System and methods for online authentication

US 9,860,245 B2
Filed: 06/29/2015
Issued: 01/02/2018
Est. Priority Date: 02/19/2009
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a network client to a relying party computer via a computer server, the network client being configured to communicate with the relying party computer and the computer server, the network client being further configured to communicate with a token manager, the token manager being configured to communicate with a hardware token interfaced with the token manager, the method comprising the computer server:

receiving a transaction code from one of the token manager and the network client via a first communications channel established on a communication network, the first communications channel encrypted to be accessible only by the network client and the computer server;

receiving a transaction request from the relying party computer via a second communications channel established on the communication network, the second communications channel encrypted to be accessible only by the relying party computer and the computer server and distinct from the first communications channel, wherein the transaction request as received comprises a transaction pointer that is associated with the hardware token;

correlating the transaction pointer with the transaction code to identify the token manager;

transmitting an authentication request message to one of the token manager and the network client via the first communications channel;

receiving a credential from one of the token manager and the network client via the first communications channel; and

transmitting an authorization signal to the relying party computer in response to the transaction request in accordance with a determination of validity of the credential and data originating from the hardware token, the authorization signal facilitating authentication of the network client to the relying party computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.

67 Citations

View as Search Results

16 Claims

1. A method of authenticating a network client to a relying party computer via a computer server, the network client being configured to communicate with the relying party computer and the computer server, the network client being further configured to communicate with a token manager, the token manager being configured to communicate with a hardware token interfaced with the token manager, the method comprising the computer server:
- receiving a transaction code from one of the token manager and the network client via a first communications channel established on a communication network, the first communications channel encrypted to be accessible only by the network client and the computer server;
  
  receiving a transaction request from the relying party computer via a second communications channel established on the communication network, the second communications channel encrypted to be accessible only by the relying party computer and the computer server and distinct from the first communications channel, wherein the transaction request as received comprises a transaction pointer that is associated with the hardware token;
  
  correlating the transaction pointer with the transaction code to identify the token manager;
  
  transmitting an authentication request message to one of the token manager and the network client via the first communications channel;
  
  receiving a credential from one of the token manager and the network client via the first communications channel; and
  
  transmitting an authorization signal to the relying party computer in response to the transaction request in accordance with a determination of validity of the credential and data originating from the hardware token, the authorization signal facilitating authentication of the network client to the relying party computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the computer server receives the transaction request prior to receiving the credential.
  - 3. The method according to claim 1, wherein the determination of validity comprises the computer server comparing the data originating from the hardware token with expected data.
  - 4. The method according to claim 1, wherein the determination of validity comprises the computer server verifying that the credential is associated with the token manager.
  - 5. The method according to claim 1, wherein the determination of validity comprises the computer server verifying that the credential is uniquely associated with the token manager and the computer server.
  - 6. The method according to claim 1, wherein the authentication request message comprises a session token, and the determination of the validity comprises the computer server comparing the transmitted session token with a session token included in the credential.
  - 7. The method according to claim 1, further comprising determining from the transaction pointer whether the hardware token is currently registered for use in association with the token manager.
  - 8. The method according to claim 1, further comprising determining, based on the correlating, whether the token manager has a connected status.

9. A non-transitory computer-readable medium comprising computer processing instructions for execution by a computer server, the computer processing instructions, when executed by the computer server, causing the computer server to perform a method of authenticating a network client to a relying party computer via the computer server, the network client being configured to communicate with the relying party computer and the computer server, the network client being further configured to communicate with a token manager, the token manager being configured to communicate with a hardware token interfaced with the token manager, the method comprising:
- receiving a transaction code from one of the token manager and the network client via a first communications channel established on a communication network, the first communications channel encrypted to be accessible only by the network client and the computer server;
  
  receiving a transaction request from the relying party computer via a second communications channel established on the communication network, the second communications channel encrypted to be accessible only by the relying party computer and the computer server and distinct from the first communications channel, wherein the transaction request as received comprises a transaction pointer that identifies the hardware token;
  
  correlating the transaction pointer with the transaction code to identify the token manager;
  
  transmitting an authentication request message to one of the token manager and the network client via the first communications channel;
  
  receiving a credential from one of the token manager and the network client via the first communications channel; and
  
  transmitting an authorization signal to the relying party computer in response to the transaction request in accordance with a determination of validity of the credential and data originating from the hardware token, the authorization signal facilitating authentication of the network client to the relying party computer.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable medium according to claim 9, wherein the computer server receives the transaction request prior to receiving the credential.
  - 11. The computer-readable medium according to claim 9, wherein the determination of validity comprises comparing the data originating from the hardware token with expected data.
  - 12. The computer-readable medium according to claim 9, wherein the determination of validity comprises verifying that the credential is associated with the token manager.
  - 13. The computer-readable medium according to claim 9, wherein the determination of validity comprises verifying that the credential is uniquely associated with the token manager and the computer server.
  - 14. The computer-readable medium according to claim 9, wherein the authentication request message comprises a session token, and the determination of the validity comprises comparing the transmitted session token with a session token included in the credential.
  - 15. The computer-readable medium according to claim 9, wherein the method further comprises determining from the transaction pointer whether the hardware token is currently registered for use in association with the token manager.
  - 16. The computer-readable medium according to claim 9, determining, based on the correlating, whether the token manager has a connected status.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureKey Technologies, Inc. (Gen Digital Inc.)
Original Assignee
Secure Technology Incorporated
Inventors
Ronda, Troy Jacob, Roberge, Pierre Antoine, Engel, Patrick Hans, McIver, Rene, Wolfond, Gregory Howard, Boysen, Andre Michael
Primary Examiner(s)
ZAIDI, SYED A

Application Number

US14/753,177
Publication Number

US 20150304319A1
Time in Patent Office

918 Days
Field of Search

726 9
US Class Current
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3215   using a plurality of channe...

H04L 9/3228   One-time or temporary data,...

H04L 9/3268   using certificate validatio...

System and methods for online authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for online authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links