Network transaction verification and authentication

US 8,510,811 B2
Filed: 12/16/2009
Issued: 08/13/2013
Est. Priority Date: 02/03/2009
Status: Active Grant

First Claim

Patent Images

1. A method for trusted secure access from a local network location to an institution remote network location, comprising:

employing at least one processor for;

(a) activating a trusted security device at a local network location, said device having a non-transitory computer readable storage medium, with a remote network location, comprising;

at the local network location;

(i) obtaining, from the remote network location, an institution authorized a private security software comprising a scrambling algorithm and a descrambling algorithm, and storing the private security software at the trusted security device;

the trusted security device having a un-changeable global unique identifier (UID), which uniquely identifies the trusted security device;

(ii) causing the private security software to;

(ii-1) obtain a user selectable personal identification number from a user;

(ii-2) obtain the UID from the trusted security device; and

(ii-3) forward the PIN and the UID to the remote network location;

at the remote network location;

(iii) running the scrambling algorithm with the PIN and UID as input to generate a user-personalized credential code containing scrambled access credentials to the institution remote location; and

(iv) forwarding the user-personalized credential code to the local network location and storing thereof at the trusted security device; and

(b) at the local network location, performing a local authentication without communicating over any network, comprising;

(v) verifying authenticity of the user selectable PIN and the UID, comprising running the descrambling algorithm of the private security software using the PIN and the UID as input to descramble the user- personalized credential code;

(vi) upon successful verification, retrieving the access credentials to the institution remote network location from the user-personalized credential code.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A two-level authentication system is described supporting two-factor authentication that offers efficient protection for secure on-line web transactions. It includes a global unique identity (UID) provided either by an institute-issued/personal trusted device, or based on client computing platform hardware attributes, and generated using institution authorized private software, institution-authorized authentication proxy software, and an institution-generated credential code which is pre-stored in the token and only accessible by the institute-authorized authentication proxy software. The institution-authorized authentication proxy software uses the user'"'"'s PIN and the trusted device'"'"'s UID as input and verifies the user and device identities through institution-generated credential code which was pre-stored in the trusted device. Authentication is performed in two levels: the first authenticates the user and the trusted device locally; and the second authenticates the user remotely at the institution-owned authentication server. Various embodiments add extra levels of security, including one-time-password management.

62 Citations

View as Search Results

20 Claims

1. A method for trusted secure access from a local network location to an institution remote network location, comprising:
- employing at least one processor for;
  
  (a) activating a trusted security device at a local network location, said device having a non-transitory computer readable storage medium, with a remote network location, comprising;
  
  at the local network location;
  
  (i) obtaining, from the remote network location, an institution authorized a private security software comprising a scrambling algorithm and a descrambling algorithm, and storing the private security software at the trusted security device;
  
  the trusted security device having a un-changeable global unique identifier (UID), which uniquely identifies the trusted security device;
  
  (ii) causing the private security software to;
  
  (ii-1) obtain a user selectable personal identification number from a user;
  
  (ii-2) obtain the UID from the trusted security device; and
  
  (ii-3) forward the PIN and the UID to the remote network location;
  
  at the remote network location;
  
  (iii) running the scrambling algorithm with the PIN and UID as input to generate a user-personalized credential code containing scrambled access credentials to the institution remote location; and
  
  (iv) forwarding the user-personalized credential code to the local network location and storing thereof at the trusted security device; and
  
  (b) at the local network location, performing a local authentication without communicating over any network, comprising;
  
  (v) verifying authenticity of the user selectable PIN and the UID, comprising running the descrambling algorithm of the private security software using the PIN and the UID as input to descramble the user- personalized credential code;
  
  (vi) upon successful verification, retrieving the access credentials to the institution remote network location from the user-personalized credential code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 17, 18, 19)
- - 2. The method of claim 1, wherein the remote network location is one of the following:
    - a third party network location;
      
      orthe institution network location.
  - 3. The method of claim 1, wherein the step (ii-2) comprises generating the UID using a device identity information hard-coded into a hardware of the trusted security device.
  - 4. The method of claim 1, further comprising storing the user selectable PIN, the UID, the user-personalized credential code, the access credentials to the institution remote network location, or a combination thereof, in a database stored in the non-transitory computer readable storage medium of the trusted security device.
  - 5. The method of claim 4, further comprising:
    - encrypting the database so that the database is only accessible by a trusted proxy server at the local network location; and
      
      storing an algorithm for decrypting the database in the non-transitory computer readable medium of the trusted security device.
  - 6. The method of claim 1, further comprising, upon the local authenticating, automatically forwarding the access credentials to the institution remote network location for authenticating the user with the institution remote network location and requesting service from the institution remote network location.
  - 7. The method of claim 1, wherein the access credentials to the institution remote network location comprise a one-time password, which is changed every time when the access to the institution remote network location is requested.
  - 8. The method of claim 1, wherein the trusted security device is one of the following:
    - a computing device, comprising a processor, at the local network location;
      
      ora portable device having memory, which is different from the computing device, and which is coupled to the computing device.
  - 9. The method of claim 8, wherein the computing device comprises a mobile wireless device.
  - 17. The system of claim 1, wherein the trusted security device is one of the following:
    - a computing device, comprising a processor, at the local network location;
      
      ora portable device having memory, which is different from the computing device, and which is coupled to the computing device.
  - 18. The system of claim 8, wherein the computing device comprises a mobile wireless device.
  - 19. The method of claim 7, wherein the one-time password is a random string.

10. A system for providing a trusted secure access in a computer network from a local network location to an institution remote network location, the system comprising:
- a computing device at the local network location, the computing device having a processor;
  
  a remote server computer at a remote location;
  
  a trusted security device at the local network location to be activated with the remote server computer;
  
  the computing device comprising a computer readable medium having computer readable instructions stored thereon for execution by the processor, causing the processor to;
  
  (i) obtain, from the remote server computer,--a an institution authorized private security software comprising a scrambling algorithm and a descrambling algorithm, and store the private security software at the trusted security device;
  
  the trusted security device having a un-changeable global unique identifier (UID), which uniquely identifies the trusted security device;
  
  (ii) cause the private security software to;
  
  (ii-1) obtain a user selectable personal identification number (PIN) from a user;
  
  (ii-2) obtain the UID from the trusted security device; and
  
  (ii-3) forward the PIN;
  
  .and the UID to the remote network location;
  
  the remote server computer having memory having computer readable instructions stored thereon, causing the remote server computer to;
  
  (iii) run the scrambling algorithm of the private security software with the PIN and the UID as input to generate a user-personalized credential code containing scrambled access credentials to the institution remote location; and
  
  (iv) forward the user-personalized credential code to the computing device and store thereof at the trusted security device; and
  
  (b) the computer readable instructions of the computing device being further configured to, without communicating over any network, cause the processor to;
  
  (v) verify authenticity of the user selectable PIN and the UID, comprising running the descrambling algorithm using the PIN and the UID as input to descramble the user personalized credential code;
  
  (vi) upon successful verification, retrieve access credentials, providing access to the institution remote network location, from the user-personalized credential code.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 20)
- - 11. The system of claim 10, wherein the remote network location is one of the following:
    - a third party network location;
      
      orthe institution network location.
  - 12. The system of claim 10, wherein the computer readable instructions of the computing device are further configured to cause the processor to generate the UID using a device identity information hard-coded into a hardware of the trusted security device.
  - 13. The system of claim 10, wherein the computer readable instructions of the computing device are further configured to cause the processor to store the user selectable PIN, the UID, the user-personalized credential code, the access credentials to the institution remote network location, or a combination thereof, in a database stored in a non-transitory computer readable storage medium of the trusted security device.
  - 14. The system of claim 13, wherein the computer readable instructions of the computing device are further configured to cause the processor to encrypt the database so that the database is only accessible by a trusted proxy server at the local network location, and to store an algorithm for decrypting the database in the non-transitory computer readable medium of the trusted security device.
  - 15. The system of claim 10, wherein the computer readable instructions of the computing device further cause the processor to automatically forward, upon the successful verification, the access credentials to the institution remote server computer for authenticating the user with the institution remote server computer and for requesting service from the institution remote server computer.
  - 16. The system of claim 10, wherein the access credentials to the institution remote network location comprise a one-time password, which is changed every time upon requesting the access to the institution remote server computer.
  - 20. The system of claim 10, wherein the one-time password is a random string.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
inBay Technologies, Inc.
Original Assignee
inBay Technologies, Inc.
Inventors
Kuang, Randy, Xavier, Stanislus K.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US12/639,464
Publication Number

US 20100199086A1
Time in Patent Office

1,336 Days
Field of Search

713/182, 726/5
US Class Current

726/5
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/0884   by delegation of authentica...

H04L 63/105   Multiple levels of security

Network transaction verification and authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Network transaction verification and authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others