Systems and methods of authentication in a disconnected environment

US 9,009,800 B2
Filed: 09/30/2010
Issued: 04/14/2015
Est. Priority Date: 06/24/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing a secure communication channel between a server and a client terminal across a communication network, said method comprising:

registration of a first-time user at the server, wherein said server generates and stores a first instance of a unique personalized client application associated with said first-time user on the server, said first-time user installs a second instance of said unique personalized client application on a standalone computing device, wherein said standalone computing device is prevented from direct and indirect network based data communication with the server and with the client terminal;

transmitting a first dynamic identifier (DI-1) generated by the first instance of the unique personalized client application stored at the server, from the server to the client terminal over the communication network;

determining authenticity of said server, wherein the second instance of said unique personalized client application installed at the standalone computing device determines authenticity of said server based on the first dynamic identifier (DI-1) received at the client terminal;

generating using the second instance of the unique personalized client application installed at the standalone computing device, a second dynamic identifier (DI-2);

responsive to authentication of the server by the second instance of the unique personalized client application at the standalone computing device, transmitting the second dynamic identifier (DI-2) from the client terminal to the server over the communication network; and

authentication of said user by said server, wherein said first instance of said unique personalized client application stored at the server authenticates said user based on the second dynamic identifier (DI-2) generated by said second instance of said unique personalized client application installed at the standalone computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system and method are disclosed for establishing a secure communication channel including: a server for generating and storing a first instance of a unique personalized client application associated with a first-time user on the server, a client terminal for the user to communicate with the server over a communication channel and a standalone computing device having a second instance of the unique personalized application. The user authenticates the server based on a first dynamic identifier (DI-1) generated by the first instance of the unique personalized client application and the server authenticates the user based on a second dynamic identifier (DI-2) generated by the second instance of the unique personalized client application.

Citations

20 Claims

1. A method for establishing a secure communication channel between a server and a client terminal across a communication network, said method comprising:
- registration of a first-time user at the server, wherein said server generates and stores a first instance of a unique personalized client application associated with said first-time user on the server, said first-time user installs a second instance of said unique personalized client application on a standalone computing device, wherein said standalone computing device is prevented from direct and indirect network based data communication with the server and with the client terminal;
  
  transmitting a first dynamic identifier (DI-1) generated by the first instance of the unique personalized client application stored at the server, from the server to the client terminal over the communication network;
  
  determining authenticity of said server, wherein the second instance of said unique personalized client application installed at the standalone computing device determines authenticity of said server based on the first dynamic identifier (DI-1) received at the client terminal;
  
  generating using the second instance of the unique personalized client application installed at the standalone computing device, a second dynamic identifier (DI-2);
  
  responsive to authentication of the server by the second instance of the unique personalized client application at the standalone computing device, transmitting the second dynamic identifier (DI-2) from the client terminal to the server over the communication network; and
  
  authentication of said user by said server, wherein said first instance of said unique personalized client application stored at the server authenticates said user based on the second dynamic identifier (DI-2) generated by said second instance of said unique personalized client application installed at the standalone computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 16, 17)
- - 2. The method as recited in claim 1, wherein said server includes a registration server or an authentication server or both.
  - 3. The method as recited in claim 1, wherein registration at said server is initiated in response to submission of static credentials by said user using a client terminal to said server over the communication channel.
  - 4. The method as recited in claim 3, wherein said first instance of said unique personalized client application is conveyed over the communication channel to said client terminal.
  - 5. The method as recited in claim 3, wherein said first dynamic identifier (DI-1) is generated by the said server in response to submission of said static credentials to said server.
  - 6. The method as recited in claim 3, wherein said second dynamic identifier (DI-2) is generated in response to submission of said static credentials to said second instance of said unique personalized client application.
  - 7. The method as recited in claim 1, wherein said standalone computing device is selected from at least of a desktop computer system or a laptop computer system or a cellular telephone or a personal digital assistant (PDA) or a radio identification system (RFID) and a gadget capable of storing and processing data or combinations thereof.
  - 15. The method as recited in claim 1, the standalone computing device is prevented from all network access.
  - 16. The method as recited in claim 1, wherein authentication of said server by said user further comprises:
    - entering by a manual intervention on the standalone computing device, the first dynamic identifier (DI-1) received at the client terminal.
  - 17. The method as recited in claim 1, wherein authentication of said user by said server further comprises:
    - entering by a manual intervention at the client terminal, the second dynamic identifier (DI-2) generated at the standalone computing device.

8. A system for establishing for establishing a secure communication channel between a server and a client terminal across a communication network, said system comprising:
- a server for generating and storing a first instance of a unique personalized client application associated with a first-time user on said server;
  
  a client terminal for a user to communicate with said server over a communication channel; and
  
  a standalone computing device prevented from direct and indirect network based data communication with the server and with the client terminal, and comprising a second instance of said unique personalized application, said personalized client applications installed by said first-time user,wherein;
  
  a first dynamic identifier (DI-1) is generated by the first instance of the unique personalized client application stored at the server, which first dynamic identifier (DI-1) is transmitted from the server to the client terminal over the communication network,the second instance of the unique personalized client application installed at the standalone computing device determines authenticity of said server based on the first dynamic identifier (DI-1) received at the client terminal;
  
  a second dynamic identifier (DI-2) is generated using the second instance of the unique personalized client application installed at the standalone computing device;
  
  responsive to authentication of the server by the second instance of the unique personalized client application at the standalone computing device, the second dynamic identifier (DI-2) is transmitted from the client terminal to the server over the communication network;
  
  said first instance of said unique personalized client application stored at said server authenticates said user based on the second dynamic identifier (DI-2) generated by said second instance of said unique personalized client application, installed at the standalone computing device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 18, 19, 20)
- - 9. The system as recited in claim 8, wherein said server includes a registration server or an authentication server or both.
  - 10. The system as recited in claim 8, wherein registration at said server is initiated in response to submission of static credentials by said user to said server over the communication channel.
  - 11. The system as recited in claim 8, wherein said first instance of said unique personalized client application is conveyed over the communication channel to said client terminal.
  - 12. The system as recited in claim 8, wherein said first dynamic identifier (DI-1) is generated in response to submission of said static credentials to said server.
  - 13. The system as recited in claim 8 wherein said second dynamic identifier (DI-2) is generated in response to submission of said static credentials to said second instance of said unique personalized client application.
  - 14. The system as recited in claim 8, wherein said standalone computing device is selected from at least of a desktop computer system or a laptop computer system or a cellular telephone or a personal digital assistant (PDA) or a radio identification system (RFID) and a gadget capable of storing and processing data or combinations thereof.
  - 18. The system as recited in claim 8, wherein the standalone computing device is prevented from all network access.
  - 19. The system as recited in claim 8, wherein the system is configured to achieve authentication of said server by said user by enabling manual input on the standalone computing device, of the first dynamic identifier (DI-1) received at the client terminal.
  - 20. The systems as recited in claim 8, wherein the system is configured to achieve authentication of said user by said server by enabling manual input at the client terminal, of the second dynamic identifier (DI-2) generated at the standalone computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infosys Limited
Original Assignee
Infosys Limited
Inventors
Ponnapalli, Harigopal K. B., Saxena, Ashutosh
Primary Examiner(s)
Jeudy, Josnel
Assistant Examiner(s)
LANE, GREGORY A

Application Number

US12/894,237
Publication Number

US 20110321144A1
Time in Patent Office

1,657 Days
Field of Search

726/6, 726/10
US Class Current

726/6
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06F 21/445   by mutual authentication, e...

G06F 2221/2117   User registration

G06F 2221/2119   Authenticating web pages, e...

Systems and methods of authentication in a disconnected environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of authentication in a disconnected environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links