System, design and process for easy to use credentials management for accessing online portals using out-of-band authentication
First Claim
1. A system of user authentication for accessing an online portal in a communications network, the system comprising:
- a client processing application having programming for communication with a login portal and screen for access by a user;
a hardware authentication server device having programming for establishing contact between the client processing application and the hardware authentication server device wherein a new authentication session is started;
programming for generating a session identification (“
ID”
), and programming for communicating a session ID to the client processing application through at least a first communications channel;
wherein the client processing application includes programming for creating a multi-dimensional barcode for display at the login screen, wherein the multi-dimensional barcode has dynamic encryption keys, portal information, session ID, and a unique key; and
programming for holding the client processing application in waiting pending notification of session validation by the hardware authentication server device;
wherein the client processing application includes programming for authentication by receiving user credentials from a portable communications device,a portable communications device application having programming for authentication;
including programming for receiving user credentials and displaying at least one scan option;
programming for scanning the multi-dimensional barcode displayed at the login screen;
programming for validating the client processing application;
programming for finding at least one encrypted user credential with the encryption key from the multi-dimensional barcode; and
programming for sending the at least one encrypted user credential and session ID to the hardware authentication server device via an outbound out-of-band communications channel;
wherein the hardware authentication server device further includes programming for checking a provisioned user database and validating the session ID;
programming for sending an encrypted payload to the waiting client processing application;
programming for sending validation result to the portable communication device where the result can be displayed;
wherein the client processing application includes programming for extracting and decrypting the at least one encrypted user credential; and
programming for using an at least one decrypted user credential to access the online portal.
6 Assignments
0 Petitions
Accused Products
Abstract
The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect user access to online portals. When opened, the client processing application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the client processing application and triggers an out-of-band outbound mechanism. The portable mobile device invokes the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the online portal. The process of the invention includes an authentication server, a client processing application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application.
-
Citations
10 Claims
-
1. A system of user authentication for accessing an online portal in a communications network, the system comprising:
-
a client processing application having programming for communication with a login portal and screen for access by a user; a hardware authentication server device having programming for establishing contact between the client processing application and the hardware authentication server device wherein a new authentication session is started;
programming for generating a session identification (“
ID”
), and programming for communicating a session ID to the client processing application through at least a first communications channel;wherein the client processing application includes programming for creating a multi-dimensional barcode for display at the login screen, wherein the multi-dimensional barcode has dynamic encryption keys, portal information, session ID, and a unique key; and
programming for holding the client processing application in waiting pending notification of session validation by the hardware authentication server device;wherein the client processing application includes programming for authentication by receiving user credentials from a portable communications device, a portable communications device application having programming for authentication;
including programming for receiving user credentials and displaying at least one scan option;
programming for scanning the multi-dimensional barcode displayed at the login screen;
programming for validating the client processing application;
programming for finding at least one encrypted user credential with the encryption key from the multi-dimensional barcode; and
programming for sending the at least one encrypted user credential and session ID to the hardware authentication server device via an outbound out-of-band communications channel;wherein the hardware authentication server device further includes programming for checking a provisioned user database and validating the session ID;
programming for sending an encrypted payload to the waiting client processing application;
programming for sending validation result to the portable communication device where the result can be displayed;wherein the client processing application includes programming for extracting and decrypting the at least one encrypted user credential; and
programming for using an at least one decrypted user credential to access the online portal. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for authentication for accessing an online portal in a system comprising a user, a client processing application, a portable communications device, and an authentication server having a provisioned user database and encrypted payload, wherein the method comprises:
-
providing a login portal and screen for access by a user, said login portal being in communication with said client processing application; establishing contact between the client processing application and the authentication server wherein a new authentication session is started; generating a session identification (“
ID”
) at the client processing application;creating a multi-dimensional barcode at the client processing application, wherein the multi-dimensional barcode has dynamic encryption keys, portal information, session ID, and a unique key, and wherein the multi-dimensional barcode is displayed at the login screen; holding the client processing application in waiting pending the authentication server notification of session validation; starting authentication by user entering credentials on the portable communications device, wherein the portable communications device validates the credentials and displays scan option; using the portable communications device to scan the multi-dimensional barcode displayed at the login screen and validate the client processing application; finding on the portable communications device at least one encrypted user credential with an encryption key from the multi-dimensional barcode; sending the at least one encrypted user credentials and session ID from the portable communications device to the authentication server via an outbound out-of-band communications channel; checking in provisioned user database of the authentication server, wherein the new authentication session is validated; sending an encrypted payload to waiting at the client processing application; sending validation result from the authentication server to the portable communication device where the result is displayed; decrypting the encrypted payload at the client processing application using the dynamic encryption keys; extracting and decrypting the at least one encrypted user credential at the client processing application; and using an at least one decrypted user credential to access the online portal. - View Dependent Claims (7, 8, 9, 10)
-
Specification