System and methods for online authentication
First Claim
1. A method of authenticating a network client to a computer server, the network client being configured to communicate with the computer server over a network and to communicate with a token manager, the token manager being configured to receive data originating from a hardware token interfaced with the token manager, the method comprising:
- transmitting user login credentials to the computer server;
receiving authenticator identifying data from the computer server in response to transmission of the user login credentials;
determining that the authenticator identifying data matches identifying data for one of the token manager and the network clients;
one of the token manager and the network client generating a credential associated with the token manager, and transmitting the credential to the computer server, wherein the token manager is configured with a parent digital certificate associated with the token manager, the parent digital certificate including a public encryption key, and the credential generating comprises;
the one of the token manager and the network client generating the credential from the parent digital certificate;
the one of the token manager and the network client generating a child digital certificate from the parent digital certificate and signing the child digital certificate with a private encryption key uniquely associated with the public encryption key, the private encryption key and the public encryption key comprising an asymmetric encryption key pair;
the one of the token manager and the network client generating a pseudo-random code, and incorporating the pseudo-random code into the child digital certificate, the pseudo-random code being verifiable by the computer server; and
the network client receiving an authentication payload from the computer server in accordance with a validity of the credential and the data of the hardware token, the authentication payload facilitating authentication of the network client to the computer server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.
51 Citations
18 Claims
-
1. A method of authenticating a network client to a computer server, the network client being configured to communicate with the computer server over a network and to communicate with a token manager, the token manager being configured to receive data originating from a hardware token interfaced with the token manager, the method comprising:
-
transmitting user login credentials to the computer server; receiving authenticator identifying data from the computer server in response to transmission of the user login credentials; determining that the authenticator identifying data matches identifying data for one of the token manager and the network clients; one of the token manager and the network client generating a credential associated with the token manager, and transmitting the credential to the computer server, wherein the token manager is configured with a parent digital certificate associated with the token manager, the parent digital certificate including a public encryption key, and the credential generating comprises; the one of the token manager and the network client generating the credential from the parent digital certificate; the one of the token manager and the network client generating a child digital certificate from the parent digital certificate and signing the child digital certificate with a private encryption key uniquely associated with the public encryption key, the private encryption key and the public encryption key comprising an asymmetric encryption key pair; the one of the token manager and the network client generating a pseudo-random code, and incorporating the pseudo-random code into the child digital certificate, the pseudo-random code being verifiable by the computer server; and the network client receiving an authentication payload from the computer server in accordance with a validity of the credential and the data of the hardware token, the authentication payload facilitating authentication of the network client to the computer server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium comprising computer processing instructions stored thereon for execution by a computer, the computer processing instructions, when executed by the computer, causing the computer to perform a method of authenticating a network client to a computer server, the network client being configured to communicate with the computer server over a network and to communicate with a token manager, the token manager being configured to receive data originating from a hardware token interfaced with the token manager, the method comprising:
-
transmitting user login credentials to the computer server; receiving authenticator identifying data from the computer server in response to transmission of the user login credentials; determining that the authenticator identifying data matches identifying data for one of the token manager and the network clients; one of the token manager and the network client generating a credential associated with the token manager, and transmitting the credential to the computer server, wherein the token manager is configured with a parent digital certificate associated with the token manager, the parent digital certificate including a public encryption key, and the credential generating comprises; the one of the token manager and the network client generating the credential from the parent digital certificate; the one of the token manager and the network client generating a child digital certificate from the parent digital certificate and signing the child digital certificate with a private encryption key uniquely associated with the public encryption key, the private encryption key and the public encryption key comprising an asymmetric encryption key pair; the one of the token manager and the network client generating a pseudo-random code, and incorporating the pseudo-random code into the child digital certificate, the pseudo-random code being verifiable by the computer server; and the network client receiving an authentication payload from the computer server in accordance with a validity of the credential and the data of the hardware token, the authentication payload facilitating authentication of the network client to the computer server.
-
-
12. A method of authenticating a network client to a computer server, the network client being configured to communicate with the computer server over a network and to communicate with a token manager, the method comprising:
-
the computer server receiving user login credentials from the network client; the computer server retrieving authenticator identifying data associated with the user login credentials; the computer server transmitting the authenticator identifying data to the network client; the computer server receiving a credential from one of the token manager and the network client, wherein the token manager is configured with a parent digital certificate associated with the token manager, the parent digital certificate includes a public encryption key, and wherein the credential is generated by; the one of the token manager and the network client generating the credential from the parent digital certificate; the one of the token manager and the network client generating a child digital certificate from the parent digital certificate and signing the child digital certificate with a private encryption key uniquely associated with the public encryption key, the private encryption key and the public encryption key comprising an asymmetric encryption key pair; and the one of the token manager and the network client generating a pseudo-random code, and incorporating the pseudo-random code into the child digital certificate, the pseudo-random code being verifiable by the computer server; and the computer server transmitting an authentication payload to the network client in accordance with a determination of validity of the credential and data originating from a hardware token interfaced with the token manager, the authentication payload facilitating authentication of the network client to the computer server, wherein the determination of the validity comprises; verifying that the credential was signed with the private encryption key uniquely associated with the public encryption key; and comparing the pseudo-random code included in the credential with an expected pseudo-random code. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable medium comprising computer processing instructions stored thereon for execution by a computer server, the computer processing instructions, when executed by the computer server, causing the computer server to perform a method of authenticating a network client to the computer server, the network client being configured to communicate with the computer server over a network and to communicate with a token manager, the method comprising:
-
the computer server receiving user login credentials from the network client; the computer server retrieving authenticator identifying data associated with the user login credentials; the computer server transmitting the authenticator identifying data to the network client; the computer server receiving a credential from one of the token manager and the network client, wherein the token manager is configured with a parent digital certificate associated with the token manager, the parent digital certificate includes a public encryption key, and wherein the credential is generated by; the one of the token manager and the network client generating the credential from the parent digital certificate; the one of the token manager and the network client generating a child digital certificate from the parent digital certificate and signing the child digital certificate with a private encryption key uniquely associated with the public encryption key, the private encryption key and the public encryption key comprising an asymmetric encryption key pair; and the one of the token manager and the network client generating a pseudo-random code, and incorporating the pseudo-random code into the child digital certificate, the pseudo-random code being verifiable by the computer server; and the computer server transmitting an authentication payload to the network client in accordance with a determination of validity of the credential and data originating from a hardware token interfaced with the token manager, the authentication payload facilitating authentication of the network client to the computer server, wherein the determination of the validity comprises; verifying that the credential was signed with the private encryption key uniquely associated with the public encryption key; and comparing the pseudo-random code included in the credential with an expected pseudo-random code.
-
Specification