US 12,284,176 B2
System and method of imaged based login to an access device
Najam Siddiqui, Pflugerville, TX (US); Asad Mahboob Ali, Austin, TX (US); and Benoît Famechon, Cedar Park, TX (US)
Assigned to THALES DIS CPL USA, INC.
Filed by THALES DIS CPL USA, INC., Austin, TX (US)
Filed on Sep. 30, 2022, as Appl. No. 17/957,037.
Prior Publication US 2024/0114022 A1, Apr. 4, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0853 (2013.01) [H04L 63/083 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method of image-based login authentication of a user on an access device using a mobile device registered to the user, comprising:
receiving login information at the access device;
determining an online mode, an offline mode and a partial offline mode, whereby
for the online mode, Internet access exists to an authentication server for both the mobile device and the access device, and no Internet access exists between the mobile device and the access device;
for the offline mode, no Internet access exists to the authentication server for both the mobile device and the access device, but Internet access exists between the mobile device and the access device;
for the partial offline mode, no Internet access exists to the authentication server for the mobile device, but Internet access exists to the authentication server via the access device, and Internet access exists between the mobile device and the access device;
selecting a mode for the access device from the group consisting of the online mode, the offline mode, and the partial offline mode;
displaying an image reference at the access device, the image reference being one among a plurality of image references provisioned at the mobile device and an authentication authority;
displaying the image reference selected by the authentication authority for matching at the mobile device along with other image references among the plurality of image references provisioned at the mobile device;
extracting, by the mobile device, an embedded dataset the embedded dataset comprising at least a challenge and transaction identifier from within the image reference at the mobile device, the image reference corresponding to a selection at the mobile device of one of the plurality of image references provisioned;
performing a cryptogram calculation at the mobile device using as input the embedded data set;
receiving according to the mode an authentication token corresponding to the selection and the cryptogram calculation, whereby
for the online mode, the mobile device submits said authentication token to the authentication server, and the access device then checks that the authentication server validated the authentication token;
for the offline mode, the mobile device submits said authentication token to the access device instead of the authentication server, and the access device validates the authentication token;
for the partial offline mode, the mobile device submits said authentication token to the access device instead of the authentication server, the access device then submits said authentication token to the authentication server, and the access device then checks that the authentication server validated the authentication token;
receiving further validation by the access device of a completed authentication that the selection matches the image reference displayed at the access device; and
allowing login at the access device if the authentication token is validated and said further validation was received.