×

System, design and process for easy to use credentials management for online accounts using out-of-band authentication

  • US 9,412,283 B2
  • Filed: 12/30/2013
  • Issued: 08/09/2016
  • Est. Priority Date: 12/31/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for authentication for accessing an online portal in a system comprising a user, a client processing application, a portable communications device, and an authentication server having a provisioned user database and encrypted payload, wherein the method comprises:

  • providing a login portal and screen for access by a user, said login portal being in communication with said client processing application;

    establishing contact between the client processing application and the authentication server wherein a new authentication session is started;

    generating a session identifier at the authentication server, wherein the session identifier is communicated to the client processing application through at least a first communications channel;

    creating a multi-dimensional barcode at the client processing application, wherein the barcode has dynamic encryption keys, portal information, session identifier, and a unique key, and wherein the barcode is displayed at the login screen;

    holding the client processing application in waiting pending the authentication server notification of session validation;

    starting authentication by user entering credential on the portable communications device, wherein the portable communications device validates credential and displays scan option;

    using the portable communications device to scan the barcode displayed at the login screen and validate the client processing application;

    finding on the portable communications device at least one encrypted user credentials with the encryption key from the barcode;

    sending the encrypted credentials and session identifier from the portable communications device to the authentication server via a outbound out-of-band communications channel;

    checking in provisioned user database of the authentication server, wherein the session is validated;

    sending the encrypted payload to the waiting client processing application;

    sending validation result from the authentication server to the portable communication device where the result is displayed;

    decrypting the encrypted payload at the client processing application using the encryption keys;

    extracting and decrypting the credentials at the client processing application;

    using the decrypted credentials to access the online portal.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×