ANONYMOUS AUTHENTICATION AND REMOTE WIRELESS TOKEN ACCESS
First Claim
1. A method of operating an authentication server for authenticating a user who is communicating with an enterprise via a network, comprising:
- receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator;
receiving, from the enterprise, a request to authenticate he user;
transmitting an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device;
receiving, from the user device via the network, the information received from the low energy wireless device in response to the authentication request; and
authenticating the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
7 Assignments
0 Petitions
Accused Products
Abstract
Provided is a method for operating an authentication server for authenticating a user who is communicating with an enterprise via a network. The method include receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator. When the authentication service later receives, from the enterprise, a request to authenticate the user, the authentication server transmits an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device. The information received from the low energy wireless device in response to the authentication request is then used authenticate the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
-
Citations
20 Claims
-
1. A method of operating an authentication server for authenticating a user who is communicating with an enterprise via a network, comprising:
-
receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator; receiving, from the enterprise, a request to authenticate he user; transmitting an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device; receiving, from the user device via the network, the information received from the low energy wireless device in response to the authentication request; and authenticating the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
-
-
2. The method of claim 1, wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator;
- and
wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user.
- and
-
3. The method of claim 1, further comprising:
-
receiving, via the network, a second authenticator from the user device, and storing the second authenticator; transmitting an authentication request to the user device via the network requesting the second authenticator; and receiving, from the first user device via the network, an authenticator in response to the authentication request requesting the second authenticator, authenticating the user by comparing the received second authenticator with the stored second authenticator, wherein the authentication request transmitted to the user device via the network requesting that the user read information from the low energy wireless device using the user device is transmitted in response to the user being authenticated using the second authenticator.
-
-
4. The method of claim 3, wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator;
- and
wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user.
- and
-
5. The method of claim 1, further comprising:
-
establishing, via the network, an enterprise account with the enterprise by generating and storing an enterprise account identifier; establishing, via the network, a user device account with the user device by storing authentifiers received using the user device and storing the authentifiers in association with a device identifier associated with the user device; generating, after establishing the user device account with the user device, a first asymmetric key pair and storing one key of the first asymmetric key pair and transmitting the other key of the first asymmetric key pair to the user device; generating, after establishing the user device account and the enterprise account, a relationship account that associates the user device identifier and the enterprise account identifier using a relationship identifier; transmitting the relationship identifier to the user device; and receiving, after transmitting the relationship identifier to the user device, one key of a second asymmetric key pair from the user device and transmitting the one key of the second asymmetric key pair to the enterprise with the relationship identifier, wherein the information received from the low energy wireless device is encrypted by the user device using the other key of the second asymmetric key pair.
-
-
6. A method of operating an authentication server for securely exchanging information between a user device and an enterprise via a network, comprising:
-
receiving, via the network, a request from the enterprise to obtain information from a low energy wireless device associated with a user; sending the request to obtain information from the low energy wireless device to the user device associated with the user; receiving information from the low energy wireless device read using the user device, the information encrypted by the user device; and transmitting the encrypted information to the enterprise.
-
-
7. The method of claim 6, further comprising:
-
receiving, via the network, second information from the enterprise with a request to transmit the second information from the user device to the low energy wireless device to be encrypted using the low energy wireless device; transmitting, via the network, the second information and the request to encrypt the second information to the user device; and receiving the second information encrypted by the low energy wireless device; and transmitting the encrypted second information to the enterprise.
-
-
8. The method of claim 6, further comprising:
-
receiving, via the network, an authenticator from the user device, and storing the authenticator; transmitting an authentication request to the user device via the network requesting the authenticator; receiving, from the user device via the network, an authenticator in response to the authentication request requesting the authenticator; and authenticating the user by comparing the received authenticator with the stored authenticator, wherein the request to obtain information from the low energy wireless device is sent in response to the user being authenticated using the authenticator received from the user device.
-
-
9. The method of claim 7, further comprising:
-
receiving, via the network, an authenticator from the user device, and storing the authenticator; transmitting an authentication request to the user device via the network requesting the authenticator; receiving, from the user device via the network, an authenticator in response to the authentication request requesting the authenticator; and authenticating the user by comparing the received authenticator with the stored authenticator, wherein the second information and the request are transmitted to the user device in response to the user being authenticated using the authenticator received from the user device.
-
-
10. The method of claim 6, further comprising:
-
receiving one key of an asymmetric key pair from the user device and transmitting the one key to the enterprise without storing the one key, wherein the second information received from the enterprise is encrypted using an other key of the asymmetric key pair and is transmitted as encrypted second information to the user device with the request.
-
-
11. The method of claim 7, further comprising:
-
receiving one key of an asymmetric key pair from the user device and transmitting the one key to the enterprise without storing the one key, wherein the information received from the low energy wireless device read using the user device is encrypted by the user device using an other key of the asymmetric key pair.
-
-
12. The method of claim 6, further comprising:
-
establishing, via the network, an enterprise account with the enterprise by generating and storing an enterprise account identifier; establishing, via the network, a user device account with the user device by storing authenticators received using the user device and storing the authenticators in association with a device identifier associated with the user device; generating, after establishing the user device account with the user device, a first asymmetric key pair and storing one key of the first asymmetric key pair and transmitting the other key of the first asymmetric key pair to the user device; generating, after establishing the user device account and the enterprise account, a relationship account that associates the user device identifier and the enterprise account identifier using a relationship identifier; transmitting the relationship identifier to the user device; and receiving, after transmitting the relationship identifier to the user device, one key of a second asymmetric key pair from the user device and transmitting the one key of the second asymmetric key pair to the enterprise with the relationship identifier, wherein the information received from the low energy wireless device is encrypted by the user device using the other key of the second asymmetric key pair.
-
-
13. The method of claim 1, wherein the user device is a mobile device and the low energy wireless device is configured to communicate using Bluetooth, near field communication or Bluetooth low energy.
-
14. An article of manufacture for authenticating a user who is communicating with an enterprise via a network, comprising:
-
a non-transitory storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby causes the processor to operation so as to; receive, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and store the first authenticator; receive, from the enterprise, a request to authenticate the user; transmit an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device; receive, from the user device via the network, the information received from the low energy wireless device in response to the authentication request; and authenticate the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
-
-
15. The article of manufacture of claim 14, wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator;
- and
wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user.
- and
-
16. The article of manufacture of claim 14, wherein the stored logic is further configured to cause the processor to operate so as to:
-
receive, via the network, a second authenticator from the user device, and store the second authenticator; transmit an authentication request to the user device via the network requesting the second authenticator; and receive, from the first user device via the network, an authenticator in response to the authentication request requesting the second authenticator, authenticate the user by comparing the received second authenticator with the stored second authenticator, wherein the authentication request transmitted to the user device via the network requesting that the user read information from the low energy wireless device using the user device is transmitted in response to the user being authenticated using the second authenticator.
-
-
17. The article of manufacture of claim 16, wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator;
- and
wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user.
- and
-
18. An article of manufacture for operating an authentication server for securely exchanging information between a user device and an enterprise via a network, comprising:
-
a non-transitory storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby causes the processor to operation so as to; receive, via the network, a request from the enterprise to obtain information from a low energy wireless device associated with a user; send the request to obtain information from the low energy wireless device to the user device associated with the user; receive information from the low energy wireless device read using the user device, the information encrypted by the user device; and transmit the encrypted information to the enterprise.
-
-
19. The article of manufacture of claim 18, wherein the stored logic is further configured to cause the processor to operate so as to:
-
receive, via the network, second information from the enterprise with a request to transmit the second information from the user device to the low energy wireless device to be encrypted using the low energy wireless device; transmit, via the network, the second information and the request to encrypt the second information to the user device; and receive the second information encrypted by the low energy wireless device; and transmit the encrypted second information to the enterprise.
-
-
20. The method of claim 18, wherein the stored logic is further configured to cause the processor to operate so as to:
-
receive, via the network, an authenticator from the user device, and storing the authenticator; transmit an authentication request to the user device via the network requesting the authenticator; receive, from the user device via the network, an authenticator in response to the authentication request requesting the authenticator; and authenticate the user by comparing the received authenticator with the stored authenticator, wherein the request to obtain information from the low energy wireless device is sent in response to the user being authenticated using the authenticator received from the user device.
-
Specification