Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment

US 10,484,376 B1
Filed: 07/05/2018
Issued: 11/19/2019
Est. Priority Date: 01/26/2015
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment comprising:

(a) receiving, via a secure transmission in the wireless network, from the user device associated with the user at a first server subsystem associated with a first ip address, an electronic login request comprising login credential data comprising an alphanumeric text sequence;

(b) verifying, by the first server subsystem, the login credential data is valid login credential data, wherein the login credential data is verified if the login credential data is valid login credential data;

(c) in the case where the login credential data is verified, generating, at the first server subsystem;

(1) a first payload used to authenticate the user device associated with the user, comprising login credential verification information and a first session identifier; and

(2) a first digital signature of the first server subsystem comprising a first hash of the first payload, the first hash being encrypted using a first identity provider sub-system private key;

(d) transmitting, from the first server subsystem to the user device via the secure transmission over the wireless network, the first payload and the first digital signature;

(e) receiving, from the user device via the secure transmission over the wireless network at the first server subsystem;

(1) a second payload comprising the first session identifier and a first one-time token generated by the user device using a shared secret seed; and

(2) a second digital signature of the user device comprising a second hash of the second payload;

(f) verifying, by the first server subsystem, the second payload including the first session identifier and the one-time token;

(g) in the case where the second payload is verified, authorizing, by the first server subsystem, the user device to communicate with a second server subsystem associated with a second ip address via the first server subsystem; and

(h) securely transmitting, from the user device via the secure transmission over the wireless network and the first server subsystem to the second server subsystem, a third payload, and a third digital signature.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.

415 Citations

11 Claims

1. A method for authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment comprising:
- (a) receiving, via a secure transmission in the wireless network, from the user device associated with the user at a first server subsystem associated with a first ip address, an electronic login request comprising login credential data comprising an alphanumeric text sequence;
  
  (b) verifying, by the first server subsystem, the login credential data is valid login credential data, wherein the login credential data is verified if the login credential data is valid login credential data;
  
  (c) in the case where the login credential data is verified, generating, at the first server subsystem;
  
  (1) a first payload used to authenticate the user device associated with the user, comprising login credential verification information and a first session identifier; and
  
  (2) a first digital signature of the first server subsystem comprising a first hash of the first payload, the first hash being encrypted using a first identity provider sub-system private key;
  
  (d) transmitting, from the first server subsystem to the user device via the secure transmission over the wireless network, the first payload and the first digital signature;
  
  (e) receiving, from the user device via the secure transmission over the wireless network at the first server subsystem;
  
  (1) a second payload comprising the first session identifier and a first one-time token generated by the user device using a shared secret seed; and
  
  (2) a second digital signature of the user device comprising a second hash of the second payload;
  
  (f) verifying, by the first server subsystem, the second payload including the first session identifier and the one-time token;
  
  (g) in the case where the second payload is verified, authorizing, by the first server subsystem, the user device to communicate with a second server subsystem associated with a second ip address via the first server subsystem; and
  
  (h) securely transmitting, from the user device via the secure transmission over the wireless network and the first server subsystem to the second server subsystem, a third payload, and a third digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the alphanumeric text sequence comprises a phone number associated with the user device associated with the user.
  - 3. The method of claim 1, wherein the alphanumeric text sequence comprises user device information, the user device information being associated with the user device.
  - 4. The method of claim 3, wherein the user device information comprises a serial number of the user device.
  - 5. The method of claim 1, wherein the secure transmission is using secure socket protocol.
  - 6. The method of claim 1, wherein the first session identifier comprises time stamp information.
  - 7. The method of claim 1, wherein the first session identifier is generated by the first server subsystem using time stamp information.
  - 8. The method of claim 7, wherein the time stamp information comprises a time at which the first payload was generated.
  - 9. The method of claim 7, wherein the time stamp information comprises a time at which the first payload was configured.
  - 10. The method of claim 7, wherein the time stamp information comprises a time at which the electronic request was received.
  - 11. The method of claim 1, wherein the third payload comprises the first session identifier, the first one-time token, and a second one-time token generated by the user device using the shared secret seed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemini IP LLC (IPNav)
Original Assignee
Winklevoss IP LLC
Inventors
Laucius, Andrew, Paya, Cem, Winer, Eric
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US16/028,124
Time in Patent Office

502 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/64   Protecting data integrity, ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/321   involving a third party or ...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

415 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

415 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links