Soft-token authentication system with token blocking after entering the wrong PIN
US10979226B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 16, 2019 |
| Grant date | Apr 13, 2021 |
| Priority date | — |
| Expiry date | Apr 16, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L9/3273
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system for authenticating a user and his local device to a secured remote service with symmetrical keys, which utilizes a PIN from the user and a unique random value from the local device in such a way that prevents the remote service from ever learning the user's PIN, or a hash of that PIN. The system also provides mutual authentication, verifying to the user and local device that the correct remote service is being used. At the same time, the system protects against PIN guessing attacks by requiring communication with the said remote service in order to verify if the correct PIN is known. Also, the system works in such a way as to change the random value stored on the user's local device after each authentication session.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.