Browse Prior Art Database

Use of short-lived one-time passwords to identify and link sessions or context for multi-channel interactions related to an application shared by multiple users

IP.com Disclosure Number: IPCOM000238378D
Publication Date: 2014-Aug-21
Document File: 4 page(s) / 1M

Publishing Venue

The IP.com Prior Art Database

Abstract

This article describes a scheme in which short-lived one-time passwords are used to identify and link sessions/context for multi-channel interactions related to an application shared by multiple users. In this description the focus is on sharing between two users, but the same scheme could be used to link sessions between multiple users. Also the application could exist for the sole purpose of sharing information, for example for the purpose of getting help from a call center. The real activity could be completely unrelated to the application (e.g., I have a product that is not working properly and I want to show a picture or video to a remote expert to simplify the discussion).

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

Use of short -lived one-time passwords to identify and link sessions or context for multi-channel interactions related to an application shared by multiple users

    To make use of the scheme for linking sessions described in this article, the application being used is extended to generate request codes that are associated with a particular user and session. These request codes have a limited lifetime and can be shared with other users (e.g., a call center operator) to share the user's context. Depending on the security requirements of the application the request codes can be viewed as a simple identifier to refer to a session so that multiple users can be linked, or it can be viewed as a one-time password that can be used to provide access to other users within a limited time.

Scenario: Embodiment 1: mobile App + call center

   1. A smart phone user is making use of an App provided by a company for some function. The App may use authentication or can also operate stateless. The authentication and security mechanisms associated with using this App are outside the scope of this disclosure.

   2. The App may store context and state information related to the user's on-going session in the server-side back-end systems supporting the App.

   3. A smart phone App user has encountered a problem or has a question and needs support. The App includes a button that can be used to generate a one-time password that is valid for a limited length of time. When the user selects this feature, the app requests a unique one-time password from the server-side back-end systems and displays it on the smart phone.

   4. Either through the App or by placing a call manually the user makes a phone call to the call center that provides support for that App.

   5. The operator is also logged into the application for purposes of providing support. Again the authentication and security mechanisms required to protect the operator's session are outside the scope of this disclosure.

   6. The user provides the one-time password to the operator (this could be via the phone ke...