Method for authenticating a user device during the process of logging into a server

US 10,546,115 B2
Filed: 10/15/2015
Issued: 01/28/2020
Est. Priority Date: 10/24/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating a user device assigned to a user during the process of logging into a server, wherein the user device belongs to a user device group known to the server and has a user ID as well as a password that are known to the server, the method comprising:

generating input requests by the server that are only valid for a defined length of time, and displaying these input requests in sequence, one at a time, on a login screen;

the user device reading a first input request of the input requests that is displayed at the time of the login and calculating a response using the first input request, its password, and a current time;

the user device transmitting the calculated response to the login screen without also transmitting the user ID;

transmitting the response by the login screen to the server without also transmitting the user ID;

calculating by the server a first respective response for at least part of the user device group, using the first input request displayed at the time of the login, the password of the user device, and the current time, and comparing the first respective response calculated by the server to the response transmitted by the user device;

confirming by the server the authentication for the user device in response to the first respective response calculated by the server matching the response to the first input request transmitted by the user device;

generating a second input request of the input requests by the server for display on the login screen after the confirming of the first respective response matches the response to the first input request;

the user device calculating a response using the second input request;

transmitting the response to the second input request to the server; and

the server logging in the user device that transmitted the response that matches the first respective response calculated by the server after the response to the second input request is determined to match a second respective response to the second input request that is calculated by the server.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system and method for authenticating a user device associated with a user during the process of logging into a server. The server can generate input requests each of which is valid only during a defined time period, and displays said input requests in succession in a login screen. The user device reads in the input request displayed at the time of the login and calculates a response by using said input request, the password of the user device, and the current time. The user device transmits the calculated response to the login screen and the response is transmitted by the login screen to the server. The server confirms the authentication when the response calculated by the server matches the response transmitted by the user device.

14 Citations

19 Claims

1. A computer-implemented method for authenticating a user device assigned to a user during the process of logging into a server, wherein the user device belongs to a user device group known to the server and has a user ID as well as a password that are known to the server, the method comprising:
- generating input requests by the server that are only valid for a defined length of time, and displaying these input requests in sequence, one at a time, on a login screen;
  
  the user device reading a first input request of the input requests that is displayed at the time of the login and calculating a response using the first input request, its password, and a current time;
  
  the user device transmitting the calculated response to the login screen without also transmitting the user ID;
  
  transmitting the response by the login screen to the server without also transmitting the user ID;
  
  calculating by the server a first respective response for at least part of the user device group, using the first input request displayed at the time of the login, the password of the user device, and the current time, and comparing the first respective response calculated by the server to the response transmitted by the user device;
  
  confirming by the server the authentication for the user device in response to the first respective response calculated by the server matching the response to the first input request transmitted by the user device;
  
  generating a second input request of the input requests by the server for display on the login screen after the confirming of the first respective response matches the response to the first input request;
  
  the user device calculating a response using the second input request;
  
  transmitting the response to the second input request to the server; and
  
  the server logging in the user device that transmitted the response that matches the first respective response calculated by the server after the response to the second input request is determined to match a second respective response to the second input request that is calculated by the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1,wherein the generating of the second input request of the input requests by the server for display on the login screen occurs after a predefined waiting time period and the second input request is only valid for a defined length of time after the predefined waiting period;
    - wherein the second input request is displayed at a time after the predefined waiting period and the calculating of the response to the second input request uses the second input request, the password of the user device, and a current time;
      
      wherein the transmitting of the response to the second input request to the server includes;
      
      the user device transmitting the calculated response for the second input request to the login screen; and
      
      transmitting the response to the second input request by the login screen to the server;
      
      calculating by the server the second respective response for at least part of the user device group using the second input request, the password of the user device, and the current time, and comparing the second respective response calculated by the server to the response to the second input request transmitted by the user device;
      
      confirming by the server the authentication for each user device for which the second respective response calculated by the server matches the response to the second input request transmitted by the user device.
  - 3. The method of claim 1, wherein the server calculates only a single second respective response for comparing the second respective response to the response to the second input request transmitted by the user device.
  - 4. The method of claim 1, wherein the times used in calculating the input requests each comprise a defined time window that is configured such that the response calculated by the user device is sendable back to the server within this time window, wherein the time window is 30-60 seconds long.
  - 5. The method of claim 1, further comprising steps of:
    - calculating, by the server, a third respective response for at least part of the user device group, using the second input request, the password of the user device, and a time that was valid during the second input request.
  - 6. The method of claim 1, comprising generating a QR code and displaying the QR code as the first input request.
  - 7. The method of claim 1, wherein a random number is used to calculate the first input request, the method also comprising substituting a random number for the current time for generating the first input request, wherein said random number is valid only for a defined length of time.

8. A non-transitory computer readable medium having code that, when executed, defines a method performed by a server that executes the code, the method comprising:
- generating input requests by the server that are only valid for a defined length of time, and displaying these input requests in sequence, one at a time, on a login screen so that each of the input requests is readable by a user device at a time of logging in to the server;
  
  in response to the server receiving a calculated response to a first input request of the input requests from the user device that was transmitted via the login screen in which the response to the first input request was generated based on the first input request displayed via the login screen, a password of the user device, and a current time, the server calculating a first respective response for at least part of a user device group to which the user device is assigned using the first input request, a password of the user device, and a current time, and comparing the first respective response calculated by the server to the response to the first input request transmitted by the user device;
  
  confirming by the server the authentication for the user device when the first respective response calculated by the server matches the response to the first input request transmitted by the user device;
  
  generating a second input request of the input requests by the server for display on the login screen after the confirming of the first respective response matching the response to the first input request;
  
  transmitting the second input request for display on the login screen; and
  
  the server logging in the user device that transmitted the response to the first input request that matches the first respective response calculated by the server after a response to the second input request from the user device is determined to match a second respective response to the second input request calculated by the server.
- View Dependent Claims (9, 18, 19)
- - 9. The non-transitory computer readable medium of claim 8, wherein the code is program code that is executable by at least one processor.
  - 18. The non-transitory computer readable medium of claim 8, whereinthe transmitting of the second input request for display on the login screen occurs after a predefined waiting time period;
    - and the method also comprises;
      
      in response to receiving the response to the second input request from the user device, the server calculating the second respective response for at least part of the user device group using the second input request, the password of the user device, and the current time, and comparing the second respective response calculated by the server to the response to the second input request transmitted by the user device; and
      
      confirming by the server the authentication for the user device when the second respective response calculated by the server matches the response to the second input request transmitted by the user device.
  - 19. The non-transitory computer readable medium of claim 8, wherein the method also comprises:
    - calculating, by the server, a third respective response for at least part of the user device group, using the second input request;
      
      confirming, by the server, the authentication for the user device when the third respective response calculated by the server matches the response to the second input request that was transmitted by the user device.

10. A computer system for authenticating a user device assigned to a user during the process of logging into a server, comprising:
- a server for generating input requests that are valid only for a defined length of time, storing user IDs and passwords, and calculating responses to the input requests;
  
  multiple user devices, each of which belongs to a user device group and has both a user ID and a password and each of which can calculate a response to the input requests, the multiple user devices including a first user device; and
  
  a login screen assigned to the server for displaying the input requests and inputting the calculated responses,wherein the server comprises a non-transitory memory and a controller configured to;
  
  generate input requests that are only valid for a defined length of time to display these input requests in sequence, one at a time, on the login screen so that each of the input requests is readable by the user devices at a time of logging in to the server;
  
  in response to the server receiving a calculated response to a first input request of the input requests from the first user device that was transmitted via the login screen, calculate a first respective response for at least part of a user device group to which the first user device is assigned using the first input request, the password of the first user device, and a current time, and comparing the first respective response calculated by the server to the response to the first input request transmitted by the first user device;
  
  confirming authentication for the first user device for which the first respective response calculated by the server matches the response to the first input request transmitted by the first user device;
  
  generate a second input request of the input requests by the server for display on the login screen after confirmation of the first respective response matching the response to the first input request;
  
  transmit the second input request for display on the login screen; and
  
  login the first user device that transmitted the response to the first input request that matches the first respective response calculated by the server after a response to the second input request is determined to match a second respective response to the second input request calculated by the server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer system of claim 10, wherein the controller is also configured so that prior to the server logging in the first user device that transmitted the response to the first input request that matches the first respective response calculated by the server, the server waits a predetermined waiting period before transmitting the second input request, and,in response to receiving the response to the second input request transmitted by the first user device via the login screen, the server calculates the second respective response for at least part of the user device group using the second input request, the password of the first user device, and a current time, and compares the second respective response calculated by the server to the response to the second input request transmitted by the first user device;
    - andthe server confirms the authentication for the first user device in response to the second respective response calculated by the server matching the response to the second input request transmitted by the first user device.
  - 12. The computer system of claim 11, wherein the first user device is a smart phone.
  - 13. The computer system of claim 10, wherein the controller calculates a third respective response for at least part of the user device group using the second input request, the password of the first user device, and a time that was valid during the second input request, and also compares the third respective response to a response to the earlier second input request that was transmitted by the first user device;
    - andwherein logging in the first user device that transmitted the response to the first input request that matches the first respective response occurs after the response to the second input request matches the third respective response calculated by the server.
  - 14. The computer system of claim 10, wherein the first input request comprises a QR code.
  - 15. The computer system of claim 10, wherein the current time is used for generation of the first input request.
  - 16. The computer system of claim 10, wherein a random number that is only valid for a defined length of time is used for generation of the first input request.
  - 17. The computer system of claim 10, wherein the response to the first input request received from the first user device that was transmitted via the login screen was provided to the server without the user ID for the first user device also being transmitted with the response to the first input request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RingCentral Incorporated
Original Assignee
Unify GmbH & Co. KG (Atos SE)
Inventors
Lederer, Thomas
Primary Examiner(s)
Wright, Bryan F

Application Number

US15/520,778
Publication Number

US 20170316198A1
Time in Patent Office

1,566 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 2221/2103   Challenge-response

G06F 2221/2137   Time limited access, e.g. t...

G09C 5/00   Ciphering apparatus or meth...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

Method for authenticating a user device during the process of logging into a server

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method for authenticating a user device during the process of logging into a server

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links