Method for key rotation
US-2017034141-A1 · Feb 2, 2017 · US
Multi-factor authentication with code rotation
US10790992B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-10790992-B1 |
| Application number | US-201916575652-A |
| Country | US |
| Kind code | B1 |
| Filing date | Sep 19, 2019 |
| Priority date | Jul 20, 2016 |
| Publication date | Sep 29, 2020 |
| Grant date | Sep 29, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are described for multi-factor authentication and device verification based at least partly on a periodically changing (e.g., rotating) security code. A rotating security code may be generated on a user device and used to sign a certificate. The certificate may be encrypted, using a private key stored on the user device, and communicated to a backend service for verifying that the user device is authorized to access secure information. The backend service may decrypt the certificate (e.g., using a public key associated with the private key), extract the security code from the decrypted certificate, and compare the extracted security code to a security code associated with the user device. If the codes correspond to one another, the user device may be verified and provided with access to secure information such as secure data, a secure portion of an application, and so forth.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method performed by at least one processor, the method comprising: performing multi-factor authentication with a code that is intermittently modified automatically by the at least one processor by: generating, by the at least one processor, a first instance of the code; encrypting, by the at least one processor, a first digital document signed using the first instance of the code; generating, by the at least one processor, a second instance of the code different than the first instance of the code; encrypting, by the at least one processor, a second digital document signed using the second instance of the code; and communicating, by the at least one processor, the encrypted first digital document and the encrypted second digital document to a service, wherein the service verifies, based on the encrypted first digital document and the encrypted second digital document, that a user device is authorized to access secure information. 2. The computer-implemented method of claim 1 , wherein the first digital document and the second digital document comprise an assertion that a user device is authorized to access secure information. 3. The computer-implemented method of claim 1 , further comprising: retrieving, by the at least one processor, a cryptographic key from data storage on a user device, wherein the cryptographic key is used to encrypt at least one of the signed first digital document or the signed second digital document. 4. The computer-implemented method of claim 3 , wherein the cryptographic key is retrieved from the data storage in response to a successful authentication of a user of the user device based on authentication data associated with the user. 5. The computer-implemented method of claim 4 , wherein the authentication data includes one or more of biometric data or a personal identification number. 6. The computer-implemented method of claim 1 , further comprising: signing, by the at least one processor, the first digital document using the first instance of the code. 7. The computer-implemented method of claim 6 , further comprising: signing, by the at least one processor, the second digital document using the second instance of the code. 8. The computer-implemented method of claim 1 , wherein: the first and second instance of the security code are generated based on a shared secret that is stored in data storage on a user device; and a copy of the shared secret is accessible by a service for use in verifying that the user device is authorized to access secure information. 9. The computer-implemented method of claim 1 , wherein the first and second instance of the code are generated using an algorithm for random number generation. 10. A system, comprising: at least one processor; and a memory communicatively coupled to the at least one processor, the memory storing instructions which, when executed by the at least one processor, cause the at least one processor to perform operations comprising: performing multi-factor authentication with a code that is intermittently modified automatically by the at least one processor by: generating a first instance of the code; encrypting a first digital document signed using the first instance of the code; generating a second instance of the code different than the first instance of the code; encrypting a second digital document signed using the second instance of the code; and communicating the encrypted first digital document and the encrypted second digital document to a service, wherein the service verifies, based on the encrypted first digital document and the encrypted second digital document, that a user device is authorized to access secure information. 11. The system of claim 10 , wherein the first digital document and the second digital document comprise an assertion that a user device is authorized to access secure information. 12. The system of claim 10 , the operations further comprising: retrieving a cryptographic key from data storage on a user device, wherein the cryptographic key is used to encrypt at least one of the signed first digital document or the signed second digital document. 13. The system of claim 12 , wherein the cryptographic key is retrieved from the data storage in response to a successful authentication of a user of the user device based on authentication data associated with the user. 14. The system of claim 13 , wherein the authentication data includes one or more of biometric data or a personal identification number. 15. The system of claim 10 , further comprising: signing the first digital document using the first instance of the code; and signing the second digital document using the second instance of the code. 16. One or more non-transitory computer-readable media storing instructions which, when executed by at least one processor, cause the at least one processor to perform operations comprising: performing multi-factor authentication with a code that is intermittently modified automatically by the at least one processor by: generating a first instance of the code; encrypting a first digital document signed using the first instance of the code; generating a second instance of the code different than the first instance of the code; encrypting a second digital document signed using the second instance of the code; and communicating the encrypted first digital document and the encrypted second digital document to a service, wherein the service verifies, based on the encrypted first digital document and the encrypted second digital document, that a user device is authorized to access secure information.
Assignees
Inventors
Classifications
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Biological data, e.g. fingerprint, voice or retina (network architectures or network communication protocols for supporting authentication of entities using biometrical features in a packet data network H04L63/0861) · CPC title
involving random numbers or seeds · CPC title
- H04L9/3263Primary
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
applying multi-factor authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10790992B1 cover?
- Techniques are described for multi-factor authentication and device verification based at least partly on a periodically changing (e.g., rotating) security code. A rotating security code may be generated on a user device and used to sign a certificate. The certificate may be encrypted, using a private key stored on the user device, and communicated to a backend service for verifying that the us…
- Who is the assignee on this patent?
- Usaa
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3263. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 29 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).