SECURE AUTHENTICATION

US 20130152176A1
Filed: 12/09/2011
Published: 06/13/2013
Est. Priority Date: 12/09/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

conducting operations in a mobile wireless communications device using a controller of the mobile wireless communications device, the operations including;

capturing an image displayed on a client device;

decoding the image;

establishing a secure communication connection between the mobile wireless communications device and a server;

transmitting to the server, via the secure communication connection, authenticating data of a user log-in between the client device and the server without an authentication token, corresponding to the user log-in, being provided to the client device, the authenticating data being based on the decoded image;

conducting, after the user log-in, a confirmation of a transaction of an application of the server during an interactive session between the client device and the server, the confirmation being conducted via a communication from the mobile wireless communications device to the server to complete the confirmation without an authentication token being provided to the client device; and

generating, after the user log-in and the confirmation, a logoff request in the mobile wireless communications device to conduct a to off between the client device and the server, and transmitting the logoff request to the server, the logoff request including data to terminate connection of the server and the client device, the data corresponding to the user log-in between the client device and the server.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, systems, and methods provide a mechanism to enhance the security of operating client devices with systems controlling secure data. Various embodiments include apparatus and methods to authenticate a communication session between a server and a client device without providing authentication tokens to the client device. Additional apparatus, systems, and methods are disclosed.

70 Citations

View as Search Results

30 Claims

1. A method comprising:
- conducting operations in a mobile wireless communications device using a controller of the mobile wireless communications device, the operations including;
  
  capturing an image displayed on a client device;
  
  decoding the image;
  
  establishing a secure communication connection between the mobile wireless communications device and a server;
  
  transmitting to the server, via the secure communication connection, authenticating data of a user log-in between the client device and the server without an authentication token, corresponding to the user log-in, being provided to the client device, the authenticating data being based on the decoded image;
  
  conducting, after the user log-in, a confirmation of a transaction of an application of the server during an interactive session between the client device and the server, the confirmation being conducted via a communication from the mobile wireless communications device to the server to complete the confirmation without an authentication token being provided to the client device; and
  
  generating, after the user log-in and the confirmation, a logoff request in the mobile wireless communications device to conduct a to off between the client device and the server, and transmitting the logoff request to the server, the logoff request including data to terminate connection of the server and the client device, the data corresponding to the user log-in between the client device and the server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein conducting the confirmation in the mobile wireless communications device includes:
    - capturing a second image displayed on the client device during the interactive session;
      
      decoding the second image;
      
      generating a communication to the server in response to decoding the second image; and
      
      transmitting, to the server in the communication, second authenticating data of the transaction of the interactive session based on the decoded second image.
  - 3. The method of claim 2, wherein transmitting the second authenticating data of the transaction includes transmitting, to the server, an identification of the transaction, the identification being extracted from decoding the second image.
  - 4. The method of claim 1, wherein decoding the image includes decoding the image such that a plain text nonce and digital signature, generated by the server, is produced.
  - 5. The method of claim 1, wherein establishing the secure communication connection between the mobile wireless communications device and the server includes using transport layer security (TLS).
  - 6. The method of claim 1, wherein transmitting to the server authenticating data includes transmitting data that satisfies a challenge incorporated in the captured image.

7. A method comprising:
- conducting operations in a server using a controller of the server, the operations including;
  
  generating coded image data, the coded image data having data corresponding to a user log-in to the server;
  
  transmitting the coded image data to a client device;
  
  entering into a secure communication connection with a mobile wireless communications device;
  
  receiving via the secure communication connection, authenticating data of the user log-in between the client device and the server without an authentication token, corresponding to the user log-in, being provided to the client device, the authenticating data based on the coded image data transmitted to the client device;
  
  entering into an interactive session with the client device, without an authentication token being provided to the client device, based on comparing the authenticating data with the data of the coded image data, the interactive session corresponding to the user log-in;
  
  conducting a confirmation of a transaction of an application of the server during the interactive session between the client device and the server, the confirmation conducted in response to a communication from the mobile wireless communications device to complete the confirmation, the confirmation being conducted without an authentication token being provided to the client device; and
  
  conducting a logoff of the client device from the server, the logoff including receiving a logoff request from the mobile wireless communications device, the logoff request including data to terminate connection of the server and client device corresponding to the user log-in between the client device and the server.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, wherein conducting the confirmation in the server includes:
    - generating an identification of the transaction;
      
      encoding the identification into a second coded image data;
      
      transmitting the second coded image data to the client device;
      
      receiving second authenticating data of the transaction from the mobile wireless communications device without an authentication token being provided to the client device, the second authenticating data based on the second coded image data transmitted to the client device; and
      
      completing the confirmation of the transaction based on the second authenticating data.
  - 9. The method of claim 8, wherein completing the confirmation of the transaction in the server includes comparing the identification of the transaction generated by the server with a transaction identification received in the second authenticating data of the transaction.
  - 10. The method of claim 7, generating coded image data includes encoding a plain text nonce and digital signature.
  - 11. The method of claim 10, wherein conducting the logoff includes the server invalidating cookies associated with the user log-in.
  - 12. The method of claim 10, wherein conducting the logoff includes the server invalidating session data cached by the client device.
  - 13. The method of claim 7, wherein entering into a secure communication connection includes using transport layer security (TLS).
  - 14. The method of claim 7, wherein generating the coded image data includes incorporating a challenge in generating the coded image data.

15. A machine-readable storage device having instructions stored thereon, which instructions, when executed by a processor, cause a mobile wireless communications device to perform operations, the operations comprising:
- capturing an image displayed on a client device;
  
  decoding the image;
  
  establishing a secure communication connection between the mobile wireless communications device and a server;
  
  transmitting to the server, via the secure communication connection, authenticating data of a user log-in between the client device and the server without an authentication token, corresponding to the user log-in, being provided to the client device, the authenticating data being based on the decoded image;
  
  conducting, after the user log-in, a confirmation of a transaction of an application of the server during an interactive session between the client device and the server, the confirmation being conducted via a communication from the mobile wireless communications device to the server to complete the confirmation without an authentication token being provided to the client device; and
  
  generating, after the user log-in and the confirmation, a logoff request in the mobile wireless communications device to conduct a logoff between the client device and the server, and transmitting the logoff request to the server, the logoff request including data to terminate connection of the server and the client device, the data corresponding to the user log-in between the client device and the server.
- View Dependent Claims (16, 17, 18)
- - 16. The machine-readable storage device of claim 15, wherein conducting the confirmation in the mobile wireless communications device includes:
    - capturing a second image displayed on the client device during the interactive session;
      
      decoding the second image;
      
      generating a communication to the server in response to decoding the second image; and
      
      transmitting, to the server in the communication, second authenticating data of the transaction of the interactive session based on the decoded second image.
  - 17. The machine-readable storage device of claim 16, wherein transmitting the second authenticating data of the transaction includes transmitting, to the server, an identification of the transaction, the identification being extracted from decoding the second image.
  - 18. The machine-readable storage device of claim 15, wherein decoding the image includes decoding the image such that a plain text nonce and digital signature, generated by the server, is produced.

19. A machine-readable storage device having instructions stored thereon, which instructions, when executed by a processor, cause a server to perform operations, the operations comprising:
- generating coded image data, the coded image data having data corresponding to a user log-in to the server;
  
  transmitting the coded image data to a client device;
  
  entering into a secure communication connection with a mobile wireless communications device;
  
  receiving via the secure communication connection, authenticating data of the user log-in between the client device and the server without an authentication token, corresponding to the user log-in, being provided to the client device, the authenticating data based on the coded image data transmitted to the client device;
  
  entering into an interactive session with the client device, without an authentication token being provided to the client device, based on comparing the authenticating data with the data of the coded image data, the interactive session corresponding to the user log-in;
  
  conducting a confirmation of a transaction of an application of the server during the interactive session between the client device and the server, the confirmation conducted in response to a communication from the mobile wireless communications device to complete the confirmation, the confirmation being conducted without an authentication token being provided to the client device); and
  
  conducting a logoff of the client device from the server, the logoff including receiving a logoff request from the mobile wireless communications device, the logoff request including data to terminate connection of the server and client device corresponding to the user log-in between the client device and the server.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The machine-readable storage device of claim 19, wherein conducting the confirmation in the server includes:
    - generating an identification of the transaction;
      
      encoding the identification into a second coded image data;
      
      transmitting the second coded image data to the client device;
      
      receiving second authenticating data of the transaction from the mobile wireless communications device without an authentication token being provided to the client device, the authenticating data based on the second coded image data transmitted to the client device; and
      
      completing the confirmation of the transaction based on the authenticating data.
  - 21. The machine-readable storage device of claim 20, wherein completing the confirmation in the server includes comparing the identification of the transaction generated by the server with a transaction identification received in the second authenticating data of the transaction.
  - 22. The machine-readable storage device of claim 19, wherein generating coded image data includes encoding a plain text nonce and digital signature.
  - 23. The machine-readable storage device of claim 22, wherein conducting the logoff includes the server invalidating cookies associated with the user log-in and invalidating session data cached by the client device.

24. A mobile wireless communications device comprising:
- a processor;
  
  a memory operably coupled to the processor, the memory including data storage to store parameters to operate the mobile wireless communications device;
  
  a camera;
  
  a decoder;
  
  a communications interface, wherein the processor, the memory, the camera, the decoder, and the communications interface are arranged to operably;
  
  capture an image displayed on a client device;
  
  decode the image;
  
  establish a secure communication connection between the mobile wireless communications device and a server;
  
  transmit to the server, via the secure communication connection, authenticating data of a user log-in between the client device and the server without an authentication token, corresponding to the user log-in, being provided to the client device, the authenticating data being based on the decoded image;
  
  conduct, after the user log-in, a confirmation of a transaction of an application of the server during an interactive session between the client device and the server, the confirmation being conducted via a communication from the mobile wireless communications device to the server to complete the confirmation without an authentication token being provided to the client device; and
  
  generate, after the user log-in and the confirmation, a logoff request in the mobile wireless communications device to conduct a logoff between the client device and the server, and transmit the logoff request to the server, the logoff request including data to terminate connection of the server and the client device, the data corresponding to the user log-in between the client device and the server.
- View Dependent Claims (25, 26)
- - 25. The mobile wireless communications device of claim 24, wherein the processor, the memory, the camera, the decoder, and the communications interface are arranged to operatively conduct the confirmation in the mobile wireless communications device to:
    - capture a second image displayed on the client device during the interactive session;
      
      decode the second image;
      
      generate a communication to the server in response to decoded second image; and
      
      provide, to the server in the communication, second authenticating data of the transaction based on the decoded second image.
  - 26. The mobile wireless communications device of claim 24, wherein the processor, the memory, the camera, the decoder, and the communications interface are arranged to operatively decode the image by decoding the image such that a plain text nonce and digital signature, generated by the server, is produced.

27. A server comprising:
- a processor;
  
  a memory operably coupled to the processor, the memory including data storage to store parameters to operate the server;
  
  an encoder;
  
  a communications interface, wherein the processor, the memory, the encoder, and the communications interface are arranged to operably;
  
  generate coded image data, the coded image data having data corresponding to a user log-in to the server;
  
  transmit the coded image data to a client device;
  
  enter into a secure communication connection with a mobile wireless communications device;
  
  receive via the secure communication connection, authenticating data of the user log-in between the client device and the server without an authentication token, corresponding to the user log-in, being provided to the client device, the authenticating data based on the coded image data transmitted to the client device;
  
  enter into an interactive session with the client device, without an authentication token being provided to the client device, based on comparing the authenticating data with the data of the coded image data, the interactive session corresponding to the user log-in;
  
  conduct a confirmation of a transaction of an application of the server during the interactive session between the client device and the server, the confirmation conducted in response to a communication from the mobile wireless communications device to complete the confirmation, the confirmation being conducted without an authentication token being provided to the client device; and
  
  conduct a logoff of the client device from the server, the logoff including receiving a logoff request from the mobile wireless communications device, the logoff request including data to terminate connection of the server and client device corresponding to the user log-in between the client device and the server.
- View Dependent Claims (28, 29, 30)
- - 28. The server of claim 27, wherein the processor, the memory, the encoder, and the communications interface are arranged to operably conduct the confirmation in the server to:
    - generate an identification of the transaction;
      
      encode the identification into a second coded image data;
      
      transmit the second coded image data to the client device;
      
      receive second authenticating data of the transaction from the mobile wireless communications device without an authentication token being provided to the client device, the second authenticating data based on the second coded image data transmitted to the client device; and
      
      complete the confirmation of the transaction based on the second authenticating data.
  - 29. The server of claim 27, wherein the server is arranged to generate the coded image data by encoding a plain text nonce and digital signature.
  - 30. The server of claim 27, wherein the server is operable to invalidate session data cached by the client device in execution of the logoff.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Courtney, Sean Alexander, Little, Herbert Anthony, Truskovsky, Alexander

Granted Patent

US 8,701,166 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/1063   Personalisation

G06F 21/36   by graphic or iconic repres...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

H04W 12/77   Graphical identity

SECURE AUTHENTICATION

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE AUTHENTICATION

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links