Key management using quasi out of band authentication architecture
First Claim
1. A system to provide key management layered on a quasi out-of-band authentication system, comprising:
- a communications port configured to (i) receive, via a communication channel from a network device associated with a user, a request for activation of a user interface window for that particular user at the network device, (ii) transmit, to an out-of-band authentication system, an activation personal identification number (PIN) to be forwarded to a communications device associated with the user via a voice or text message, and (iii) receive, via the communication channel from the network device, the previously transmitted activation PIN; and
a processor configured to (i) authenticate the user based on the received activation PIN, (ii) establish, on top of the communication channel after authenticating the user, a secure, independent, encrypted communication channel between the user interface window and the security server; and
(iii) at least one of (a) generate and direct transmission, to the user interface window, via the communications port and the secure, independent, encrypted communication channel, key material for cryptography based operations and (b) receive from the user interface window via the secure, independent, encrypted communication channel and the communications port, key material for cryptography based operations.
10 Assignments
0 Petitions
Accused Products
Abstract
To provide key management layered on a quasi-out-of-band authentication system, a security server receives a request for activation of a user interface window for a particular user from a network device via a communication channel. It then transmits an activation PIN to an out of band authentication system for forwarding to the user'"'"'s telephone via a voice or text message. It next receives the previously transmitted PIN from the network device via the communication channel, and authenticates the user based on the received PIN. After authenticating the user, it establishes a secure, independent, encrypted communication channel between the user interface window and the security server on top of the original communication channel. It then generates and transmits to the user interface window and/or receives from the user interface window via the secure communication channel, key material and certificate material for public key and/or symmetric key cryptography based operations.
64 Citations
20 Claims
-
1. A system to provide key management layered on a quasi out-of-band authentication system, comprising:
-
a communications port configured to (i) receive, via a communication channel from a network device associated with a user, a request for activation of a user interface window for that particular user at the network device, (ii) transmit, to an out-of-band authentication system, an activation personal identification number (PIN) to be forwarded to a communications device associated with the user via a voice or text message, and (iii) receive, via the communication channel from the network device, the previously transmitted activation PIN; and a processor configured to (i) authenticate the user based on the received activation PIN, (ii) establish, on top of the communication channel after authenticating the user, a secure, independent, encrypted communication channel between the user interface window and the security server; and
(iii) at least one of (a) generate and direct transmission, to the user interface window, via the communications port and the secure, independent, encrypted communication channel, key material for cryptography based operations and (b) receive from the user interface window via the secure, independent, encrypted communication channel and the communications port, key material for cryptography based operations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An article of manufacture for providing key management layered on a quasi out-of-band authentication system, comprising:
-
non transitory storage media; and logic stored on the storage media, wherein the stored logic is configured to be executable by a computer and thereby cause the computer to operate so as to; receive, via a communication channel from a network device associated with a user, a request for activation of a user interface window for that particular user at the network device; transmit, to an out of band authentication system, an activation personal identification number (PIN) to be forwarded to the user'"'"'s telephone via a voice or text message; receive, via the communication channel from the network device, the previously transmitted activation PIN; authenticate the user based on the received activation PIN; establish, on top of the communication channel after authenticating the user, a secure, independent, encrypted communication channel between the user interface window and the security server; and at least one of (i) generate and transmit to the user interface window via the secure, independent, encrypted communication channel key material for cryptography based operations and (ii) receiving from the user interface window via the secure, independent, encrypted communication channel, key material for cryptography based operations. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification