Systems and methods for securing push authentications

US 10,462,113 B1
Filed: 09/27/2017
Issued: 10/29/2019
Est. Priority Date: 09/27/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for securing push authentications, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

receiving, by a security service and from a security service relying party, a push authentication for a user that the security service relying party encrypted using a public key assigned to a client device of the user, the push authentication including a core message that is encrypted by the security service relying party based on a correct answer to a challenge-response question;

forwarding, by the security service, the push authentication to the client device of the user;

receiving, by the security service, a response to the push authentication from the client device of the user; and

forwarding, by the security service, the response to the push authentication from the client device of the user to the security service relying party.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for securing push authentications may include (i) receiving, by a security service and from a security service relying party, a push authentication for a user that the security service relying party encrypted using a public key assigned to a client device of the user, (ii) forwarding, by the security service, the push authentication to the client device of the user, (iii) receiving, by the security service, a response to the push authentication from the client device of the user, and (iv) forwarding, by the security service, the response to the push authentication from the client device of the user to the security service relying party. Various other methods, systems, and computer-readable media are also disclosed.

Citations

20 Claims

1. A computer-implemented method for securing push authentications, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- receiving, by a security service and from a security service relying party, a push authentication for a user that the security service relying party encrypted using a public key assigned to a client device of the user, the push authentication including a core message that is encrypted by the security service relying party based on a correct answer to a challenge-response question;
  
  forwarding, by the security service, the push authentication to the client device of the user;
  
  receiving, by the security service, a response to the push authentication from the client device of the user; and
  
  forwarding, by the security service, the response to the push authentication from the client device of the user to the security service relying party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising, prior to receiving the push authentication for the user:
    - receiving, from the client device, the public key of the client device after the client device generated the public key and a corresponding private key during a key-pair provisioning procedure; and
      
      indexing the public key of the client device such that the security service relying party can look up the public key using a security service credential of the user as an indexed key.
  - 3. The computer-implemented method of claim 1, wherein the security service receives the push authentication in response to providing the public key to the security service relying party.
  - 4. The computer-implemented method of claim 1, wherein forwarding the push authentication to the client device of the user comprises:
    - transmitting a transaction identifier to the client device;
      
      receiving, from the client device, a request for the push authentication;
      
      authenticating the request for the push authentication based on a secret shared between the security service and the client device; and
      
      transmitting the push authentication to the client device in response to authenticating the request for the push authentication.
  - 5. The computer-implemented method of claim 4, wherein the transaction identifier is transmitted to the client device through a push notification feature provided by a mobile device operating system of the client device.
  - 6. The computer-implemented method of claim 1, wherein the correct answer to the challenge-response question is kept private from the security service such that the security service is prevented from reading the core message of the push authentication.
  - 7. The computer-implemented method of claim 6, wherein the correct answer to the challenge-response question is based on a user session of the user with the security service relying party through dynamic knowledge-based authentication.
  - 8. The computer-implemented method of claim 1, wherein the correct answer to the challenge-response question indicates at least one of:
    - an item of personally identifiable information of the user; and
      
      an account number of the user with the security service relying party.
  - 9. The computer-implemented method of claim 1, wherein the core message of the push authentication prompts the user to approve a transaction at the security service relying party.
  - 10. The computer-implemented method of claim 9, wherein:
    - the response to the push authentication approves the transaction at the security service relying party; and
      
      the security service relying party completes the transaction in response to receiving the response to the push authentication from the client device of the user.

11. A system for securing push authentications, the system comprising:
- a reception module, stored in memory, that receives, for a security service and from a security service relying party, a push authentication for a user that the security service relying party encrypted using a public key assigned to a client device of the user, the push authentication including a core message that is encrypted by the security service relying party based on a correct answer to a challenge-response question;
  
  a forwarding module, stored in memory, that forwards, for the security service, the push authentication to the client device of the user;
  
  wherein;
  
  the reception module receives, for the security service, a response to the push authentication from the client device of the user;
  
  the forwarding module forwards, for the security service, the response to the push authentication from the client device of the user to the security service relying party; and
  
  at least one physical processor configured to execute the reception module and the forwarding module.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein, prior to receiving the push authentication for the user, the reception module further:
    - receives, from the client device, the public key of the client device after the client device generated the public key and a corresponding private key during a key-pair provisioning procedure; and
      
      indexes the public key of the client device such that the security service relying party can look up the public key using a security service credential of the user as an indexed key.
  - 13. The system of claim 11, wherein the reception module receives the push authentication in response to providing the public key to the security service relying party.
  - 14. The system of claim 11, wherein the forwarding module forwards the push authentication to the client device of the user at least in part by:
    - transmitting a transaction identifier to the client device;
      
      receiving, from the client device, a request for the push authentication;
      
      authenticating the request for the push authentication based on a secret shared between the security service and the client device; and
      
      transmitting the push authentication to the client device in response to authenticating the request for the push authentication.
  - 15. The system of claim 14, wherein the transaction identifier is transmitted to the client device through a push notification feature provided by a mobile device operating system of the client device.
  - 16. The system of claim 11, wherein the correct answer to the challenge-response question is kept private from the security service such that the security service is prevented from reading the core message of the push authentication.
  - 17. The system of claim 16, wherein the correct answer to the challenge-response question is based on a user session of the user with the security service relying party through dynamic knowledge-based authentication.
  - 18. The system of claim 11, wherein the correct answer to the challenge-response question indicates at least one of:
    - an item of personally identifiable information of the user; and
      
      an account number of the user with the security service relying party.
  - 19. The system of claim 11, wherein the core message of the push authentication prompts the user to approve a transaction at the security service relying party.

20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- receive, by a security service and from a security service relying party, a push authentication for a user that the security service relying party encrypted using a public key assigned to a client device of the user, the push authentication including a core message that is encrypted by the security service relying party based on a correct answer to a challenge-response question;
  
  forward, by the security service, the push authentication to the client device of the user;
  
  receive, by the security service, a response to the push authentication from the client device of the user; and
  
  forward, by the security service, the response to the push authentication from the client device of the user to the security service relying party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Venkataramani, Srinath
Primary Examiner(s)
Pich, Ponnoreay

Application Number

US15/717,320
Time in Patent Office

762 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3215   using a plurality of channe...

H04L 9/3271   using challenge-response

Systems and methods for securing push authentications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for securing push authentications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links