Method And Apparatus For Securing An Application Using A Measurement Of A Location Dependent Physical Property Of The Environment

US 20160191473A1
Filed: 12/31/2015
Published: 06/30/2016
Est. Priority Date: 12/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method for securing the interaction between a user and a computer based application, the method comprising the steps of:

obtaining a measurement value of a location dependent physical property of a location from which the computer based application is being accessed by the user;

using the measurement value in a risk analysis; and

deciding on the basis of the outcome of said risk analysis whether or not to perform a certain action.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, and systems for authenticating a user taking into account measurement values of characteristics of the purported environment of the user are described.

17 Citations

View as Search Results

27 Claims

1. A method for securing the interaction between a user and a computer based application, the method comprising the steps of:
- obtaining a measurement value of a location dependent physical property of a location from which the computer based application is being accessed by the user;
  
  using the measurement value in a risk analysis; and
  
  deciding on the basis of the outcome of said risk analysis whether or not to perform a certain action.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising the step of obtaining an electronic signature over said measurement value and verifying said electronic signature.
  - 3. The method of claim 2 in which said electronic signature has been generated by an authentication device by cryptographically combining the measurement value with a first secret key comprised in or derived from a second secret stored in the authentication device.
  - 4. The method of claim 3 in which said cryptographically combining also uses the value of a dynamic variable.
  - 5. The method of claim 4 wherein said second secret is associated with said user.
  - 6. The method of claim 1 further comprising the step of obtaining a location indication indicating said location from which the computer based application is being accessed by the user, wherein said risk analysis also uses said obtained location indication.
  - 7. The method of claim 6 wherein said risk analysis further uses said obtained location indication in relation to said obtained measurement value of the location dependent physical property of the location from which the computer based application is being accessed by the user.

8. An apparatus for providing a secured measurement of a location dependent physical property comprising:
- a sensor for making said measurement of the location dependent physical property;
  
  a memory component for storing a secret value; and
  
  a data processing component for generating an electronic signature over said measurement by cryptographically combining said measurement with a secret key comprised in or derived from said secret value.
- View Dependent Claims (9, 10, 11)
- - 9. The apparatus of claim 8 in which said cryptographically combining also uses the value of a dynamic variable.
  - 10. The apparatus of claim 9 further comprising a clock for providing a time value wherein said dynamic variable is based on said time value.
  - 11. The apparatus of claim 8 wherein said secret value is associated with a specific user.

12. A system for securing the interaction between a user and a computer based application comprising:
- an apparatus for providing an electronic signature over a first location dependent physical property, the apparatus comprising;
  
  a sensor for making a first measurement of said first location dependent physical property at a location of the apparatus,a memory component for storing a secret value; and
  
  a data processing component for generating an electronic signature over said first measurement by cryptographically combining said first measurement with a secret key comprised in or derived from said secret value; and
  
  an authentication server adapted to;
  
  receive a second measurement value of a second location dependent physical property of a location from which the computer based application is being accessed by the user;
  
  receive said electronic signature over said first measurement value;
  
  verify said received electronic signature;
  
  use said received second measurement value and a result of said verification of said received electronic signature in a risk analysis; and
  
  decide on the basis of the outcome of said risk analysis whether or not to perform a certain action.

13. A method for securing interaction between a user and a remotely accessible application, the method comprising the steps of:
- at an access device used by the user to access the remotely accessible application, determining a first value for a first location dependent variable;
  
  at an authentication device determining, independently from the access device, a second value for a second location dependent variable;
  
  at the authentication device generating a dynamic credential or electronic signature using said second value for the second location dependent variable and a cryptographic secret key;
  
  at an authentication server receiving the generated dynamic credential or electronic signature and the first value of the location dependent variable; and
  
  at the authentication server verifying whether the received first value of the location dependent variable is consistent with the received dynamic credential or electronic signature.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 14. The method of claim 13 wherein the step of verifying whether the received first value of the location dependent variable is consistent with the received dynamic credential or electronic signature comprises the steps of:
    - determining, at the authentication server, a set of possible reference values for said second value of the second location dependent variable; and
      
      verifying, at the authentication server, whether the received dynamic credential or electronic signature validates correctly with at least one reference value of said set of reference values by applying a cryptographic verification method to the received dynamic credential or electronic signature and said at least one reference value.
  - 15. The method of claim 14 further comprising the step of including, at the authentication server, in the set of possible reference values all possible values for the second location dependent variable that match, according to a given matching criterion, the first value.
  - 16. The method of claim 14 further comprising the steps of:
    - determining, at the authentication server, a list or range of geographical locations that match the first value of the location dependent variable; and
      
      , at the authentication server, determining and including in the set of possible reference values, all possible values that the second location dependent variable can have at any location in said determined list or range of geographical locations.
  - 17. The method of claim 14 wherein:
    - said cryptographic secret key comprises a symmetric cryptographic key shared between the authentication server and the authentication device;
      
      the step of generating a dynamic credential or electronic signature using said second value for the second location dependent variable and said cryptographic secret key comprises applying to said second value a symmetric cryptographic algorithm parameterized with said cryptographic secret key; and
      
      wherein said verifying whether the received dynamic credential or electronic signature validates correctly with at least one reference value of said set of reference values by applying a cryptographic verification algorithm to the received dynamic credential or electronic signature and said at least one reference value, comprises calculating, at the authentication server, a reference credential value by applying to said at least one reference value said symmetric cryptographic algorithm parameterized with a server copy of said cryptographic secret key, and comparing said calculated reference credential value to said received dynamic credential or electronic signature.
  - 18. The method of claim 13 further comprising performing at the authentication server a risk analysis taking into account the outcome of the step of verifying whether the received first value of the location dependent variable is consistent with the received dynamic credential or electronic signature.
  - 19. The method of claim 13 further comprising accepting said received first value if the step of verifying whether the received first value of the location dependent variable is consistent with the received dynamic credential or electronic signature is successful.
  - 20. The method of claim 13 wherein said cryptographic secret key is associated specifically with said user.
  - 21. The method of claim 13 wherein the first value of the first location dependent variable comprises a first value for a first location dependent physical property at a location of the access device, and the second value of the second location dependent variable comprises a second value for a second location dependent physical property at a location of the authentication device.
  - 22. The method of claim 13 wherein the first value of the first location dependent variable comprises a first value for a location dependent physical property at a location of the access device, and the second value of the second location dependent variable comprises a second value for the same location dependent physical property at a location of the authentication device.
  - 23. The method of claim 13 wherein the first location dependent variable does not comprise a location dependent physical property, and the second value of the second location dependent variable does comprise a value for a location dependent physical property at a location of the authentication device.
  - 24. The method of claim 23 wherein the first value of the first location dependent variable comprises a value indicating a geographical location of the access device.
  - 25. The method of claim 13 wherein both the first value of the first location dependent variable and the second value for the second location dependent variable do not comprise a value for a location dependent physical property.
  - 26. The method of claim 25 wherein the second value for the second location dependent variable comprises a value indicating a geographical location of the authentication device.
  - 27. The method of claim 25 wherein the first value for the first location dependent variable is a value indicating a geographical location of the access device, and the second value for the second location dependent variable is a value indicating a geographical location of the authentication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vasco Data Security Incorporated (OneSpan, Inc.)
Original Assignee
Vasco Data Security Incorporated (OneSpan, Inc.)
Inventors
De Wasch, Tom

Granted Patent

US 10,541,986 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/606   by securing the transmissio...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 10/0635   Risk analysis of enterprise...

H04L 2463/061   applying further key deriva...

H04L 63/0492   by using a location-limited...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/126   the source of the received ...

H04L 9/3247   involving digital signatures

Method And Apparatus For Securing An Application Using A Measurement Of A Location Dependent Physical Property Of The Environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method And Apparatus For Securing An Application Using A Measurement Of A Location Dependent Physical Property Of The Environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links