Network-based device authentication system
First Claim
1. A system comprising:
- a processor; and
a memory comprising instructions that are executable by the processor for causing the processor to;
transmit a signature key to a user device to enable the user device to generate an encrypted signature by encrypting information using the signature key;
subsequent to transmitting the signature key to the user device, receive a request for secure information from the user device, wherein the request includes;
a device identifier corresponding to the user device,a timestamp for a transmission time at which the request was transmitted from the user device to the processor, andan encrypted signature including a version of the device identifier and the timestamp encrypted by the user device; and
subsequent to receiving the request;
calculate a one-way delay between (i) the transmission time at which the request was transmitted by the user device and (ii) a receipt time at which the request was received by the processor;
determine whether the one-way delay is within a threshold window of time;
generate a server-side signature that includes a version of the device identifier and the timestamp encrypted using a stored signature key retrieved from a database;
compare the server-side signature to the encrypted signature in the request to determine a signature match; and
based on determining the signature match and that the one-way delay is within the threshold window of time, authenticate the user device to access the secure information.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication system may receive a request signature corresponding to a user request to view secure user information on a user device and generate a server-side signature matching the request signature to authenticate the user device to receive the secure user information without authenticating the user. The request signature may include a device identifier corresponding to the device, a token code generated by the authentication system and stored by the user device, a timestamp corresponding to the transmission time of the request signature, and a version of the device identifier, the token code, and the timestamp encrypted using a signature key provided to the user device by the authentication system. The authentication system may generate the server-side signature using the timestamp and stored copies of the device identifier, the token code, and the signature key.
51 Citations
20 Claims
-
1. A system comprising:
-
a processor; and a memory comprising instructions that are executable by the processor for causing the processor to; transmit a signature key to a user device to enable the user device to generate an encrypted signature by encrypting information using the signature key; subsequent to transmitting the signature key to the user device, receive a request for secure information from the user device, wherein the request includes; a device identifier corresponding to the user device, a timestamp for a transmission time at which the request was transmitted from the user device to the processor, and an encrypted signature including a version of the device identifier and the timestamp encrypted by the user device; and subsequent to receiving the request; calculate a one-way delay between (i) the transmission time at which the request was transmitted by the user device and (ii) a receipt time at which the request was received by the processor; determine whether the one-way delay is within a threshold window of time; generate a server-side signature that includes a version of the device identifier and the timestamp encrypted using a stored signature key retrieved from a database; compare the server-side signature to the encrypted signature in the request to determine a signature match; and based on determining the signature match and that the one-way delay is within the threshold window of time, authenticate the user device to access the secure information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
transmitting, by a processor, a signature key to a user device; subsequent to transmitting the signature key to the user device, receiving, by the processor, a request for secure information from the user device, wherein the request includes; a device identifier corresponding to the user device, a timestamp for a transmission time at which the request was transmitted from the user device to the processor, and an encrypted signature including the device identifier and the timestamp, as encrypted by the user device using the signature key; and subsequent to receiving the request; calculating, by the processor, a one-way delay between (i) the transmission time at which the request was transmitted by the user device and (ii) a receipt time at which the request was received by the processor; determining, by the processor, whether the one-way delay is within a threshold window of time; generating, by the processor, a server-side signature that includes the device identifier and the timestamp, as encrypted by the processor using a stored signature key retrieved from a database; comparing, by the processor, the server-side signature to the encrypted signature in the request to determine a signature match; and based on determining the signature match and that the one-way delay is within the threshold window of time, authenticating, by the processor, the user device to access the secure information. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium comprising program code that is executable by a processor for causing the processor to:
-
transmit a signature key to a user device; subsequent to transmitting the signature key to the user device, receive a request for secure information from the user device, wherein the request includes; a device identifier corresponding to the user device, a timestamp for a transmission time at which the request was transmitted from the user device to the processor, and an encrypted signature including the device identifier and the timestamp, as encrypted by the user device using the signature key; and subsequent to receiving the request; calculate a one-way delay between (i) the transmission time at which the request was transmitted by the user device and (ii) a receipt time at which the request was received by the processor; determine whether the one-way delay is within a threshold window of time; generate a server-side signature that includes the device identifier and the timestamp, as encrypted by the processor using a stored signature key retrieved from a database; compare the server-side signature to the encrypted signature in the request to determine a signature match; and based on determining the signature match and that the one-way delay is within the threshold window of time, authenticate the user device to access the secure information. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification