SYSTEMS AND METHODS FOR FIRST AND SECOND PARTY AUTHENTICATION

US 20090025066A1
Filed: 07/17/2007
Published: 01/22/2009
Est. Priority Date: 07/17/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of authentication between a first party and a second party, the method comprising:

generating a challenge to a first party system;

receiving a first response via the first party system, the first received response produced on a first party side of a network connection, the first received response based on the challenge and a most recent first party key stored on a memory of a first party security device communicatively coupled to the first party system;

receiving a second response via the first party system, the second received response produced on the first party side of the network connection, the second received response based on the challenge and a second party key stored on the memory of the first party security device, the second party key provided to the first party security device from a second party side of the network connection;

generating a first response based on the challenge and a most recent first party key stored on the second party side of the network connection;

generating a second response based on the challenge and a second party key stored on the second party side of the network connection;

verifying the first received response against the first generated response;

verifying the second received response against the second generated response; and

generating a confirmation in response to a successful verification of both the first and the second received responses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

First and second parties may be authenticated. After generating a challenge to the first party, two responses are received via the first party based on the challenge and two different keys. Two responses are also generated, and compared against the received responses. If the respective responses are verified, a confirmation is generated.

Citations

54 Claims

1. A method of authentication between a first party and a second party, the method comprising:
- generating a challenge to a first party system;
  
  receiving a first response via the first party system, the first received response produced on a first party side of a network connection, the first received response based on the challenge and a most recent first party key stored on a memory of a first party security device communicatively coupled to the first party system;
  
  receiving a second response via the first party system, the second received response produced on the first party side of the network connection, the second received response based on the challenge and a second party key stored on the memory of the first party security device, the second party key provided to the first party security device from a second party side of the network connection;
  
  generating a first response based on the challenge and a most recent first party key stored on the second party side of the network connection;
  
  generating a second response based on the challenge and a second party key stored on the second party side of the network connection;
  
  verifying the first received response against the first generated response;
  
  verifying the second received response against the second generated response; and
  
  generating a confirmation in response to a successful verification of both the first and the second received responses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising:
    - producing an imposter alert in response to a successful verification of the first received response and an unsuccessful verification of the second received response, the imposter alert indicative of an imposter attempting to impersonate the first party security device in accessing a second party system.
  - 3. The method of claim 1, further comprising:
    - receiving a third response via the first party system, the third received response produced on the first party side of the network connection, the third received response based on the challenge and a previous first party key stored on the memory of the first party security device;
      
      in response to an unsuccessful verification of the first received response, verifying the third received response against the first generated response; and
      
      generating a confirmation in response to a successful verification of both the second and the third received responses.
  - 4. The method of claim 3, further comprising:
    - producing a false user alert in response to an unsuccessful verification of the first received response and an unsuccessful verification of the third received response, the false user alert indicative of a false user attempting to access a second party system.
  - 5. The method of claim 4 wherein the false user alert causes a denying of access by a web server on the second party side of the network connection to a web browser on the first party side of the network connection.
  - 6. The method of claim 3 wherein the first, the second and the third received responses are received together.
  - 7. The method of claim 1 wherein generating the challenge includes generating a random challenge.
  - 8. The method of claim 1 wherein generating the challenge includes generating a random challenge in response to a login request received from the first party system at a second party system on the second party side of the network connection.
  - 9. The method of claim 1 wherein generating the confirmation includes generating a confirmation code based on the first received response and the most recent first party key stored on the second party side of the network connection.
  - 10. The method of claim 1, further comprising:
    - receiving the most recent first party key stored on the second party side of the network connection from a trusted third party system.
  - 11. The method of claim 1 wherein the most recent first party key stored on the memory of the first party security device is received from a trusted third party system.
  - 12. The method of claim 11 wherein the first party security device is a portable memory device.
  - 13. The method of claim 12 wherein the portable memory device is a Universal Serial Bus memory device.
  - 14. The method of claim 1, wherein a gatekeeper module on the second party side of the network connection performs the generating of the challenge, the generating of the first and the second generated responses and the verifying of the first and the second received responses.
  - 15. The method of claim 1, further comprising:
    - receiving a login request from the first party system at a second party system on the second party side of the network connection;
      
      prompting a gatekeeper module to generate the challenge;
      
      receiving the challenge from the gatekeeper module at the second party system;
      
      creating a login page including the challenge and a second party identifier; and
      
      sending the login page to the first party system.
  - 16. The method of claim 1, further comprising:
    - generating a new second party key on the second party side of the network connection; and
      
      providing the new second party key to the first party security device.

17. A method of authentication between a first party and a second party, the method comprising:
- receiving a challenge at a first party system from a second party side of a network connection;
  
  producing a first response to the challenge on a first party side of the network connection, the first response based on the challenge and a most recent first party key stored on a memory of a first party security device communicatively coupled to the first party system;
  
  producing a second response to the challenge on the first party side of the network connection, the second response based on the challenge and a second party key stored on the memory of the first party security device, the second party key provided to the first party security device from the second party side of the network connection;
  
  receiving a confirmation code from the second party side of the network connection, the received confirmation code based on the first response and a most recent first party key stored on the second party side of the network connection as provided by a trusted third party;
  
  generating a first confirmation code based on the first response and the most recent first party key stored on the memory of the first party security device; and
  
  verifying the received confirmation code against the first generated confirmation code.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 18. The method of claim 17, further comprising:
    - establishing a session between a second party system on the second party side of the network connection and the first party system on the first party side of the network connection in response to a successful verification of the received confirmation code against the first generated confirmation code.
  - 19. The method of claim 17, further comprising:
    - generating a second confirmation code based on the first response and a previous first party key stored on the memory of the first party security device; and
      
      in response to an unsuccessful verification of the received confirmation code against the first generated confirmation code, verifying the received confirmation code against the second generated confirmation code.
  - 20. The method of claim 19, further comprising:
    - establishing a session between a second party system on the second party side of the network connection and the first party system on the first party side of the network connection in response to a successful verification of the received confirmation code against the second generated confirmation code.
  - 21. The method of claim 19, further comprising:
    - producing a phishing alert in response to an unsuccessful verification of the received confirmation code against both the first and the second generated confirmation codes, the phishing alert indicative of an attempt to impersonate a second party system.
  - 22. The method of claim 17 wherein the first party security device is communicatively coupled to the first party system on the first party side of the network connection.
  - 23. The method of claim 17 wherein the generating of the first generated confirmation code is in response to a confirmation code request from the first party system on the first party side of the network connection, wherein the confirmation code request is indicative of a receipt of the received confirmation code at the first party system via a second party system on the second party side of the network connection.
  - 24. The method of claim 19 wherein the generating of the second generated confirmation code is in response to a confirmation code request from the first party system on the first party side of the network connection, wherein the confirmation code request is indicative of a receipt of the received confirmation code at the first party system via a second party system on the second party side of the network connection.
  - 25. The method of claim 17, further comprising:
    - storing the second party key in the memory of the first party security device.
  - 26. The method of claim 17, further comprising:
    - from time to time receiving a new first party key from the trusted third party; and
      
      storing the new first party key in the memory of the first party security device as the most recent first party key.
  - 27. The method of claim 17 wherein receiving the received confirmation code from the second party side of the network connection includes receiving a session page including the received confirmation code and a new second party key from a second party system on the second party side of the network connection.
  - 28. The method of claim 17, further comprising:
    - providing the first and the second responses to the challenge from the first party security device to the first party system on the first party side of the network connection.
  - 29. The method of claim 28, further comprising:
    - providing the first and the second responses to the challenge from the first party system to a second party system on the second party side of the network connection.
  - 30. The method of claim 17, further comprising:
    - producing a third response to the challenge on the first party side of the network connection, the third response based on the challenge and a previous first party key stored on the memory of the first party security device.
  - 31. The method of claim 30, further comprising:
    - providing the third response to the challenge from the first party security device to the first party system on the first party side of the network connection; and
      
      providing the third response to the challenge from the first party system to a second party system on the second party side of the network connection along with the first and the second responses.
  - 32. The method of claim 17 wherein receiving the challenge at the first party system from the second party side includes receiving the challenge from a gatekeeper module via a second party system on the second party side of the network connection.
  - 33. The method of claim 17 wherein receiving the challenge at the first party system from the second party side includes receiving the challenge from a gatekeeper module via a second party system on the second party side of the network connection along with a second party identifier.
  - 34. The method of claim 17 wherein receiving the challenge at the first party system from the second party side includes receiving the challenge via a second party system on the second party side of the network connection.
  - 35. The method of claim 34 wherein producing the second response to the challenge includes producing the second response to the challenge based on the challenge and the second party key provided to the first party security device via the second party system on the second party side of the network connection.
  - 36. The method of claim 35 wherein receiving the received confirmation code from the second party side of the network connection includes receiving the received confirmation code from the second party system on the second party side of the network connection.

37. A computer-readable medium that stores instructions that cause a computer to perform authentication between a first party and a second party, by:
- generating a challenge to a first party system;
  
  receiving a first response via the first party system, the first received response produced on a first party side of a network connection, the first received response based on the challenge and a most recent first party key stored on a memory of a first party security device communicatively coupled to the first party system;
  
  receiving a second response via the first party system, the second received response produced on the first party side of the network connection, the second received response based on the challenge and a second party key stored on the memory of the first party security device, the second party key provided to the first party security device from a second party side of the network connection;
  
  generating a first response based on the challenge and a most recent first party key stored on the second party side of the network connection;
  
  generating a second response based on the challenge and a second party key stored on the second party side of the network connection;
  
  verifying the first received response against the first generated response;
  
  verifying the second received response against the second generated response; and
  
  generating a confirmation in response to a successful verification of both the first and the second received responses.
- View Dependent Claims (38, 39, 40, 41, 42)
- - 38. The computer-readable medium of claim 37 where the instructions cause the computer to perform authentication, further by:
    - producing an imposter alert in response to a successful verification of the first received response and an unsuccessful verification of the second received response, the imposter alert indicative of an imposter attempting to impersonate the first party security device in accessing a second party system.
  - 39. The computer-readable medium of claim 37 where the instructions cause the computer to perform authentication, further by:
    - receiving a third response via the first party system, the third received response produced on the first party side of the network connection, the third received response based on the challenge and a previous first party key stored on the memory of the first party security device;
      
      in response to an unsuccessful verification of the first received response, verifying the third received response against the first generated response; and
      
      generating a confirmation in response to a successful verification of both the second and the third received responses.
  - 40. The computer-readable medium of claim 39 where the instructions cause the computer to perform authentication, further by:
    - producing a false user alert in response to an unsuccessful verification of the first received response and an unsuccessful verification of the third received response, the false user alert indicative of a false user attempting to access a second party system.
  - 41. The computer-readable medium of claim 37 where the instructions cause the computer to perform authentication, further by:
    - receiving the most recent first party key stored on the second party side of the network connection from a trusted third party system.
  - 42. The computer-readable medium of claim 37 where the instructions cause the computer to perform authentication, further by:
    - receiving a login request from the first party system at a second party system on the second party side of the network connection;
      
      prompting a gatekeeper module to generate the challenge;
      
      receiving the challenge from the gatekeeper module at the second party system;
      
      creating a login page including the challenge and a second party identifier; and
      
      sending the login page to the first party system.

43. A computer-readable medium that stores instructions that cause a computer to perform authentication between a first party and a second party, by:
- receiving a challenge at a first party system from a second party side of a network connection;
  
  producing a first response to the challenge on a first party side of the network connection, the first response based on the challenge and a most recent first party key stored on a memory of a first party security device;
  
  producing a second response to the challenge on the first party side of the network connection, the second response based on the challenge and a second party key stored on the memory of the first party security device, the second party key provided to the first party security device from the second party side of the network connection;
  
  receiving a confirmation code from the second party side of the network connection, the received confirmation code based on the first response and a most recent first party key stored on the second party side of the network connection as provided by a trusted third party;
  
  generating a first confirmation code based on the first response and the most recent first party key stored on the memory of the first party security device; and
  
  verifying the received confirmation code against the first generated confirmation code.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51)
- - 44. The computer-readable medium of claim 43 where the instructions cause the computer to perform authentication, further by:
    - establishing a session between a second party system on the second party side of the network connection and the first party system on the first party side of the network connection in response to a successful verification of the received confirmation code against the first generated confirmation code.
  - 45. The computer-readable medium of claim 43 where the instructions cause the computer to perform authentication, further by:
    - generating a second confirmation code based on the first response and a previous first party key stored on the memory of the first party security device; and
      
      in response to an unsuccessful verification of the received confirmation code against the first generated confirmation code, verifying the received confirmation code against the second generated confirmation code.
  - 46. The computer-readable medium of claim 45 where the instructions cause the computer to perform authentication, further by:
    - establishing a session between a second party system on the second party side of the network connection and the first party system on the first party side of the network connection in response to a successful verification of the received confirmation code against the second generated confirmation code.
  - 47. The computer-readable medium of claim 45 where the instructions cause the computer to perform authentication, further by:
    - producing a phishing alert in response to an unsuccessful verification of the received confirmation code against both the first and the second generated confirmation codes, the phishing alert indicative of an attempt to impersonate a second party system.
  - 48. The computer-readable medium of claim 43 where the instructions cause the computer to perform authentication, further by:
    - storing the second party key in the memory of the first party security device.
  - 49. The computer-readable medium of claim 43 where the instructions cause the computer to perform authentication, further by:
    - from time to time receiving a new first party key from the trusted third party; and
      
      storing the new first party key to the memory of the first party security device as the most recent first party key.
  - 50. The computer-readable medium of claim 43 where the instructions cause the computer to perform authentication, further by:
    - producing a third response to the challenge on the first party side of the network connection, the third response based on the challenge and a previous first party key stored on the memory of the first party security device.
  - 51. The computer-readable medium of claim 50 where the instructions cause the computer to perform authentication, further by:
    - providing the third response to the challenge from the first party security device to the first party system on the first party side of the network connection; and
      
      providing the third response to the challenge from the first party system to a second party system on the second party side of the network connection along with the first and the second responses.

52. A system that performs authentication between a first party and a second party, the system comprising:
- at least one processor that executes instructions; and
  
  a computer-readable memory that stores instructions that cause the at least one processor to perform authentication, by;
  
  generating a challenge to a first party system;
  
  receiving a first response via the first party system, the first received response produced on a first party side of a network connection, the first received response based on the challenge and a most recent first party key stored on a memory of a first party security device communicatively coupled to the first party system;
  
  receiving a second response via the first party system, the second received response produced on the first party side of the network connection, the second received response based on the challenge and a second party key stored on the memory of the first party security device, the second party key provided to the first party security device from a second party side of the network connection;
  
  generating a first response based on the challenge and a most recent first party key stored on the second party side of the network connection;
  
  generating a second response based on the challenge and a second party key stored on the second party side of the network connection;
  
  verifying the first received response against the first generated response;
  
  verifying the second received response against the second generated response; and
  
  generating a confirmation in response to a successful verification of both the first and the second received responses.
- View Dependent Claims (53, 54)
- - 53. The system of claim 52 wherein the instructions cause the at least one processor to perform authentication further by:
    - receiving a third response via the first party system, the third received response produced on the first party side of the network connection, the third received response based on the challenge and a previous first party key stored on the memory of the first party security device;
      
      in response to an unsuccessful verification of the first received response, verifying the third received response against the first generated response; and
      
      generating a confirmation in response to a successful verification of both the second and the third received responses.
  - 54. The system of claim 53 wherein the instructions cause the at least one processor to perform authentication further by:
    - producing an imposter alert in response to a successful verification of the first received response and an unsuccessful verification of the second received response, the imposter alert indicative of an imposter attempting to impersonate the first party security device in accessing a second party system; and
      
      producing a false user alert in response to an unsuccessful verification of the first received response and an unsuccessful verification of the third received response, the false user alert indicative of a false user attempting to access the second party system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protectia Corporation
Original Assignee
Protectia Corporation
Inventors
Elarar, Avraham, Roytblat, Igal, Ben-Shlomo, Moshe

Application Number

US11/779,060
Publication Number

US 20090025066A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2221/2103   Challenge-response

G06F 2221/2119   Authenticating web pages, e...

H04L 9/3273   for mutual authentication n...

SYSTEMS AND METHODS FOR FIRST AND SECOND PARTY AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR FIRST AND SECOND PARTY AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links