USABLE SECURITY OF ONLINE PASSWORD MANAGEMENT WITH SENSOR-BASED AUTHENTICATION
First Claim
1. A computer-implemented security system, comprising:
- a security management component of a device that processes a request for access to a secure destination, generates biometric data of a user of the device in response to the request, and encrypts the biometric data as encrypted credentials;
a cloud framework that performs authentication of the encrypted credentials received from the device, and sends authenticated encrypted credentials to the device;
a decryption component of the device 104 decrypts the authenticated encrypted credentials to provide access information to access the secure destination; and
a processor that executes computer-executable instructions associated with at least one of the security management component, cloud framework, or decryption component.
2 Assignments
0 Petitions
Accused Products
Abstract
A multi-party security protocol that incorporates biometric-based authentication and withstands attacks against any single party (e.g., mobile phone, cloud, or the user). The protocol involves the function split between mobile and cloud and the mechanisms to chain-hold the secrets. A key generation mechanisms binds secrets to a specific device or URL (uniform resource locator) by adding salt to a master credential. An inline CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) handling mechanism uses the same sensor modality as the authentication process, which not only improves the usability, but also facilitates the authentication process. This architecture further enhances existing overall system security (e.g., handling untrusted or compromised cloud service, phone being lost, impersonation, etc.) and also improves the usability by automatically handling the CAPTCHA.
-
Citations
20 Claims
-
1. A computer-implemented security system, comprising:
-
a security management component of a device that processes a request for access to a secure destination, generates biometric data of a user of the device in response to the request, and encrypts the biometric data as encrypted credentials; a cloud framework that performs authentication of the encrypted credentials received from the device, and sends authenticated encrypted credentials to the device; a decryption component of the device 104 decrypts the authenticated encrypted credentials to provide access information to access the secure destination; and a processor that executes computer-executable instructions associated with at least one of the security management component, cloud framework, or decryption component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented security method, comprising acts of:
-
requesting biometric data of a user via a mobile device in response to accessing a secure website; sensing the biometric data via sensors of the mobile device; encrypting the biometric data as credentials at the mobile device; authenticating the credentials at a cloud service to create authenticated credentials; sending the authenticated credentials from the cloud service to the mobile device; decrypting the authenticated credentials at the mobile device; processing access to the secure website using the decrypted authenticated credentials; and utilizing a processor that executes instructions stored in memory to perform at least one of the acts of requesting, sensing, encrypting, authenticating, sending, decrypting, or processing. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer-implemented security method, comprising acts of:
-
initiating access to a secure website via a device; collecting biometric data of a user via sensors of the device; encrypting the biometric data as credentials at the device using a key; sending the credentials to a cloud framework; presenting an authentication user interface in response to the access; initiating authentication of the credentials at the cloud framework; presenting a random challenge and CAPTCHA via the user interface; processing the challenge and CAPTCHA to create authenticated credentials; sending the authenticated credentials from the cloud framework to the device; decrypting the authenticated credentials at the device; and processing access to the secure website using the decrypted authenticated credentials. - View Dependent Claims (18, 19, 20)
-
Specification