Authentication of access request of a device and protecting confidential information
First Claim
1. A method for requesting access to a resource, comprising:
- receiving, by an application executing on a user device, order data and a signature based on the order data, the order data and the signature being received from an access device, the order data being for an order made via the access device to a request computer, wherein the signature is generated by the request computer using the order data, a shared secret key, and a second fingerprint of the access device, wherein the shared secret key is shared between the request computer and an authentication server;
obtaining, by the application, a selection of a credential routine from a plurality of credential routines installed on the user device, wherein each of the plurality of credential routines have access to a different stored credential corresponding to a different service for obtaining access to the resource;
requesting, by the application, a stored credential from the selected credential routine;
obtaining, by the application, the stored credential from the credential routine installed on the user device; and
sending, by the application to the authentication server, an access request including the order data, the signature, and the stored credential, the access request being a request for access to the resource, wherein the authentication server stores a first fingerprint of the access device received during a registration process with the access device, generates a second signature using the order data, the first fingerprint of the access device, and the shared secret key, compares the second signature to the signature received from the application, verifies the signature based on the comparison to the second signature, and provides a response to the access request based on the verifying of the signature.
1 Assignment
0 Petitions
Accused Products
Abstract
The systems and methods described herein enable an application on a user device to securely request access to a resource for an order using a selected credential routine. The application can receive order data and a signature based on the order data from an access device. The application can include an interface for selecting a particular credential routine from a plurality of credential routines that can be used to obtain the credential for accessing the resource. Instead of requesting access to the resource via the access device, the application can communicate with an authentication server that can verify the signature based on the order data and obtain authorization of the credential. Thus, the application can select a credential routine and credential for accessing a resource through secure communications with the authentication server.
-
Citations
18 Claims
-
1. A method for requesting access to a resource, comprising:
-
receiving, by an application executing on a user device, order data and a signature based on the order data, the order data and the signature being received from an access device, the order data being for an order made via the access device to a request computer, wherein the signature is generated by the request computer using the order data, a shared secret key, and a second fingerprint of the access device, wherein the shared secret key is shared between the request computer and an authentication server; obtaining, by the application, a selection of a credential routine from a plurality of credential routines installed on the user device, wherein each of the plurality of credential routines have access to a different stored credential corresponding to a different service for obtaining access to the resource; requesting, by the application, a stored credential from the selected credential routine; obtaining, by the application, the stored credential from the credential routine installed on the user device; and sending, by the application to the authentication server, an access request including the order data, the signature, and the stored credential, the access request being a request for access to the resource, wherein the authentication server stores a first fingerprint of the access device received during a registration process with the access device, generates a second signature using the order data, the first fingerprint of the access device, and the shared secret key, compares the second signature to the signature received from the application, verifies the signature based on the comparison to the second signature, and provides a response to the access request based on the verifying of the signature. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for authenticating an access request, comprising:
-
receiving, by an authentication server, a first fingerprint of an access device during a registration process with the access device; storing, by the authentication server, the first fingerprint of the access device; storing, by the authentication server, a shared secret key that is shared with a request computer; receiving, by the authentication server from an application of a user device, an access request including order data, a signature based on the order data, and a credential, wherein the order data is for an order made via the access device to the request computer, wherein the signature is generated by the request computer using the order data, the shared secret key and a second fingerprint of the access device, wherein the credential is stored on the user device, the credential being obtained from a credential routine installed on the user device; generating, by the authentication server, a second signature using the order data, the first fingerprint of the access device, and the shared secret key; comparing, by the authentication server, the second signature to the signature received from the application; verifying, by the authentication server, the signature using the order data and the shared secret key that is stored at the authentication server, the verifying of the signature is based on the comparison of the second signature to the signature received from the application; obtaining, by the authentication server, authorization of the access request based on the verifying of the signature; and sending, by the authentication server to the application, a response to the access request based on the verifying of the signature and the obtaining of the authorization. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A user device, comprising:
-
a computer readable storage medium storing a plurality of instructions; and one or more processors for executing the instructions stored on the computer readable storage medium to; receive, by an application, order data and a signature based on the order data, the order data and the signature being received from an access device, the order data being for an order made via the access device to a request computer, wherein the signature is generated by the request computer using the order data, a shared secret key, and a second fingerprint of the access device, wherein the shared secret key is shared between the request computer and an authentication server; obtain, by the application, a selection of a credential routine from a plurality of credential routines installed on the user device, wherein each of the plurality of credential routines have access to a different stored credential corresponding to a different service for obtaining access to a resource; request, by the application, a stored credential from the selected credential routine; obtain, by the application, the stored credential from the credential routine installed on the user device; and sending, by the application to the authentication server, an access request including the order data, the signature, and the stored credential, the access request being a request for access to the resource, wherein the access request causes the authentication server to store a first fingerprint of the access device received during a registration process with the access device, generate a second signature using the order data, the first fingerprint of the access device, and the shared secret key, compare the second signature to the signature received from the application, verify the signature based on the comparison to the second signature, and provide a response to the access request based on the verifying of the signature. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification