Please download the dossier by clicking on the dossier button x
×

System, Design and Process for Secure Documents Credentials Management Using Out-of-Band Authentication

  • US 20160351080A1
  • Filed: 05/18/2016
  • Published: 12/01/2016
  • Est. Priority Date: 12/31/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for authentication for accessing a document in a system comprising a user, a first channel document application, a second channel portable communications device application, and an authentication server application having a provisioned user database and encrypted payload, wherein the method comprises:

  • providing a login portal for accessing a document by a user, said login portal being in communication with said first channel document application;

    establishing contact between the first channel document application and the authentication server application wherein a new authentication session is started;

    generating a session identification (“

    ID”

    ) at the authentication server, wherein the session ID is communicated to the first channel document application through at least a first communications channel;

    creating a multi-dimensional barcode at the first channel document application, wherein the barcode has dynamic encryption keys, portal information, session ID, and a unique key, and wherein the barcode is displayed at the login screen;

    creating a message at the first channel document application, wherein the message has dynamic encryption keys, portal information, session ID, and a unique key;

    holding the first channel document application in waiting pending the authentication server application notification of session validation;

    starting authentication by user entering at least one credential on the second channel portable communications device application, wherein the second channel portable communications device validates at least one credential and displays at least one scan option;

    using the second channel portable communications device application to scan the barcode displayed at the login screen and validate the first channel document application;

    using the second channel portable communications device application to receive the message from the first channel document application and to validate the first channel document application;

    finding on the second channel portable communications device application at least one encrypted user credential;

    sending the encrypted credentials and session ID from the second channel portable communications device application to the authentication server application via an outbound out-of-band communications channel;

    checking in provisioned user database of the authentication server application, wherein the session is validated;

    sending the encrypted payload to the first channel document application;

    sending validation result from authentication server application to the second channel portable communication device application where the result is displayed;

    decrypting the encrypted payload at the first channel document application using the encryption keys;

    extracting and decrypting the credentials at the first channel document application; and

    using the decrypted credentials to access the document.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×