Second factor authorization via a hardware token device
First Claim
Patent Images
1. A method for providing second factor authorization using a hardware token device, the method comprising:
- receiving, by one or more computer processors, a credential from a user device, wherein the credential is an application programming interface key;
providing, by one or more computer processors, based on a hardware token device generated one-time password and a key identification associated with the hardware token device, a continuous secure access to a website associated with the received credential, wherein providing the continuous secure access to the website comprises;
linking, by the one or more computer processors, a username associated with the credential to the key identification;
generating, by the one or more computer processors, a first access token and a first refresh token; and
allowing, by the one or more computer processors, secure access to the website via the key identification associated with the hardware token device and the first access token and the first refresh token;
responsive to after the first access token expiring, receiving, by the one or more computer processors, the first access token from the user device;
sending, by the one or more computer processors, a request to the user device to send the first refresh token;
receiving, by the one or more computer processors, the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device;
validating, by the one or more computer processors, the first refresh token;
determining, by the one or more computer processors, the username associated with the first refresh token;
retrieving, by the one or more computer processors, the key identification from the linked username and key identification;
validating, by the one or more computer processors, the second one-time password;
generating, by the one or more computer processors, a second access token and a second refresh token;
sending, by the one or more computer processors, the second access token and the second refresh token to the user device; and
maintaining, by one or more computer processors, the continuous secure access to the website via the key identification associated with the hardware token device, the first one-time password, a set of additional one-time passwords, a set of additional access tokens, and a set of additional refresh tokens.
1 Assignment
0 Petitions
Accused Products
Abstract
A credential associated with a username is received from a user. The credential is verified. A key identification and a first one-time password are received from a hardware token device. In response to validating the first one-time password, the username is linked to the key identification. A first access token and a first refresh token are generated. The first access token and the first refresh token are sent to the user.
30 Citations
14 Claims
-
1. A method for providing second factor authorization using a hardware token device, the method comprising:
-
receiving, by one or more computer processors, a credential from a user device, wherein the credential is an application programming interface key; providing, by one or more computer processors, based on a hardware token device generated one-time password and a key identification associated with the hardware token device, a continuous secure access to a website associated with the received credential, wherein providing the continuous secure access to the website comprises; linking, by the one or more computer processors, a username associated with the credential to the key identification; generating, by the one or more computer processors, a first access token and a first refresh token; and allowing, by the one or more computer processors, secure access to the website via the key identification associated with the hardware token device and the first access token and the first refresh token; responsive to after the first access token expiring, receiving, by the one or more computer processors, the first access token from the user device; sending, by the one or more computer processors, a request to the user device to send the first refresh token; receiving, by the one or more computer processors, the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device; validating, by the one or more computer processors, the first refresh token; determining, by the one or more computer processors, the username associated with the first refresh token; retrieving, by the one or more computer processors, the key identification from the linked username and key identification; validating, by the one or more computer processors, the second one-time password; generating, by the one or more computer processors, a second access token and a second refresh token; sending, by the one or more computer processors, the second access token and the second refresh token to the user device; and maintaining, by one or more computer processors, the continuous secure access to the website via the key identification associated with the hardware token device, the first one-time password, a set of additional one-time passwords, a set of additional access tokens, and a set of additional refresh tokens. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer storage medium device for providing second factor authorization using a hardware token device, the computer storage medium device comprising:
-
one or more computer readable storage media; and program instructions stored on the one or more computer readable storage media, the program instructions comprising; the program instructions to receive a credential from a user device, wherein the credential is an application programming interface key; the program instructions to provide, based on a hardware token device generated one-time password and a key identification associated with the hardware token device, a continuous secure access to a website associated with the received credential, wherein providing the continuous secure access to the website comprises; the program instructions to link a username associated with the credential to the key identification; the program instructions to generate a first access token and a first refresh token; and the program instructions to allow secure access to the website via the key identification associated with the hardware token device and the first access token and the first refresh token; the program instructions to, responsive to after the first access token expiring, receive the first access token from the user device; the program instructions to send a request to the user device to send the first refresh token; the program instructions to receive the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device; the program instructions to validate the first refresh token; the program instructions to determine the username associated with the first refresh token; the program instructions to retrieve the key identification from the linked username and key identification; the program instructions to validate the second one-time password; the program instructions to generate a second access token and a second refresh token; the program instructions to send the second access token and the second refresh token to the user device; and the program instructions to maintain the continuous secure access to the website via the key identification associated with the hardware token device, the first one-time password, a set of additional one-time passwords, a set of additional access tokens, and a set of additional refresh tokens. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer system for providing second factor authorization using a hardware token device, the computer system comprising:
-
one or more computer processors; one or more computer readable storage media; and program instructions stored on the one or more computer readable storage media for execution by the at least one of the one or more computer processors, the program instructions comprising; the program instructions to receive a credential from a user device, wherein the credential is an application programming interface key; the program instructions to provide, based on a hardware token device generated one-time password and a key identification associated with the hardware token device, a continuous secure access to a website associated with the received credential, wherein providing the continuous secure access to the website comprises; the program instructions to link a username associated with the credential to the key identification; the program instructions to generate a first access token and a first refresh token; and the program instructions to allow secure access to the website via the key identification associated with the hardware token device and the first access token and the first refresh token; the program instructions to, responsive to after the first access token expiring, receive the first access token from the user device; the program instructions to send a request to the user device to send the first refresh token; the program instructions to receive the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device; the program instructions to validate the first refresh token; the program instructions to determine the username associated with the first refresh token; the program instructions to retrieve the key identification from the linked username and key identification; the program instructions to validate the second one-time password; the program instructions to generate a second access token and a second refresh token; the program instructions to send the second access token and the second refresh token to the user device; and the program instructions to maintain the continuous secure access to the website via the key identification associated with the hardware token device, the first one-time password, a set of additional one-time passwords, a set of additional access tokens, and a set of additional refresh tokens. - View Dependent Claims (12, 13, 14)
-
Specification