Correlating a task with commands to perform a change ticket in an IT system
US-9665718-B2 · May 30, 2017 · US
Authenticating application legitimacy
US9946874B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9946874-B2 |
| Application number | US-201514819627-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 6, 2015 |
| Priority date | Aug 6, 2015 |
| Publication date | Apr 17, 2018 |
| Grant date | Apr 17, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Facilities are provided herein to address application phishing by determining whether an application is a legitimate application it purports to be. Optical code(s) are displayed on a display device in association with an application to be authenticated for a user as being a legitimate application. Based on imaging the optical code(s) using a camera of a device of a user, data of the optical code(s) are obtained. It is automatically determines, based on the obtained data of the optical code(s), whether the application to be authenticated is authenticated as being the legitimate application, and based on this, an indication of whether the application is authenticated as being the legitimate application is provided for the user by the device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: obtaining, based on imaging at least one optical code using a camera of a device of a user, data of the at least one optical code, the at least one optical code being displayed on a display device in association with an application to be authenticated for the user as being a legitimate application; obtaining, by the device of the user separate from obtaining the data of the at least one optical code, dynamically generated optical code data, the dynamically generated optical code data also provided to the legitimate application by way of a trusted authentication entity associated with the legitimate application; comparing data of one optical code of the at least one optical code to the obtained dynamically generated optical code data; automatically determining, based on the obtained data of the at least one optical code, whether the application to be authenticated is authenticated as being the legitimate application, wherein the automatically determining authenticity of the application is based on the comparing; and providing for the user, by the device of the user, based on the automatically determining, an indication of whether the application to be authenticated is authenticated as being the legitimate application. 2. The method of claim 1 , wherein the at least one optical code comprises a first optical code displayed based on a launch of the application to be authenticated, wherein the automatically determining comprises identifying whether the first optical code conveys a user identity registered with a trusted authentication entity associated with the legitimate application as being a proper user identity for the user, and wherein the provided indication of the authenticity of the application is based at least in part on whether the first optical code conveys the user identity registered with the trusted authentication entity associated with the legitimate application. 3. The method of claim 2 , wherein based on the first optical code failing to convey the user identity registered with the trusted authentication entity of the legitimate application, the automatically determining determines that the application to be authenticated is not authenticated as being the legitimate application and the provided indication indicates that the application to be authenticated is not authenticated as being the legitimate application. 4. The method of claim 2 , wherein the identifying whether the first optical code conveys the user identity registered with the trusted authentication entity provides a provisional indication of authenticity of the application, the provisional indication subject to modification after a further determination of authenticity of the application, the further determination based on the obtaining the dynamically generated optical code data which is also provided to the legitimate application for display of the dynamically generated optical code in association with the legitimate application. 5. The method of claim 1 , wherein the obtaining the dynamically generated optical code data by the device of the user comprises receiving the dynamically generated optical code data from the trusted authentication entity, wherein the device of the user images the one optical code as it is displayed on the display device in association with the application to be authenticated in order to obtain the data of the one optical code for comparison to the dynamically generated optical code data. 6. The method of claim 1 , wherein the obtaining the dynamically generated optical code data comprises generating, by the device of the user, the dynamically generated optical code data, and wherein the method further comprises: providing by the device of the user the generated dynamically generated optical code data to the trusted authentication entity for provision to the legitimate application, wherein the device of the user images the one optical code as it is displayed on the display device in association with the application to be authenticated in order to obtain the data of the one optical code for comparison to the obtained dynamically generated optical code data. 7. The method of claim 1 , wherein the comparing indicates a match between the data of the one optical code and the dynamically generated optical code data, the match indicating that the one optical code is a dynamically generated optical code generated based on the dynamically generated optical code data provided to the legitimate application, and that the application to be authenticated is authenticated as being the legitimate application, based on provision of the dynamically generated optical code data to the legitimate application and based on the display, on the display device and in association with the application to be authenticated, of the dynamically generated optical code dynamically generated based on the dynamically generated optical code data. 8. The method of claim 1 , wherein the comparing indicates a mismatch between the data of the one optical code and the dynamically generated optical code data, the mismatch indicating that the one optical code was not dynamically generated based on the dynamically generated optical code data provided to the legitimate application, and that the application to be authenticated is not authenticated as being the legitimate application, based on provision of the dynamically generated optical code data to the legitimate application and based on a failure to display, on the display device and in association with the application to be authenticated, a dynamically generated optical code dynamically generated based on the dynamically generated optical code data. 9. The method of claim 1 , wherein the device comprises a wearable device, the application to be authenticated comprises a mobile application or a web application, and the indication comprises at least one visual, haptic, or audible indication for the user. 10. The method of claim 1 , wherein the at least optical code comprises computer readable encoded information and the data of the at least one optical code comprises decoded data decoded from the encoded information. 11. The method of claim 1 , wherein the method further comprises triggering, during boot of the device of the user, checking a digital signature of an application of the device of the user, and, based on verifying the digital signature as being correct, initiating execution of the application, wherein the application at least partially performs the obtaining, the automatically determining, and the providing. 12. The method of claim 1 , wherein an application running as a background application of the device of the user monitors for presence of an optical code in an imaging space proximate the device of the user, and wherein the obtaining, the automatically determining, and the providing are performed based on detecting presence of the optical code, the optical code being an optical code of the at least one optical code. 13. A computer program product comprising: a non-transitory computer readable storage medium readable by a processor and storing instructions for execution by the processor for performing a method comprising: obtaining, based on imaging at least one optical code using a camera of a device of a user, data of the at least one optical code, the at least one optical code being displayed on a display device in association with an application to be authenticated for the user as being a legitimate application; obtaining, by the device of the user separate from obtaining the data of the at least one optical code, dynamically generated optical code data, the dynamically generated optical code data
Assignees
Inventors
Classifications
Program or device authentication · CPC title
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
- H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
User authentication · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9946874B2 cover?
- Facilities are provided herein to address application phishing by determining whether an application is a legitimate application it purports to be. Optical code(s) are displayed on a display device in association with an application to be authenticated for a user as being a legitimate application. Based on imaging the optical code(s) using a camera of a device of a user, data of the optical cod…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 17 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).