SYSTEM, DESIGN AND PROCESS FOR EASY TO USE CREDENTIALS MANAGEMENT FOR ONLINE ACCOUNTS USING OUT-OF-BAND AUTHENTICATION
First Claim
1. A method for authentication for accessing an online portal in a system comprising a user, a client processing application, a portable communications device, and an authentication server having a provisioned user database and encrypted payload, wherein the method comprises:
- providing a login portal and screen for access by a user, said login portal being in communication with said client processing application;
establishing contact between client processing application and authentication server wherein a new authentication session is started;
generating a session ID at the authentication server, wherein the session ID is communicated to the client processing application through at least a first communications channel;
creating a multi-dimensional barcode at client processing application, wherein the barcode has dynamic encryption keys, portal information, session ID, and a unique key, and wherein the barcode is displayed at login screen;
holding client processing application in waiting pending authentication server notification of session validation;
starting authentication by user entering credential on portable communications device, wherein portable communications device validates credential and displays scan option;
using portable communications device to scan barcode displayed at login screen and validate client processing application;
finding on the portable communications device the encrypted user credentials with encryption key from barcode;
sending encrypted credentials and session ID from portable communications device to authentication server via a outbound out-of-band communications channel;
checking in provisioned user database of authentication server, wherein session is validated;
sending encrypted payload to waiting client processing application;
sending validation result from authentication server to portable communication device where the result is displayed;
decrypting payload at client processing application using encryption keys;
extracting and decrypting credentials at client processing application;
using decrypted credentials to access the online portal.
6 Assignments
0 Petitions
Accused Products
Abstract
The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect a large number of documents without the need to remember all the document passwords. When opened, the secure document application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the secure document application and triggers an out-of-band outbound mechanism. The portable mobile device invokes the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the secure document. The process of the invention includes an authentication server, a secure document application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application.
67 Citations
5 Claims
-
1. A method for authentication for accessing an online portal in a system comprising a user, a client processing application, a portable communications device, and an authentication server having a provisioned user database and encrypted payload, wherein the method comprises:
-
providing a login portal and screen for access by a user, said login portal being in communication with said client processing application; establishing contact between client processing application and authentication server wherein a new authentication session is started; generating a session ID at the authentication server, wherein the session ID is communicated to the client processing application through at least a first communications channel; creating a multi-dimensional barcode at client processing application, wherein the barcode has dynamic encryption keys, portal information, session ID, and a unique key, and wherein the barcode is displayed at login screen; holding client processing application in waiting pending authentication server notification of session validation; starting authentication by user entering credential on portable communications device, wherein portable communications device validates credential and displays scan option; using portable communications device to scan barcode displayed at login screen and validate client processing application; finding on the portable communications device the encrypted user credentials with encryption key from barcode; sending encrypted credentials and session ID from portable communications device to authentication server via a outbound out-of-band communications channel; checking in provisioned user database of authentication server, wherein session is validated; sending encrypted payload to waiting client processing application; sending validation result from authentication server to portable communication device where the result is displayed; decrypting payload at client processing application using encryption keys; extracting and decrypting credentials at client processing application; using decrypted credentials to access the online portal. - View Dependent Claims (2, 3, 4)
-
-
5. A method for authentication in a system comprising a user, a browser extension or plugin, a portable communications device, and an authentication server having a provisioned user database and encrypted payload, wherein the method comprises:
-
detecting user intent to login to an online portal (like, gmail, yahoo, ebay, etc) using a browser; establishing contact between browser extension or plugin and authentication server wherein a new authentication session is started; generating a session ID at the authentication server, wherein the session ID is communicated to the browser plugin through at least a first communications channel; creating a multi-dimensional barcode at the browser extension or plugin, wherein the barcode has dynamic encryption keys, portal information, session ID, and a unique key, and wherein the barcode is displayed in the browser; holding browser in waiting pending authentication server notification of session validation; starting authentication user entering credential on portable communications device, wherein portable communications device validates credential and displays scan option; using portable communications device to scan barcode displayed at login screen and validate browser extension or plugin; finding on the portable communications device the encrypted user credentials with encryption key from barcode; sending encrypted credentials and session ID from portable communications device to authentication server via a outbound out-of-band communications channel; checking in provisioned user database of authentication server, wherein session is validated; sending encrypted payload to waiting browser extension or plugin; sending validation result from authentication server to portable communication device where the result is displayed; decrypting payload at browser extension or plugin using encryption keys; extracting and decrypting credentials at browser extension or plugin; using decrypted credentials to populate the login form on the login page of the online portal in the browser; initiating the login to the online portal by sending the login form to the online portal using the browser extension or plugin.
-
Specification