SYSTEM AND METHOD FOR SECURE SINGLE OR MULTI-FACTOR AUTHENTICATION
First Claim
Patent Images
1. A WAN authentication system comprising:
- a hardened physical token, with a token nontransitory computer-readable storage medium comprising token identification information;
a user client computer, with a client arithmetic logic unit (“
ALU”
) and a client nontransitory computer-readable storage medium, having a browser for sending HTTP requests over a wide area network (“
WAN”
);
an ancillary computer, with an ancillary ALU and an ancillary nontransitory computer-readable storage medium, in signaled, direct node-to-node communication with said physical token to permit access to said physical token identification information as an ancillary security complex;
a receiver, in signaled communication with said ancillary computer, having a sensor adapted to interpret color flashes as a data stream;
a host server computer with a server ALU and a server nontransitory computer-readable storage medium, available to both said user computer and said ancillary computer over said WAN for providing a WAN-accessible challenge screen protecting a WAN-accessible transaction screen;
a user directory file, available to said host computer, adapted to correlate token identification information with said user client computer;
a main channel authentication protocol, initiated by said host server computer over said WAN to said user client computer, wherein said host server transmits to said user client computer a color stream transmission of color flashes, embedded in said challenge screen, light-encoding a main challenge during a WAN session;
a back channel authentication protocol;
initiated by said ancillary computer over said WAN to said host server computer, wherein said ancillary computer transmits to said host server computer over a back channel a challenge response comprising said main challenge, derived from said data stream as accepted by said receiver, and token identification information to correlate a user to said session; and
a decision engine adapted to determine a validity of a session based on said back channel authentication protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention utilizes token-based authentication to verify the identity of a user computer. A host server computer transmits a main challenge via light code to an ancillary computer or software program having access to the token. The token translates the main challenge and provides a counterchallenge response back to the host computer over a back channel, distinct from the channel over which the main challenge arrived.
-
Citations
22 Claims
-
1. A WAN authentication system comprising:
-
a hardened physical token, with a token nontransitory computer-readable storage medium comprising token identification information; a user client computer, with a client arithmetic logic unit (“
ALU”
) and a client nontransitory computer-readable storage medium, having a browser for sending HTTP requests over a wide area network (“
WAN”
);an ancillary computer, with an ancillary ALU and an ancillary nontransitory computer-readable storage medium, in signaled, direct node-to-node communication with said physical token to permit access to said physical token identification information as an ancillary security complex; a receiver, in signaled communication with said ancillary computer, having a sensor adapted to interpret color flashes as a data stream; a host server computer with a server ALU and a server nontransitory computer-readable storage medium, available to both said user computer and said ancillary computer over said WAN for providing a WAN-accessible challenge screen protecting a WAN-accessible transaction screen; a user directory file, available to said host computer, adapted to correlate token identification information with said user client computer; a main channel authentication protocol, initiated by said host server computer over said WAN to said user client computer, wherein said host server transmits to said user client computer a color stream transmission of color flashes, embedded in said challenge screen, light-encoding a main challenge during a WAN session; a back channel authentication protocol;
initiated by said ancillary computer over said WAN to said host server computer, wherein said ancillary computer transmits to said host server computer over a back channel a challenge response comprising said main challenge, derived from said data stream as accepted by said receiver, and token identification information to correlate a user to said session; anda decision engine adapted to determine a validity of a session based on said back channel authentication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A WAN authentication system comprising:
-
a host server computer with a server arithmetic logic unit (“
ALU”
) and a server nontransitory computer-readable storage medium, available over a wide area network (“
WAN”
) for providing a WAN-accessible challenge screen protecting a WAN-accessible transaction screen;a user client computer, with a client ALU and a client nontransitory computer-readable storage medium, having a browser for sending HTTP requests over said WAN and a cookie issued subsequent to a main channel authentication protocol and a back channel authentication protocol; a hardened physical token, with a token nontransitory computer-readable storage medium comprising token identification information; an ancillary computer, with an ancillary ALU and an ancillary nontransitory computer-readable storage medium, in signaled, direct node-to-node communication with said physical token to permit access to said physical token identification information as an ancillary security complex; a receiver, in signaled communication with said ancillary computer, having a sensor adapted to interpret color flashes as a data stream; a user directory file, available to said host computer, adapted to correlate physical token identification information with said user client computer; wherein said main channel authentication protocol is initiated by said host server computer over said WAN to said user client computer and said host server transmits to said user client computer a color stream transmission of color flashes, embedded in said challenge screen, light-encoding a main challenge during a WAN session; wherein said back channel authentication protocol is initiated by said ancillary computer over said WAN to said host server computer and said ancillary computer transmits to said host server computer over a back channel a challenge response comprising said main challenge, derived from said data stream as accepted by said receiver, and token identification information to correlate a user to said session; and a decision engine adapted to determine a validity of a user-host session based on said back channel authentication protocol, issue said cookie to said user computer, and advance said user computer through said challenge screen directly to said transaction screen upon recognition of said cookie in said user computer. - View Dependent Claims (17)
-
-
18. A WAN authentication process comprising:
-
associating a hardened physical token, having a token nontransitory computer-readable storage medium, with an ancillary computer, having an ancillary arithmetic logic unit (“
ALU”
) and an ancillary nontransitory computer-readable storage medium, in signaled, direct node-to-node communication to permit access to said physical token identification information as an ancillary security complex;initiating a wide area network (“
WAN”
) browser session between a user computer and a host computer, wherein said host computer provides a WAN-accessible challenge screen protecting a WAN-accessible transaction screen;displaying on said user client computer a color stream transmission of color flashes, embedded in said challenge screen, light-encoding a main challenge during said WAN browser session, initiated by said host server computer over said WAN to said user client computer; interpreting color flashes with a receiver, in signaled communication with said ancillary security complex, as a data stream; transmitting from said main complex said main challenge and token information via a back channel to said host computer; and correlating said physical token information to said browser session; and proceeding beyond said challenge screen to transaction screen upon validation of said ancillary security complex. - View Dependent Claims (19, 20, 21)
-
-
22. A WAN authentication system comprising:
-
a user client computer, with a client arithmetic logic unit (“
ALU”
) and a client nontransitory computer-readable storage medium, having a browser for sending HTTP requests over a wide area network (“
WAN”
) with a hardened physical token, with a token nontransitory computer-readable storage medium comprising token identification information;an ancillary software program, on said user client computer, in signaled, direct communication with said physical token to permit access to said physical token identification information; a receiver, in signaled communication with said ancillary software program, having a sensor adapted to interpret color flashes as a data stream; a host server computer with a server ALU and a server nontransitory computer-readable storage medium, available to said user computer said WAN for providing a WAN-accessible challenge screen protecting a WAN-accessible transaction screen; a user directory file, available to said host computer, adapted to correlate token identification information with said user client computer; a main channel authentication protocol, initiated by said host server computer over said WAN to said user client computer browser, wherein said host server transmits to said user client computer a color stream transmission of color flashes, embedded in said challenge screen, light-encoding a main challenge during a WAN session; a back channel authentication protocol;
initiated by said ancillary software over said WAN to said host server computer, wherein said ancillary computer transmits to said host server computer over a back channel, distinct from said main channel, a challenge response comprising said main challenge, derived from said data stream as accepted by said receiver, and token identification information to correlate a user to said session; anda decision engine adapted to determine a validity of said session based on said back channel authentication protocol.
-
Specification