Network transaction verification and authentication
First Claim
1. A method for trusted secure access from a local network location to an institution remote network location, comprising:
- employing at least one processor for;
(a) activating a trusted security device at a local network location, said device having a non-transitory computer readable storage medium, with a remote network location, comprising;
at the local network location;
(i) obtaining, from the remote network location, an institution authorized a private security software comprising a scrambling algorithm and a descrambling algorithm, and storing the private security software at the trusted security device;
the trusted security device having a un-changeable global unique identifier (UID), which uniquely identifies the trusted security device;
(ii) causing the private security software to;
(ii-1) obtain a user selectable personal identification number from a user;
(ii-2) obtain the UID from the trusted security device; and
(ii-3) forward the PIN and the UID to the remote network location;
at the remote network location;
(iii) running the scrambling algorithm with the PIN and UID as input to generate a user-personalized credential code containing scrambled access credentials to the institution remote location; and
(iv) forwarding the user-personalized credential code to the local network location and storing thereof at the trusted security device; and
(b) at the local network location, performing a local authentication without communicating over any network, comprising;
(v) verifying authenticity of the user selectable PIN and the UID, comprising running the descrambling algorithm of the private security software using the PIN and the UID as input to descramble the user- personalized credential code;
(vi) upon successful verification, retrieving the access credentials to the institution remote network location from the user-personalized credential code.
3 Assignments
0 Petitions
Accused Products
Abstract
A two-level authentication system is described supporting two-factor authentication that offers efficient protection for secure on-line web transactions. It includes a global unique identity (UID) provided either by an institute-issued/personal trusted device, or based on client computing platform hardware attributes, and generated using institution authorized private software, institution-authorized authentication proxy software, and an institution-generated credential code which is pre-stored in the token and only accessible by the institute-authorized authentication proxy software. The institution-authorized authentication proxy software uses the user'"'"'s PIN and the trusted device'"'"'s UID as input and verifies the user and device identities through institution-generated credential code which was pre-stored in the trusted device. Authentication is performed in two levels: the first authenticates the user and the trusted device locally; and the second authenticates the user remotely at the institution-owned authentication server. Various embodiments add extra levels of security, including one-time-password management.
62 Citations
20 Claims
-
1. A method for trusted secure access from a local network location to an institution remote network location, comprising:
-
employing at least one processor for; (a) activating a trusted security device at a local network location, said device having a non-transitory computer readable storage medium, with a remote network location, comprising; at the local network location; (i) obtaining, from the remote network location, an institution authorized a private security software comprising a scrambling algorithm and a descrambling algorithm, and storing the private security software at the trusted security device;
the trusted security device having a un-changeable global unique identifier (UID), which uniquely identifies the trusted security device;(ii) causing the private security software to; (ii-1) obtain a user selectable personal identification number from a user; (ii-2) obtain the UID from the trusted security device; and (ii-3) forward the PIN and the UID to the remote network location;
at the remote network location;(iii) running the scrambling algorithm with the PIN and UID as input to generate a user-personalized credential code containing scrambled access credentials to the institution remote location; and (iv) forwarding the user-personalized credential code to the local network location and storing thereof at the trusted security device; and (b) at the local network location, performing a local authentication without communicating over any network, comprising; (v) verifying authenticity of the user selectable PIN and the UID, comprising running the descrambling algorithm of the private security software using the PIN and the UID as input to descramble the user- personalized credential code; (vi) upon successful verification, retrieving the access credentials to the institution remote network location from the user-personalized credential code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 17, 18, 19)
-
-
10. A system for providing a trusted secure access in a computer network from a local network location to an institution remote network location, the system comprising:
- a computing device at the local network location, the computing device having a processor;
a remote server computer at a remote location; a trusted security device at the local network location to be activated with the remote server computer; the computing device comprising a computer readable medium having computer readable instructions stored thereon for execution by the processor, causing the processor to; (i) obtain, from the remote server computer,--a an institution authorized private security software comprising a scrambling algorithm and a descrambling algorithm, and store the private security software at the trusted security device; the trusted security device having a un-changeable global unique identifier (UID), which uniquely identifies the trusted security device; (ii) cause the private security software to; (ii-1) obtain a user selectable personal identification number (PIN) from a user; (ii-2) obtain the UID from the trusted security device; and (ii-3) forward the PIN;
.and the UID to the remote network location;
the remote server computer having memory having computer readable instructions stored thereon, causing the remote server computer to;(iii) run the scrambling algorithm of the private security software with the PIN and the UID as input to generate a user-personalized credential code containing scrambled access credentials to the institution remote location; and (iv) forward the user-personalized credential code to the computing device and store thereof at the trusted security device; and (b) the computer readable instructions of the computing device being further configured to, without communicating over any network, cause the processor to; (v) verify authenticity of the user selectable PIN and the UID, comprising running the descrambling algorithm using the PIN and the UID as input to descramble the user personalized credential code; (vi) upon successful verification, retrieve access credentials, providing access to the institution remote network location, from the user-personalized credential code. - View Dependent Claims (11, 12, 13, 14, 15, 16, 20)
- a computing device at the local network location, the computing device having a processor;
Specification