SYSTEMS AND METHODS FOR THREE-FACTOR AUTHENTICATION

US 20130179692A1
Filed: 01/11/2012
Published: 07/11/2013
Est. Priority Date: 01/11/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented authentication method comprising:

receiving a user'"'"'s identification and password;

generating a one time password;

encrypting the one time password to provide an encrypted one time password;

encoding the encrypted one time password in a two-dimensional barcode to provide a two-dimensional barcode of the encrypted one time password;

transmitting the two-dimensional barcode of the encrypted one time password to a computing device of the user;

reading the two-dimensional barcode of the encrypted one time password displayed on the user'"'"'s computing device using a mobile device associated with the user to obtain the encrypted one time password;

decrypting the encrypted one time password using the user'"'"'s mobile device;

displaying the one time password;

receiving the one time password spoken by the user; and

recognizing the user'"'"'s voice and the one time password to authenticate the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect, systems and methods for three-factor authentication include receiving a user'"'"'s identification and password transmitted from the user'"'"'s mobile device, generating a One Time Password (OTP), encrypting the OTP, and encoding the encrypted OTP in a two-dimensional barcode. The two-dimensional barcode of the encrypted OTP is transmitted to a computing device of the user, and an image of the two-dimensional barcode of the encrypted OTP displayed on the user'"'"'s computing device is captured using the user'"'"'s mobile device. The two-dimensional barcode of the encrypted OTP is decoded using the user'"'"'s mobile device to obtain the encrypted OTP. The encrypted OTP is decrypted using the user'"'"'s mobile device and displayed. The OTP then is spoken by the user, and the user'"'"'s voice and the OTP are recognized to authenticate the user.

105 Citations

20 Claims

1. A computer implemented authentication method comprising:
- receiving a user'"'"'s identification and password;
  
  generating a one time password;
  
  encrypting the one time password to provide an encrypted one time password;
  
  encoding the encrypted one time password in a two-dimensional barcode to provide a two-dimensional barcode of the encrypted one time password;
  
  transmitting the two-dimensional barcode of the encrypted one time password to a computing device of the user;
  
  reading the two-dimensional barcode of the encrypted one time password displayed on the user'"'"'s computing device using a mobile device associated with the user to obtain the encrypted one time password;
  
  decrypting the encrypted one time password using the user'"'"'s mobile device;
  
  displaying the one time password;
  
  receiving the one time password spoken by the user; and
  
  recognizing the user'"'"'s voice and the one time password to authenticate the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer implemented method of claim 1 wherein at least one of generating and encrypting the one time password uses a hash based at least in part on at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user.
  - 3. The computer implemented method of claim 1 wherein generating the one time password further comprises applying a hash chain of a hash function on concatenation of two or more of the user'"'"'s identification, the user'"'"'s password, and on at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user.
  - 4. The computer implemented method of claim 1 wherein encrypting the one time password further comprises applying a hash of at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user using a symmetric encryption algorithm.
  - 5. The computer implemented method of claim 1, further comprising:
    - retrieving a number of times a one time password has been issued to the user; and
      
      incrementing a counter of the number of times a one time password has been issued to the user upon transmitting the two-dimensional barcode of the encrypted one time password to a computing device of the user.
  - 6. The computer implemented method of claim 5 wherein each of retrieving a number of times a one time password has been issued to the user and incrementing a counter of the number of times a one time password has been issued to the user are carried out by each of an authentication server and the user'"'"'s mobile device.
  - 7. The computer implemented authentication method of claim 1 wherein the one time password spoken by the user is spoken into a microphone of the user'"'"'s computing device.
  - 8. The computer implemented authentication method of claim 1 wherein receiving the user'"'"'s identification and password, generating the one time password, encrypting the one time password, encoding the two-dimensional barcode, transmitting the two-dimensional barcode, receiving the one time password spoken by the user, and recognizing the user'"'"'s voice and the one time password to authenticate the user are carried out by one or more authentication servers.
  - 9. The computer implemented method of claim 1 wherein reading the two-dimensional barcode displayed on the user'"'"'s computing device is carried out using a camera of the user'"'"'s mobile device.
  - 10. The computer implemented method of claim 1 wherein, following decryption of the encrypted one time password, the one time password is displayed by the user'"'"'s mobile device.

11. A tangible computer program medium comprising computer program instructions executable by one or more processors of one or more computing devices, the computer program instructions, when implemented by the one or more processors, performing operations comprising:
- receiving a username and password;
  
  generating a one time password;
  
  encrypting the one time password to provide an encrypted one time password;
  
  encoding the encrypted one time password in a two-dimensional barcode to provide a two-dimensional barcode of the encrypted one time password;
  
  transmitting the two-dimensional barcode of the encrypted one time password to another computing device of the user;
  
  reading the two-dimensional barcode of the encrypted one time password using a user'"'"'s mobile computing device to obtain the encrypted one time password;
  
  decrypting the encrypted one time password on the user'"'"'s mobile computing device;
  
  displaying the one time password on the user'"'"'s mobile computing device;
  
  receiving the one time password spoken by the user; and
  
  recognizing the user'"'"'s voice and the one time password to authenticate the user.
- View Dependent Claims (12, 13, 14)
- - 12. The tangible computer program medium of claim 11 wherein at least one of generating and encrypting the one time password uses a hash based at least in part on at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user.
  - 13. The tangible computer program medium of claim 11 wherein generating the one time password further comprises applying a hash chain of a hash function on concatenation of two or more of the user'"'"'s identification, the user'"'"'s password, and on at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user.
  - 14. The tangible computer program medium of claim 11 wherein encrypting the one time password further comprises applying a hash of at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user using a symmetric encryption algorithm.

15. A system for authentication comprising:
- one or more server computing devices, each comprising one or more respective processors operatively coupled to respective memory, each memory comprising computer program instructions executable by a processor to implement operations comprising;
  
  receiving a username and password transmitted from a user mobile device;
  
  generating a one time password;
  
  encrypting the one time password to produce an encrypted one time password;
  
  encoding the one time password in a two-dimensional barcode to produce a two-dimensional barcode of the encrypted one time password;
  
  transmitting the two-dimensional barcode of the encrypted one time password to a user-computing device;
  
  receiving the one time password spoken by the user; and
  
  recognizing the user'"'"'s voice and the one time password to authenticate the user to access a site using at least one of the user computing device and the user mobile device;
  
  the user computing device comprising one or more processors operatively coupled to memory comprising computer program instructions executable by the one or more processors to implement operations comprising;
  
  receiving the two-dimensional barcode of the encrypted one time password;
  
  displaying the two-dimensional barcode of the encrypted one time password;
  
  recording the one time password spoken by the user;
  
  transmitting the one time password to the one or more server computing devices; and
  
  the user mobile device comprising one or more processors operatively coupled to memory comprising computer program instructions executable by the one or more processors to implement operations comprising;
  
  reading the two-dimensional barcode of the encrypted one time password displayed by the user computing device;
  
  decrypting the encrypted one time password encoded in the two-dimensional bar code; and
  
  displaying the one time password on the user'"'"'s mobile computing device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15 wherein the one or more servers implement operations to use a hash based at least in part on at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user to generate and encrypt the one time password, and the user'"'"'s mobile device implements operations to use the hash based at least in part on the at least one IMEI and IMSI to decrypt the encrypted one time password.
  - 17. The system of claim 15 wherein the one or more servers implement operations to apply a hash chain of a hash function on concatenation of two or more of the user'"'"'s identification, the user'"'"'s password, and at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user to generate the one time password, and the user'"'"'s mobile device implements operations to apply the hash chain of a hash function on concatenation of two or more of the user'"'"'s identification, the user'"'"'s password, and at least one of the IMEI of the user'"'"'s mobile device and the IMSI of the user to display the one time password.
  - 18. The system of claim 15 wherein the one or more servers implement operations to apply a hash of at least one of an international mobile equipment identity (IMEI) of the user'"'"'s mobile device and an international mobile subscriber identity (IMSI) of the user using a symmetric encryption algorithm to encrypt the one time password, and the user'"'"'s mobile device implements operations to apply the hash of the at least one IMEI of the user'"'"'s mobile device and the IMSI of the user using the symmetric encryption algorithm to decrypt the encrypted one time password.
  - 19. The system of claim 15 wherein at least one of the one or more server computing devices and the user'"'"'s mobile device each implement operations to retrieve a number of times a one time password has been issued to the user, and increment a counter of the number of times a one time password has been issued to the user, upon transmission of the two-dimensional barcode of the encrypted one time password to the computing device of the user.
  - 20. The system of claim 15 wherein the user'"'"'s mobile device further comprises a camera, and wherein the computer program instructions of the user'"'"'s mobile device are further used for reading the two-dimensional barcode of the encrypted one time password displayed by the user-computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
King SAUD University
Original Assignee
King SAUD University
Inventors
Khan, Muhammad Khurram, Alghathbar, Khaled Soliman, Tolba, Ahmed Saleh Mohamed

Granted Patent

US 8,862,888 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/179
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/42   using separate channels for...

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/105   Multiple levels of security

H04L 63/18   using different networks or...

H04L 9/0866   involving user or device id...

H04L 9/3215   using a plurality of channe...

H04L 9/3228   One-time or temporary data,...

H04L 9/3231   Biological data, e.g. finge...

SYSTEMS AND METHODS FOR THREE-FACTOR AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

105 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR THREE-FACTOR AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links