Secure user authentication with improved one-time-passcode verification

US 9,208,299 B2
Filed: 03/09/2013
Issued: 12/08/2015
Est. Priority Date: 03/09/2013
Status: Active Grant

First Claim

Patent Images

1. A method for secure user authentication, said method comprising:

receiving one or more attributes associated with a client device and further configured to receive a user identification (ID) indicating the identity of a user of said client device;

generating a device record comprising a pairing of said one or more attributes and said user ID;

generating a device ID uniquely referencing said device record;

transmitting said device ID to said client device;

calculating a trust level associated with said client device, said trust level based on said user ID and said one or more attributes; and

transmitting said device ID to an authentication server based on said trust level, wherein said authentication server is configured to authenticate said user of said client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally, this disclosure provides systems, devices, methods and computer readable media for secure user authentication with improved OTP verification. The device may include an attribute collection module configured to collect attributes associated with the device; a client trust module configured to identify a user of the device, associate a user ID with the user and transmit the user ID and the collected attributes to a trust broker system; the client trust module further configured to receive a device ID from the trust broker system, the device ID associated with a pairing of the user ID and the attributes; and a client OTP generation module configured to generate an OTP and further configured to transmit the OTP and the device ID to an authentication server.

Citations

26 Claims

1. A method for secure user authentication, said method comprising:
- receiving one or more attributes associated with a client device and further configured to receive a user identification (ID) indicating the identity of a user of said client device;
  
  generating a device record comprising a pairing of said one or more attributes and said user ID;
  
  generating a device ID uniquely referencing said device record;
  
  transmitting said device ID to said client device;
  
  calculating a trust level associated with said client device, said trust level based on said user ID and said one or more attributes; and
  
  transmitting said device ID to an authentication server based on said trust level, wherein said authentication server is configured to authenticate said user of said client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said one or more attributes comprise a device serial number, an international mobile equipment identification (IMEI), or a jailbroken/rooted operating system status.
  - 3. The method of claim 1, wherein said one or more attributes comprise a location of said client device and a timestamp.
  - 4. The method of claim 1, further comprising transmitting said device ID, provided by a trust broker system, to said authentication server;
    - transmitting a Personal Identification Number (PIN) and a One-Time-Passcode (OTP) to said authentication server.
  - 5. The method of claim 1, further comprising authenticating, at said authentication server, said user and said client device based on a match of said device ID provided by a trust broker system to said device ID provided by said client device, and said authentication further based on a verification of a PIN and an OTP provided by said client device.
  - 6. The method of claim 1, wherein said device ID is encrypted after generation prior to transmission to said client device.
  - 7. The method of claim 6, wherein said transmitting said encrypted device ID comprises relaying said encrypted device ID through a middleware web server to said client device.

8. A method for secure user authentication, said method comprising:
- collecting attributes associated with a device;
  
  identifying a user of said device;
  
  associating a user identification (ID) with said user and transmitting said user ID and said collected attributes to a trust broker system;
  
  receiving a device ID from said trust broker system, said device ID associated with a pairing of said user ID and said attributes; and
  
  generating an OTP and further configured to transmit said OTP and said device ID to an authentication server.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising transmitting a PIN to said authentication server, said PIN obtained from said user.
  - 10. The method of claim 8, further comprising transmitting a token ID to said authentication server, said token ID associated with said generation of said OTP.
  - 11. The method of claim 8, wherein said attributes comprise a device serial number, an international mobile equipment identification (IMEI), or a jailbroken/rooted operating system status.
  - 12. The method of claim 8, wherein said attributes comprise a location of said device and a timestamp.
  - 13. The method of claim 8, further comprising authenticating said user and said device based on a match of said device ID provided by said trust broker system to said device ID provided by said device, and said authentication further based on a verification of a PIN and said OTP provided by said device.
  - 14. The method of claim 8, further comprising encrypting communication between said device and said trust broker system and between said device and said authentication server.
  - 15. The method of claim 14, wherein said encrypted communication is relayed through a middleware web server.

16. A non-transitory computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for secure user authentication, said operations comprising:
- receiving one or more attributes associated with a client device;
  
  receiving a user identification (ID) indicating the identity of a user of said client device;
  
  generating a device record comprising a pairing of said one or more attributes and said user ID;
  
  generating a device ID uniquely referencing said device record;
  
  causing said device ID to be transmitted to said client device;
  
  calculating a trust level associated with said client device, said trust level based on said user ID and said one or more attributes; and
  
  causing said device ID to be transmitted to an authentication server based on said trust level, wherein said authentication server is configured to authenticate said user of said client device.
- View Dependent Claims (17, 18, 19)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein said one or more attributes comprise a device serial number, an international mobile equipment identification (IMEI), or a jailbroken/rooted operating system status.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein said one or more attributes comprise a location of said client device and a timestamp.
  - 19. The non-transitory computer-readable storage medium of claim 16, further comprising the operation of encrypting communications with said client device.

20. A non-transitory computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for secure user authentication, said operations comprising:
- collecting attributes associated with a device;
  
  identifying a user of said device;
  
  associating a user identification (ID) with said user;
  
  causing said user ID and said attributes to be transmitted to a trust broker system;
  
  receiving a device ID from said trust broker system, said device ID associated with a pairing of said user ID and said attributes;
  
  generating an One-Time-Passcode (OTP); and
  
  causing said OTP and said device ID to be transmitted to an authentication server.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The non-transitory computer-readable storage medium of claim 20, further comprising the operations of obtaining a PIN from said user and transmitting said PIN to said authentication server.
  - 22. The non-transitory computer-readable storage medium of claim 20, further comprising the operation of causing a token ID to be transmitted to said authentication server, said token ID associated with said generation of said OTP.
  - 23. The non-transitory computer-readable storage medium of claim 20, wherein said attributes comprise a device serial number, an international mobile equipment identification (IMEI), or a jailbroken/rooted operating system status.
  - 24. The non-transitory computer-readable storage medium of claim 20, wherein said attributes comprise a location of said client device and a timestamp.
  - 25. The non-transitory computer-readable storage medium of claim 20, further comprising the operation of encrypting communication between said client device and said trust broker system and between said device and said authentication server.
  - 26. The non-transitory computer-readable storage medium of claim 25, further comprising causing said encrypted communication to be relayed through a middleware web server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Birk, Eran, Ben-Shalom, Omer
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US13/995,540
Publication Number

US 20140259116A1
Time in Patent Office

1,004 Days
Field of Search

726 4- 10
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

G06F 21/73   by creating or determining ...

Secure user authentication with improved one-time-passcode verification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Secure user authentication with improved one-time-passcode verification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links