User authentication based on multiple asymmetric cryptography key pairs
First Claim
1. A user authentication method for an information system comprising the steps of:
- receiving a login attempt at a server from a remote user device;
based on the login attempt, accessing a first public key and a second public key, both associated with a user, wherein the first and second public keys are each associated with a corresponding private key of an asymmetric cryptographic key pair;
generating first and second new random challenge messages;
encrypting the first challenge message using the first public key;
encrypting the second challenge message using the second public key;
sending the first and second encrypted challenge messages to the remote user device;
receiving a reply message from the remote user device;
verifying the reply message, including determining whether both of the first and second challenge messages were successfully decrypted; and
based on verifying the reply message, permitting login to the server without requiring a password.
2 Assignments
0 Petitions
Accused Products
Abstract
An ID service provisioned on a server interacts with a corresponding ID app installed on a user device such as a smart phone for secure user authentication (login). A user acquires two asymmetric encryption keys pairs. One of the private keys is secured on SIM on the user device, and the other one stored in the ID app on the user device. At login attempt, the ID service generates two random challenge messages, and encrypts each of them with one of the public keys. Decryption of one challenge is conducted by the SIM and decryption of the other is done by the ID app. A token based on the two decrypted challenge results is returned to the ID service. Alternatively, a single challenge can be double-wrapped with the two keys. The verifies the results and enables secure login without requiring a password.
-
Citations
13 Claims
-
1. A user authentication method for an information system comprising the steps of:
-
receiving a login attempt at a server from a remote user device; based on the login attempt, accessing a first public key and a second public key, both associated with a user, wherein the first and second public keys are each associated with a corresponding private key of an asymmetric cryptographic key pair; generating first and second new random challenge messages; encrypting the first challenge message using the first public key; encrypting the second challenge message using the second public key; sending the first and second encrypted challenge messages to the remote user device; receiving a reply message from the remote user device; verifying the reply message, including determining whether both of the first and second challenge messages were successfully decrypted; and based on verifying the reply message, permitting login to the server without requiring a password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A user authentication method for an information system comprising the steps of:
-
receiving a login attempt at a server from a remote user device; based on the login attempt, accessing a first public key and a second public key, both associated with a user, wherein the first and second public keys are each associated with a corresponding private key of an asymmetric cryptographic key pair; generating a first new random challenge message; encrypting the first challenge message using the first public key; wrapping the encrypted first challenge message using the second public key; sending the double wrapped encrypted challenge message to the remote user device; receiving a reply message from the remote user device; verifying the reply message, including determining whether the double wrapped challenge message was successfully decrypted; and based on verifying the reply message, permitting login to the server without requiring a password. - View Dependent Claims (10, 11, 12, 13)
-
Specification