Risk information output device, information output system, risk information output method, and recording medium
US-2024414180-A1 · Dec 12, 2024 · US
Anonymous authentication and remote wireless token access
US9614845B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9614845-B2 |
| Application number | US-201514687327-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 15, 2015 |
| Priority date | Apr 15, 2015 |
| Publication date | Apr 4, 2017 |
| Grant date | Apr 4, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Provided is a method for operating an authentication server for authenticating a user who is communicating with an enterprise via a network. The method include receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator. When the authentication service later receives, from the enterprise, a request to authenticate the user, the authentication server transmits an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device. The information received from the low energy wireless device in response to the authentication request is then used authenticate the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of operating an authentication server for authenticating a user who is communicating with an enterprise via a network, comprising: establishing, via the network, an enterprise account with the enterprise by generating and storing an enterprise account identifier; establishing, via the network, a user device account with the user device by storing authentifiers received using the user device and storing the authentifiers in association with a device identifier associated with the user device; generating, after establishing the user device account with the user device, a first asymmetric key pair and storing one key of the first asymmetric key pair and transmitting the other key of the first asymmetric key pair to the user device; generating, after establishing the user device account and the enterprise account, a relationship account that associates the user device identifier and the enterprise account identifier using a relationship identifier; transmitting the relationship identifier to the user device; receiving, after transmitting the relationship identifier to the user device, one key of a second asymmetric key pair from the user device and transmitting the one key of the second asymmetric key pair to the enterprise with the relationship identifier; receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator; receiving, from the enterprise, a request to authenticate he user; transmitting an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device; receiving, from the user device via the network, the information received from the low energy wireless device in response to the authentication request; and authenticating the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator, wherein the information received from the low energy wireless device is encrypted by the user device using the other key of the second asymmetric key pair. 2. The method of claim 1 , wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator; and wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user. 3. The method of claim 1 , further comprising: receiving, via the network, a second authenticator from the user device, and storing the second authenticator; transmitting an authentication request to the user device via the network requesting the second authenticator; and receiving, from the first user device via the network, an authenticator in response to the authentication request requesting the second authenticator, authenticating the user by comparing the received second authenticator with the stored second authenticator, wherein the authentication request transmitted to the user device via the network requesting that the user read information from the low energy wireless device using the user device is transmitted in response to the user being authenticated using the second authenticator. 4. The method of claim 3 , wherein the first information from the low energy wireless device is hashed and the hashed output is stored as the authenticator as the stored authenticator; and wherein the information received from the low energy wireless device due to the authentication request is hashed and the hashed output is compared to the hashed output stored as the authenticator to authenticate the user. 5. A method of operating an authentication server for securely exchanging information between a user device and an enterprise via a network, comprising: receiving, via the network, a request from the enterprise to obtain information from a low energy wireless device associated with a user; sending the request to obtain information from the low energy wireless device to the user device associated with the user; receiving information from the low energy wireless device read using the user device, the information encrypted by the user device; transmitting the encrypted information to the enterprise; receiving, via the network, second information from the enterprise with a request to transmit the second information from the user device to the low energy wireless device to be encrypted using the low energy wireless device; transmitting, via the network, the second information and the request to encrypt the second information to the user device; and receiving the second information encrypted by the low energy wireless device; and transmitting the encrypted second information to the enterprise. 6. The method of claim 5 , further comprising: receiving, via the network, an authenticator from the user device, and storing the authenticator; transmitting an authentication request to the user device via the network requesting the authenticator; receiving, from the user device via the network, an authenticator in response to the authentication request requesting the authenticator; and authenticating the user by comparing the received authenticator with the stored authenticator, wherein the request to obtain information from the low energy wireless device is sent in response to the user being authenticated using the authenticator received from the user device. 7. The method of claim 5 , further comprising: receiving, via the network, an authenticator from the user device, and storing the authenticator; transmitting an authentication request to the user device via the network requesting the authenticator; receiving, from the user device via the network, an authenticator in response to the authentication request requesting the authenticator; and authenticating the user by comparing the received authenticator with the stored authenticator, wherein the second information and the request are transmitted to the user device in response to the user being authenticated using the authenticator received from the user device. 8. The method of claim 5 , further comprising: receiving one key of an asymmetric key pair from the user device and transmitting the one key to the enterprise without storing the one key, wherein the second information received from the enterprise is encrypted using an other key of the asymmetric key pair and is transmitted as encrypted second information to the user device with the request. 9. The method of claim 5 , further comprising: receiving one key of an asymmetric key pair from the user device and transmitting the one key to the enterprise without storing the one key, wherein the information received from the low energy wireless device read using the user device is encrypted by the user device using an other key of the asymmetric key pair. 10. The method of claim 5 , further comprising: establishing, via the network, an enterprise account with the enterprise by generating and storing an enterprise account identifier; establishing, via the network, a user device account with the user device by storing authenticators received using the user device and storing the authenticators in association with a device identifier associated with the user device; generating, after establishing the user device account with the user device, a first asymmetric key pair and storing one key of the first asymmetric key pair and transmitting the other key of the first asymmetric key pair to the user device; generating,
Assignees
Inventors
Classifications
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication · CPC title
- H04L63/0876Primary
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9614845B2 cover?
- Provided is a method for operating an authentication server for authenticating a user who is communicating with an enterprise via a network. The method include receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator. When the authentication service later receives, f…
- Who is the assignee on this patent?
- Authentify Inc, Early Warning Services Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0876. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).