Risk information output device, information output system, risk information output method, and recording medium
US-2024414180-A1 · Dec 12, 2024 · US
Declarative techniques for transaction-specific authentication
US2016285871A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016285871-A1 |
| Application number | US-201514671935-A |
| Country | US |
| Kind code | A1 |
| Filing date | Mar 27, 2015 |
| Priority date | Mar 27, 2015 |
| Publication date | Sep 29, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are disclosed for providing and/or implementing utilizing declarative techniques for transaction-specific authentication. Certain techniques are disclosed herein that enable transaction signing using modular authentication via declarative requests from applications. An application can declaratively specify one or more transaction factor values to be used in an authentication, and the authentication, using a transaction-signed one-time password, can be directed by an access manager module without further involvement of the application. Upon a successful or non-successful authentication, the access manager module can provide the result back to the application. Accordingly, an authentication process specific to (and valid only for) a particular transaction can be performed without direct involvement of the application and without application-centric knowledge required by the access manager module.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method, comprising: receiving, at an access manager module executing at a computing device from an application executing at a separate computing device, a set of one or more transaction factor values, wherein each of the set of transaction factor values identifies an aspect of a transaction that a user has requested the application to perform; transmitting, by the access manager module to one or more client devices of the user, a set of transaction factor attributes associated with the set of transaction factor values; receiving, at the access manager module from at least one of the one or more client devices of the user, a user-generated one-time password (UGOTP) generated based upon the set of transaction factor values and a token value; generating, by the access manager module, the token value according to a token generation algorithm; generating, by the access manager module, a local one-time password (LOTP) using the token value and the set of transaction factor values; determining, by the access manager module, that the UGOTP equals the LOTP; and transmitting, by the access manager and destined to the application, a message indicating that the UGOTP equals the LOTP. 2 . The method of claim 1 , further comprising: receiving, at the access manager module, a second UGOTP generated based upon a second token value and a second set of one or more transaction factor values of a second transaction that a second user has requested the application to perform; generating, by the access manager module, the second token value according to the token generation algorithm; generating, by the access manager module, a second LOTP using the second token value and the second set of transaction factor values; and determining, by the access manager module, that the second UGOTP does not equal the second LOTP. 3 . The method of claim 2 , further comprising: responsive to the determining that the second UGOTP does not equal the second LOTP, transmitting, by the access manager module, a message causing a second client device of the second user to prompt the second user to attempt to authenticate again. 4 . The method of claim 2 , further comprising: responsive to the determining that the second UGOTP does not equal the second LOTP, transmitting, by the access manager module, a second message to the application indicating that the second UGOTP does not equal the second LOTP. 5 . The method of claim 1 , wherein the received set of transaction factor values are received from the application via a gateway communicatively coupled between the one or more client devices of the user and the application. 6 . The method of claim 5 , wherein the set of transaction factor values were transmitted by the application within a header field of a HyperText Transfer Protocol (HTTP) response message. 7 . The method of claim 5 , wherein the transmitted message indicating that the UGOTP equals the LOTP is transmitted to the application via the gateway. 8 . The method of claim 1 , wherein the set of transaction factor attributes are transmitted within a Short Message Service (SMS) message. 9 . A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors of a computing device, cause the one or more processors to perform operations comprising: receiving, from an application executing at a separate computing device, a set of one or more transaction factor values, wherein each of the set of transaction factor values identifies an aspect of a transaction that a user has requested the application to perform; transmitting, to one or more client devices of the user, a set of transaction factor attributes associated with the set of transaction factor values; receiving, from at least one of the one or more client devices of the user, a user-generated one-time password (UGOTP) generated based upon the set of transaction factor values and a token value; generating the token value according to a token generation algorithm; generating a local one-time password (LOTP) using the token value and the set of transaction factor values; determining that the UGOTP equals the LOTP; and transmitting, to the application, a message indicating that the UGOTP equals the LOTP. 10 . The non-transitory computer-readable storage medium of claim 9 , wherein the operations further comprise: receiving a second UGOTP generated based upon a second token value and a second set of one or more transaction factor values of a second transaction that a second user has requested the application to perform; generating the second token value according to the token generation algorithm; generating a second LOTP using the second token value and the second set of transaction factor values; and determining that the second UGOTP does not equal the second LOTP. 11 . The non-transitory computer-readable storage medium of claim 10 , wherein the operations further comprise: responsive to the determining that the second UGOTP does not equal the second LOTP, transmitting, a message causing a second client device of the second user to prompt the second user to attempt to authenticate again. 12 . The non-transitory computer-readable storage medium of claim 10 , wherein the operations further comprise: responsive to the determining that the second UGOTP does not equal the second LOTP, transmitting a second message to the application indicating that the second UGOTP does not equal the second LOTP. 13 . The non-transitory computer-readable storage medium of claim 9 , wherein: the received set of transaction factor values are received from the application via a gateway communicatively coupled between the one or more client devices of the user and the application; and the set of transaction factor values were transmitted by the application within a header field of a HyperText Transfer Protocol (HTTP) response message. 14 . The non-transitory computer-readable storage medium of claim 13 , wherein the transmitted message indicating that the second UGOTP equals the second LOTP is transmitted to the application via the gateway. 15 . The non-transitory computer-readable storage medium of claim 9 , wherein the set of transaction factor attributes are transmitted within a Short Message Service (SMS) message. 16 . An access manager server, comprising: one or more processors; and a non-transitory computer-readable storage medium storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: receiving, from an application executing at a separate computing device, a set of one or more transaction factor values, wherein each of the set of transaction factor values identifies an aspect of a transaction that a user has requested the application to perform; transmitting, to one or more client devices of the user, a set of transaction factor attributes associated with the set of transaction factor values; receiving, from at least one of the one or more client devices of the user, a user-generated one-time password (UGOTP) generated based upon the set of transaction factor values and a token value; generating the token value according to a token generation algorithm; generating a local one-time password (LOTP) using at least the token value and the set of transaction factor values; determining that the UGOTP equals the LOTP; and transmitting, to the application, a message indicating that the UGOTP equals the LOTP. 17 . The access manager server of claim
Assignees
Inventors
Classifications
- H04L63/0876Primary
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
- H04L63/0838Primary
using one-time-passwords · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
received data contents, e.g. message integrity · CPC title
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016285871A1 cover?
- Techniques are disclosed for providing and/or implementing utilizing declarative techniques for transaction-specific authentication. Certain techniques are disclosed herein that enable transaction signing using modular authentication via declarative requests from applications. An application can declaratively specify one or more transaction factor values to be used in an authentication, and the…
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0876. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Sep 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).