METHOD AND SYSTEM FOR USER AUTHENTICATION FOR COMPUTING DEVICES UTILIZING PKI AND OTHER USER CREDENTIALS
First Claim
Patent Images
1. A computing device configured for communication over a network, said computing device comprising:
- an application component configured for receiving a plurality of credentials for a user associated with the computing device and said plurality of credentials including a passcode, and a registration code from a credential management system;
a component configured to generate one or more key pairs comprising public keys and private keys and including a digital signature public-private key pair and an encryption public-private key pair;
a component configured to submit a certificate signing request to said credential management system, and said certificate signing request including said plurality of credentials, said registration code and said one or more public keys;
a component configured to receive a certificate from said credential management system, said certificate being generated based on authentication of said credentials and on the registration code included in said certificate signing request; and
a component configured for encrypting said one or more private keys with said passcode and storing said encrypted private keys locally.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for user authentication utilizing PKI credentials and user credentials on an electronic device comprising a mobile communication device, smart phone, a computer or other computing device.
56 Citations
20 Claims
-
1. A computing device configured for communication over a network, said computing device comprising:
-
an application component configured for receiving a plurality of credentials for a user associated with the computing device and said plurality of credentials including a passcode, and a registration code from a credential management system; a component configured to generate one or more key pairs comprising public keys and private keys and including a digital signature public-private key pair and an encryption public-private key pair; a component configured to submit a certificate signing request to said credential management system, and said certificate signing request including said plurality of credentials, said registration code and said one or more public keys; a component configured to receive a certificate from said credential management system, said certificate being generated based on authentication of said credentials and on the registration code included in said certificate signing request; and a component configured for encrypting said one or more private keys with said passcode and storing said encrypted private keys locally. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for configuring credentials associated with a user, said method comprising the steps of:
-
inputting a passcode associated with the user; receiving a registration code from a credential management system; generating one or more key pairs comprising public keys and private keys and including a digital signature public-private key pair and an encryption public-private key pair; transmitting a certificate signing request to said credential management system, and said certificate signing request including said plurality of credentials, said registration code and said one or more public keys; receiving a certificate from said credential management system, said certificate being generated based on authentication of said credentials and on the registration code included in said certificate signing request; and encrypting said one or more private keys with said passcode and storing said encrypted private keys locally. - View Dependent Claims (7, 8)
-
-
9. A computer-implemented method for authenticating a user for accessing an online application running on an application server from a computing device associated with the user, said method comprising the steps of:
-
submitting a login request to the application server; transmitting a random session identifier from the application server to the computing device; prompting the user to enter one or more credentials including a passcode; retrieving an encrypted private digital signature key stored at the computing device and decrypting said encrypted private digital signature key with said passcode; signing said random session identifier with said decrypted private digital signature key; transmitting said signed random session identifier and said one or more credentials to the application server; verifying said signed random session identifier and said one or more credentials; and authorizing the login request based on the verification of said signed random session identifier and said one or more credentials associated with the user. - View Dependent Claims (10, 11)
-
-
12. A system for authenticating a user for accessing from a computing device an application running on an application server operatively coupled, said system comprising:
-
a component configured to transmit a login request to the application server and receive a random session identifier from the application server; an interface component configured to receive one or more credentials including a passcode entered by the user; a component configured to retrieve an encrypted private signature key stored locally and to decrypt said encrypted private signature key utilizing said passcode entered by the user; a component configured to sign said random session identifier with said decrypted private signature key; a component configured to transmit said signed random session identifier and said one or more user credentials to the application server; a component running on the application server configured to verify said signed random session identifier and said one or more user credentials; and a component running on the application server configured to authorize the login request based on the verification of said signed random session identifier and said one or more credentials associated with the user, - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer program product for configuring credentials associated with a user, said computer program product comprising:
-
a storage medium configured to store computer readable instructions; said computer readable instructions including instructions for, inputting a passcode associated with the user; receiving a registration code from a credential management system; generating one or more key pairs comprising public keys and private keys and including a digital signature public-private key pair and an encryption public-private key pair; transmitting a certificate signing request to said credential management system, and said certificate signing request including said plurality of credentials, said registration code and said one or more public keys; receiving a certificate from said credential management system, said certificate being generated based on authentication of said credentials and on the registration code included in said certificate signing request; and encrypting said one or more private keys with said passcode and storing said encrypted private keys locally. - View Dependent Claims (19)
-
-
20. A computer program product for authenticating a user for accessing an online application running on an application server from a computing device associated with the user, said computer program product comprising:
-
a storage medium configured to store computer readable instructions; said computer readable instructions including instructions for, submitting a login request to the application server; transmitting a random session identifier from the application server to the computing device; prompting the user to enter one or more credentials including a passcode; retrieving an encrypted private digital signature key stored at the computing device and decrypting said encrypted private digital signature key with said passcode; signing said random session identifier with said decrypted private digital signature key; transmitting said signed random session identifier and said one or more credentials to the application server; verifying said signed random session identifier and said one or more credentials; and authorizing the login request based on the verification of said signed random session identifier and said one or more credentials associated with the user.
-
Specification