Multi-user strong authentication token

US 10,447,484 B2
Filed: 12/28/2018
Issued: 10/15/2019
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method to secure an interaction session of a user with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:

obtaining transaction data related to said interaction session;

displaying, by an authentication application running on the personal computing device, the obtained transaction data on a first area of a display of the personal computing device for review by the user;

obtaining a dynamic credential associated with the transaction data;

making, by the authentication application, the dynamic credential available for verification using a second area of the display of the personal computing device; and

creating a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay windows;

wherein said common specific value for said first and second visually perceptible elements has an unpredictable element;

orwherein said common specific value for said first and second visually perceptible elements varies in time;

orwherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another;

orwherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another;

orwherein said common specific value for said first and second visually perceptible elements varies from one user to another.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, methods and systems to secure remotely accessible applications using authentication devices are disclosed. More in particular apparatus, methods and systems are disclosed for thwarting overlay attacks against authentication applications for displaying transaction data and for generating signatures over these transaction data.

6 Citations

19 Claims

1. A method to secure an interaction session of a user with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:
- obtaining transaction data related to said interaction session;
  
  displaying, by an authentication application running on the personal computing device, the obtained transaction data on a first area of a display of the personal computing device for review by the user;
  
  obtaining a dynamic credential associated with the transaction data;
  
  making, by the authentication application, the dynamic credential available for verification using a second area of the display of the personal computing device; and
  
  creating a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay windows;
  
  wherein said common specific value for said first and second visually perceptible elements has an unpredictable element;
  
  orwherein said common specific value for said first and second visually perceptible elements varies in time;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one user to another.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the step of making, by the authentication application, the dynamic credential available for verification using a second area of the display of the personal computing device, comprises displaying the dynamic credential on said second area.
  - 3. The method of claim 1, wherein the step of making the dynamic credential available for verification using a second area of the display of the personal computing device comprises providing at the personal computing device an approval indication mechanism for the user to indicate an approval or rejection by the user and obtaining by using this mechanism from the user an indication of the user'"'"'s approval or rejection, whereby the approval indication mechanism comprises a visual approval activation element on the display of the personal computing device that the user must activate to indicate the user'"'"'s approval whereby the visual approval activation element has an activation area that is responsive to an action of the user and whereby the activation area of the visual approval activation element is a part of the second area.
  - 4. The method of claim 3, wherein the step of making the dynamic credential available for verification using a second area of the display of the personal computing device further comprises displaying the dynamic credential on the display of the personal computing device if said user'"'"'s approval has been obtained.
  - 5. The method of claim 3, wherein the step of making the dynamic credential available for verification using a second area of the display of the personal computing device further comprises sending over a data communication network the dynamic credential to a server computer if said user'"'"'s approval has been obtained.
  - 6. The method of claim 1, wherein said first area is adjacent to said second area.
  - 7. The method of claim 1, wherein said first and second visually perceptible elements comprise characters of texts displayed in said first and second areas and wherein said common specific value comprises a visual characteristic of said characters.
  - 8. The method of claim 7, wherein said common specific value comprises font size, font type or font color of said characters.
  - 9. The method of claim 1, wherein said first visually perceptible element comprises a first background of said first area and said second visually perceptible element comprises a second background of said second area and said common specific value comprises a visual characteristic of said first and second backgrounds.
  - 10. The method of claim 9, wherein said common specific value comprises a color of said first and second backgrounds, orwherein said common specific value comprises a pattern of said first and second backgrounds.
  - 11. The method of claim 9, wherein said first and second background are non-uniform and wherein said first visually perceptible element comprises a first distortion of said first background and said second visually perceptible element comprises a second distortion of said second background and wherein said common specific value comprises a common characteristic of said first and second distortions.
  - 12. The method of claim 9, wherein said first background comprises a first picture and said second background comprises a second picture whereby the common specific value comprises the fact that the first and second pictures are both part of a single source picture.
  - 13. The method of claim 1, wherein the common specific value changes in time.
  - 14. The method of claim 13, wherein the common specific value changes in time in an unpredictable way.
  - 15. The method of claim 1, wherein said first and second visually perceptible elements of said first and second areas vary in time and wherein said common specific value comprises a common value for an aspect of a variation in time of said first and second visually perceptible elements.
  - 16. The method of claim 15, wherein said first visually perceptible element comprises a first movement of a first background of said first area and said second visually perceptible element comprises a second movement of a second background of said second area and said common specific value comprises a common characteristic of said first and second movements.
  - 17. The method of claim 16, wherein said common specific value comprises a common speed of said first and second movements, orwherein said common specific value comprises a common direction of said first and second movements.

18. A personal computing device to secure an interaction session of a user of the personal computing device with a remotely accessible computer-based application, the personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
- wherein the authentication application is configured to cause the personal computing device to;
  
  obtain transaction data related to said interaction session;
  
  display the obtained transaction data on a first area of a display of the personal computing device for review by the user;
  
  obtain a dynamic credential associated with the transaction data;
  
  make the dynamic credential available for verification using a second area of the display of the personal computing device; and
  
  create a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay window;
  
  wherein said common specific value for said first and second visually perceptible elements has an unpredictable element;
  
  orwherein said common specific value for said first and second visually perceptible elements varies in time;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one user to another.

19. A system to secure a user'"'"'s interaction session with a remotely accessible computer-based application, the system comprising:
- a remote application server for hosting the remotely accessible computer-based application, an access device for allowing said user'"'"'s interaction session with a remotely accessible computer-based application, a credential verification server for verifying the validity of a dynamic credential associated with transaction data of the remotely accessible computer-based application, and a personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
  
  wherein the authentication application is configured to cause the personal computing device to;
  
  obtain transaction data related to said interaction session;
  
  display the obtained transaction data on a first area of a display of the personal computing device for review by the user;
  
  obtain a dynamic credential associated with the transaction data;
  
  make the dynamic credential available for verification using a second area of the display of the personal computing device; and
  
  create a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay window;
  
  wherein said common specific value for said first and second visually perceptible elements has an unpredictable element;
  
  orwherein said common specific value for said first and second visually perceptible elements varies in time;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another;
  
  orwherein said common specific value for said first and second visually perceptible elements varies from one user to another.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Original Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Inventors
Fort, Nicolas, Mennes, Frederik, Joly, Ludovic, Teixeron, Guillaume
Primary Examiner(s)
Okeke, Izunna

Application Number

US16/235,308
Publication Number

US 20190140840A1
Time in Patent Office

291 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/64   Protecting data integrity, ...

G06F 21/84   output devices, e.g. displa...

G06F 3/04847   Interaction techniques to c...

G06F 3/0488   using a touch-screen or dig...

G06Q 20/401   Transaction verification

H04L 63/1466   Active attacks involving in...

H04L 9/3247   involving digital signatures

Multi-user strong authentication token

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-user strong authentication token

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links