COMPUTER IMPLEMENTED MULTI-FACTOR AUTHENTICATION

US 20140250518A1
Filed: 03/29/2013
Published: 09/04/2014
Est. Priority Date: 03/04/2013
Status: Abandoned Application

First Claim

Patent Images

1. Computer implemented multi-factor authentication method for authenticating a user of a secured component, comprisingthe user requesting access to the secured component via a client device;

the client device providing a first authentication factor to the user;

the user providing the first authentication factor to a personal device which is associated to the user at an authentication component, wherein the client device and the personal device are physically distinct units;

the user providing a second authentication factor to the personal device;

the personal device forwarding the first authentication factor and the second identification factor to the authentication component;

the authentication component verifying identity of the user and providing an access token to the secured component; and

the secured component providing the user access to the secured component on the client device in accordance with the access token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer implemented multi-factor authentication method for authenticating a user of a secured component (21, 31), comprises the user requesting access to the secured component (21, 31) via a client device (2); client device (2) providing a first authentication factor (22) to the user who provides the first authentication factor (22) to a personal device (5) and associated to the user at an authentication component (51, 61); client device (2) and personal device (5) are physically distinct; the user providing a second authentication factor to personal device (5) and forwarding first authentication factor (22) and second identification factor to authentication component (51, 61); authentication component (51, 61) verifying identity of user and providing an access token (62) to secured component (21, 31) which provides the user access to secured component (21, 31) on client device (2) in accordance with the access token (62). Allows separating authentication from use of secured component.

Citations

20 Claims

1. Computer implemented multi-factor authentication method for authenticating a user of a secured component, comprisingthe user requesting access to the secured component via a client device;
- the client device providing a first authentication factor to the user;
  
  the user providing the first authentication factor to a personal device which is associated to the user at an authentication component, wherein the client device and the personal device are physically distinct units;
  
  the user providing a second authentication factor to the personal device;
  
  the personal device forwarding the first authentication factor and the second identification factor to the authentication component;
  
  the authentication component verifying identity of the user and providing an access token to the secured component; and
  
  the secured component providing the user access to the secured component on the client device in accordance with the access token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. Method according to claim 1, in which the secured component has a frontend portion running on the client device and a backend portion running on a backend device.
  - 3. Method according to claim 2, in which the client device is running a browser program and the frontend portion of the secured component is provided in the browser program of the client device.
  - 4. Method according to claim 2, in which upon the request for access to the secured component via the client device the backend portion of the secured component uniquely generates the first authentication factor and provides it to the user via the frontend portion of the secured component.
  - 5. Method according to claim 4, in which the client device provides the first authentication factor together with a session identifier, a validity period of the first authentication factor, an authentication component identifier, an access address of the authentication component, status information, a client device operating system identifier, a client device browser program identifier, a client device network address or any combination thereof.
  - 6. Method according to claim 1, wherein the first authentication factor is comprised in a numeric code or a multidimensional code such as a QR-code.
  - 7. Method according to claim 1, in which the authentication component is running a database and the association of the personal device to the user is stored in the database, wherein the association of the personal device to the user preferably comprises a personal device identifier and a user identifier.
  - 8. Method according to claim 7, in which the personal device identifier comprises a seed which is generated for the personal device identifier, provided to the authentication component and confirmed by the user.
  - 9. Method according to claim 1, in which the authentication component provides a blocking functionality to the user for blocking the personal device associated to the user.
  - 10. Method according to claim 1, in which the authentication component has a frontend portion running on the personal device and a backend portion running on an authentication device, wherein the frontend portion of the authentication component preferably comprises an authentication interface, collects the first authentication factor and the second authentication factor via the authentication interface, and provides an identification token comprising the first authentication factor and the second authentication factor to the backend portion of the authentication component.
  - 11. Method according to claim 10, in which the frontend portion of the authentication component adds a location stamp to the identification token prior to providing it to the backend portion of the authentication component.
  - 12. Method according to claim 10, wherein the authentication device is connected to the personal device via a network.
  - 13. Method according to claim 1, in which the authentication component calculates a trust level based on the first authentication factor and on the second authentication factor and provides the trust level in the access token to the secured component.
  - 14. Method according to claim 13, wherein the secured component evaluates the trust level provided in the access token and provides access to the user on the client device in accordance with the access level of the access token.
  - 15. Method according to claim 14, wherein when evaluating the trust level the secured component evaluates plausibility of proximity, location of request, the kind of the second authentication factor, the type of the operating system of the client device, the type of a browser program running on the client device or a combination thereof.
  - 16. Method according to claim 1, in which after provision of the first authentication factor to the user the secured component polls the authentication component for the access token wherein the secured component preferably stops polling the authentication component after a predefined time.
  - 17. Computer program comprising computer readable commands causing a computer to implement a secured component in accordance with the method of claim 1 when being loaded to or executed by the computer.
  - 18. Computer program of claim 17, wherein the computer readable commands cause the computer to implement a backend portion of the secured component as a web service when being loaded to or executed by the computer, wherein the backend portion of the secured component is arranged for providing a frontend portion of the secured component in a browser program of a client device allowing a user to request access to the secured component via the client device;
    - providing a first authentication factor to the user via the frontend portion;
      
      polling an authentication component for an access token; and
      
      providing the user access to the secured component on the client device in accordance with the access token.
  - 19. Computer program comprising computer readable commands causing a computer to implement an authentication component in accordance with the method of claim 1 when being loaded to or executed by the computer.
  - 20. Computer program of claim 19, wherein the computer readable commands cause the computer to implement a backend portion of the authentication component as a service when being loaded to or executed by the computer, wherein the backend portion of the authentication component is arranged for associating a personal device to a user;
    - providing a frontend portion of the authentication component with an interface on the personal device of the user allowing the user to input a first authentication factor and a second authentication factor;
      
      the frontend portion of the authentication device forwarding the first authentication factor and the second identification factor to the backend portion of the authentication component; and
      
      the backend portion of the authentication component verifying identity of the user and providing an access token to the secured component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mfa Informatik AG
Original Assignee
Mfa Informatik AG
Inventors
SCHNEIDER, Andreas

Application Number

US13/853,947
Publication Number

US 20140250518A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/34 involving the use of extern...

COMPUTER IMPLEMENTED MULTI-FACTOR AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTER IMPLEMENTED MULTI-FACTOR AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links