Secure authentication of a user of a device during a session with a connected server

Assignee

• BEHA VIOSEC INC · US

Inventors

• Neil Costigan · Carlow, IE
• Ingo Deutschmann · Merseburg, DE
• Tony Libell · Luleå, SE
• Johanna Skarpman Munter · Luleå, SE
• Peder Nordström · Luleå, SE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/68
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method for secure authentication of a user to a service for executing a transaction, the method being implemented in a system including a user device including a FIDO-client, a FIDO-server of a relying party providing the service, a behaviometric server and a web server associated with the relying party, the method including a preparation stage and an authentication stage. In the preparation stage a TLS-connection is established between the user device and the web-server, behavioral input data is collected from user device, and a transaction initiation message is transmitted to the behaviometric server. In the authentication stage, behaviometric data received in the transaction initiation message is compared to a second set of behaviometric data to determine whether the data matches, and if the data matches, the transaction is authenticated by the FIDO server.