Multi-user strong authentication token
First Claim
Patent Images
1. A method to secure an interaction session of a user with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:
- obtaining transaction data related to said interaction session;
displaying, by an authentication application running on the personal computing device, the obtained transaction data on a first area of a display of the personal computing device for review by the user;
obtaining a dynamic credential associated with the transaction data;
making, by the authentication application, the dynamic credential available for verification using a second area of the display of the personal computing device; and
creating a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay windows;
wherein said common specific value for said first and second visually perceptible elements has an unpredictable element;
orwherein said common specific value for said first and second visually perceptible elements varies in time;
orwherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another;
orwherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another;
orwherein said common specific value for said first and second visually perceptible elements varies from one user to another.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus, methods and systems to secure remotely accessible applications using authentication devices are disclosed. More in particular apparatus, methods and systems are disclosed for thwarting overlay attacks against authentication applications for displaying transaction data and for generating signatures over these transaction data.
6 Citations
19 Claims
-
1. A method to secure an interaction session of a user with a remotely accessible computer-based application, the method comprising performing at a personal computing device the steps of:
-
obtaining transaction data related to said interaction session; displaying, by an authentication application running on the personal computing device, the obtained transaction data on a first area of a display of the personal computing device for review by the user; obtaining a dynamic credential associated with the transaction data; making, by the authentication application, the dynamic credential available for verification using a second area of the display of the personal computing device; and creating a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay windows; wherein said common specific value for said first and second visually perceptible elements has an unpredictable element;
orwherein said common specific value for said first and second visually perceptible elements varies in time;
orwherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another;
orwherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another;
orwherein said common specific value for said first and second visually perceptible elements varies from one user to another. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A personal computing device to secure an interaction session of a user of the personal computing device with a remotely accessible computer-based application, the personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
- wherein the authentication application is configured to cause the personal computing device to;
obtain transaction data related to said interaction session; display the obtained transaction data on a first area of a display of the personal computing device for review by the user; obtain a dynamic credential associated with the transaction data; make the dynamic credential available for verification using a second area of the display of the personal computing device; and create a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay window; wherein said common specific value for said first and second visually perceptible elements has an unpredictable element;
orwherein said common specific value for said first and second visually perceptible elements varies in time;
orwherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another;
orwherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another;
orwherein said common specific value for said first and second visually perceptible elements varies from one user to another.
- wherein the authentication application is configured to cause the personal computing device to;
-
19. A system to secure a user'"'"'s interaction session with a remotely accessible computer-based application, the system comprising:
- a remote application server for hosting the remotely accessible computer-based application, an access device for allowing said user'"'"'s interaction session with a remotely accessible computer-based application, a credential verification server for verifying the validity of a dynamic credential associated with transaction data of the remotely accessible computer-based application, and a personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
wherein the authentication application is configured to cause the personal computing device to;obtain transaction data related to said interaction session; display the obtained transaction data on a first area of a display of the personal computing device for review by the user; obtain a dynamic credential associated with the transaction data; make the dynamic credential available for verification using a second area of the display of the personal computing device; and create a visually perceptible continuity between the first area and the second area by giving a first visually perceptible element of the first area and a second visually perceptible element of the second area the same common specific value, such that the presence of an overlay window that is not displayed by the authentication application and that partially or entirely hides or obscures the first area and that doesn'"'"'t have a third visually perceptible element with the same value as said common specific value for said first and second visually perceptible elements causes a visually perceptible discontinuity between the overlay window and the second area alerting the user to the presence of said overlay window; wherein said common specific value for said first and second visually perceptible elements has an unpredictable element;
orwherein said common specific value for said first and second visually perceptible elements varies in time;
orwherein said common specific value for said first and second visually perceptible elements varies from one interaction session to another;
orwherein said common specific value for said first and second visually perceptible elements varies from one personal computing device to another;
orwherein said common specific value for said first and second visually perceptible elements varies from one user to another.
- a remote application server for hosting the remotely accessible computer-based application, an access device for allowing said user'"'"'s interaction session with a remotely accessible computer-based application, a credential verification server for verifying the validity of a dynamic credential associated with transaction data of the remotely accessible computer-based application, and a personal computing device comprising a display for displaying information to the user, a user input interface for receiving inputs from the user, a memory component storing an operating system software and an authentication application software, and a data processing component for running the operating system software and the authentication application;
Specification