Multi-user strong authentication token

US 10,411,901 B2
Filed: 12/28/2018
Issued: 09/10/2019
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method to secure a user'"'"'s interaction with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:

obtaining transaction data;

displaying the obtained transaction data on a display of the personal computing device for review by the user, wherein an authentication application that is running on the personal computing device displays the obtained transaction data in a transaction data presentation area of the display of the personal computing device;

obtaining a dynamic credential associated with the transaction data; and

ensuring at the personal computing device that no window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data presentation area while the transaction data are being displayed or until the authentication application has received an indication of the user'"'"'s approval or rejection of the displayed transaction data by calling one or more operating system functions of an operating system of the personal computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, methods and systems to secure remotely accessible applications using authentication devices are disclosed. More in particular apparatus, methods and systems are disclosed for thwarting overlay attacks against authentication applications for displaying transaction data and for generating signatures over these transaction data.

Citations

15 Claims

1. A method to secure a user'"'"'s interaction with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:
- obtaining transaction data;
  
  displaying the obtained transaction data on a display of the personal computing device for review by the user, wherein an authentication application that is running on the personal computing device displays the obtained transaction data in a transaction data presentation area of the display of the personal computing device;
  
  obtaining a dynamic credential associated with the transaction data; and
  
  ensuring at the personal computing device that no window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data presentation area while the transaction data are being displayed or until the authentication application has received an indication of the user'"'"'s approval or rejection of the displayed transaction data by calling one or more operating system functions of an operating system of the personal computing device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the transaction data presentation area comprises the entirety or a part of a transaction data displaying window of the authentication application on the display of the personal computing device, the method further comprising the step of ensuring at the personal computing device that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data displaying window.
  - 3. The method of claim 2, wherein the step of ensuring at the personal computing device that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the transaction data displaying window comprises the authentication application ensuring or enforcing that the transaction data displaying window remains on top.
  - 4. The method of claim 3, wherein the step of the authentication application ensuring or enforcing that the transaction data displaying window remains on top, comprises the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top.
  - 5. The method of claim 1, wherein the step of obtaining the dynamic credential associated with the transaction data comprises generating the dynamic credential by cryptographically combining the transaction data with a cryptographic key that comprises or is derived from a secret stored in the personal computing device.

6. A personal computing device to secure a user'"'"'s interaction with a remotely accessible computer-based application, the personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
- wherein the authentication application is configured to cause the personal computing device to;
  
  obtain transaction data;
  
  display the obtained transaction data on the display for review by the user in a transaction data presentation area of the display;
  
  obtain a dynamic credential associated with the transaction data; and
  
  ensure that no window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data presentation area while the transaction data are being displayed or until the authentication application has received an indication of the user'"'"'s approval or rejection of the displayed transaction data by calling one or more operating system functions of an operating system of the personal computing device.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The personal computing device of claim 6, wherein the transaction data presentation area comprises the entirety or a part of a transaction data displaying window of the authentication application on the display of the personal computing device, and wherein the authentication application is further configured to cause the personal computing device to ensure that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data displaying window.
  - 8. The personal computing device of claim 7, wherein the ensuring that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the transaction data displaying window comprises the authentication application ensuring or enforcing that the transaction data displaying window remains on top.
  - 9. The personal computing device of claim 8, wherein the authentication application ensuring or enforcing that the transaction data displaying window remains on top, comprises the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top.
  - 10. The personal computing device of claim 6, wherein obtaining the dynamic credential associated with the transaction data comprises generating the dynamic credential by cryptographically combining the transaction data with a cryptographic key that comprises or is derived from a secret stored in the personal computing device.

11. A system to secure a user'"'"'s interaction with a remotely accessible computer-based application, the system comprising:
- a remote application server for hosting the remotely accessible computer-based application, an access device for allowing said user'"'"'s interaction with a remotely accessible computer-based application, a credential verification server for verifying validity of a dynamic credential associated with transaction data of the remotely accessible computer-based application, and a personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
  
  wherein the authentication application is configured to cause the personal computing device to;
  
  obtain the transaction data;
  
  display the obtained transaction data on the display for review by the user in a transaction data presentation area of the display;
  
  obtain the dynamic credential associated with the transaction data; and
  
  ensure that no window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data presentation area while the transaction data are being displayed or until the authentication application has received an indication of the user'"'"'s approval or rejection of the displayed transaction data by calling one or more operating system functions of an operating system of the personal computing device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the transaction data presentation area comprises the entirety or a part of a transaction data displaying window of the authentication application on the display of the personal computing device, and wherein the authentication application is further configured to cause the personal computing device to ensure that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the authentication application'"'"'s transaction data displaying window.
  - 13. The system of claim 12, wherein the ensuring that no other window of another application that is running on the personal computing device can partially or entirely hide or obscure the transaction data displaying window comprises the authentication application ensuring or enforcing that the transaction data displaying window remains on top.
  - 14. The system of claim 13, wherein the authentication application ensuring or enforcing that the transaction data displaying window remains on top, comprises the authentication application calling the one or more operating system functions to ensure or enforce that the transaction data displaying window remains on top.
  - 15. The system of claim 11, wherein obtaining the dynamic credential associated with the transaction data comprises generating the dynamic credential by cryptographically combining the transaction data with a cryptographic key that comprises or is derived from a secret stored in the personal computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Original Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Inventors
Fort, Nicolas, Mennes, Frederik, Joly, Ludovic, Teixeron, Guillaume
Primary Examiner(s)
Okeke, Izunna

Application Number

US16/235,359
Publication Number

US 20190140841A1
Time in Patent Office

256 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/64   Protecting data integrity, ...

G06F 21/84   output devices, e.g. displa...

G06F 3/04847   Interaction techniques to c...

G06F 3/0488   using a touch-screen or dig...

G06Q 20/401   Transaction verification

H04L 63/1466   Active attacks involving in...

H04L 9/3247   involving digital signatures

Multi-user strong authentication token

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-user strong authentication token

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links