Browse Prior Art Database

Augmented Personal Information Management System with Two-factor Authentication Security

IP.com Disclosure Number: IPCOM000236231D
Publication Date: 2014-Apr-14
Document File: 7 page(s) / 253K

Publishing Venue

The IP.com Prior Art Database

Abstract

The present invention combines native authentication key of the user’s primary personal device as a second factor for the user of the personal information management system in addition to the password authentication. Using the present registration and migration method, the system allow user to define a primary personal device. The primary personal device authenticate the user to the Server with two-factor authentication using both device authentication key and user password, and non-primary devices authenticate the user to the Server with single-factor authentication using only user password. The primary personal device is allowed for full operations, while any non-primary device is only allowed to prepare change operations including Create/Update/Delete in addition to public operations allowed to everyone. The primary personal device is notified and prompt for commit or rollback changes when it is logged in to the Server and there are uncommitted changes saved on the Server. The present invention can be leveraged to implement a network system recording user’s important personal information like personal medical information.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 32% of the total text.

Page 01 of 7

Augmented Personal Information Management System with Two

Augmented Personal Information Management System with Two-

The present invention relates to authentication and authorization of network based personal information management systems. All network based systems including social network services, network games and Emails have an authentication system. Typically a one-factor password authentication system is not secure enough because it is easy to be compromised by brute-force, password guessing and social engineering attack. But one-factor password authentication system is still widely used for network systems because it is much easier for deployment, registration and management than two-factor authentication systems. A typical two-factor system is password, i.e. something legitimate user knows, plus a token generating dynamic password, i.e. something legitimate user possesses. Though such two-factor authentication scheme is more secure, it is difficult to distribute the hardware token during user registration and difficult to management when the token is lost. Also it's not convenient for user to always keep different tokens from different service providers. With both security and easy management consideration in mind, the present invention is designed to be an authentication and authorization system with easy registration and management, and at the same time supporting almost the same security level as two-factor authentication as well.

The present invention combines native authenticationkey of the user's primary personal device as a second factor for the user of the personal information management system in addition to the password authentication. The invention presents a method to implement apersonal information management system including a Server subsystem and as many client device as user's will. Using the present registration and migration method, the system allow user to define aprimary personal device. The primary personal device authenticate the user to the Server with two-factor authentication using both device authentication key and user password, and non-primary devices authenticate the user to the Server with single-factor authentication using only user password. According to the authentication approach, Server discriminate primary personal device from non-primary devices and gives them different authorizations to access the personal information. The primary personal device is allowed for full operations, while any non-primary device is only allowed to prepare change operations including Create/Update/Delete in addition to public operations allowed to everyone. The primary personal device is notified and prompt for commit or rollback changes when it is logged in to the Server and there are uncommitted changes saved on theServer. If the user rollback the changes from non-primary devices, the user is also warned by the primary personal device that the there should be a risk that the user's password for the person...