Search

US-12621158-B2 - Two factor authentication devices with accessibility features

US12621158B2US 12621158 B2US12621158 B2US 12621158B2US-12621158-B2

Abstract

Two-factor authentication code generation devices are described which include accessibility features and/or additional authentication features to ensure an identity of a user.

Inventors

  • Amy Christine Ulrich

Assignees

  • WELLS FARGO BANK, N.A.

Dates

Publication Date
20260505
Application Date
20240219

Claims (20)

  1. 1 . A two-factor authentication code generation device comprising: a near-field communication (NFC) reader; a memory storing a first public key; a speaker; a hardware circuit, the hardware circuit configured to perform operations comprising: identifying a NFC enabled card was presented to the near-field communication reader; responsive to the identifying the NFC enabled card was presented: generating a nonce; transmitting the nonce to the NFC enabled card; receiving a digital signature from the NFC enabled card responsive to transmission of the nonce; receiving a first signed certificate from the NFC enabled card through the near-field communication reader; decrypting the first signed certificate using the first public key to obtain a second public key; receiving a second certificate from the NFC enabled card through the near-field communication reader; decrypting the second certificate with the second public key to obtain a third public key; decrypting the digital signature using the third public key to obtain a second nonce; comparing the nonce and second nonce; responsive to determining that a comparison result indicates that the nonce and the second nonce match: converting a two-factor authentication code into human speech; and playing the human speech through the speaker; wherein one or more of the converting of the two-factor authentication code and the playing the human speech through the speaker occur only when the comparison result indicates that the nonce and the second nonce match.
  2. 2 . The two-factor authentication code generation device of claim 1 , further comprising: a button; and wherein the operations comprise playing the human speech through the speaker only responsive to activation of the button.
  3. 3 . The two-factor authentication code generation device of claim 1 , further comprising: a grid of a plurality of electromagnetic pins actuatable to extend from the two-factor authentication code generation device, and wherein the operations further comprise: actuating ones of the electromagnetic pins in a defined pattern to represent the two-factor authentication code.
  4. 4 . The two-factor authentication code generation device of claim 3 , wherein the defined pattern is Braille.
  5. 5 . The two-factor authentication code generation device of claim 1 , further comprising: a haptic feedback unit; and wherein the operations further comprise: actuating the haptic feedback unit in a defined pattern to represent the two-factor authentication code.
  6. 6 . The two-factor authentication code generation device of claim 1 , further comprising: a biometric reader; a memory to store a biometric template; wherein the operations further comprise: receiving a biometric sample from the biometric reader; comparing the biometric sample to the biometric template; and wherein generating the two-factor authentication code is performed only upon a comparison result indicating that the biometric template and the biometric sample match within a threshold amount.
  7. 7 . The two-factor authentication code generation device of claim 6 , wherein the biometric reader is one of: a fingerprint reader, an iris scanner, or a facial recognition camera.
  8. 8 . A two-factor authentication code generation method comprising: utilizing a hardware circuit to perform operations comprising: identifying a NFC enabled card was presented to a near-field communication reader; responsive to the identifying the NFC enabled card was presented: generating a nonce; transmitting the nonce to the NFC enabled card; receiving a digital signature from the NFC enabled card responsive to transmission of the nonce; receiving a first signed certificate from the NFC enabled card through the near-field communication reader; decrypting the first signed certificate using a first public key stored in a memory to obtain a second public key; receiving a second certificate from the NFC enabled card through the near-field communication reader; decrypting the second certificate with the second public key to obtain a third public key; decrypting the digital signature using the third public key to obtain a second nonce; comparing the nonce and second nonce; responsive to determining that a comparison result indicates that the nonce and the second nonce match: converting a two-factor authentication code into human speech; and playing the human speech through a speaker; wherein one or more of the converting of the two-factor authentication code and the playing the human speech through the speaker occur only when the comparison result indicates that the nonce and the second nonce match.
  9. 9 . The two-factor authentication code generation method of claim 8 , further comprising outputting a control signal to cause the speaker to play the human speech only responsive to activation of a button communicatively coupled to the hardware circuit.
  10. 10 . The two-factor authentication code generation method of claim 8 , wherein the operations further comprise: actuating ones of a grid of a plurality of electromagnetic pins actuatable to extend from a two-factor authentication code generation device in a defined pattern to represent the two-factor authentication code.
  11. 11 . The two-factor authentication code generation method of claim 10 , wherein the defined pattern is Braille.
  12. 12 . The two-factor authentication code generation method of claim 8 , wherein the operations further comprise: actuating a haptic feedback unit in a defined pattern to represent the two-factor authentication code.
  13. 13 . The two-factor authentication code generation method of claim 8 , wherein the operations further comprise: receiving a biometric sample from a biometric reader; comparing the biometric sample to a stored biometric template; and wherein generating the two-factor authentication code is performed only upon a comparison result indicating that the biometric template and the biometric sample match within a threshold amount.
  14. 14 . The two-factor authentication code generation method of claim 13 , wherein the biometric reader is one of: a fingerprint reader, an iris scanner, or a facial recognition camera.
  15. 15 . A two-factor authentication code generation device comprising: a near-field communication (NFC) reader; a memory storing a first public key; a speaker; a hardware circuit, the hardware circuit configured to perform operations comprising: identifying a NFC enabled card was presented to the near-field communication reader; responsive to the identifying the NFC enabled card was presented: reading a signed static application data from the NFC enabled card; reading an item of static data from the NFC enabled card; reading a first certificate from the NFC enabled card through the near-field communication reader; decrypting the first certificate using the first public key to obtain a second public key; decrypting the signed static application data with the second public key; verifying that a portion of the decrypted signed static application data matches the item of static application data; responsive to determining that the portion of the decrypted signed static application data matches the item of static application data: converting a two-factor authentication code into human speech; and playing the human speech through the speaker; wherein one or more of the converting of the two-factor authentication code and the playing the human speech through the speaker occur only when the comparison result indicates that the nonce and the second nonce match.
  16. 16 . The two-factor authentication code generation device of claim 15 , further comprising: a button; and wherein the operations comprise playing the human speech only responsive to activation of the button.
  17. 17 . The two-factor authentication code generation device of claim 1 , further comprising; a grid of a plurality of electromagnetic pins actuatable to extend from the two-factor authentication code generation device; and wherein the operations further comprise: actuating ones of the electromagnetic pins in a defined pattern to represent the two-factor authentication code.
  18. 18 . The two-factor authentication code generation device of claim 17 , wherein the defined pattern is Braille.
  19. 19 . The two-factor authentication code generation device of claim 15 , further comprising: a haptic feedback unit; and wherein the operations further comprise: actuating the haptic feedback unit in a defined pattern to represent the two-factor authentication code.
  20. 20 . The two-factor authentication code generation device of claim 15 , further comprising: a biometric reader; a memory to store a biometric template; wherein the operations further comprise: receiving a biometric sample from the biometric reader; comparing the biometric sample to the biometric template; and wherein generating the two-factor authentication code is performed only upon a comparison result indicating that the biometric template and the biometric sample match within a threshold amount.

Description

TECHNICAL FIELD The present invention relates generally to the field of electronic security and, more specifically, to devices designed to facilitate two-factor authentication (2FA) processes. BACKGROUND Two-factor authentication is a security mechanism that requires two distinct forms of identification in order to access a protected electronic resource such as a system or data. This method adds an additional layer of security to the standard single-factor authentication, which typically involves only a username and password or personal identification number (PIN). Two factor-authentication typically also requires a two-factor authentication code. The two-factor authentication code is a time-varying code that changes at fixed intervals. The two-factor authentication code may be generated by an algorithm in an authentication server and also a matching code may be generated by an algorithm executing in a device of the user. The codes may be algorithmically derived based upon a common seed value that is known to the server and the device of the user. The codes may be generated by a device of the user such as a mobile device. In some examples, these codes may also be generated through the use of specialized devices called security fobs. A security fob, also known as a security token, is a physical device that an authorized user carries to grant access to a secured resource. These fobs may display the second factor two-factor authentication code, known as a one-time password (OTP), which the user must enter in conjunction with their known password to complete the authentication process. BRIEF DESCRIPTION OF THE DRAWINGS In the drawings, which are not necessarily drawn to scale, like numerals may describe similar components in different views. Like numerals having different letter suffixes may represent different instances of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document. FIGS. 1-3 illustrate example two-factor authentication code generation device according to some examples of the present disclosure. FIG. 4 illustrates a logical block diagram of a two-factor authentication code generation device according to some examples of the present disclosure. FIG. 5 illustrates a flowchart of a method of providing a OTP according to some examples of the present disclosure. FIG. 6 is a block diagram illustrating an example of a machine upon which one or more embodiments may be implemented. DETAILED DESCRIPTION Traditional two-factor authentication code generation devices suffer from a number of problems. One of those problems stems from the lack of accessibility features. For example, two-factor authentication code generation devices in the form of a key fob display the two-factor authentication code on a display such as a liquid crystal display. Users who have sight impairments may have difficulty or be unable to see such displays. Disclosed herein are two-factor authentication code generation devices, methods, and machine-readable mediums which provide alternative user interfaces for providing the two-factor code. In some examples, the two-factor authentication code generation device may include a speaker and number-to-speech logic that reads out the two-factor authentication code audibly. In other examples, the two-factor authentication code generation device may include an electromechanical device that provides the digits of the two-factor authentication code as raised dots according to a specified format, such as Braille. In still yet other examples, the device may provide haptics that provides a series of vibrational indicators that communicate the digits of the two-factor authentication code as vibrations whose value is indicated by either or both of the intensity, pattern, and/or location of the vibrations. In some examples, the two-factor authentication code generation device may have a combination of different user interfaces, such as one or more of: a display, a haptic feedback device, a speaker, an electromechanical device, and the like. In some examples, the two-factor authentication code generation device may adapt to a particular context of the user. For example, if the user is in a public place where the two-factor authentication code may be overheard by another person, the system may switch to a haptic or electromechanical delivery mechanism to deliver the two-factor authentication code. The determination of which output device if the device has multiple output devices to use may be made by the user, or may be made based upon the location of the device. For example, at home, the device may have location profiles that select the output based upon a location of the device. The location may be determined, in some examples, using a receiver on the device for a Global Navigation Satellite System (GNSS). Another problem with traditional two-factor authentication code generation devices is the lack of st