Multi-factor authentication using digital images of barcodes
First Claim
1. A method of implementing a multi-factor authentication scheme in a mobile telephone having a camera and one or more processors, the method comprising:
- as part of a setup procedure;
providing to a remote server a character string input to a user input of the mobile telephone; and
receiving by email a security QR Code in a printable format, wherein the security QR code comprises the character string encrypted with a private key of a public-private key pair to produce an encrypted character string and subsequently encoded into the security QR Code;
maintaining, in a storage medium of the mobile telephone, a plurality of applications configured to be executed on the mobile telephone;
receiving a request from a user to access the mobile telephone;
prompting the user to present a QR Code printed onto paper corresponding to the security QR Code;
scanning the QR Code printed onto paper using the camera of the mobile telephone;
determining that the QR Code printed onto paper is associated with authorized access to the mobile telephone, wherein the determining comprises decoding the QR Code printed onto paper to derive the encrypted character string, and decrypting the encrypted character string using a public key of the public-private key pair, wherein the public key is stored on the mobile telephone;
prompting the user to enter a password;
receiving the password from the user at the user input of the mobile telephone;
determining that the received password is associated with authorized access to the mobile telephone; and
granting the user access to the plurality of applications on the mobile telephone in response to determining that the QR Code printed onto paper is associated with authorized access to the mobile telephone and determining that the received password is associated with authorized access to the mobile telephone.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer-readable media for implementing a multi-factor authentication scheme utilizing barcode images in computing devices, such as standard mobile devices and smartphones having no native hardware support for reading barcodes other than standard digital camera componentry for capturing digital images of real-world phenomena. A mobile device may be configured by software to require a user, as a first authentication factor, to present a barcode, such as a Quick Response (QR) Code for image scanning using digital camera componentry built into the mobile device. The device analyzes the digital image of the barcode to decode the barcode into its encoded character data. If the device recognizes the character data as valid, then, as a second authentication factor, the device prompts the user to enter a valid password associated with the barcode. If the user-entered barcode is also valid, then the device may grant the user access.
-
Citations
7 Claims
-
1. A method of implementing a multi-factor authentication scheme in a mobile telephone having a camera and one or more processors, the method comprising:
-
as part of a setup procedure; providing to a remote server a character string input to a user input of the mobile telephone; and receiving by email a security QR Code in a printable format, wherein the security QR code comprises the character string encrypted with a private key of a public-private key pair to produce an encrypted character string and subsequently encoded into the security QR Code; maintaining, in a storage medium of the mobile telephone, a plurality of applications configured to be executed on the mobile telephone; receiving a request from a user to access the mobile telephone; prompting the user to present a QR Code printed onto paper corresponding to the security QR Code; scanning the QR Code printed onto paper using the camera of the mobile telephone; determining that the QR Code printed onto paper is associated with authorized access to the mobile telephone, wherein the determining comprises decoding the QR Code printed onto paper to derive the encrypted character string, and decrypting the encrypted character string using a public key of the public-private key pair, wherein the public key is stored on the mobile telephone; prompting the user to enter a password; receiving the password from the user at the user input of the mobile telephone; determining that the received password is associated with authorized access to the mobile telephone; and granting the user access to the plurality of applications on the mobile telephone in response to determining that the QR Code printed onto paper is associated with authorized access to the mobile telephone and determining that the received password is associated with authorized access to the mobile telephone. - View Dependent Claims (2)
-
-
3. A mobile telephone configured to perform a multi-factor authentication scheme, the mobile telephone comprising:
-
a processing system comprising one or more processors; one or more executable applications; a camera; and a memory system comprising one or more computer-readable media, wherein the computer-readable media contain instructions that, when executed by the processing system, cause the processing system to perform operations comprising; as part of a setup procedure; providing to a remote server a character string input to a user input of the mobile telephone; and receiving by email a security QR Code in a printable format, wherein the security QR code comprises the character string encrypted with a private key of a public-private key pair to produce an encrypted character string and subsequently encoded into the security QR Code; receiving a request from a user to access the mobile telephone; prompting the user to present a QR Code printed onto paper corresponding to the security QR Code; scanning the QR Code printed onto paper using the camera; determining that the QR Code printed onto paper is associated with authorized access to the mobile telephone, wherein the determining comprises decoding the QR Code printed onto paper to derive the encrypted character string, and decrypting the encrypted character string using a public key of the public-private key pair, wherein the public key is stored on the mobile telephone; prompting the user to enter a password; receiving the password from the user using the user input to the mobile telephone; determining that the received password is associated with authorized access to the mobile telephone; and granting the user access to the one or more applications in response to determining that the QR Code printed onto paper is associated with authorized access to the mobile telephone and determining that the received password is associated with authorized access to the mobile telephone. - View Dependent Claims (4, 5)
-
-
6. A non-transitory computer-readable medium tangibly embodying computer instructions for performing, by one or more processors of a mobile telephone, a method of implementing a multi-factor authentication scheme comprising:
-
as part of a setup procedure; providing to a remote server a character string input to a user input of the mobile telephone; and receiving by email a security QR Code in a printable format, wherein the security QR code comprises the character string encrypted with a private key of a public-private key pair to produce an encrypted character string and subsequently encoded into the security QR Code; receiving a request from a user to access the mobile telephone; prompting the user to present a QR Code printed onto paper corresponding to the security QR Code; scanning the QR Code printed onto paper using a camera of the mobile telephone; determining that the QR Code printed onto paper is associated with authorized access to the mobile telephone, wherein the determining comprises decoding the QR Code printed onto paper to derive the encrypted character string, and decrypting the encrypted character string using a public key of the public-private key pair, wherein the public key is stored on the mobile telephone; prompting the user to enter a password at the user input to the mobile telephone; receiving the password from the user; determining that the received password is associated with authorized access to the mobile telephone; and granting the user access to the mobile telephone in response to determining that the QR Code printed onto paper is associated with authorized access to the mobile telephone and determining that the received password is associated with authorized access to the mobile telephone. - View Dependent Claims (7)
-
Specification