Key management using quasi out of band authentication architecture
First Claim
1. A method of operating a security server to provide key management layered on a quasi out of band authentication system, comprising:
- receiving, via a communication channel from a network device associated with a user, a request for activation of a user interface window for that particular user at the network device;
transmitting, to an out of band authentication system, an activation personal identification number (PIN) to be forwarded to the user'"'"'s telephone via a voice or text message;
receiving, via the communication channel from the network device, the previously transmitted activation PIN;
authenticating the user based on the received activation PIN;
establishing, on top of the communication channel after authenticating the user, a secure, independent, encrypted communication channel between the user interface window and the security server; and
at least one of (i) generating and transmitting to the user interface window via the secure, independent, encrypted communication channel key material for cryptography based operations and (ii) receiving from the user interface window via the secure, independent, encrypted communication channel, key material for cryptography based operations.
11 Assignments
0 Petitions
Accused Products
Abstract
To provide key management layered on a quasi-out-of-band authentication system, a security server receives a request for activation of a user interface window for a particular user from a network device via a communication channel. It then transmits an activation PIN to an out of band authentication system for forwarding to the user'"'"'s telephone via a voice or text message. It next receives the previously transmitted PIN from the network device via the communication channel, and authenticates the user based on the received PIN. After authenticating the user, it establishes a secure, independent, encrypted communication channel between the user interface window and the security server on top of the original communication channel. It then generates and transmits to the user interface window and/or receives from the user interface window via the secure communication channel, key material and certificate material for public key and/or symmetric key cryptography based operations.
122 Citations
19 Claims
-
1. A method of operating a security server to provide key management layered on a quasi out of band authentication system, comprising:
-
receiving, via a communication channel from a network device associated with a user, a request for activation of a user interface window for that particular user at the network device; transmitting, to an out of band authentication system, an activation personal identification number (PIN) to be forwarded to the user'"'"'s telephone via a voice or text message; receiving, via the communication channel from the network device, the previously transmitted activation PIN; authenticating the user based on the received activation PIN; establishing, on top of the communication channel after authenticating the user, a secure, independent, encrypted communication channel between the user interface window and the security server; and at least one of (i) generating and transmitting to the user interface window via the secure, independent, encrypted communication channel key material for cryptography based operations and (ii) receiving from the user interface window via the secure, independent, encrypted communication channel, key material for cryptography based operations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification