indication mechanism if it is detected in the overlay detection step that the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window.
  - 13. The method of claim 10 wherein performing the step of making the dynamic credential available for verification is conditional on the overlay detection step not indicating that the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window.
  - 14. The method of claim 10 further comprising the step of providing the user a visual indication for alerting the user to the presence of an anomaly if the overlay detection step indicates that the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window.
  - 15. The method of claim 10 further comprising the step of the authentication application entering a safe mode if the overlay detection step indicates that the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window, and the authentication application remaining in the safe mode at least until after the authentication application'"'"'s transaction data presentation area is no longer being hidden or obscured partially or entirely by the another window for at least a minimum period of time.
  - 16. The method of claim 15 wherein as long as the authentication application is in the safe mode, the approval indication mechanism is disabled, or an indication of the user'"'"'s approval that has been obtained by the approval indication mechanism is ignored, or the step of generating the dynamic credential is not performed, or the step of making the dynamic credential available for verification is not performed.
  - 17. The method of claim 15 wherein as long as the authentication application is in the safe mode, the authentication application provides a visual indication to alert the user that the authentication application is in the safe mode.
  - 18. The method of claim 8 wherein the approval indication mechanism comprises a visual approval activation element on the display of the personal computing device that the user must activate to indicate the user'"'"'s approval whereby the visual approval activation element has an activation area that is responsive to an action of the user and whereby an area of the display that is covered by the activation area of the visual approval activation element overlaps at least partially with any rectangle on the display that covers all the displayed transaction data.
  - 19. The method of claim 18 whereby at least any part of the activation area of the visual approval activation element that is covered by the another window is not responsive to an action of the user to activate the visual approval activation element.
  - 20. The method of claim 18 wherein the user activating the visual approval activation element comprises the user clicking or touching or sliding the activation area of the visual approval activation element.
  - 21. The method of claim 20 whereby the visual approval activation element comprises a clickable or touchable button.
  - 22. The method of claim 18 whereby at least a part of the displayed transaction data is displayed over the activation area of the visual approval activation element.
  - 23. The method of claim 18 whereby at least parts of the displayed transaction data are displayed at at least two positions of:
    - left of, right of, above of or below of the activation area of the visual approval activation element.
  - 24. The method of claim 18 wherein the step of making the dynamic credential available for verification comprises displaying the dynamic credential on the display of the personal computing device whereby the activation area of the visual approval activation element is covered by the displayed transaction data and whereby the area for displaying the dynamic credential is covered by the area for displaying the transaction data, and whereby the dynamic credential is not visible until the user has activated the visual approval activation element.
  - 25. The method of claim 24 whereby activating the visual approval activation element comprises the user touching and sliding at least a part of the visual approval activation element thus sliding away at least a part of the displayed transaction data and revealing a representation of the dynamic credential.
  - 26. The method of claim 24 wherein activating the visual approval activation element comprises the user touching and sliding in different directions at least two parts of the visual approval activation element thus sliding away at least a part of the displayed transaction data and revealing a representation of the dynamic credential.
  - 27. The method of claim 25 whereby the user releasing the visual approval activation element results in the displayed transaction data snapping back to the original position and the displayed dynamic credential being no longer visible.
  - 28. The method of claim 8 wherein the step of making the dynamic credential available for verification comprises displaying the dynamic credential on the display of the personal computing device together with the displayed transaction data, whereby the dynamic credential is displayed at the same time and in the same area of the display as the displayed transaction data, such that any rectangle which encloses all the displayed transaction data also encloses at least a part of the dynamic credential.
  - 29. The method of claim 28 whereby the transaction data and the dynamic credential are displayed in an overlapping way or stacked on top of each other.
  - 30. The method of claim 28 whereby the dynamic credential is displayed surrounded by the displayed transaction data.
  - 31. The method of claim 28 wherein a representation of the dynamic credential and a representation of the transaction data on the display have different visual characteristics to enable the user to distinguish the dynamic credential from the transaction data.
  - 32. The method of claim 31 wherein characters used for displaying the dynamic credential have different visual characteristics than characters used for displaying the transaction data.
  - 33. The method of claim 32 wherein characters used for displaying the dynamic credential have a different font type or font size or font color than characters used for displaying the transaction data.
  - 34. The method of claim 8 wherein the step of obtaining the dynamic credential associated with the transaction data comprises generating the dynamic credential by cryptographically combining the transaction data with a cryptographic key that comprises or is derived from a secret stored in the personal computing device.

35. A personal computing device to secure a user'"'"'s interaction with a remotely accessible computer-based application, the personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
- wherein the authentication application is configured to cause the personal computing device to;
  
  obtain transaction data;
  
  display the obtained transaction data in a transaction data presentation area of the authentication application on the display for review by the user;
  
  obtain a dynamic credential associated with the transaction data;
  
  make the dynamic credential available for verification; and
  
  ensure that at least the step of making the dynamic credential available for verification is not performed or cannot be successfully performed if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by another window that is not displayed by the authentication application;
  
  and wherein the authentication application is further configured to cause the personal computing device;
  
  to provide, while performing the step of displaying the obtained transaction data, an approval indication mechanism for the user to indicate an approval or rejection by the user and to obtain by using this mechanism from the user an indication of the user'"'"'s approval or rejection, wherein making the dynamic credential available for verification is conditional on the authentication application receiving through said approval indication mechanism the indication of the user'"'"'s approval; and
  
  to ensure that the approval indication mechanism is disabled if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window;
  
  wherein causing the personal computing device to ensure that the approval indication mechanism is disabled if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window comprises the authentication application calling one or more operating system functions that cause the operating system of the personal computing device to block or not pass to the approval indication mechanism a user input event that indicates a user'"'"'s approval when the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window.

36. A system to secure a user'"'"'s interaction with a remotely accessible computer-based application, the system comprising:
- a remote application server for hosting the remotely accessible computer-based application, an access device for allowing said user'"'"'s interaction with a remotely accessible computer-based application, a credential verification server for verifying the validity of a dynamic credential associated with transaction data of the remotely accessible computer-based application, and a personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
  
  wherein the authentication application is configured to cause the personal computing device to;
  
  obtain the transaction data;
  
  display the obtained transaction data in a transaction data presentation area of the authentication application on the display of the personal computing device for review by the user;
  
  obtain the dynamic credential associated with the transaction data;
  
  make the dynamic credential available for verification; and
  
  ensure that at least the step of making the dynamic credential available for verification is not performed or cannot be successfully performed if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by another window that is not displayed by the authentication applicationand wherein the authentication application is further configured to cause the personal computing device;
  
  to provide, while performing the step of displaying the obtained transaction data, an approval indication mechanism for the user to indicate an approval or rejection by the user and to obtain by using this mechanism from the user an indication of the user'"'"'s approval or rejection, wherein making the dynamic credential available for verification is conditional on the authentication application receiving through said approval indication mechanism the indication of the user'"'"'s approval; and
  
  to ensure that the approval indication mechanism is disabled if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window;
  
  wherein causing the personal computing device to ensure that the approval indication mechanism is disabled if the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window comprises the authentication application calling one or more operating system functions that cause the operating system of the personal computing device to block or not pass to the approval indication mechanism a user input event that indicates a user'"'"'s approval when the authentication application'"'"'s transaction data presentation area is being hidden or obscured partially or entirely by the another window.

37. A method to secure an interaction session of a user with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:
- obtaining transaction data related to said interaction session;
  
  displaying, by an authentication application running on the personal computing device, the obtained transaction data on a first area of a display of the personal computing device for review by the user;
  
  obtaining a dynamic credential associated with the transaction data;
  
  making, by the authentication application, the dynamic credential available for verification using a second area of the display of the personal computing device; and
  
  creating a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay window;
  
  wherein the step of making the dynamic credential available for verification using a second area of the display of the personal computing device comprises;
  
  providing at the personal computing device an approval indication mechanism for the user to indicate an approval or rejection by the user and obtaining by using this mechanism from the user an indication of the user'"'"'s approval or rejection, whereby the approval indication mechanism comprises a visual approval activation element on the display of the personal computing device that the user must activate to indicate the user'"'"'s approval whereby the visual approval activation element has an activation area that is responsive to an action of the user and whereby the activation area of the visual approval activation element is a part of the second area; and
  
  , if said user'"'"'s approval has been obtained, displaying the dynamic credential on the display of the personal computing device or sending over a data communication network the dynamic credential to a server computer if said user'"'"'s approval has been obtained.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
- - 38. The method of claim 37 wherein the step of making, by the authentication application, the dynamic credential available for verification using a second area of the display of the personal computing device, comprises displaying the dynamic credential on said second area.
  - 39. The method of claim 37 wherein said common specific value for said first and second visually perceptible elements has an unpredictable element.
  - 40. The method of claim 37 wherein said common specific value for said first and second visually perceptible elements varies in time.
  - 41. The method of claim 37 wherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another.
  - 42. The method of claim 37 wherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another.
  - 43. The method of claim 37 wherein said common specific value for said first and second visually perceptible elements varies from one user to another.
  - 44. The method of claim 37 wherein said first area is adjacent to said second area.
  - 45. The method of claim 37 wherein said first and second visually perceptible elements comprise characters of texts displayed in said first and second areas and wherein said common specific value comprises a visual characteristic of said characters.
  - 46. The method of claim 45 wherein said common specific value comprises font size, font type or font color of said characters.
  - 47. The method of claim 37 wherein said first visually perceptible element comprises a first background of said first area and said second visually perceptible element comprises a second background of said second area and said common specific value comprises a visual characteristic of said first and second backgrounds.
  - 48. The method of claim 47 wherein said common specific value comprises a color of said first and second backgrounds.
  - 49. The method of claim 47 wherein said common specific value comprises a pattern of said first and second backgrounds.
  - 50. The method of claim 49 wherein said common specific value comprises a tiling pattern of said first and second backgrounds.
  - 51. The method of claim 47 wherein said first and second background are non-uniform and wherein said first visually perceptible element comprises a first distortion of said first background and said second visually perceptible element comprises a second distortion of said second background and wherein said common specific value comprises a common characteristic of said first and second distortions.
  - 52. The method of claim 47 wherein said first background comprises a first picture and said second background comprises a second picture whereby the common specific value comprises the fact that the first and second pictures are both part of a single source picture.
  - 53. The method of claim 37 wherein the common specific value changes in time.
  - 54. The method of claim 53 wherein the common specific value changes in time in an unpredictable way.
  - 55. The method of claim 37 wherein said first and second visually perceptible elements of said first and second areas vary in time and wherein said common specific value comprises a common value for an aspect of a variation in time of said first and second visually perceptible elements.
  - 56. The method of claim 55 wherein said first visually perceptible element comprises a first movement of a first background of said first area and said second visually perceptible element comprises a second movement of a second background of said second area and said common specific value comprises a common characteristic of said first and second movements.
  - 57. The method of claim 56 wherein said common specific value comprises a common speed of said first and second movements.
  - 58. The method of claim 56 wherein said common specific value comprises a common direction of said first and second movements.

59. A personal computing device to secure an interaction session of a user of the personal computing device with a remotely accessible computer-based application, the personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
- wherein the authentication application is configured to cause the personal computing device to;
  
  obtain transaction data related to said interaction session;
  
  display the obtained transaction data on a first area of a display of the personal computing device for review by the user;
  
  obtain a dynamic credential associated with the transaction data;
  
  make the dynamic credential available for verification using a second area of the display of the personal computing device; and
  
  create a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay windowwherein making the dynamic credential available for verification using a second area of the display of the personal computing device comprises;
  
  providing at the personal computing device an approval indication mechanism for the user to indicate an approval or rejection by the user and obtaining by using this mechanism from the user an indication of the user'"'"'s approval or rejection, whereby the approval indication mechanism comprises a visual approval activation element on the display of the personal computing device that the user must activate to indicate the user'"'"'s approval whereby the visual approval activation element has an activation area that is responsive to an action of the user and whereby the activation area of the visual approval activation element is a part of the second area; and
  
  , if said user'"'"'s approval has been obtained, displaying the dynamic credential on the display of the personal computing device or sending over a data communication network the dynamic credential to a server computer if said user'"'"'s approval has been obtained.

60. A system to secure a user'"'"'s interaction session with a remotely accessible computer-based application, the system comprising:
- a remote application server for hosting the remotely accessible computer-based application, an access device for allowing said user'"'"'s interaction session with a remotely accessible computer-based application, a credential verification server for verifying the validity of a dynamic credential associated with transaction data of the remotely accessible computer-based application, and a personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
  
  wherein the authentication application is configured to cause the personal computing device to;
  
  obtain transaction data related to said interaction session;
  
  display the obtained transaction data on a first area of a display of the personal computing device for review by the user;
  
  obtain a dynamic credential associated with the transaction data;
  
  make the dynamic credential available for verification using a second area of the display of the personal computing device; and
  
  create a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay window wherein making the dynamic credential available for verification using a second area of the display of the personal computing device comprises;
  
  providing at the personal computing device an approval indication mechanism for the user to indicate an approval or rejection by the user and obtaining by using this mechanism from the user an indication of the user'"'"'s approval or rejection, whereby the approval indication mechanism comprises a visual approval activation element on the display of the personal computing device that the user must activate to indicate the user'"'"'s approval whereby the visual approval activation element has an activation area that is responsive to an action of the user and whereby the activation area of the visual approval activation element is a part of the second area; and
  
  , if said user'"'"'s approval has been obtained, displaying the dynamic credential on the display of the personal computing device or sending over a data communication network the dynamic credential to a server computer if said user'"'"'s approval has been obtained.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Original Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Inventors
Fort, Nicolas, Mennes, Frederik, Joly, Ludovic, Teixeron, Guillaume
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/271,768
Publication Number

US 20170085388A1
Time in Patent Office

832 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/64   Protecting data integrity, ...

G06F 21/84   output devices, e.g. displa...

G06F 3/04847   Interaction techniques to c...

G06F 3/0488   using a touch-screen or dig...

G06Q 20/401   Transaction verification

H04L 63/1466   Active attacks involving in...

H04L 9/3247   involving digital signatures

Multi-user strong authentication token

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

62 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-user strong authentication token

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

62 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links