Second factor authorization via a hardware token device

US 10,554,641 B2
Filed: 02/27/2017
Issued: 02/04/2020
Est. Priority Date: 02/27/2017
Status: Active Grant

First Claim

Patent Images

1. A method for providing second factor authorization using a hardware token device, the method comprising:

receiving, by one or more computer processors, a credential from a user device, wherein the credential is an application programming interface key;

providing, by one or more computer processors, based on a hardware token device generated one-time password and a key identification associated with the hardware token device, a continuous secure access to a website associated with the received credential, wherein providing the continuous secure access to the website comprises;

linking, by the one or more computer processors, a username associated with the credential to the key identification;

generating, by the one or more computer processors, a first access token and a first refresh token; and

allowing, by the one or more computer processors, secure access to the website via the key identification associated with the hardware token device and the first access token and the first refresh token;

responsive to after the first access token expiring, receiving, by the one or more computer processors, the first access token from the user device;

sending, by the one or more computer processors, a request to the user device to send the first refresh token;

receiving, by the one or more computer processors, the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device;

validating, by the one or more computer processors, the first refresh token;

determining, by the one or more computer processors, the username associated with the first refresh token;

retrieving, by the one or more computer processors, the key identification from the linked username and key identification;

validating, by the one or more computer processors, the second one-time password;

generating, by the one or more computer processors, a second access token and a second refresh token;

sending, by the one or more computer processors, the second access token and the second refresh token to the user device; and

maintaining, by one or more computer processors, the continuous secure access to the website via the key identification associated with the hardware token device, the first one-time password, a set of additional one-time passwords, a set of additional access tokens, and a set of additional refresh tokens.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A credential associated with a username is received from a user. The credential is verified. A key identification and a first one-time password are received from a hardware token device. In response to validating the first one-time password, the username is linked to the key identification. A first access token and a first refresh token are generated. The first access token and the first refresh token are sent to the user.

30 Citations

View as Search Results

14 Claims

1. A method for providing second factor authorization using a hardware token device, the method comprising:
- receiving, by one or more computer processors, a credential from a user device, wherein the credential is an application programming interface key;
  
  providing, by one or more computer processors, based on a hardware token device generated one-time password and a key identification associated with the hardware token device, a continuous secure access to a website associated with the received credential, wherein providing the continuous secure access to the website comprises;
  
  linking, by the one or more computer processors, a username associated with the credential to the key identification;
  
  generating, by the one or more computer processors, a first access token and a first refresh token; and
  
  allowing, by the one or more computer processors, secure access to the website via the key identification associated with the hardware token device and the first access token and the first refresh token;
  
  responsive to after the first access token expiring, receiving, by the one or more computer processors, the first access token from the user device;
  
  sending, by the one or more computer processors, a request to the user device to send the first refresh token;
  
  receiving, by the one or more computer processors, the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device;
  
  validating, by the one or more computer processors, the first refresh token;
  
  determining, by the one or more computer processors, the username associated with the first refresh token;
  
  retrieving, by the one or more computer processors, the key identification from the linked username and key identification;
  
  validating, by the one or more computer processors, the second one-time password;
  
  generating, by the one or more computer processors, a second access token and a second refresh token;
  
  sending, by the one or more computer processors, the second access token and the second refresh token to the user device; and
  
  maintaining, by one or more computer processors, the continuous secure access to the website via the key identification associated with the hardware token device, the first one-time password, a set of additional one-time passwords, a set of additional access tokens, and a set of additional refresh tokens.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - determining, by the one or more computer processors, that the second one-time password is invalid; and
      
      responsive to determining that the second one-time password is invalid, notifying, by the one or more computer processors, the user device.
  - 3. The method of claim 1, further comprising:
    - responsive to the first access token expiring, receiving, by the one or more computer processors, the first access token from the user device;
      
      sending, by the one or more computer processors, a request to the user device to send the first refresh token;
      
      receiving, by the one or more computer processors, the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device;
      
      determining, by the one or more computer processors, that the first refresh token is invalid; and
      
      responsive to determining that the first refresh token is invalid, notifying, by the one or more computer processors, the user device.
  - 4. The method of claim 1, wherein the notification is selected from the group consisting of:
    - a text-based notice, an audible notice, a haptic notice, a visual notice, and any combination of a text-based notice, an audible notice, a haptic notice, and a visual notice.
  - 5. The method of claim 1, wherein:
    - a connection of the hardware token device is selected from the group consisting of connected to or not connected to a computing device; and
      
      the user enters the one-time password into the computing device when the hardware token device is not connected to the computing device.

6. A computer storage medium device for providing second factor authorization using a hardware token device, the computer storage medium device comprising:
- one or more computer readable storage media; and
  
  program instructions stored on the one or more computer readable storage media, the program instructions comprising;
  
  the program instructions to receive a credential from a user device, wherein the credential is an application programming interface key;
  
  the program instructions to provide, based on a hardware token device generated one-time password and a key identification associated with the hardware token device, a continuous secure access to a website associated with the received credential, wherein providing the continuous secure access to the website comprises;
  
  the program instructions to link a username associated with the credential to the key identification;
  
  the program instructions to generate a first access token and a first refresh token; and
  
  the program instructions to allow secure access to the website via the key identification associated with the hardware token device and the first access token and the first refresh token;
  
  the program instructions to, responsive to after the first access token expiring, receive the first access token from the user device;
  
  the program instructions to send a request to the user device to send the first refresh token;
  
  the program instructions to receive the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device;
  
  the program instructions to validate the first refresh token;
  
  the program instructions to determine the username associated with the first refresh token;
  
  the program instructions to retrieve the key identification from the linked username and key identification;
  
  the program instructions to validate the second one-time password;
  
  the program instructions to generate a second access token and a second refresh token;
  
  the program instructions to send the second access token and the second refresh token to the user device; and
  
  the program instructions to maintain the continuous secure access to the website via the key identification associated with the hardware token device, the first one-time password, a set of additional one-time passwords, a set of additional access tokens, and a set of additional refresh tokens.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer storage medium device of claim 6, further comprising the program instructions stored on the one or more computer readable storage media, to:
    - determine that the second one-time password is invalid; and
      
      responsive to determining that the second one-time password is invalid, notify the user device.
  - 8. The computer storage medium device of claim 6, further comprising the program instructions stored on the one or more computer readable storage media, to:
    - responsive to the first access token expiring, receive the first access token from the user device, wherein the first access token has expired;
      
      send a request to the user device to send the first refresh token;
      
      receive the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device;
      
      determine that the first refresh token is invalid; and
      
      responsive to determining that the first refresh token is invalid, notify the user device.
  - 9. The computer storage medium device of claim 6, wherein the notification is selected from the group consisting of:
    - a text-based notice, an audible notice, a haptic notice, a visual notice, and any combination of a text-based notice, an audible notice, a haptic notice, and a visual notice.
  - 10. The computer storage medium device of claim 6, wherein:
    - a connection of the hardware token device is selected from the group consisting of connected to or not connected to a computing device; and
      
      the user enters the one-time password into the computing device when the hardware token device is not connected to the computing device.

11. A computer system for providing second factor authorization using a hardware token device, the computer system comprising:
- one or more computer processors;
  
  one or more computer readable storage media; and
  
  program instructions stored on the one or more computer readable storage media for execution by the at least one of the one or more computer processors, the program instructions comprising;
  
  the program instructions to receive a credential from a user device, wherein the credential is an application programming interface key;
  
  the program instructions to provide, based on a hardware token device generated one-time password and a key identification associated with the hardware token device, a continuous secure access to a website associated with the received credential, wherein providing the continuous secure access to the website comprises;
  
  the program instructions to link a username associated with the credential to the key identification;
  
  the program instructions to generate a first access token and a first refresh token; and
  
  the program instructions to allow secure access to the website via the key identification associated with the hardware token device and the first access token and the first refresh token;
  
  the program instructions to, responsive to after the first access token expiring, receive the first access token from the user device;
  
  the program instructions to send a request to the user device to send the first refresh token;
  
  the program instructions to receive the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device;
  
  the program instructions to validate the first refresh token;
  
  the program instructions to determine the username associated with the first refresh token;
  
  the program instructions to retrieve the key identification from the linked username and key identification;
  
  the program instructions to validate the second one-time password;
  
  the program instructions to generate a second access token and a second refresh token;
  
  the program instructions to send the second access token and the second refresh token to the user device; and
  
  the program instructions to maintain the continuous secure access to the website via the key identification associated with the hardware token device, the first one-time password, a set of additional one-time passwords, a set of additional access tokens, and a set of additional refresh tokens.
- View Dependent Claims (12, 13, 14)
- - 12. The computer system of claim 11, further comprising the program instructions stored on the one or more computer readable storage media for execution by the at least one of the one or more computer processors, to:
    - determine that the second one-time password is invalid; and
      
      responsive to determining that the second one-time password is invalid, notify the user device.
  - 13. The computer system of claim 11, further comprising the program instructions stored on the one or more computer readable storage media for execution by the at least one of the one or more computer processors, to:
    - responsive to the first access token expiring, receive the first access token from the user device, wherein the first access token has expired;
      
      send a request to the user device to send the first refresh token;
      
      receive the first refresh token and a second one-time password, wherein the second one-time password is sent from the hardware token device;
      
      determine that the first refresh token is invalid; and
      
      responsive to determining that the first refresh token is invalid, notify the user device.
  - 14. The computer system of claim 11, wherein the notification is selected from the group consisting of:
    - a text-based notice, an audible notice, a haptic notice, a visual notice, and any combination of a text-based notice, an audible notice, a haptic notice, and a visual notice.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Farrell, Leo M. M., Page, Jared R., Weeden, Shane B.
Primary Examiner(s)
Lwin, Maung T

Application Number

US15/442,821
Publication Number

US 20180248861A1
Time in Patent Office

1,072 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

Second factor authorization via a hardware token device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Second factor authorization via a hardware token device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links