System and method for facilitating multi-connection-based authentication

US 10,362,022 B2
Filed: 04/13/2017
Issued: 07/23/2019
Est. Priority Date: 04/13/2017
Status: Active Grant

First Claim

Patent Images

1. A method of facilitating multi-connection-based authentication, the method being implemented by a computer system that comprises one or more processors executing computer program instructions that, when executed, perform the method, the method comprising:

causing, by the computer system, first and second connections to be established between the computer system and a remote client device;

obtaining, by the computer system, a first challenge response from the remote client device via the first connection and a second challenge response from the remote client device via the second connection, the first and second challenge responses each being generated based on a same private key stored in a secure local storage at the remote client device;

obtaining, by the computer system, a public key corresponding to the private key from the remote client device via the first connection;

performing, by the computer system, public-key-based verification of the first challenge response by using the public key to verify at least a portion of the first challenge response;

obtaining, by the computer system, a confirmation of identification information associated with an entity, to which the private key corresponds, based on information obtained from the remote client device via the first connection;

registering, by the computer system, the public key in a database in association with the entity based on (i) the obtained confirmation via the first connection and (ii) the public-key-based verification of the first challenge response obtained via the first connection;

obtaining, by the computer system, an identifier associated with the entity from the remote client device via the second connection;

determining, by the computer system, a match between the associated identifier and at least one identifier registered in association with the entity in a database;

performing, by the computer system, based on the matching, public-key-based verification of the second challenge response by using the public key to verify at least a portion of the second challenge response; and

authenticating, by the computer system, information obtained from the remote client device via the second connection based on the public-key-based verification of the second challenge response obtained via the second connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In certain embodiments, first and second challenge responses may be obtained at a computer system from a client device respectively via first and second connections between the computer system and the client device. The challenge responses may each be generated based on a same private key stored in a secure local storage at the client device. Confirmation of identification information associated with an entity, to which the private key corresponds, may be obtained based on information obtained from the client device via the first connection. Information obtained from the client device via the second connection may be authenticated based on (i) the obtained confirmation via the first connection and (ii) verification of the first and second challenge responses obtained respectively via the first and second connections.

22 Citations

View as Search Results

20 Claims

1. A method of facilitating multi-connection-based authentication, the method being implemented by a computer system that comprises one or more processors executing computer program instructions that, when executed, perform the method, the method comprising:
- causing, by the computer system, first and second connections to be established between the computer system and a remote client device;
  
  obtaining, by the computer system, a first challenge response from the remote client device via the first connection and a second challenge response from the remote client device via the second connection, the first and second challenge responses each being generated based on a same private key stored in a secure local storage at the remote client device;
  
  obtaining, by the computer system, a public key corresponding to the private key from the remote client device via the first connection;
  
  performing, by the computer system, public-key-based verification of the first challenge response by using the public key to verify at least a portion of the first challenge response;
  
  obtaining, by the computer system, a confirmation of identification information associated with an entity, to which the private key corresponds, based on information obtained from the remote client device via the first connection;
  
  registering, by the computer system, the public key in a database in association with the entity based on (i) the obtained confirmation via the first connection and (ii) the public-key-based verification of the first challenge response obtained via the first connection;
  
  obtaining, by the computer system, an identifier associated with the entity from the remote client device via the second connection;
  
  determining, by the computer system, a match between the associated identifier and at least one identifier registered in association with the entity in a database;
  
  performing, by the computer system, based on the matching, public-key-based verification of the second challenge response by using the public key to verify at least a portion of the second challenge response; and
  
  authenticating, by the computer system, information obtained from the remote client device via the second connection based on the public-key-based verification of the second challenge response obtained via the second connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein one of the first and second connections is a video streaming connection, and the other one of the first and second connections is a non-video-streaming connection that is not a video connection.
  - 3. The method of claim 1, wherein each of the first and second challenge responses comprises a digital signature generated based on the same private key stored in the secure local storage at the remote client device,wherein performing the public-key-based verification of the first challenge response comprises performing, by the computer system, signature verification of the digital signature of the first challenge response by using the public key to verify the digital signature of the first challenge response, andwherein performing the public-key-based verification of the second challenge response comprises performing, by the computer system, signature verification of the digital signature of the second challenge response by using the public key to verify the digital signature of the second challenge response.
  - 4. The method of claim 3, wherein the digital signature of the first challenge response and the digital signature of the second challenge response are different from one another.
  - 5. The method of claim 1, wherein causing the first and second connections to be established comprises causing the first and second connections to be established between the remote client device and the computer system such that the first connection is active during a time that the second connection is active.
  - 6. The method of claim 1, wherein causing the first and second connections to be established comprises causing the first and second connections to be established between a client application at the remote client device and the computer system such that (i) the first and second connections do not overlap in time with one another and (ii) the first and second connections are established during a same application session of the client application.
  - 7. The method of claim 1, wherein the first connection comprises a video streaming connection, and wherein the information obtained via the first connection comprises a video of an individual associated with the identification information.

8. A system for facilitating multi-connection-based authentication, the system comprising:
- a computer system that comprises one or more processors programmed with computer program instructions that, when executed, cause the computer system to;
  
  cause first and second connections to be established between the computer system and a remote client device;
  
  obtain a first challenge response from the remote client device via the first connection and a second challenge response from the remote client device via the second connection, the first and second challenge responses each being generated based on a same private key stored in a secure local storage at the remote client device;
  
  obtain a public key corresponding to the private key from the remote client device via the first connection;
  
  perform public-key-based verification of the first challenge response by using the public key to verify at least a portion of the first challenge response;
  
  obtain a confirmation of identification information associated with an entity, to which the private key corresponds, based on information obtained from the remote client device via the first connection;
  
  register the public key in a database in association with the entity based on (i) the obtained confirmation via the first connection and (ii) the public-key-based verification of the first challenge response obtained via the first connection;
  
  obtain an identifier associated with the entity from the remote client device via the second connection;
  
  determine a match between the associated identifier and at least one identifier registered in association with the entity in a database;
  
  perform, based on the matching, public-key-based verification of the second challenge response by using the public key to verify at least a portion of the second challenge response; and
  
  authenticate information obtained from the remote client device via the second connection based on the public-key-based verification of the second challenge response obtained via the second connection.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein one of the first and second connections is a video streaming connection, and the other one of the first and second connections is a non-video-streaming connection that is not a video connection.
  - 10. The system of claim 8, wherein each of the first and second challenge responses comprises a digital signature generated based on the same private key stored in the secure local storage at the remote client device, andwherein performing the public-key-based verification of the first challenge response comprises performing signature verification of the digital signature of the first challenge response by using the public key to verify the digital signature of the first challenge response, andwherein performing the public-key-based verification of the second challenge response comprises performing, by the computer system, signature verification of the digital signature of the second challenge response by using the public key to verify the digital signature of the second challenge response, the digital signature of the first challenge response and the digital signature of the second challenge response being different from one another.
  - 11. The system of claim 8, wherein causing the first and second connections to be established comprises causing the first and second connections to be established between the remote client device and the computer system such that the first connection is active during a time that the second connection is active.
  - 12. The system of claim 8, wherein causing the first and second connections to be established comprises causing the first and second connections to be established between a client application at the remote client device and the computer system such that (i) the first and second connections do not overlap in time with one another and (ii) the first and second connections are established during a same application session of the client application.
  - 13. The system of claim 8, wherein the first connection comprises a video streaming connection, and wherein the information obtained via the first connection comprises a video of an individual associated with the identification information.

14. A method implemented by a computer system that comprises one or more processors executing computer program instructions that, when executed, perform the method, the method comprising:
- causing, by the computer system, first and second connections to be established between the computer system and a remote client device;
  
  obtaining, by the computer system, a first challenge response from the remote client device via the first connection and a second challenge response from the remote client device via the second connection, the first and second challenge responses each being generated based on a same private key stored in a secure local storage at the remote client device;
  
  obtaining, by the computer system, a public key corresponding to the private key from the remote client device via the first connection;
  
  performing, by the computer system, public-key-based verification of the first challenge response by using the public key to verify at least a portion of the first challenge response;
  
  obtaining, by the computer system, a confirmation of identification information associated with an entity, to which the private key corresponds, based on information obtained from the remote client device via the first connection;
  
  registering, by the computer system, the public key in a database in association with the entity based on (i) the obtained confirmation via the first connection and (ii) the public-key-based verification of the first challenge response obtained via the first connection;
  
  obtaining, by the computer system, a public key candidate from the remote client device via the second connection;
  
  determining, by the computer system, a match between the public key candidate and the public key stored in the database; and
  
  performing, by the computer system, based on the matching, public-key-based verification of the second challenge response by using the public key to verify at least a portion of the second challenge response,authenticating, by the computer system, information obtained from the remote client device via the second connection based on the public-key-based verification of the second challenge response obtained via the second connection.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein causing the first and second connections to be established comprises causing the first and second connections to be established between the remote client device and the computer system such that the first connection is active during a time that the second connection is active.
  - 16. The method of claim 14, wherein causing the first and second connections to be established comprises causing the first and second connections to be established between a client application at the remote client device and the computer system such that (i) the first and second connections do not overlap in time with one another and (ii) the first and second connections are established during a same application session of the client application.
  - 17. The method of claim 14, wherein the first connection comprises a video streaming connection, and wherein the information obtained via the first connection comprises a video of an individual associated with the identification information.

18. A system comprising:
- a computer system that comprises one or more processors programmed with computer program instructions that, when executed, cause the computer system to;
  
  cause first and second connections to be established between the computer system and a remote client device;
  
  obtain a first challenge response from the remote client device via the first connection and a second challenge response from the remote client device via the second connection, the first and second challenge responses each being generated based on a same private key stored in a secure local storage at the remote client device;
  
  obtain a public key corresponding to the private key from the remote client device via the first connection;
  
  perform public-key-based verification of the first challenge response by using the public key to verify at least a portion of the first challenge response;
  
  obtain a confirmation of identification information associated with an entity, to which the private key corresponds, based on information obtained from the remote client device via the first connection;
  
  register the public key in a database in association with the entity based on (i) the obtained confirmation via the first connection and (ii) the public-key-based verification of the first challenge response obtained via the first connection;
  
  obtain a public key candidate from the remote client device via the second connection;
  
  determine a match between the public key candidate and the public key stored in the database;
  
  perform, based on the matching, public-key-based verification of the second challenge response by using the public key to verify at least a portion of the second challenge response; and
  
  authenticate information obtained from the remote client device via the second connection based on the public-key-based verification of the second challenge response obtained via the second connection.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein causing the first and second connections to be established comprises causing the first and second connections to be established between the remote client device and the computer system such that the first connection is active during a time that the second connection is active.
  - 20. The system of claim 18, wherein causing the first and second connections to be established comprises causing the first and second connections to be established between a client application at the remote client device and the computer system such that (i) the first and second connections do not overlap in time with one another and (ii) the first and second connections are established during a same application session of the client application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
UBS Business Solutions AG (UBS Ag)
Original Assignee
UBS Business Solutions AG (UBS Ag)
Inventors
Heimlicher, Simon, Hiltgen, Alain
Primary Examiner(s)
Lanier, Benjamin E

Application Number

US15/486,786
Publication Number

US 20180302226A1
Time in Patent Office

831 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 2221/2103   Challenge-response

H04L 2463/082   applying multi-factor authe...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 63/18   using different networks or...

H04L 9/3215   using a plurality of channe...

H04L 9/3271   using challenge-response

System and method for facilitating multi-connection-based authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for facilitating multi-connection-based authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others