System, Design and Process for Easy to Use Credentials Management for Accessing Online Portals Using Out-of-Band Authentication
First Claim
1. A system of user authentication for accessing an online portal in a communications network, the system comprising:
- a client processing application having programming for communication with a login portal and screen for access by a user;
an authentication server application having programming for establishing contact between the client processing application wherein a new authentication session is started;
programming for generating a session identification (“
ID”
), and programming for communicating a session ID to the client processing application through at least a first communications channel;
wherein the client processing application includes programming for creating a multi-dimensional barcode for display at the login screen, wherein the barcode has dynamic encryption keys, portal, information, session ID, and a unique key; and
programming for holding the client processing application in waiting pending notification of session validation by the authentication server application;
wherein the client processing application includes programming for authentication by receiving user credentials from a portable communications device,a portable communications device application having programming for authentication, including programming for receiving user credentials and displaying at least one scan option;
programming for scanning the barcode displayed at the login screen;
programming for validating the client processing application;
programming for finding at least one encrypted user credentials with the encryption key from the barcode; and
programming for sending the encrypted credentials and session ID to the client authentication server via an outbound out-of-band communications channel;
wherein the authentication server application further includes programming for checking a provisioned user database and validating the session ID;
programming for sending the encrypted payload to the waiting client processing application;
programming for sending validation result to the portable communication device where the result can be displayed;
wherein the client processing application includes programming for extracting and decrypting the credentials; and
programming for using the decrypted credentials to access the online portal.
6 Assignments
0 Petitions
Accused Products
Abstract
The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect user access to online portals. When opened, the client processing application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the client processing application and triggers an out-of-band outbound mechanism. The portable mobile device invokes the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the online portal. The process of the invention includes an authentication server, a client processing application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application.
-
Citations
10 Claims
-
1. A system of user authentication for accessing an online portal in a communications network, the system comprising:
-
a client processing application having programming for communication with a login portal and screen for access by a user; an authentication server application having programming for establishing contact between the client processing application wherein a new authentication session is started;
programming for generating a session identification (“
ID”
), and programming for communicating a session ID to the client processing application through at least a first communications channel;wherein the client processing application includes programming for creating a multi-dimensional barcode for display at the login screen, wherein the barcode has dynamic encryption keys, portal, information, session ID, and a unique key; and
programming for holding the client processing application in waiting pending notification of session validation by the authentication server application;wherein the client processing application includes programming for authentication by receiving user credentials from a portable communications device, a portable communications device application having programming for authentication, including programming for receiving user credentials and displaying at least one scan option;
programming for scanning the barcode displayed at the login screen;
programming for validating the client processing application;
programming for finding at least one encrypted user credentials with the encryption key from the barcode; and
programming for sending the encrypted credentials and session ID to the client authentication server via an outbound out-of-band communications channel;wherein the authentication server application further includes programming for checking a provisioned user database and validating the session ID;
programming for sending the encrypted payload to the waiting client processing application;
programming for sending validation result to the portable communication device where the result can be displayed;wherein the client processing application includes programming for extracting and decrypting the credentials; and
programming for using the decrypted credentials to access the online portal. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for authentication for accessing an online portal in a system comprising a user, a client processing application, a portable communications device, and an authentication server having a provisioned user database and encrypted payload, wherein the method comprises:
-
providing a login portal and screen for access by a user, said login portal being in communication with said client processing application; establishing contact between the client processing application and the authentication server wherein a new authentication session is started; generating a session identification (“
ID”
) at the client processing application;creating a multi-dimensional barcode at the client processing application, wherein the barcode has dynamic encryption keys, portal information, session ID, and a unique key, and wherein the barcode is displayed at the login screen; holding the client processing application in waiting pending the authentication server notification of session validation; starting authentication by user entering credentials on the portable communications device, wherein the portable communications device validates credential and displays scan option; using the portable communications device to scan the barcode displayed at the login screen and validate the client processing application; finding on the portable communications device at least one encrypted user credential with the encryption key from the barcode; sending the encrypted credentials and session ID from the portable communications device to the authentication server via an outbound out-of-band communications channel; checking in provisioned user database of the authentication server, wherein the session is validated; sending the encrypted payload to waiting at the client processing application; sending validation result from the authentication server to the portable communication device where the result is displayed; decrypting the encrypted payload at the client processing application using the encryption keys; extracting and decrypting the credentials at the client processing application; and using the decrypted credentials to access the online portal. - View Dependent Claims (7, 8, 9, 10)
-
Specification