System and method for authenticating users

US 10,484,344 B2
Filed: 12/07/2018
Issued: 11/19/2019
Est. Priority Date: 03/25/2009
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A system for authenticating a user, comprising:

a computing device configured by an application running on a processing unit of the computing device to generate a secret in response to the computing device receiving a unique user input, and to store said secret at the computing device along with an identifier so as to be retrievable when said unique user input is again provided by the user of the computing device;

a remote computer-based station configured to send the computing device a first communication, said first communication including said identifier associated with the secret,wherein the computing device is further configured by the application running on the computing device to (i) prompt the user of the computing device for said unique user input, (ii) verify said unique user input in response to receiving said unique user input, and (iii) in response to verifying said unique user input, transmit to the remote computer-based station a second communication encoded using the secret, and the remote computer-based station is further configured to receive and process the second communication to authenticate the user.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.

67 Citations

14 Claims

1. A system for authenticating a user, comprising:
- a computing device configured by an application running on a processing unit of the computing device to generate a secret in response to the computing device receiving a unique user input, and to store said secret at the computing device along with an identifier so as to be retrievable when said unique user input is again provided by the user of the computing device;
  
  a remote computer-based station configured to send the computing device a first communication, said first communication including said identifier associated with the secret,wherein the computing device is further configured by the application running on the computing device to (i) prompt the user of the computing device for said unique user input, (ii) verify said unique user input in response to receiving said unique user input, and (iii) in response to verifying said unique user input, transmit to the remote computer-based station a second communication encoded using the secret, and the remote computer-based station is further configured to receive and process the second communication to authenticate the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the secret comprises an encryption key and the computing device is further configured by the application to store the encryption key on the computing device along with other information and to use the identifier to distinguish the encryption key from the other information.
  - 3. The system of claim 1, wherein the computing device comprises a mobile computing device.
  - 4. The system of claim 3, wherein the mobile computing device is further configured by the application to await receipt of an invitation to create the secret prior to generating the secret.
  - 5. The system of claim 1, wherein the computing device is further configured by the application to store the secret on the computing device in an encrypted format.
  - 6. The system of claim 1, wherein the unique user input comprises user credentials.
  - 7. The system of claim 1, wherein the first communication and the first and second communications comprise two related communications of a communication session.
  - 8. The system of claim 1, wherein the computing device is further configured by the application to await receipt of an invitation to create the secret prior to generating the secret.
  - 9. The system of claim 7, wherein the remote computer-based station is further configured to transmit the invitation to create the secret.
  - 10. The system of claim 4, wherein the secret comprises an encryption key and the computing device is further configured by the application to store the encryption key on the computing device along with other information and to use the identifier to distinguish the encryption key from the other information.
  - 11. The system of claim 4, wherein the first communication comprises a request for user credentials of the user of the computing device.
  - 12. The system of claim 4, wherein the computing device is further configured by the application to await receipt of the invitation to create the secret from the remote computer-based station.
  - 13. The system of claim 4, wherein the first and second communications comprise two related communications of a communication session.

14. A remote computer-based station, comprising:
- a processor and a memory communicatively coupled to the processor, the memory storing an identifier received from a mobile device, and further storing instructions for execution by the processor, which instructions when executed by the processor cause the processor to performing steps including;
  
  sending a first communication to the mobile device that includes the identifier,receiving a second communication from the mobile device that is encoded using a secret that was generated according to a unique user input by an application running on the mobile device, said secret associated with the identifier;
  
  attempting to process the second communication by decoding it using security parameters associated with the identifier;
  
  authenticating the mobile device if the second communication is able to be decoded; and
  
  denying authentication to the mobile device if the second communication is not able to be decoded.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
PACid Technologies, LLC
Original Assignee
PACid Technologies, LLC
Inventors
Fielder, Guy
Primary Examiner(s)
Shaw, Brian F

Application Number

US16/213,025
Publication Number

US 20190173855A1
Time in Patent Office

347 Days
Field of Search

713168, 713169, 713171, 713181, 713189, 370338, 709204
US Class Current
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 2221/2123   Dummy operation

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0428   wherein the data content is...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H05K 999/99   dummy group

System and method for authenticating users

First Claim

1 Assignment

Litigations

0 Petitions

Accused Products

Abstract

67 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

System and method for authenticating users

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others