METHOD AND SYSTEM FOR USER AUTHENTICATION FOR COMPUTING DEVICES UTILIZING PKI AND OTHER USER CREDENTIALS

US 20130232336A1
Filed: 03/05/2012
Published: 09/05/2013
Est. Priority Date: 03/05/2012
Status: Active Grant

First Claim

Patent Images

1. A computing device configured for communication over a network, said computing device comprising:

an application component configured for receiving a plurality of credentials for a user associated with the computing device and said plurality of credentials including a passcode, and a registration code from a credential management system;

a component configured to generate one or more key pairs comprising public keys and private keys and including a digital signature public-private key pair and an encryption public-private key pair;

a component configured to submit a certificate signing request to said credential management system, and said certificate signing request including said plurality of credentials, said registration code and said one or more public keys;

a component configured to receive a certificate from said credential management system, said certificate being generated based on authentication of said credentials and on the registration code included in said certificate signing request; and

a component configured for encrypting said one or more private keys with said passcode and storing said encrypted private keys locally.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for user authentication utilizing PKI credentials and user credentials on an electronic device comprising a mobile communication device, smart phone, a computer or other computing device.

56 Citations

View as Search Results

20 Claims

1. A computing device configured for communication over a network, said computing device comprising:
- an application component configured for receiving a plurality of credentials for a user associated with the computing device and said plurality of credentials including a passcode, and a registration code from a credential management system;
  
  a component configured to generate one or more key pairs comprising public keys and private keys and including a digital signature public-private key pair and an encryption public-private key pair;
  
  a component configured to submit a certificate signing request to said credential management system, and said certificate signing request including said plurality of credentials, said registration code and said one or more public keys;
  
  a component configured to receive a certificate from said credential management system, said certificate being generated based on authentication of said credentials and on the registration code included in said certificate signing request; and
  
  a component configured for encrypting said one or more private keys with said passcode and storing said encrypted private keys locally.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computing device as claimed in claim 1, wherein said registration code is transmitted in an email from said credential management system to said computing device.
  - 3. The computing device as claimed in claim 2, wherein said credential management system is configured to publish said certificate to a Trusted Lookup service.
  - 4. The computing device as claimed in claim 1, wherein said application component comprises a native application configured to run on an operating system installed on the computing device.
  - 5. The computing device as claimed in claim 1, wherein said application component comprises a web browser configured to interface with a web portal associated with said credential management system, and said web portal comprises a setup page configured for receiving said plurality of credentials.

6. A computer-implemented method for configuring credentials associated with a user, said method comprising the steps of:
- inputting a passcode associated with the user;
  
  receiving a registration code from a credential management system;
  
  generating one or more key pairs comprising public keys and private keys and including a digital signature public-private key pair and an encryption public-private key pair;
  
  transmitting a certificate signing request to said credential management system, and said certificate signing request including said plurality of credentials, said registration code and said one or more public keys;
  
  receiving a certificate from said credential management system, said certificate being generated based on authentication of said credentials and on the registration code included in said certificate signing request; and
  
  encrypting said one or more private keys with said passcode and storing said encrypted private keys locally.
- View Dependent Claims (7, 8)
- - 7. The computer-implemented method as claimed in claim 6, wherein said registration code is transmitted in an electronic communication to the user from said credential management system.
  - 8. The computer-implemented method as claimed in claim 7, wherein said step of inputting a passcode comprises prompting the user to input one or more other credentials associated with the user and said registration code.

9. A computer-implemented method for authenticating a user for accessing an online application running on an application server from a computing device associated with the user, said method comprising the steps of:
- submitting a login request to the application server;
  
  transmitting a random session identifier from the application server to the computing device;
  
  prompting the user to enter one or more credentials including a passcode;
  
  retrieving an encrypted private digital signature key stored at the computing device and decrypting said encrypted private digital signature key with said passcode;
  
  signing said random session identifier with said decrypted private digital signature key;
  
  transmitting said signed random session identifier and said one or more credentials to the application server;
  
  verifying said signed random session identifier and said one or more credentials; and
  
  authorizing the login request based on the verification of said signed random session identifier and said one or more credentials associated with the user.
- View Dependent Claims (10, 11)
- - 10. The computer-implemented method as claimed in claim 9, wherein step of submitting a login request comprises running an application running on an operating system installed for the computing device and said application being configured for prompting the user to enter said one or more credentials including said passcode.
  - 11. The computer-implemented method as claimed in claim 10, wherein said application comprises a web browser configured to download a web page from the application server, and said web page being configured for prompting the user to enter said one or more credentials including said passcode.

12. A system for authenticating a user for accessing from a computing device an application running on an application server operatively coupled, said system comprising:
- a component configured to transmit a login request to the application server and receive a random session identifier from the application server;
  
  an interface component configured to receive one or more credentials including a passcode entered by the user;
  
  a component configured to retrieve an encrypted private signature key stored locally and to decrypt said encrypted private signature key utilizing said passcode entered by the user;
  
  a component configured to sign said random session identifier with said decrypted private signature key;
  
  a component configured to transmit said signed random session identifier and said one or more user credentials to the application server;
  
  a component running on the application server configured to verify said signed random session identifier and said one or more user credentials; and
  
  a component running on the application server configured to authorize the login request based on the verification of said signed random session identifier and said one or more credentials associated with the user,
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system as claimed in claim 12, wherein the computing device is configured with a key storage facility for locally storing one or more of said encrypted private keys.
  - 14. The system as claimed in claim 13, wherein said key storage facility comprises a key file *.pfx structure and said key file being encrypted with said passcode.
  - 15. The system as claimed in claim 13, wherein said key storage facility comprises a keychain database configured in a sandbox file structure running an iOS based operating system, and said keychain database is encrypted utilizing said passcode,
  - 16. The system as claimed in claim 13, wherein said key storage facility comprises a cryptographic application programming interface configured for a Windows based operating system, and said private keys are encrypted under the Windows based operating system.
  - 17. The system as claimed in claim 13, wherein said computing device comprises a mobile communication device, and the key storage facility is configured for an operating system running on said mobile communication device including an iOS based operating system, a BlackBerry OS operating system, an Android based operating system or a Windows Phone based operating system.

18. A computer program product for configuring credentials associated with a user, said computer program product comprising:
- a storage medium configured to store computer readable instructions;
  
  said computer readable instructions including instructions for,inputting a passcode associated with the user;
  
  receiving a registration code from a credential management system;
  
  generating one or more key pairs comprising public keys and private keys and including a digital signature public-private key pair and an encryption public-private key pair;
  
  transmitting a certificate signing request to said credential management system, and said certificate signing request including said plurality of credentials, said registration code and said one or more public keys;
  
  receiving a certificate from said credential management system, said certificate being generated based on authentication of said credentials and on the registration code included in said certificate signing request; and
  
  encrypting said one or more private keys with said passcode and storing said encrypted private keys locally.
- View Dependent Claims (19)
- - 19. The computer program product as claimed in claim 18, wherein said computer readable instructions are configured for execution in a web browser.

20. A computer program product for authenticating a user for accessing an online application running on an application server from a computing device associated with the user, said computer program product comprising:
- a storage medium configured to store computer readable instructions;
  
  said computer readable instructions including instructions for, submitting a login request to the application server;
  
  transmitting a random session identifier from the application server to the computing device;
  
  prompting the user to enter one or more credentials including a passcode;
  
  retrieving an encrypted private digital signature key stored at the computing device and decrypting said encrypted private digital signature key with said passcode;
  
  signing said random session identifier with said decrypted private digital signature key;
  
  transmitting said signed random session identifier and said one or more credentials to the application server;
  
  verifying said signed random session identifier and said one or more credentials; and
  
  authorizing the login request based on the verification of said signed random session identifier and said one or more credentials associated with the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ECHOWORX Corporation
Original Assignee
Kai Chung Cheung
Inventors
Cheung, Kai Chung, Peel, Christian K.

Granted Patent

US 9,166,777 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 9/006   involving public key infras...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

METHOD AND SYSTEM FOR USER AUTHENTICATION FOR COMPUTING DEVICES UTILIZING PKI AND OTHER USER CREDENTIALS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR USER AUTHENTICATION FOR COMPUTING DEVICES UTILIZING PKI AND OTHER USER CREDENTIALS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links