Usable security of online password management with sensor-based authentication
US9858402B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 21, 2015 |
| Grant date | Jan 2, 2018 |
| Priority date | — |
| Expiry date | Aug 29, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/082
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A multi-party security protocol that incorporates biometric-based authentication and withstands attacks against any single party (e.g., mobile phone, cloud, or the user). The protocol involves the function split between mobile and cloud and the mechanisms to chain-hold the secrets. A key generation mechanisms binds secrets to a specific device or URL (uniform resource locator) by adding salt to a master credential. An inline CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) handling mechanism uses the same sensor modality as the authentication process, which not only improves the usability, but also facilitates the authentication process. This architecture further enhances existing overall system security (e.g., handling untrusted or compromised cloud service, phone being lost, impersonation, etc.) and also improves the usability by automatically handling the CAPTCHA.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.