ANONYMOUS AUTHENTICATION AND REMOTE WIRELESS TOKEN ACCESS
First Claim
Patent Images
1. A method of operating an authentication server for authenticating a user who is communicating with an enterprise via a network, comprising:
- receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator;
receiving, from the enterprise, a request to authenticate he user;
transmitting an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device;
receiving, from the user device via the network, the information received from the low energy wireless device in response to the authentication request; and
authenticating the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
7 Assignments
0 Petitions
Accused Products
Abstract
Provided is a method for operating an authentication server for authenticating a user who is communicating with an enterprise via a network. The method include receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator. When the authentication service later receives, from the enterprise, a request to authenticate the user, the authentication server transmits an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device. The information received from the low energy wireless device in response to the authentication request is then used authenticate the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
-
Citations
20 Claims
-
1. A method of operating an authentication server for authenticating a user who is communicating with an enterprise via a network, comprising:
-
receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator; receiving, from the enterprise, a request to authenticate he user; transmitting an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device; receiving, from the user device via the network, the information received from the low energy wireless device in response to the authentication request; and authenticating the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
-
-
2. The method of claim 1, wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator;
- and
wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user.
- and
-
3. The method of claim 1, further comprising:
-
receiving, via the network, a second authenticator from the user device, and storing the second authenticator; transmitting an authentication request to the user device via the network requesting the second authenticator; and receiving, from the first user device via the network, an authenticator in response to the authentication request requesting the second authenticator, authenticating the user by comparing the received second authenticator with the stored second authenticator, wherein the authentication request transmitted to the user device via the network requesting that the user read information from the low energy wireless device using the user device is transmitted in response to the user being authenticated using the second authenticator.
-
-
4. The method of claim 3, wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator;
- and
wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user.
- and
-
5. The method of claim 1, further comprising:
-
establishing, via the network, an enterprise account with the enterprise by generating and storing an enterprise account identifier; establishing, via the network, a user device account with the user device by storing authentifiers received using the user device and storing the authentifiers in association with a device identifier associated with the user device; generating, after establishing the user device account with the user device, a first asymmetric key pair and storing one key of the first asymmetric key pair and transmitting the other key of the first asymmetric key pair to the user device; generating, after establishing the user device account and the enterprise account, a relationship account that associates the user device identifier and the enterprise account identifier using a relationship identifier; transmitting the relationship identifier to the user device; and receiving, after transmitting the relationship identifier to the user device, one key of a second asymmetric key pair from the user device and transmitting the one key of the second asymmetric key pair to the enterprise with the relationship identifier, wherein the information received from the low energy wireless device is encrypted by the user device using the other key of the second asymmetric key pair.
-
-
6. A method of operating an authentication server for securely exchanging information between a user device and an enterprise via a network, comprising:
-
receiving, via the network, a request from the enterprise to obtain information from a low energy wireless device associated with a user; sending the request to obtain information from the low energy wireless device to the user device associated with the user; receiving information from the low energy wireless device read using the user device, the information encrypted by the user device; and transmitting the encrypted information to the enterprise.
-
-
7. The method of claim 6, further comprising:
-
receiving, via the network, second information from the enterprise with a request to transmit the second information from the user device to the low energy wireless device to be encrypted using the low energy wireless device; transmitting, via the network, the second information and the request to encrypt the second information to the user device; and receiving the second information encrypted by the low energy wireless device; and transmitting the encrypted second information to the enterprise.
-
-
8. The method of claim 6, further comprising:
-
receiving, via the network, an authenticator from the user device, and storing the authenticator; transmitting an authentication request to the user device via the network requesting the authenticator; receiving, from the user device via the network, an authenticator in response to the authentication request requesting the authenticator; and authenticating the user by comparing the received authenticator with the stored authenticator, wherein the request to obtain information from the low energy wireless device is sent in response to the user being authenticated using the authenticator received from the user device.
-
-
9. The method of claim 7, further comprising:
-
receiving, via the network, an authenticator from the user device, and storing the authenticator; transmitting an authentication request to the user device via the network requesting the authenticator; receiving, from the user device via the network, an authenticator in response to the authentication request requesting the authenticator; and authenticating the user by comparing the received authenticator with the stored authenticator, wherein the second information and the request are transmitted to the user device in response to the user being authenticated using the authenticator received from the user device.
-
-
10. The method of claim 6, further comprising:
-
receiving one key of an asymmetric key pair from the user device and transmitting the one key to the enterprise without storing the one key, wherein the second information received from the enterprise is encrypted using an other key of the asymmetric key pair and is transmitted as encrypted second information to the user device with the request.
-
-
11. The method of claim 7, further comprising:
-
receiving one key of an asymmetric key pair from the user device and transmitting the one key to the enterprise without storing the one key, wherein the information received from the low energy wireless device read using the user device is encrypted by the user device using an other key of the asymmetric key pair.
-
-
12. The method of claim 6, further comprising:
-
establishing, via the network, an enterprise account with the enterprise by generating and storing an enterprise account identifier; establishing, via the network, a user device account with the user device by storing authenticators received using the user device and storing the authenticators in association with a device identifier associated with the user device; generating, after establishing the user device account with the user device, a first asymmetric key pair and storing one key of the first asymmetric key pair and transmitting the other key of the first asymmetric key pair to the user device; generating, after establishing the user device account and the enterprise account, a relationship account that associates the user device identifier and the enterprise account identifier using a relationship identifier; transmitting the relationship identifier to the user device; and receiving, after transmitting the relationship identifier to the user device, one key of a second asymmetric key pair from the user device and transmitting the one key of the second asymmetric key pair to the enterprise with the relationship identifier, wherein the information received from the low energy wireless device is encrypted by the user device using the other key of the second asymmetric key pair.
-
-
13. The method of claim 1, wherein the user device is a mobile device and the low energy wireless device is configured to communicate using Bluetooth, near field communication or Bluetooth low energy.
-
14. An article of manufacture for authenticating a user who is communicating with an enterprise via a network, comprising:
-
a non-transitory storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby causes the processor to operation so as to; receive, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and store the first authenticator; receive, from the enterprise, a request to authenticate the user; transmit an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device; receive, from the user device via the network, the information received from the low energy wireless device in response to the authentication request; and authenticate the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
-
-
15. The article of manufacture of claim 14, wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator;
- and
wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user.
- and
-
16. The article of manufacture of claim 14, wherein the stored logic is further configured to cause the processor to operate so as to:
-
receive, via the network, a second authenticator from the user device, and store the second authenticator; transmit an authentication request to the user device via the network requesting the second authenticator; and receive, from the first user device via the network, an authenticator in response to the authentication request requesting the second authenticator, authenticate the user by comparing the received second authenticator with the stored second authenticator, wherein the authentication request transmitted to the user device via the network requesting that the user read information from the low energy wireless device using the user device is transmitted in response to the user being authenticated using the second authenticator.
-
-
17. The article of manufacture of claim 16, wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator;
- and
wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user.
- and
-
18. An article of manufacture for operating an authentication server for securely exchanging information between a user device and an enterprise via a network, comprising:
-
a non-transitory storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby causes the processor to operation so as to; receive, via the network, a request from the enterprise to obtain information from a low energy wireless device associated with a user; send the request to obtain information from the low energy wireless device to the user device associated with the user; receive information from the low energy wireless device read using the user device, the information encrypted by the user device; and transmit the encrypted information to the enterprise.
-
-
19. The article of manufacture of claim 18, wherein the stored logic is further configured to cause the processor to operate so as to:
-
receive, via the network, second information from the enterprise with a request to transmit the second information from the user device to the low energy wireless device to be encrypted using the low energy wireless device; transmit, via the network, the second information and the request to encrypt the second information to the user device; and receive the second information encrypted by the low energy wireless device; and transmit the encrypted second information to the enterprise.
-
-
20. The method of claim 18, wherein the stored logic is further configured to cause the processor to operate so as to:
-
receive, via the network, an authenticator from the user device, and storing the authenticator; transmit an authentication request to the user device via the network requesting the authenticator; receive, from the user device via the network, an authenticator in response to the authentication request requesting the authenticator; and authenticate the user by comparing the received authenticator with the stored authenticator, wherein the request to obtain information from the low energy wireless device is sent in response to the user being authenticated using the authenticator received from the user device.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneePayfone Incorporated
-
Original AssigneeAuthentify, Inc. (Bank of America Corp.)
-
InventorsROLFE, Andrew Robert
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesG06Q 20/3226 Use of secure elements sepa...G06Q 20/3829 involving key managementG06Q 40/02 Banking, e.g. interest calc...H04L 2209/24 Key scheduling, i.e. genera...H04L 2209/80 WirelessH04L 2209/805 Lightweight hardware, e.g. ...H04L 63/0428 wherein the data content is...H04L 63/0442 wherein the sending and rec...H04L 63/061 for key exchange, e.g. in p...H04L 63/0861 using biometrical features,...H04L 63/0876 based on the identity of th...H04L 63/0884 by delegation of authentica...H04L 9/3215 using a plurality of channe...H04L 9/3228 One-time or temporary data,...H04L 9/3231 Biological data, e.g. finge...H04L 9/3234 involving additional secure...H04L 9/3236 using cryptographic hash fu...H04L 9/3242 involving keyed hash functi...H04W 12/02 Protecting privacy or anony...H04W 12/033 of the user plane, e.g. use...View All
