Network-based device authentication system

US 10,700,873 B2
Filed: 01/17/2019
Issued: 06/30/2020
Est. Priority Date: 06/01/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor; and

a memory comprising instructions that are executable by the processor for causing the processor to;

transmit a signature key to a user device to enable the user device to generate an encrypted signature by encrypting information using the signature key;

subsequent to transmitting the signature key to the user device, receive a request for secure information from the user device, wherein the request includes;

a device identifier corresponding to the user device,a timestamp for a transmission time at which the request was transmitted from the user device to the processor, andan encrypted signature including a version of the device identifier and the timestamp encrypted by the user device; and

subsequent to receiving the request;

calculate a one-way delay between (i) the transmission time at which the request was transmitted by the user device and (ii) a receipt time at which the request was received by the processor;

determine whether the one-way delay is within a threshold window of time;

generate a server-side signature that includes a version of the device identifier and the timestamp encrypted using a stored signature key retrieved from a database;

compare the server-side signature to the encrypted signature in the request to determine a signature match; and

based on determining the signature match and that the one-way delay is within the threshold window of time, authenticate the user device to access the secure information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication system may receive a request signature corresponding to a user request to view secure user information on a user device and generate a server-side signature matching the request signature to authenticate the user device to receive the secure user information without authenticating the user. The request signature may include a device identifier corresponding to the device, a token code generated by the authentication system and stored by the user device, a timestamp corresponding to the transmission time of the request signature, and a version of the device identifier, the token code, and the timestamp encrypted using a signature key provided to the user device by the authentication system. The authentication system may generate the server-side signature using the timestamp and stored copies of the device identifier, the token code, and the signature key.

51 Citations

20 Claims

1. A system comprising:
- a processor; and
  
  a memory comprising instructions that are executable by the processor for causing the processor to;
  
  transmit a signature key to a user device to enable the user device to generate an encrypted signature by encrypting information using the signature key;
  
  subsequent to transmitting the signature key to the user device, receive a request for secure information from the user device, wherein the request includes;
  
  a device identifier corresponding to the user device,a timestamp for a transmission time at which the request was transmitted from the user device to the processor, andan encrypted signature including a version of the device identifier and the timestamp encrypted by the user device; and
  
  subsequent to receiving the request;
  
  calculate a one-way delay between (i) the transmission time at which the request was transmitted by the user device and (ii) a receipt time at which the request was received by the processor;
  
  determine whether the one-way delay is within a threshold window of time;
  
  generate a server-side signature that includes a version of the device identifier and the timestamp encrypted using a stored signature key retrieved from a database;
  
  compare the server-side signature to the encrypted signature in the request to determine a signature match; and
  
  based on determining the signature match and that the one-way delay is within the threshold window of time, authenticate the user device to access the secure information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the request further includes a token code, and wherein the encrypted signature is generated based at least in part on the token code.
  - 3. The system of claim 2, wherein the memory further comprises instructions that are executable by the processor for causing the processor to retrieve a stored token code from a database based on a correlation between the device identifier and the stored token code in the database, wherein the server-side signature is generated based at least in part on the stored token code.
  - 4. The system of claim 2, wherein the memory further comprises instructions that are executable by the processor for causing the processor to, prior to receiving the request:
    - receive user authentication information from the user device;
      
      authenticate the user device using the user authentication information; and
      
      based on authenticating the user device;
      
      generate the token code;
      
      determine the signature key;
      
      transmit the token code and the signature key to the user device; and
      
      associate the device identifier with the token code and the signature key in the database.
  - 5. The system of claim 1, wherein the memory further comprises instructions that are executable by the processor for causing the processor to compare the server-side signature to the encrypted signature subsequent to determining that the one-way delay is within the threshold window of time.
  - 6. The system of claim 1, wherein the memory further comprises instructions that are executable by the processor for causing the processor to generate the server-side signature by calculating a keyed-hash message authentication code (“
    - HMAC”
      
      ) using the device identifier and the timestamp in combination with the stored signature key.
  - 7. The system of claim 1, wherein the memory further comprises instructions that are executable by the processor for causing the processor to, subsequent to authenticating the user device to access the secure information:
    - determine an information type identifier associated with the device identifier in the database, wherein the information type identifier indicates a specific type of data to transmit to the user device in response to the request; and
      
      transmit the specific type of data to the user device as at least a portion of the secure information.

8. A method comprising:
- transmitting, by a processor, a signature key to a user device;
  
  subsequent to transmitting the signature key to the user device, receiving, by the processor, a request for secure information from the user device, wherein the request includes;
  
  a device identifier corresponding to the user device,a timestamp for a transmission time at which the request was transmitted from the user device to the processor, andan encrypted signature including the device identifier and the timestamp, as encrypted by the user device using the signature key; and
  
  subsequent to receiving the request;
  
  calculating, by the processor, a one-way delay between (i) the transmission time at which the request was transmitted by the user device and (ii) a receipt time at which the request was received by the processor;
  
  determining, by the processor, whether the one-way delay is within a threshold window of time;
  
  generating, by the processor, a server-side signature that includes the device identifier and the timestamp, as encrypted by the processor using a stored signature key retrieved from a database;
  
  comparing, by the processor, the server-side signature to the encrypted signature in the request to determine a signature match; and
  
  based on determining the signature match and that the one-way delay is within the threshold window of time, authenticating, by the processor, the user device to access the secure information.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the request further includes a token code, and wherein the encrypted signature is generated based at least in part on the token code.
  - 10. The method of claim 9, further comprising retrieving a stored token code from the database based on a correlation between the device identifier and the stored token code in the database, wherein the server-side signature is generated based at least in part on the stored token code.
  - 11. The method of claim 9, further comprising, prior to receiving the request:
    - receiving user authentication information from the user device;
      
      authenticating the user device using the user authentication information; and
      
      based on authenticating the user device;
      
      generating the token code;
      
      determining the signature key;
      
      transmitting the token code and the signature key to the user device; and
      
      associating the device identifier with the token code and the signature key in the database.
  - 12. The method of claim 8, further comprising comparing the server-side signature to the encrypted signature subsequent to determining that the one-way delay is within the threshold window of time.
  - 13. The method of claim 8, further comprising generating the server-side signature by calculating a keyed-hash message authentication code (“
    - HMAC”
      
      ) using the device identifier and the timestamp in combination with the stored signature key.
  - 14. The method of claim 8, further comprising, subsequent to authenticating the user device to access the secure information:
    - determining an information type identifier associated with the device identifier in the database, wherein the information type identifier indicates a specific type of data to transmit to the user device in response to the request; and
      
      transmitting the specific type of data to the user device as at least a portion of the secure information.

15. A non-transitory computer-readable medium comprising program code that is executable by a processor for causing the processor to:
- transmit a signature key to a user device;
  
  subsequent to transmitting the signature key to the user device, receive a request for secure information from the user device, wherein the request includes;
  
  a device identifier corresponding to the user device,a timestamp for a transmission time at which the request was transmitted from the user device to the processor, andan encrypted signature including the device identifier and the timestamp, as encrypted by the user device using the signature key; and
  
  subsequent to receiving the request;
  
  calculate a one-way delay between (i) the transmission time at which the request was transmitted by the user device and (ii) a receipt time at which the request was received by the processor;
  
  determine whether the one-way delay is within a threshold window of time;
  
  generate a server-side signature that includes the device identifier and the timestamp, as encrypted by the processor using a stored signature key retrieved from a database;
  
  compare the server-side signature to the encrypted signature in the request to determine a signature match; and
  
  based on determining the signature match and that the one-way delay is within the threshold window of time, authenticate the user device to access the secure information.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the request further includes a token code, and wherein the encrypted signature is generated based at least in part on the token code.
  - 17. The non-transitory computer-readable medium of claim 16, further comprising program code that is executable by the processor for causing the processor to retrieve a stored token code from the database based on a correlation between the device identifier and the stored token code in the database, wherein the server-side signature is generated based at least in part on the stored token code.
  - 18. The non-transitory computer-readable medium of claim 16, further comprising program code that is executable by the processor for causing the processor to, prior to receiving the request:
    - receive user authentication information from the user device;
      
      authenticate the user device using the user authentication information; and
      
      based on authenticating the user device;
      
      generate the token code;
      
      determine the signature key;
      
      transmit the token code and the signature key to the user device; and
      
      associate the device identifier with the token code and the signature key in the database.
  - 19. The non-transitory computer-readable medium of claim 16, further comprising program code that is executable by the processor for causing the processor to compare the server-side signature to the encrypted signature subsequent to determining that the one-way delay is within the threshold window of time.
  - 20. The non-transitory computer-readable medium of claim 16, further comprising program code that is executable by the processor for causing the processor to generate the server-side signature by calculating a keyed-hash message authentication code (“
    - HMAC”
      
      ) using the device identifier and the timestamp in combination with the stored signature key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Truist Bank (Private Banking) (Truist Financial Corp.)
Original Assignee
Truist Bank (Private Banking) (Truist Financial Corp.)
Inventors
Kinney, Patricia, Deshpande, Sumit, Whitley, Matthew, Rajagopal, Gopinath, Dascola, Michael Anthony, Acharya, Satya, Taylor, Angela
Primary Examiner(s)
Traore, Fatoumata

Application Number

US16/250,498
Publication Number

US 20190158295A1
Time in Patent Office

530 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/44   Program or device authentic...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H04L 9/3297   involving time stamps, e.g....

Network-based device authentication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network-based device authentication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links