System and methods for ensuring confidentiality of information used during authentication and authorization operations

US 9,059,990 B2
Filed: 04/18/2014
Issued: 06/16/2015
Est. Priority Date: 07/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing confidentiality of information of a user of a service, comprising:

receiving a request to perform an operation control procedure for the service;

identifying the user of the service;

selecting, based on a database of trusted devices, a trusted device associated with the identified user of the service, comprising;

upon detecting two or more trusted devices being associated with the identified user of the service, identifying current malware threats to information security of the detected two or more trusted devices; and

selecting the trusted device to avoid the identified current malware threats based at least on information security software installed on each of the two or more trusted devices and data relating to an operating system of each of the two or more trusted devices;

sending, to the selected trusted device, a request to enter confidential information of the user on the trusted device, wherein the confidential information is used to perform the operation control procedure;

receiving the confidential information from the selected trusted device; and

performing the operation control procedure using the received confidential information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to carry out an operation control procedure for the service; identifying the user of the service; selecting a trusted device associated with the identified user of the service; sending, to the selected trusted device, a request for confidential information of the user, wherein the confidential information is used to carry out the operation control procedure; receiving the confidential information from the selected trusted device; and carrying out the operation control procedure using the received confidential information.

Citations

24 Claims

1. A method for providing confidentiality of information of a user of a service, comprising:
- receiving a request to perform an operation control procedure for the service;
  
  identifying the user of the service;
  
  selecting, based on a database of trusted devices, a trusted device associated with the identified user of the service, comprising;
  
  upon detecting two or more trusted devices being associated with the identified user of the service, identifying current malware threats to information security of the detected two or more trusted devices; and
  
  selecting the trusted device to avoid the identified current malware threats based at least on information security software installed on each of the two or more trusted devices and data relating to an operating system of each of the two or more trusted devices;
  
  sending, to the selected trusted device, a request to enter confidential information of the user on the trusted device, wherein the confidential information is used to perform the operation control procedure;
  
  receiving the confidential information from the selected trusted device; and
  
  performing the operation control procedure using the received confidential information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the identifying the user of the service is based on data entered by the user of the service on a device that is used to send the request to perform the operation control procedure.
  - 3. The method of claim 1, wherein the confidential information is entered by the user of the service on the trusted device through a protected module of the trusted device or through an application.
  - 4. The method of claim 1, wherein the operation control procedure comprises one or more of an operation of authentication of the user of the service or an authorization procedure for the service.
  - 5. The method of claim 1, wherein the service comprises one or more of an online banking service, an Internet commerce service, a payments service, a remote work service, program commands used at critically important infrastructure facilities, or operations of installing software on devices being controlled.
  - 6. The method of claim 1, wherein the confidential information comprises a password to an account record, biometric data, or a PIN code.
  - 7. The method of claim 1, wherein the trusted device comprises a notebook, a netbook, a smartphone, a mobile telephone, a communicator, or a thin client.
  - 8. The method of claim 1, wherein the trusted device uses a protected channel in an encrypted form for receiving the request for the confidential information and sending the confidential information.
  - 9. The method of claim 1, wherein the database of trusted devices includes one or more of:
    - characteristics of the trusted devices,the installed modules for information security of each of the trusted devices, andthe data relating to the operating system of each of the trusted devices.
  - 10. The method of claim 1, wherein identifying the current malware threats to information security of the database of trusted devices is based on a database of current threats to information security.

11. A system for providing confidentiality of information of a user of a service, comprising:
- a processor configured to;
  
  receive a request to perform an operation control procedure for the service;
  
  identify the user of the service;
  
  select, based on a database of trusted devices, a trusted device associated with the identified user of the service, comprising;
  
  upon detecting two or more trusted devices being associated with the identified user of the service, identifying current malware threats to information security of the detected two or more trusted devices; and
  
  selecting the trusted device to avoid the identified current malware threats based at least on information security software installed on each of the two or more trusted devices and data relating to an operating system of each of the two or more trusted devices;
  
  send, to the selected trusted device, a request to enter confidential information of the user on the trusted device, wherein the confidential information is used to perform the operation control procedure;
  
  receive the confidential information from the selected trusted device; and
  
  perform the operation control procedure using the received confidential information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The system of claim 11, wherein the identifying the user of the service is based on data entered by the user of the service on a device that is used to send the request to perform the operation control procedure.
  - 13. The system of claim 11, wherein the confidential information is entered by the user of the service on the trusted device through a protected module of the trusted device or through an application.
  - 14. The system of claim 11, wherein the operation control procedure comprises one or more of an operation of authentication of the user of the service or an authorization procedure for the service.
  - 15. The system of claim 11, wherein the service comprises one or more of an online banking service, an Internet commerce service, a payments service, a remote work service, program commands used at critically important infrastructure facilities, or operations of installing software on devices being controlled.
  - 16. The system of claim 11, wherein the confidential information comprises a password to an account record, biometric data, or a PIN code.
  - 17. The system of claim 11, wherein the trusted device comprises a notebook, a netbook, a smartphone, a mobile telephone, a communicator, or a thin client.
  - 18. The system of claim 11, wherein the trusted device uses a protected channel in an encrypted form for receiving the request for the confidential information and sending the confidential information.

19. A computer program product stored on a non-transitory computer-readable storage medium, the computer program product comprising computer-executable instructions for providing confidentiality of information of a user of a service, including instructions for:
- receiving a request to perform an operation control procedure for the service;
  
  identifying the user of the service;
  
  selecting, based on a database of trusted devices, a trusted device associated with the identified user of the service, comprising;
  
  upon detecting two or more trusted devices being associated with the identified user of the service, identifying current malware threats to information security of the detected two or more trusted devices; and
  
  selecting the trusted device to avoid the identified current malware threats based at least on information security software installed on each of the two or more trusted devices and data relating to an operating system of each of the two or more trusted devices;
  
  sending, to the selected trusted device, a request to enter confidential information of the user on the trusted device, wherein the confidential information is used to perform the operation control procedure;
  
  receiving the confidential information from the selected trusted device; and
  
  performing the operation control procedure using the received confidential information.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The computer program product of claim 19, wherein the identifying the user of the service is based on data entered by the user of the service on a device that is used to send the request to perform the operation control procedure.
  - 21. The computer program product of claim 19, wherein the confidential information is entered by the user of the service on the trusted device through a protected module of the trusted device or through an application.
  - 22. The computer program product of claim 19, wherein the operation control procedure comprises one or more of an operation of authentication of the user of the service or an authorization procedure for the service.
  - 23. The computer program product of claim 19, wherein the confidential information comprises a password to an account record, biometric data, or a PIN code.
  - 24. The computer program product of claim 19, wherein the trusted device uses a protected channel in an encrypted form for receiving the request for the confidential information and sending the confidential information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaspersky Lab ZAO
Original Assignee
Kaspersky Lab ZAO
Inventors
Borovikov, Nikolay V.
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Kusyk, Janusz

Application Number

US14/256,357
Publication Number

US 20150033299A1
Time in Patent Office

424 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/313   using a call-back technique...

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06F 21/60   Protecting data

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/18   using different networks or...

H04L 67/10   in which an application is ...

System and methods for ensuring confidentiality of information used during authentication and authorization operations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for ensuring confidentiality of information used during authentication and authorization operations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links