NETWORK TRANSACTION VERIFICATION AND AUTHENTICATION

US 20100199086A1
Filed: 12/16/2009
Published: 08/05/2010
Est. Priority Date: 02/03/2009
Status: Active Grant

First Claim

Patent Images

1. An authentication system for use within a networked system comprising:

a trusted security module comprising;

a proxy service for accessing a network location;

authentication credentials for use by the proxy service for authenticating access to the network location; and

trusted security module credentials for authenticating access to the proxy service of the trusted security module; and

a client computing device comprising;

a memory for storing instructions and;

a processor for executing the instructions stored in the memory, the executed instructions configuring the client computing device to provide;

a browser for accessing the network location through the proxy service of the trusted security module using the authentication credentials of the trusted security module, when access to the proxy service is authenticated using the trusted security module credentials.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A two-level authentication system is described supporting two-factor authentication that offers efficient protection for secure on-line web transactions. It includes a global unique identity (UID) provided either by an institute-issued/personal trusted device, or based on client computing platform hardware attributes, and generated using institution authorized private software, institution-authorized authentication proxy software, and an institution-generated credential code which is pre-stored in the token and only accessible by the institute-authorized authentication proxy software. The institution-authorized authentication proxy software uses the user'"'"'s PIN and the trusted device'"'"'s UID as input and verifies the user and device identities through institution-generated credential code which was pre-stored in the trusted device. Authentication is performed in two levels: the first authenticates the user and the trusted device locally; and the second authenticates the user remotely at the institution-owned authentication server. Various embodiments add extra levels of security, including one-time-password management.

Citations

20 Claims

1. An authentication system for use within a networked system comprising:
- a trusted security module comprising;
  
  a proxy service for accessing a network location;
  
  authentication credentials for use by the proxy service for authenticating access to the network location; and
  
  trusted security module credentials for authenticating access to the proxy service of the trusted security module; and
  
  a client computing device comprising;
  
  a memory for storing instructions and;
  
  a processor for executing the instructions stored in the memory, the executed instructions configuring the client computing device to provide;
  
  a browser for accessing the network location through the proxy service of the trusted security module using the authentication credentials of the trusted security module, when access to the proxy service is authenticated using the trusted security module credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The authentication system of claim 1, further comprising:
    - a global unique identifier (UID) for uniquely identifying the trusted security module to the network location.
  - 3. The authentication system of claim 2, wherein the authentication credentials of the trusted security module are encrypted, and further comprising:
    - a decryption module for decrypting the authentication credentials for use by the proxy service when access to the proxy service has been authenticated using the trusted security module credentials.
  - 4. The authentication system as claimed in claim 3, wherein the decryption module further uses the UID for decrypting the authentication credentials.
  - 5. The authentication system as claimed in claim 3, wherein the trusted security module authentication credentials comprise a personal identification number (PIN) that is input into the client computing device.
  - 6. The authentication system of claim 2, wherein the UID is derived from hard-coded attributes of a hardware device associated with the trusted device.
  - 7. The authentication system of claim 1, wherein the authentication credentials comprise a username and password used to authenticate access to the network location.
  - 8. The authentication system of claim 7, wherein the trusted proxy service automatically sends the user name and password to the network location for authorizing access to the network location.
  - 9. The authentication system of claim 1, wherein the trusted security module further comprises:
    - a one-time password management module for changing the password used to authenticate access to the network location each time the trusted proxy service accesses the network location.
  - 10. The authentication system of claim 9, wherein the one-time password management module generates a random string as the password.
  - 11. The authentication system as claimed in claim 1, wherein the trusted security module further comprises:
    - a message integrity checker module for receiving packets submitted from the web browser for transmission to the network location and displaying the received packets to the user for verification of the transaction.
  - 12. The authentication system as claimed in claim 1, wherein the trusted security module is implemented in one of:
    - the client computing device;
      
      ora portable device.
  - 13. The authentication system as claimed in claim 12, wherein the trusted security module is implemented in the external portable device and further comprises a means for coupling the external device to the client computing device.
  - 14. The authentication system as claimed in claim 13, wherein the external device comprises one of:
    - a flash memory device;
      
      a smart phone;
      
      ora mobile device.

15. A trusted security device comprising:
- a memory for storing instructions and software for providing;
  
  a proxy service for accessing a network location;
  
  authentication credentials for use by the proxy service for authenticating access to the network location; and
  
  trusted security module credentials for authenticating access to the proxy service of the trusted security module; and
  
  means for logically connecting the trusted authentication device to a client computing device used to access the network location through the trusted authentication device.

16. A method of securely authenticating access to a network location, the method comprising:
- at a trusted security module, receiving a trusted security module authentication credential;
  
  authenticating access to the trusted security module using the received trusted security module authentication credentials;
  
  accessing the network location using a trusted proxy service of the trusted security module and network location security credentials stored in the trusted security module when the access to the trusted security module has been authenticated.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method as claimed in claim 16, further comprising:
    - decrypting the network location security credentials when access to the trusted security module has been authenticated.
  - 18. The method as claimed in claim 16, further comprising:
    - at the trusted security module, a method for changing the password used to access the network location comprising;
      
      generating a random string to be used as a new password to access the network location;
      
      transmitting the new password to the network location to change the password; and
      
      storing the new password in the trusted security module.
  - 19. The method as claimed in claim 18, wherein the trusted security module changes the password each time the network location is accessed.
  - 20. The method as claimed in claim 16, further comprising:
    - receiving at the trusted security module a page to be displayed from the network location;
      
      generating at the trusted security module a corresponding page at the trusted security module; and
      
      providing the received page and the generated page to the client computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
inBay Technologies, Inc.
Original Assignee
inBay Technologies, Inc.
Inventors
Xavier, Stanislus K., Kuang, Randy

Granted Patent

US 8,510,811 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/0884   by delegation of authentica...

H04L 63/105   Multiple levels of security

NETWORK TRANSACTION VERIFICATION AND AUTHENTICATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK TRANSACTION VERIFICATION AND AUTHENTICATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links