System and method for user authentication by means of web-enabled personal trusted device
First Claim
Patent Images
1. A token-based user authentication system, comprising:
- a processor for a token management service that in operation creates one or more unique tokens that are scannable digital sequences of information relating to items purchased by a user and presented during product purchase check-out by a consumer, an authentication subsystem included in the token management service that requests and receives authentication information from a user'"'"'s Personal Trusted Device (PTD) in response to requests by the user or is read from non-volatile memory of the PTD, the PDT being in communication with a token management service, the PTD in operation capturing tokens received from the management service using an embedded capture device by communication via wireless or wired digital networks, the PTD possessing a unique device identifier (UDID) capable of capturing short digital sequences (tokens) via digital signal processing of optical, audio, or radio-frequency input;
accepting user input needed for user authentication with embedded keyboard, touch sensors, optical sensor, or voice recognition;
transmitting and receiving messages via network connection,a plurality of Token Presentation Devices coupled to the token management system that allow users to capture tokens with a user'"'"'s mobile device;
a plurality of network-connected Action Servers act on behalf of users and require the users to be identified and authenticated; and
a Network-connected Token Management Service that facilitates token-based authentication by;
generating unique tokens upon requests coming from an Authentication Service on behalf of the Action Servers;
receiving messages from PTDs that contain PTDs'"'"' UDIDs and the tokens captured by PTDs from Token Presentation Devices;
establishing links between said tokens and UDIDs of the PTDs that sent the messages with the tokens;
notifying the Authentication Service about the newly established links,a processor for an Authentication Service that;
communicates with PTDs and provides authentication of users, and authenticates users, a PTD sending a message with a captured token to the token management service, the token management service notifies the authentication service, the PTD passes user credentials to the authentication service and the authentication service provides notification of a completed authentication, the Authentication service maintaining a database of the user records containing a unique user identifier, UDID'"'"'s of the PTDs owned by the user, user credentials, and user identifiers for Servers, the Authentication Service providing an interface to the Action Servers that allows association of a user identifier on an Action Server using a user record in the database providing an interface to the Action Servers that allows initiation of token-based authentication, notifies an Action Server in the event when token-based authentication previously initiated on behalf of that Action Server has been successfully completed using a combination of the user credentials and the use of PTD associated with a user'"'"'s record.
4 Assignments
0 Petitions
Accused Products
Abstract
A system of token-based user authentication for the purpose of authorizing user access to protected resources, such as web applications, computer systems or computer controlled devices. The system utilizes a personal trusted device (PTD), which is owned and operated by one specific user, to establish secure communication channels that are subsequently used to pass user credentials to authentication service. Association of a PTD with servers controlling access to resources is performed by publishing and capturing unique tokens via sensors embedded in PTD, such as an optical camera.
23 Citations
12 Claims
-
1. A token-based user authentication system, comprising:
-
a processor for a token management service that in operation creates one or more unique tokens that are scannable digital sequences of information relating to items purchased by a user and presented during product purchase check-out by a consumer, an authentication subsystem included in the token management service that requests and receives authentication information from a user'"'"'s Personal Trusted Device (PTD) in response to requests by the user or is read from non-volatile memory of the PTD, the PDT being in communication with a token management service, the PTD in operation capturing tokens received from the management service using an embedded capture device by communication via wireless or wired digital networks, the PTD possessing a unique device identifier (UDID) capable of capturing short digital sequences (tokens) via digital signal processing of optical, audio, or radio-frequency input;
accepting user input needed for user authentication with embedded keyboard, touch sensors, optical sensor, or voice recognition;
transmitting and receiving messages via network connection,a plurality of Token Presentation Devices coupled to the token management system that allow users to capture tokens with a user'"'"'s mobile device; a plurality of network-connected Action Servers act on behalf of users and require the users to be identified and authenticated; and a Network-connected Token Management Service that facilitates token-based authentication by; generating unique tokens upon requests coming from an Authentication Service on behalf of the Action Servers;
receiving messages from PTDs that contain PTDs'"'"' UDIDs and the tokens captured by PTDs from Token Presentation Devices;
establishing links between said tokens and UDIDs of the PTDs that sent the messages with the tokens;
notifying the Authentication Service about the newly established links,a processor for an Authentication Service that;
communicates with PTDs and provides authentication of users, and authenticates users, a PTD sending a message with a captured token to the token management service, the token management service notifies the authentication service, the PTD passes user credentials to the authentication service and the authentication service provides notification of a completed authentication, the Authentication service maintaining a database of the user records containing a unique user identifier, UDID'"'"'s of the PTDs owned by the user, user credentials, and user identifiers for Servers, the Authentication Service providing an interface to the Action Servers that allows association of a user identifier on an Action Server using a user record in the database providing an interface to the Action Servers that allows initiation of token-based authentication, notifies an Action Server in the event when token-based authentication previously initiated on behalf of that Action Server has been successfully completed using a combination of the user credentials and the use of PTD associated with a user'"'"'s record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeAdjoy, Inc., TOP, Inc.
-
Original AssigneeEnvlzio Incorporated
-
InventorsKontsevich, Leonid
-
Primary Examiner(s)Lipman, Jacob
-
Application NumberUS13/009,861Publication NumberTime in Patent Office1,426 DaysField of Search726/9US Class Current726/9CPC Class CodesG06F 21/34 involving the use of extern...G06F 21/42 using separate channels for...H04L 9/3213 using tickets or tokens, e....H04L 9/3231 Biological data, e.g. finge...H04L 9/3234 involving additional secure...
