Method and apparatus for secure authorization

US 8,272,038 B2
Filed: 05/19/2008
Issued: 09/18/2012
Est. Priority Date: 05/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing access to a first computing device, the method comprising:

the first computing device receiving a request from a user to access the first computing device;

the first computing device forming a challenge, said challenge comprising an identifier of the first computing device;

the first computing device encoding the challenge into a symbol;

the first computing device displaying the symbol,the first computing device allowing the user access to the first computing device in response to an access code that is generated by a server and provided by the user to the first computing device,wherein the access code is formed by a server in response to the user initiating a process of capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server, and wherein the server forms a decision to allow access by the user to the first computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authorizing access to a first computing device is provided. The method comprises the first computing device forming a challenge, encoding the challenge into a symbol, and displaying the symbol. The first computing device receives a request for access from a user. Access to the first computing device is allowed in response to provision of an access code to the first computing device by the user. The access code is formed by a server in response to capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server. The server forms a decision to allow access by the user to the first computing device.

Citations

22 Claims

1. A method for authorizing access to a first computing device, the method comprising:
- the first computing device receiving a request from a user to access the first computing device;
  
  the first computing device forming a challenge, said challenge comprising an identifier of the first computing device;
  
  the first computing device encoding the challenge into a symbol;
  
  the first computing device displaying the symbol,the first computing device allowing the user access to the first computing device in response to an access code that is generated by a server and provided by the user to the first computing device,wherein the access code is formed by a server in response to the user initiating a process of capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server, and wherein the server forms a decision to allow access by the user to the first computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein a second computing device of the user performs the steps of the capturing and the decoding of the symbol and the forming and the providing of the request, wherein the server provides the access code to the second computing device of the user.
  - 3. The method of claim 1, wherein the first computing device is at least one of a personal computer, a laptop computer, a palmtop computer, a desktop computer, a server computer and a personal digital assistant.
  - 4. The method of claim 2, wherein the second computing device comprises at least one of a cellular phone, a personal digital assistant, a palmtop computer, a personal computer, a laptop computer, a wireless Internet access device, and a camera.
  - 5. The method of claim 1, wherein the challenge further comprises a server address.
  - 6. The method of claim 1, wherein the challenge comprises a function, wherein the function differentiates challenges formed at different times.
  - 7. The method of claim 6, wherein the function is a nonce.
  - 8. The method of claim 5, wherein the server address comprises at least one of a uniform resource locator, an address formed to facilitate short message service protocol communication, an address formed to facilitate multimedia messaging service protocol communications, and an address formed to facilitate text messaging communications.
  - 9. The method of claim 1, wherein the symbol comprises at least one of a bar code, a two dimensional bar code, a linear bar code, a datamatrix code, a QR code, a visual signal, an auditory signal, and an infrared signal.
  - 10. The method of claim 2, wherein the capturing of the symbol is within the second computing device using at least one of a camera, a microphone and an infrared sensor.
  - 11. The method of claim 2, wherein the request comprises the first computing device identifier.
  - 12. The method of claim 6, wherein the request comprises the function.
  - 13. The method of claim 2, further comprising authenticating an identity of the second computing device, wherein the identity of the second computing device is obtained using a protocol comprising at least one of secure sockets layer protocol and transport layer security protocol.
  - 14. The method of claim 2, further comprising authenticating an identity of the second computing device, wherein the identity is obtained from a virtual private network gateway.
  - 15. The method of claim 2, further comprising authenticating an identity of the user, wherein the identity is obtained from a credential sent by the second computing device to the server, wherein the credential comprise at least one of a user identification code, a user password, and a user answer to a question formed by the server.
  - 16. The method of claim 2, further comprising authenticating an identity of the second computing device, wherein the identity of the second computing device is obtained from a network provider through a trusted channel.
  - 17. The method of claim 2, wherein forming the decision comprises consideration of information within the request, and authenticating an identity of at least one of the user and the second computing device.
  - 18. The method of claim 1, wherein a server provides the access code to the user through an outside channel, and wherein the outside channel is a voice call to a phone.
  - 19. The method of claim 1, wherein the access code can be used only once.
  - 20. The method of claim 2, wherein the user provides the access code to the first computing device using a camera coupled to the first computing device to capture an image displayed by the second computing device.

21. A communications network for authorizing access to a first computing device, the network comprising:
- a first computing device, wherein a user is requesting access to the first computing device;
  
  a second computing device;
  
  a server;
  
  a first communications link, wherein the first communications link couples the second computing device and the server; and
  
  a second communications link, wherein the second communications link couples the first computing device and the second computing device;
  
  wherein a method for authorizing access to the first computing device comprises a user requesting an access to the first computing device, the first computing device generating a challenge, said challenge comprising an identifier of the first computing device, the first computing device encoding the challenge into a symbol, the first computing device displaying the symbol, the user capturing the symbol within the second computing device, the second computing device decoding the symbol into the challenge, the second computing device generating a request from the challenge, the second computing device providing the request to the server, the server forming a decision, wherein one decision is to allow the user access to the first computing device, and wherein an alternate decision is to disallow access to the first computing device by the user, the server forming an access code, the server providing the access code to the second computing device, and the user providing the access code to the first computing device.

22. An article of manufacture for authorizing access to a first computing device, wherein the article comprises a non-transitory computer readable storage medium having one or more programs embodied therewith, wherein the one or more programs, when executed by a computer, perform steps of:
- the first computing device receiving a request from a user to access the first computing device;
  
  the first computing device forming a challenge, said challenge comprising an identifier of the first computing device;
  
  the first computing device encoding the challenge into a symbol;
  
  the first computing device displaying the symbol,the first computing device allowing the user access to the first computing device in response to an access code that is generated by a server and provided by the user to the first computing device,wherein the access code is formed by a server in response to the user initiating a process of capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server, and wherein the server forms a decision to allow access by the user to the first computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Husemann, Dirk, Nidd, Micheal Elton
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Mehrmanesh, Amir

Application Number

US12/123,009
Publication Number

US 20090288159A1
Time in Patent Office

1,583 Days
Field of Search

713/155, 713184-185, 726 2- 7, 726 16- 21
US Class Current

726/3
CPC Class Codes

G09C 5/00   Ciphering apparatus or meth...

H04L 2209/80   Wireless

H04L 63/0853   using an additional device,...

H04L 9/3271   using challenge-response

Method and apparatus for secure authorization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure authorization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links