System and methods for authorizing operations on a service using trusted devices

US 9,300,674 B2
Filed: 05/04/2015
Issued: 03/29/2016
Est. Priority Date: 07/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method for ensuring confidentiality of information used during authentication and authorization operations, the method comprising:

receiving a request from a first user to perform an operation for a service;

identifying a second user responsible for authorizing the operation of the service, the second user being different from the first user;

selecting, based on a database of trusted devices, a trusted device associated with the second user for authorizing the operation of the service;

establishing a secure connection with the trusted device;

sending to the trusted device via the secure connection a request to the second user to enter confidential information on the trusted device for authorizing to authorize the operation of the service;

receiving the confidential information from the trusted device; and

determining whether to authorize the operation of the service based on the confidential information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to perform an operation for a service; selecting, based on a database of trusted devices, a trusted device for authorizing the operation of the service; establishing a secure connection with the trusted device; sending to the trusted device via the secure connection a request to enter confidential information on the trusted device to authorize the operation of the service; receiving the confidential information from the trusted device; and determining whether to authorize the operation of the service based on the confidential information.

19 Citations

View as Search Results

15 Claims

1. A method for ensuring confidentiality of information used during authentication and authorization operations, the method comprising:
- receiving a request from a first user to perform an operation for a service;
  
  identifying a second user responsible for authorizing the operation of the service, the second user being different from the first user;
  
  selecting, based on a database of trusted devices, a trusted device associated with the second user for authorizing the operation of the service;
  
  establishing a secure connection with the trusted device;
  
  sending to the trusted device via the secure connection a request to the second user to enter confidential information on the trusted device for authorizing to authorize the operation of the service;
  
  receiving the confidential information from the trusted device; and
  
  determining whether to authorize the operation of the service based on the confidential information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the request is received from an unsecure device via an unsecure connection, and the operation for the service is performed on the unsecure device associated with the first user.
  - 3. The method of claim 1, wherein the trusted device is configured to use a hacking identification module to prevent authorized opening, theft, or hacking of software installed on the trusted device.
  - 4. The method of claim 1, wherein the confidential information comprises a password to an account record, biometric data, or a PIN code.
  - 5. The method of claim 1, wherein the trusted device comprises a notebook, a netbook, a smartphone, a mobile telephone, a communicator, or a thin client.

6. A system for ensuring confidentiality of information used during authentication and authorization operations, the system comprising:
- a processor configured to;
  
  receive a request from a first user to perform an operation for a service;
  
  identify a second user responsible for authorizing the operation of the service, the second user being different from the first user;
  
  select, based on a database of trusted devices, a trusted device associated with the second user for authorizing the operation of the service;
  
  establish a secure connection with the trusted device;
  
  send to the trusted device via the secure connection a request to the second user to enter confidential information on the trusted device for authorizing the operation of the service;
  
  receive the confidential information from the trusted device; and
  
  determine whether to authorize the operation of the service based on the confidential information.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the request is received from an unsecure device via an unsecure connection, and the operation for the service is performed on the unsecure device associated with the first user.
  - 8. The system of claim 6, wherein the trusted device is configured to use a hacking identification module to prevent authorized opening, theft, or hacking of software installed on the trusted device.
  - 9. The system of claim 6, wherein the confidential information comprises a password to an account record, biometric data, or a PIN code.
  - 10. The system of claim 6, wherein the trusted device comprises a notebook, a netbook, a smartphone, a mobile telephone, a communicator, or a thin client.

11. A non-transitory computer-readable storage medium having a computer program product stored thereon, the computer-readable storage medium comprising computer-executable instructions for ensuring confidentiality of information used during authentication and authorization operations, the instructions comprising:
- receiving a request from a first user to perform an operation for a service;
  
  identifying a second user responsible for authorizing the operation of the service, the second user being different from the first user;
  
  selecting, based on a database of trusted devices, a trusted device associated with the second user for authorizing the operation of the service;
  
  establishing a secure connection with the trusted device;
  
  sending to the trusted device via the secure connection a request to the second user to enter confidential information on the trusted device for authorizing to of the operation of the service;
  
  receiving the confidential information from the trusted device; and
  
  determining whether to authorize the operation of the service based on the confidential information.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-readable storage medium of claim 11, wherein the request is received from an unsecure device via an unsecure connection, and the operation for the service is performed on the unsecure device associated with the first user.
  - 13. The computer-readable storage medium of claim 11, wherein the trusted device is configured to use a hacking identification module to prevent authorized opening, theft, or hacking of software installed on the selected trusted device.
  - 14. The computer-readable storage medium of claim 11, wherein the instructions further comprises identifying another trusted device in the database of trusted devices associated with the second user for authorizing the operation of the service.
  - 15. The computer-readable storage medium of claim 11, wherein the confidential information comprises a password to an account record, biometric data, or a PIN code, and the trusted device comprises a notebook, a netbook, a smartphone, a mobile telephone, a communicator, or a thin client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaspersky Lab ZAO
Original Assignee
Lab A.O. Kaspersky
Inventors
Borovikov, Nikolay V.
Primary Examiner(s)
Hailu, Teshome
Assistant Examiner(s)
LE, THANH H

Application Number

US14/702,896
Publication Number

US 20150237054A1
Time in Patent Office

330 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/313   using a call-back technique...

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06F 21/60   Protecting data

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/18   using different networks or...

H04L 67/10   in which an application is ...

System and methods for authorizing operations on a service using trusted devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

System and methods for authorizing operations on a service using trusted devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others