System and method for user authentication

US 9,729,540 B2
Filed: 06/02/2014
Issued: 08/08/2017
Est. Priority Date: 09/22/2011
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user, the method comprising:

generating at a validation server a unique user ID number and a matching encryption key corresponding to the user;

transmitting the unique user ID number and the matching encryption key to a user device;

generating a temporary access code based on the encryption key on the user device;

providing the unique user ID number to a plurality of organization servers;

transmitting the unique user ID number and the temporary access code to the validation server;

performing on the validation server a verification of the unique user ID number and the temporary access code to obtain a validation result;

transmitting the validation result to the plurality of organization servers; and

authenticating the user at each of the organization servers based on the validation result,wherein the unique user ID number is non-confidential and shared with the plurality of organization servers each of which is maintained by respective independent host organizations.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing authentication of a user is disclosed. The use of a non-confidential and unique user identification number and a temporary access code separates authentication of the user from transmission of any user passwords or user-identifiable data, as well as provides a ubiquitous means to authenticate the user with unrelated organizations, without any information passing between those organizations.

Citations

14 Claims

1. A method of authenticating a user, the method comprising:
- generating at a validation server a unique user ID number and a matching encryption key corresponding to the user;
  
  transmitting the unique user ID number and the matching encryption key to a user device;
  
  generating a temporary access code based on the encryption key on the user device;
  
  providing the unique user ID number to a plurality of organization servers;
  
  transmitting the unique user ID number and the temporary access code to the validation server;
  
  performing on the validation server a verification of the unique user ID number and the temporary access code to obtain a validation result;
  
  transmitting the validation result to the plurality of organization servers; and
  
  authenticating the user at each of the organization servers based on the validation result,wherein the unique user ID number is non-confidential and shared with the plurality of organization servers each of which is maintained by respective independent host organizations.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising retrieving the encryption key matching the unique user ID number and generating a second code in the same fashion as the temporary access code was generated, and comparing the second code and the temporary access code to obtain either a positive or negative validation result.
  - 3. The method of claim 1, further comprising modifying a client database of each of the organization servers to provide a field for a unique user ID number for user records.
  - 4. The method of claim 1, further comprising providing to the user, from each of the organization servers, instructions to download client-based security software operable on the user device.
  - 5. The method of claim 1, further comprising performing a time synchronisation between the validation server and the user device.

6. A system for authenticating a user, the system comprising:
- a client-based security software component operable on at least one user device operable by the user;
  
  a server-based validation software component operable on at least one validation server adapted to run on at least one computer that is maintained by a first organization; and
  
  a plurality of host organization servers, each host organization server adapted to run on at least one computer separately maintained by an independent host organization,wherein the server-based validation software component communicates with the client-based security software component to provide the user on the at least one user device with a unique user ID number and a corresponding encryption key,wherein the client-based security software component generates a temporary access code based on the unique user ID number and the corresponding encryption key,wherein the user provides the unique user ID number to the a plurality of host organization servers,wherein an authentication request comprising the user ID number and the temporary access code is transmitted to the at least one validation server for authenticating the user,wherein the server-based validation software component generates a validation result,wherein the validation result is transmitted from the validation server to the plurality of host organization servers,wherein the at least one computer maintained by the first organization is independent and separate from the independent host organizations and their respective organization servers, andwherein the unique user ID number is non-confidential and shared with each of the plurality of organization servers maintained by respective independent host organizations.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the each of the plurality of host organization servers runs a communication software component that communicates with the server-based validation software component.
  - 8. The system of claim 6, wherein the at least one device is a mobile device with computing and communication capability sufficient to operate the client-based security software component.
  - 9. The system of claim 6, wherein the device is selected from the group comprising:
    - a smartphone, a tablet computer, a laptop computer, a personal media player, a personal entertainment system, a kiosk and a smart terminal.
  - 10. The system of claim 6, wherein the server-based validation software component generates the encryption key matching the unique user ID number and generates a second code on the validation sever in the same fashion as the temporary access code was generated, and compares the second code and the temporary access code to generate either a positive or negative validation result.

11. A non-transitory computer-readable storage medium storing instructions that, when executed on one or more computers, causes the computers to perform a method of authenticating a user, wherein said method comprises:
- generating at a validation server a unique user ID number and a matching encryption key corresponding to the user;
  
  transmitting the unique user ID number and the matching encryption key to a user device;
  
  generating a temporary access code based on the encryption key on the user device;
  
  providing the unique user ID number to a plurality of organization servers;
  
  transmitting the unique user ID number and the temporary access code to the validation server;
  
  performing on the validation server a verification of the unique user ID number and the temporary access code to obtain a validation result;
  
  transmitting the validation result to the plurality of organization servers; and
  
  authenticating the user at each of the organization servers based on the validation result,wherein the unique user ID number is non-confidential and shared with the plurality of organization servers each of which is maintained by respective independent host organizations.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory computer-readable storage medium of claim 11, wherein said method further comprises retrieving the encryption key matching the unique user ID number and generating a second code in the same fashion as the temporary access code was generated, and comparing the second code and the temporary access code to obtain either a positive or negative validation result.
  - 13. The non-transitory computer-readable storage medium of claim 11, wherein said method further comprises modifying a client database of each of the organization servers to provide a field for a unique user ID number for user records.
  - 14. The non-transitory computer-readable storage medium of claim 11, wherein said method further comprises providing to the user, from each of the organization servers, instructions to download client-based security software operable on the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kinesis Identity Security System, Inc.
Original Assignee
Kinesis Identity Security System, Inc.
Inventors
Bell, Jonathan G., Jennings, Kenneth W.
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US14/293,203
Publication Number

US 20160119328A1
Time in Patent Office

1,163 Days
Field of Search

713168, 713182, 726 2, 726 4- 5
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04W 12/06   Authentication

System and method for user authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for user authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links