Authentication system for enhancing network security

US 8,225,384 B2
Filed: 10/27/2010
Issued: 07/17/2012
Est. Priority Date: 04/13/2006
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium with an executable program stored thereon for enabling an authentication system, wherein the system includes at least one item of stored user identification information received from a user and stored so as to be accessible by at least an authentication server, and further wherein the program includes code segments for instructing a microprocessor, the code segments comprising:

a code segment for receiving notification that a client computer associated with the user is requesting access to a resource associated with a third-party server;

a code segment for enabling the authentication server to generate a token seed upon the user requesting access to said resource associated with the third-party server;

a code segment for enabling the authentication server to communicate the token seed to the client computer upon generation of the token seed;

a code segment for enabling the authentication server to generate a first token from the token seed;

a code segment for enabling the client computer to generate a second token from the token seed;

a code segment for enabling the client computer to receive at least one item of live user identification information entered by the user;

a code segment for enabling the client computer to encrypt, using the second token or information associated with the second token, the at least one item of live user identification information;

a code segment for enabling receipt, by the authentication server and from the client computer, of the encrypted at least one item of live user identification information;

a code segment for enabling the authentication server to decrypt the encrypted at least one item of live user identification information, wherein the decryption is performed by the authentication server using the first token;

a code segment for enabling the authentication server to authenticate the decrypted at least one item of live user identification information with the stored user identification information;

a code segment for enabling receipt, by the third-party server and from the client computer, of said at least the second token or information associated with the second token;

a code segment for enabling receipt, by the authentication server and from the third-party server, of said at least the second token or information associated with the second token;

a code segment for enabling the authentication server to verify the first token with the second token or information associated with the second token, wherein the first token is used by the authentication server to associate communications from the third-party server with a single transaction; and

a code segment for enabling, upon the authentication server verifying the first token with the second token or information associated with the second token, receipt by the third-party server of information usable by the third-party server to allow the user access to the resource associated with the third-party server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network-based biometric authentication system includes a client computer (10), a third party server (24), and a biometric authentication server (26). A user requests access to a web site hosted by the third party server via the client computer, wherein the third party server communicates a deployable object to the client computer. The client computer executes the deployable object, wherein the object enables the client computer to receive a user name, password, and biometric data from the user and to communicate the user name, password, and biometric data to the biometric authentication server in a secure fashion. The biometric authentication server authenticates the user name, password, and biometric data, and communicates the user name and password to the third party server, which attempts to verify the user name and password in a conventional manner and grants access to the user if the user name and password are verified.

29 Citations

View as Search Results

22 Claims

1. A non-transitory computer-readable storage medium with an executable program stored thereon for enabling an authentication system, wherein the system includes at least one item of stored user identification information received from a user and stored so as to be accessible by at least an authentication server, and further wherein the program includes code segments for instructing a microprocessor, the code segments comprising:
- a code segment for receiving notification that a client computer associated with the user is requesting access to a resource associated with a third-party server;
  
  a code segment for enabling the authentication server to generate a token seed upon the user requesting access to said resource associated with the third-party server;
  
  a code segment for enabling the authentication server to communicate the token seed to the client computer upon generation of the token seed;
  
  a code segment for enabling the authentication server to generate a first token from the token seed;
  
  a code segment for enabling the client computer to generate a second token from the token seed;
  
  a code segment for enabling the client computer to receive at least one item of live user identification information entered by the user;
  
  a code segment for enabling the client computer to encrypt, using the second token or information associated with the second token, the at least one item of live user identification information;
  
  a code segment for enabling receipt, by the authentication server and from the client computer, of the encrypted at least one item of live user identification information;
  
  a code segment for enabling the authentication server to decrypt the encrypted at least one item of live user identification information, wherein the decryption is performed by the authentication server using the first token;
  
  a code segment for enabling the authentication server to authenticate the decrypted at least one item of live user identification information with the stored user identification information;
  
  a code segment for enabling receipt, by the third-party server and from the client computer, of said at least the second token or information associated with the second token;
  
  a code segment for enabling receipt, by the authentication server and from the third-party server, of said at least the second token or information associated with the second token;
  
  a code segment for enabling the authentication server to verify the first token with the second token or information associated with the second token, wherein the first token is used by the authentication server to associate communications from the third-party server with a single transaction; and
  
  a code segment for enabling, upon the authentication server verifying the first token with the second token or information associated with the second token, receipt by the third-party server of information usable by the third-party server to allow the user access to the resource associated with the third-party server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The program of claim 1, further including a code segment for enabling, prior to verification by the authentication server of the first token with the second token or information associated with the second token, the third-party server to request, from the authentication server, user identification information corresponding to said at least the second token or information associated with the second token.
  - 3. The program of claim 2, wherein said code segment for enabling receipt, by the authentication server and from the third-party server, of said at least the second token or information associated with the second token results in the third-party server not receiving the live user identification information directly from the client computer.
  - 4. The program of claim 1, further including a code segment for enabling, prior to the authentication server generating said token seed upon the user requesting access to said resource associated with the third-party server, the client computer to receive a deployed object or to deploy an object.
  - 5. The program of claim 4, further including a code segment for enabling execution of the deployed object by the client computer.
  - 6. The program of claim 5, wherein the deployed object is a software object that is generated by, resides on, or is retrieved by the third-party server and is deployed by the third-party server.
  - 7. The program of claim 6, wherein deployment of the deployed object to the client computer is at the instruction of or is performed by the third-party server.
  - 8. The program of claim 7, wherein execution of the deployed object by the client computer is performed without any installation or initiation steps by the client computer.
  - 9. The program of claim 4, wherein the deployed object is a software object that is installed on, resides on, or is otherwise associated with the client computer.
  - 10. The program of claim 4, wherein the deployed object is stored on or is generated by the authentication server,further including a code segment for enabling receipt, by the client computer and from the authentication server, of the deployable object.
  - 11. The program of claim 1, wherein the generation of the token seed by the authentication server is requested by the client computer.
  - 12. The program of claim 1, wherein the first token is used by the authentication server to decrypt any communication received from the client computer.
  - 13. The program of claim 1, wherein the first token and the second token are identical.
  - 14. The program of claim 1, wherein the first token is associated with the second token.
  - 15. The program of claim 1, wherein the stored and the live user identification information are, respectively, at least one of a user ID, a password, biometric information of the user, or a digital certificate.
  - 16. The program of claim 1,wherein the live user identification information is a user ID and at least one of a password or biometric information of the user,further including a code segment for bundling the user ID and the at least one password or biometric information of the user prior to encryption of the at least one item of live user identification information, wherein the encryption of the at least one item of live user identification information is performed on the bundle.
  - 17. The program of claim 16, further including a code segment for performing a second encryption of the bundle using the second token.
  - 18. The program of claim 17, further including a code segment for performing a third encryption of the bundle using the second token.
  - 19. The program of claim 1, wherein if the first token does not match or otherwise correspond with the second token or information associated with the second token and used to encrypt the at least one item of live user identification information, then the decryption of the encrypted at least one item of live user identification information using the first token fails.
  - 20. The program of claim 1, wherein the code segment for enabling the authentication server to authenticate the decrypted at least one item of live user identification information with the stored user identification information further includes:
    - a code segment for enabling the authentication server to compare the live user identification information with the stored user identification information to determine if there is a match.
  - 21. The program of claim 1, wherein the client computer is a wireless device.
  - 22. The program of claim 1, wherein the wireless device is a handheld device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CIP, LLC
Original Assignee
Ceelox, Inc.
Inventors
Pizano, Erix, Aiken, Kass
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
KYLE, TAMARA TESLOVICH

Application Number

US12/913,126
Publication Number

US 20110060908A1
Time in Patent Office

629 Days
Field of Search

380/262, 713/168, 713/171, 726 3- 7
US Class Current

726/7
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0861   using biometrical features,...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3231   Biological data, e.g. finge...

Authentication system for enhancing network security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication system for enhancing network security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links