FIELD OF INVENTION
[0001] The invention disclosed herein relates, in general, to an authentication device. More specifically, the present invention relates to an authentication device enabling a secure communication.
BACKGROUND
[0002] With the advent of e-Commerce, financial transactions over the internet have increased tremendously over the last decade. Some examples of online financial transactions include, but are not limited to, those related to online shopping, online transfer of funds from one bank account to another bank account and online donations. Security of such transactions is the utmost priority, as any information about such transactions in wrong hand could lead to disastrous results both for user and financial institutions. In addition to financial transactions, emails, online financial portfolios, Customer Relationship Management (CRM) profiles, and so forth would require high level of security.
[0003] Most commonly used technique for providing secure access is to associate a username and a password with an authentic user, such that access to the confidential data is provided only when the username and the password are entered during online access. Specifically in case of financial transactions, another layer of security is added in form of a transaction password. A user is required to enter the username and the password to access the bank account overview however, to make an online transaction the user is further required to enter a transaction password. The limitation of this method is that if an unauthentic user, for example, a hacker can get hold of the username, the password and the transaction password by breaching security of the system, then he can misuse these details for potentially disastrous results.
[0004] In another existing technique, generally used by financial institutions, security dongles are provided to authentic users. These security dongles are handy devices that are used to generate a real time temporary transaction password in conjunction with banks' servers. They also have a display unit to display these transaction passwords.
[0005] These security dongles have high cost primarily due to presence of screen. Moreover, they are inconvenient to carry, and are prone to failure due to improper handling.
[0006] According to the foregoing discussion, there is a need of a system, method and/or a device to enable secure communication between a network resource and a user over a network, while addressing one or more of above limitations.
BRIEF DESCRIPTION OF FIGURES
[0007] The features of the present invention, which are believed to be novel, are set forth with particularity in the appended claims. The invention may best be understood by reference to the following description, taken in conjunction with the accompanying drawings. These drawings and the associated description are provided to illustrate some embodiments of the invention, and not to limit the scope of the invention.
[0008] FIG. 1 is an illustration of an exemplary environment, where various embodiments of the present invention can be practiced;
[0009] FIGs. 2a and 2b are illustrations of an authentication device, in accordance with some embodiments of the present invention;
[0010] FIG. 3 is a block diagram of an authentication system working in conjunction with an electronic device, in accordance with some embodiments of the present invention;
[0011] FIG. 4 is an illustration depicting an exemplary implementation of some embodiments of the present invention;
[0012] FIG. 5 is a flow chart illustrating a method for secure access of a network resource hosted on a remote server through an electronic device, in accordance with some embodiments of the present invention; and
[0013] FIGs. 6a, 6b and 6c illustrate some exemplary embodiments of the authentication device with casing.
[0014] Those with ordinary skill in the art will appreciate that the elements in the figures are illustrated for simplicity and clarity and are not necessarily drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated, relative to other elements, in order to improve the understanding of the present invention.
[0015] There may be additional structures described in the foregoing application that are not depicted on one of the described drawings. In the event such a structure is described, but not depicted in a drawing, the absence of such a drawing should not be considered as an omission of such design from the specification.
SUMMARY
[0016] Various embodiments of the present invention provide a system, a method and an authentication device to enable a secure access of a network resource hosted on a remote server by an electronic device.
[0017] In one embodiment of the present invention, an authentication device is provided for enabling access to a network resource hosted on a remote server over a network. The authentication device enables access to the network resource through an electronic device. The
authentication device includes a Universal Serial Bus (USB) connector and a printed circuit board. The USB connector connects the authentication device to the electronic device. The printed circuit board includes an identity-unit configured to store identity information associated with the authentication device, and a network circuitry operatively coupled to the identity-unit. The network circuitry is capable of transmitting the identity information to the remote server when a predefine condition is satisfied, such that, a substantial access to the network resource is allowed when the identity information is verified by the remote server. The identity-unit and the network circuitry are directly mounted on the printed circuit board in a Chip-on-Board (CoB) construction.
[0018] In one aspect of this embodiment, the authentication device also includes a physical input mechanism being operated by a user of the authentication device.
[0019] In another aspect of this embodiment, the predefined condition is either an attempt to access the network resource, a fetching of the identity information by the remote server, a request by the remote server to obtain the identity information, or an input to a physical input mechanism provided on the authentication device.
[0020] In another aspect of this embodiment, the network circuitry is also capable of wirelessly communicating with a remote device to obtain the identity information.
[0021] In another aspect of this embodiment, the authentication device also includes a casing to securely hold the authentication device. Some examples of a form factor of the casing include, but are not limited to, a conventional credit or debit card-shape form factor, a cap-less sliding form factor, a rotating form factor and a capped form factor.
[0022] In a second embodiment of the present invention, an authentication system for enabling access to a network resource over a network by an electronic device is provided. The authentication system includes an authentication device capable of being connected to the electronic device. The authentication device includes a Universal Serial Bus connector for connecting the authentication device to the electronic device and a printed circuit board. The printed circuit board includes an identity-unit configured to store an identity information associated with the authentication device, and a network circuitry operatively coupled to the identity-unit. The network circuitry is capable of transmitting the identity information over the network when a predefine condition is satisfied, wherein each of the identity-unit and the network circuitry is directly mounted on the printed circuit board in a Chip-on-Board (CoB) construction.
[0023] The authentication system further includes a remote server hosting the network resource. The remote server includes a receiver, a database and a processor. The receiver is capable of receiving a primary authentication information from the electronic device and the
identity information from the authentication device. The database includes a plurality of reference identity information associated with a plurality of authentication devices, and a plurality of reference primary authentication information associated with the plurality of authentication devices. The processor is capable of comparing the primary authentication information with the plurality of reference primary authentication information and the identity information with the plurality of reference identity information, and allowing a substantial access to the network resource based on the comparison.
[0024] In an aspect of this embodiment, the predefined condition is either an attempt to access the network resource, a fetching of the identity information by the remote server, a request by the remote server to obtain the identity information, or an input to a physical input mechanism provided on the authentication device.
[0025] In another aspect of this embodiment, the network circuitry is further capable of wirelessly communicating with a remote device to obtain the identity information.
[0026] In a third embodiment of the present invention, a method for secure access of a network resource hosted on a remote server through an electronic device is provided. The method includes receiving a communication request from the electronic device to access the network resource and obtaining an identity information associated with an authentication device connected to the electronic device via a Universal Serial Bus connector.
[0027] The authentication device stores the identity information associated with itself, and transmits the identity information to the remote server. One or more components of the authentication device are mounted using a Chip-on-Board (CoB) construction.
[0028] Thereafter, the method includes comparing the primary authentication information with a plurality of reference primary authentication information and the identity information with a plurality of reference identity information, and providing substantial access to the network resource based on the comparison.
[0029] In an aspect of this embodiment, the method also includes transmitting instructions to the electronic device to seek a primary authentication information and receiving primary authentication information from the electronic device prior to obtaining the identity information.
[0030] In an aspect of this embodiment, obtaining the identity information includes receiving the identity information.
[0031] In another aspect of this embodiment, obtaining the identity information includes fetching the identity information from the authentication device.
[0032] In yet another aspect of this embodiment, obtaining the identity information includes transmitting instructions to the electronic device to seek the identity information, and receiving the identity information from the electronic device.
DESCRIPTION OF THE EXEMPLARY EMBODIMENTS
[0033] Before describing the present invention in detail, it should be observed that the present invention utilizes a combination of apparatus components related to an authentication device, an authentication system and a method of secure access of a network resource. Accordingly the apparatus components have been represented where appropriate by conventional symbols in the drawings, showing only specific details that are pertinent for an understanding of the present invention so as not to obscure the disclosure with details that will be readily apparent to those with ordinary skill in the art having the benefit of the description herein.
[0034] While the specification concludes with the claims defining the features of the invention that are regarded as novel, it is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawings, in which like reference numerals are carried forward.
[0035] As required, detailed embodiments of the present invention are disclosed herein; however, it is to be understood that the disclosed embodiments are merely exemplary of the invention, which can be embodied in various forms. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present invention in virtually any appropriately detailed structure. Further, the terms and phrases used herein are not intended to be limiting but rather to provide an understandable description of the invention.
[0036] The terms "a" or "an", as used herein, are defined as one or more than one. The
term "another", as used herein, is defined as at least a second or more. The terms "including" and/or "having" as used herein, are defined as comprising (i.e. open transition). The term "coupled" or "operatively coupled" as used herein, is defined as connected, although not necessarily directly, and not necessarily mechanically.
[0037] The term "authentication device" and "USB based authentication device" have been used interchangeably in the specifications. These terms are used interchangeably, as required, to enhance the flow of the specifications and increase the ease of understanding of the disclosure.
[0038] In accordance with one of the embodiments of the invention, a Universal Serial Bus (USB) based authentication device is provided for secure access of a transaction portal of a bank over the Internet by an authentic user. The transaction portal is hosted on the bank's server. The authentic user opens the home page of bank's website on a computer, and inputs the username and password for his account. The user also connects the USB based authentication device into to the USB port of the computer. In addition to username / password, the identity information (for example, a secure code) provided by the USB based authentication device is verified by the
bank's server. The identity information, i.e., the secure code in the USB based authentication device can also be updated on a real time basis through a satellite.
[0039] After the verification, the access the transactions portal is granted. In some cases, the authentic user may forget the USB based authentication device connected to the computer, and therefore increasing the chances of misuse by someone who may be able to remotely hack the computer. To prevent misuse in such situations, a physical input mechanism, for example, a button is also provided on the USB based authentication device. The secure code is not transmitted unless the authorized user pressed the button, therefore, eliminating the chances of remote misuse. Since, the USB based authentication device is a small form factor device, in some situations the authentic user associated with it may misplace, mishandle or lose it. To prevent such situations, the USB based authentication device can also have a suitable casing which is in an easy-to-carry form, for example, a key ring and a conventional credit card shaped case with slots to carry authentication device. Such a conventional credit card shaped casing can be easily kept inside a wallet.
[0040] It should be understood that above example is for illustration purpose only. Actual implementation of the invention may include few or all of the above features. Also, actual implementation of the invention can include additional features not included in the above example.
[0041] Referring now to the drawings, there is shown in FIG. 1 an illustration of an exemplary environment 100, where various embodiments of the present invention can be practiced. The exemplary environment 100 is shown to include an electronic device 102 connected to a remote server 104 over a network 106. The remote server 104 is shown to host a network resource 108. For ease of understanding the electronic device is shown to be a laptop computer, however after going through the subsequent description, it will be readily apparent to those skilled in the art that the present invention can be practiced in an environment with other electronic devices as well, for example, a desktop computer, a mobile phone, a Personal Digital Assistant (PDA) and the like.
[0042] In the exemplary environment 100, a user of the electronic device 102 wants to access the network resource 108 hosted on the remote server 104. The network resource 108 is a confidential resource that should only be accessed by an authorized user. For example, the network resource 108 can be an overview information of the bank account of the authorized user with the 'XYZ Bank' or the transaction portal of the bank account of the authorized user with the 'XYZ Bank'.
[0043] Those skilled in the art will appreciate that the exemplary environment 100 may include all or a few components shown in FIG. 1. Further, those skilled in the art will understand
that the exemplary environment 100 may include additional components that are not shown here and are not germane to various embodiments of the present invention.
[0044] FIGs. 2a and 2b are illustrations of the authentication device, in accordance with some embodiments of the present invention. The authentication device is used to enable secure access of a network resource, for example, a bank's transaction portal, hosted on a remote server, for example, the bank's server, through an electronic device to which the authentication device is connected, for example, a laptop computer, by an authentic user associated with the authentication device.
[0045] Those skilled in the art will appreciate that the authentication device 200a or 200b may include all or a few components shown in FIGs. 2a and 2b. Further, those skilled in the art will understand that the authentication device 200a or 200b may include additional components that are not shown here and are not germane to the operation of the authentication device 200a or 200b, in accordance with the invention arrangements. To describe the authentication device 200a or 200b, reference will be made to FIGs. 1, 2a, 2b, 3, 4, 5 and 6, although it is understood that the authentication device 200a or 200b can be used in any other suitable environment or arrangement.
[0046] FIG. 2a depicts the authentication device 200a, which is shown to include a Universal Serial Bus (USB) connector 202 and a printed circuit board (PCB) 204. The USB connector 202 is used to connect the authentication device 200a to an electronic device, for example, the electronic device 102 (Refer FIG. 3 and 4).
[0047] The PCB 204 is shown to include an identity-unit 206 and a network circuitry 208. Both the identity-unit 206 and the network circuitry 208 are mounted on the PCB 204 using Chip-On-Board (COB) techniques. In COB technique the identity-unit 206 and the network circuitry 208 are mounted directly on the PCB 204 and then encapsulated by a molding material hermetically. The PCB 204 may include slots to facilitate placing of the identity-unit 206 and the network circuitry 208, and one or more embedded connectors for electrically connecting the identity-unit 206 and the network circuitry 208 placed on these slots in a pre-defined manner.
[0048] One or more perforations are formed on the PCB 204. The perforations may, for example, be formed at pre-defined locations and of pre-defined size and/or shape. For example, the size of the perforations may range from 1 mm to 4 mm. The perforations are coated with an affinitive material, for example, silver. Then, a solder paste is dispensed on the slots on the PCB 204
[0049] Subsequently, the identity-unit 206 and the network circuitry 208 are placed in one slot each. Thereafter, the solder paste is be cured, for example, in an environment, where the PCB 204, with the identity-unit 206 and the network circuitry 208, may be heated to a preset
temperature. Accordingly, the solder paste melts and holds the identity-unit 206 and the network circuitry 208 on the PCB 204.
[0050] Thereafter, an epoxy molding compound may, for example, be transfer molded over the identity-unit 206 and the network circuitry 208. Accordingly, the epoxy molding compound fills in and adheres to the perforations, thereby encapsulating the identity-unit 206 and the network circuitry 208 hermetically. The epoxy molding compound protects the identity-unit 206 and the network circuitry 208 from mechanical and chemical damage.
[0051] This enables, the COB constructed PCB 204 and therefore, the authentication device 200a to be more secure, highly reliable, shock resistant, water resistant and robust.
[0052] Additionally, a component mounted using COB process requires less space, therefore the PCB 204 of a small size may be used. The authentication device 200a, can accordingly be, miniature in size, and therefore, easy to handle and use.
[0053] The identity-unit 206 is configured to store an identity information associated with the authentication device 200a. Example of identity-unit 206 is a memory that stores a secure code. In an exemplary embodiment, the authentication device 200a may be a secure transaction device provided to a person 'A' for secure access of a bank's transaction portal. In such exemplary embodiments, the identity information stored in the identity-unit 206 may be a code that identifies and authenticates the person 'A' to bank's server.
[0054] The network circuitry 208 is operatively coupled to the identity-unit 206, i.e., the network circuitry 208 and the identity-unit 206 are connected to each other and operate in conjunction with each other. They may or may not be connected directly and/or mechanically, but their operation may involve exchange of information and signals with each other.
[0055] The network circuitry 208 is capable of transmitting the identify information stored
in the identity-unit 206 over a network when the authentication device 200a is connected to an electronic device 102 that is present on the network. The network circuitry 208 transmits the identity information to a remote server 104 (Refer FIG. 4) located on the network. In an exemplary embodiment, the network circuitry 208 is a transmitter/receiver.
[0056] In an embodiment, the network circuitry 208 is capable of making wireless contact with a remote device to acquire the identity information valid for a specific period of time, i.e., a temporary identity information, and store it in the identity-unit 206. The temporary identity information is acquired from the remote device, for example, a satellite, which is also communicating with the remote server, for example, the bank's server. Therefore, substantially simultaneous to the exchange of the temporary identity information between the remote device and the network circuitry 208, the remote device also updates a database of reference identity information on the remote server accordingly. Accordingly, if the user makes a transaction using
the authentication device 200a with the temporary identity information, the remote server can verify the user. The temporary identity information remains valid for the specific period of time after which it becomes invalid, and the network circuitry 208 then acquires another temporary identity information from the remote device. This embodiment enhances the security of transactions since the identity information keeps changing after the specific period of time.
[0057] The transmission of the identity information by the network circuitry 208 is elaborated with an example of a banking transaction. When the person 'A' intends to make a banking transaction, then he/she first opens a home page of the bank's website on a computer that is connected to the internet, and provides a user name and a password corresponding to his/her account. Subsequently or simultaneously, the person 'A' also connects the authentication device 200a into to the USB port of the computer. Then, the network circuitry 208 transmits a code stored in the identity-unit 206 to bank's server. In an embodiment, the network circuitry 208 transmits the code when an attempt is made to access the network resource 108, i.e., when the person 'A' clicks on a Login link. In another embodiment, the remote server 104 fetches the identity information from the network circuitry 208. transmits the code when an attempt is made to access the network resource 108. In another embodiment, the network circuitry 208 receives a request from the remote server 104 to transmit the identity information and the network circuitry 208 accordingly transmits the same. The identity information then may be compared with data stored in a database at the remote server hosting the transaction portal of the bank. On successful verification, the person 'A' may be given an access to the transaction portal of the bank.
[0058] Functionality of network circuitry 208 is explained in detail in conjunction with FIG. 5.
[0059] FIG. 2b depicts the authentication device 200b, which is shown to include all the components of authentication device 200a and a physical input mechanism 210. The physical input mechanism 210 is capable of being operated by a user of the authentication device 200b. The physical input mechanism 210 is another security functionality added to the authentication device 200b.
[0060] Continuing with the example of the secure transaction device mentioned above, if the person 'A' forgets to remove the authentication device from the computer. In such an exemplary scenario, there are chances of misuse of the authentication device as well as the network resource, i.e., the bank's transaction portal, by someone who may be able to remotely hack the computer. A hacker may hack the computer and capture the username and password by multiple means like key-stroke identification, after which, the hacker may only need the identity information to access the bank's transaction portal. To prevent automatic transmission of the identity information from the authentication device, and hence prevent such misuse, the physical
input mechanism 210 is provided in the authentication device 200b embodiment of the present invention. In this embodiment, i.e., the authentication device 200b, the identify information is not transmitted to the remote server, i.e., the bank's server unless the authentic person, i.e., person 'A' provides an input to the physical input mechanism 210, thereby, eliminating the chances of remote misuse. Even if the hacker is able to hack the username and the password, he may not be able to remotely activate the physical input mechanism 210, which requires a physical input, and thereby requires someone to be physically present to provide the physical input. Examples of the physical input mechanism 210 include, but are not limited to, a push button.
[0061] The authentication device 200a or 200b may also include a casing to securely hold them. Examples of the form factor of the casing may include, but are not limited to, a card-shape form factor, a cap-less sliding form factor, a rotating form factor and a capped form factor. The FIGs. 6a, 6b and 6c show some examples of the authentication device 200a or 200b along with casing. FIG. 6a shows the authentication device 200a in the cap-less sliding form factor casing 602. FIG. 6b shows the authentication device 200a in the rotating form factor casing 604. FIG. 6c shows the authentication device 200a in the card-shape form factor casing 606. The card-shape form factor casing 606 is substantially similar to a conventional credit or debit card in size and form. It has one or more slots, for example, two slots shown in the card-shape form factor casing 606 to hold USB devices like the authentication device 200a or 200b or other similar devices like a USB flash drive, etc. The card-shape form factor casing 606 can be carried in a wallet or a credit or debit card holder or another similar holder which a user generally carries regularly, thereby reducing the chances of misplacing the authentication device 200a or 200b.
[0062] Although most of the embodiments are described with reference to the authentication device 200a, it will be readily apparent to those with ordinary skill in the art that these embodiments are equally valid and applicable to the authentication device 200b or any other variation of the authentic device 200a in accordance with the present invention.
[0063] Referring now to FIG. 3, there is shown a block diagram of an authentication system 300 working in conjunction with the electronic device 102, in accordance with some embodiments of the present invention. The authentication system 300 enables secure access to the network resource 108 hosted on the remote server 301 by the electronic device 102, which is connected to the network 106 (Refer remote server 104 in Fig. 1) to which the remote server 301 is also connected.
[0064] Those skilled in the art will appreciate that the authentication system 300 may include all or a few components shown in FIG. 3. Further, those skilled in the art will understand that the authentication system 300 may include additional components that are not shown here
and are not germane to the operation of the authentication system 300, in accordance with the invention arrangements. To describe the authentication system 300, reference will be made to FIGs. 1,2a, 2b, 3, 4, 5 and 6, although it is understood that the authentication system 300 can be used in any other suitable environment or arrangement.
[0065] The authentication system 300 is shown to include the authentication device 200a and a remote server 301. Although the authentication system 300 is shown to include the authentication device 200a it will be readily apparent to those skilled in the art that the authentication system 300 can include the authentication device 200b without deviating from the scope of the present invention. For the purpose of easy description, the authentication system 300 will be described with reference to the authentication device 200a.
[0066] The authentication device 200a and remote server 301 are shown to be working in conjunction with the electronic device 102 through which the access to the network resource 108 is provided. The authentication device 200a functions substantially similar to as described in conjunction with FIG. 2a and 2b.
[0067] The remote server 301 is shown to include the network resource 108, a receiver 302, a database 304 and a processor 306. The receiver 302 is capable of receiving a primary authentication information from the electronic device 102 and the identity information from the authentication device 200a. The database 304 includes a plurality of reference identity information and a plurality of reference primary authentication information associated with a plurality of authentication devices. The plurality of reference identity information and the plurality of reference primary authentication correspond to the valid or authentic users, who have been provided with the authentication devices. Referring to the banking transaction example mentioned above, the plurality of reference identity information may be an indexed list of the secure codes corresponding to the USB authentication devices provided to the authentic or valid users of the bank. Similarly, the plurality of reference primary authentication information may, for example, be an indexed list of the usernames, the passwords and/or a combination of numbers mentioned on the credit or debit card of the authentic or valid users of the bank. The processor 306 compares the primary authentication information with the plurality of valid primary authentication information and the identity information with the plurality of reference identity information, and allows substantial access to the network resource 108 accordingly. For example, in an embodiment, the access may be limited to a specific portion of the network resource 108 only. And for subsequent access, the remote server 301 may again obtain the identity information.
[0068] The functionality of the receiver 302, database 304 and the processor 306 is explained in detail in conjunction with FIG. 5.
[0069] FIG. 4 is an illustration depicting an exemplary implementation 400 of some embodiments of the present invention. The exemplary implementation 400 shows an authentication device 200a in the form of a USB device 200a, which is connected to the electronic device 102 in the form of a laptop 102. A user associated with the USB device 200a may use the laptop 102 to access the transaction portal of XYZ Bank, which is the network resource 108 hosted on the remote server 301. The remote server 301 is similar in components and functioning as explained in conjunction with FIG. 3 and FIG. 5.
[0070] FIG. 5 is a flow chart illustrating a method 500 for secure access of a network resource 108 hosted on a remote server 301 through an electronic device 102, in accordance with some embodiments of the present invention. To describe the method 500, reference will be made to FIGs. 1, 2, 3 and 4 although it is understood that the method 500 can be implemented in any other suitable environment. Moreover, the invention is not limited to the order in which the steps are listed in the method 500.
[0071] For example, when the person 'A' intends to make a banking transaction, then he/she first opens a home page of the bank's website on a computer that is connected to the internet, and provides a user name and a password corresponding to his/her account. Subsequently or simultaneously, the person 'A' also connects the authentication device 200a into to the USB port of the computer. Then, the network circuitry 208 transmits the identity information stored in the identity-unit 206 to bank's server. The identity information may be compared with a database of reference identity information and the person 'A' may be given an access to the transaction portal of the bank if the identity information is verified.
[0072] The method 500 is initiated at step 502. At step 504, a communication request is received from the electronic device 102 to access the network resource 108. The request is received at the receiver 302 of the remote server 301. For example, when the person 'A' intends to make a banking transaction, and therefore needs to access the transaction portal of the bank, then he/she first opens a home page of the bank's website on a computer and clicks on a 'Login', 'Signin' or a similar link/button. This action by the person 'A' sends a communication request to the bank's server that the computer is requesting an access to the transaction portal.
[0073] Then at step 506, instructions to seek primary authentication information are sent to the electronic device 102 by the remote server. Examples of the primary authentication information may include but are not limited to a username and a password of the user. For example, the bank's server transmits instructions to display a Login page requiring input of the username and the password by the person 'A' on the computer.
[0074] At step 508, the primary authentication information is received from the electronic device 102. The primary authentication information is received at the receiver 302 of the remote
server 301. For example, when the person 'A' provides the username and the password on the Login page, these details are transmitted from the computer to the bank's server, and accordingly received at the bank's server.
[0075] Thereafter, at step 510, the identity information associated with the authentication device 200a connected to the electronic device 102 is obtained from the authentication device 200a. The identity information associated with the authentication device 200a is an important mandatory information required by the remote server 301 to allow the electronic device 102 to access the network resource 108. The identity information is also received at the receiver 302 of the remote server 301. For example, the person 'A' will have to connect the USB based authentication device, provided to the person 'A' by the XYZ bank, to the computer through the USB port of the computer. The person 'A' may connect the USB based authentication device before, simultaneously or subsequent to providing the username and the password, i.e., the primary authentication information. The bank's server obtains the identity information from the USB based authentication information as a mandatory information to provide access to the transaction portal.
[0076] In an embodiment, the identity information is passively received. For example, whenever the person 'A' provides the username and the password, the USB based authentication device automatically transmits the identity information as well without requiring any specific request from the bank's server. In another example, the USB based authentication device automatically transmits the identity information to the bank's server as soon as the Login link is clicked by the person 'A', i.e., when an attempt is made to access the network resource.
[0077] In another embodiment, the authentication device 200a is passive, and the remote server 301 fetches the identity information from the authentication device 200a.
[0078] In another embodiment, instructions are transmitted from the remote server 301 to the electronic device 102 to seek the identity information from the authentication device 200a and the identity information is accordingly received from the authentication device 200a via electronic device 102. For example, the bank's server may request the USB based authentication device to send the identity information via the computer. As a response, the USB based authentication device may transmit the identity information as per a predefined protocol, which is then received at the bank's server.
[0079] At the authentication device 200a the identity-unit 204 stores the identity information, and the network circuitry 206 transmits the identity information stored in the authentication device 200a to the receiver 302 of the remote server 301 in accordance with one or more of the embodiments described in the foregoing description of the step 510.
[0080] In one aspect of the method 500, when the authentication device has a physical input mechanism, like, the authentication device 200b with the physical input mechanism 210, or a button 210, the identity information is received only when a user provides input to the physical input mechanism 210, i.e., pushes the button 210.
[0081] Thereafter, at step 512, the primary authentication information is compared with a plurality of reference primary authentication information and the identity information is compared with a plurality of reference identity information. The comparison is performed by the processor 306. The database 304 stores the plurality of reference primary authentication information, i.e., the usernames and the corresponding passwords for all the valid or authentic users who have access to the network resource 108 hosted on the remote server 301. The database 304 also stores the plurality of reference identity information, i.e., the identity information corresponding to all the valid or authentic users who have access to the network resource 108 hosted on the remote server 301. The processor 306 compares the identity information and the primary authentication information received by the receiver 302 with the database, to identify authenticity of the user. In an embodiment, the processor 306 also compares that the identity information and the primary authentication information correspond to the same valid or authentic user to identify the authenticity of the user.
[0082] For example, a processor on the bank's server may compare the received username, password and the identity information with the usernames and the passwords of the indexed list of their customers or authentic users.
[0083] At step 514, the processor 306 allows the electronic device 102 the access to the network resource 108 based on the comparison, i.e., when the authenticity of the user is identified. In an embodiment, substantial but not complete access may be provided, i.e., the access may be limited to a specific portion of the network resource 108 only and for subsequent access, the remote server 301 may again obtain the identity information. For example, the access to the bank's transaction portal may be limited to one transaction only and for any subsequent transaction the bank's server may require obtaining the identity information again. In another example, the substantial access may include access to an overview, a dashboard or a login page of the transaction portal and not the complete transaction portal.
[0084] Thereafter, the method is terminated at step 516.
[0085] Various embodiments, as described above, provide an authentication device, an authentication system and a method for enabling secure access of a network resource hosted on a remote server through an electronic device, which provide several advantages. One of the several advantages of some embodiments of the present invention is elimination of manual input in entering the additional security information, for example, a secure code, during secure
communications over a network. Additionally, the present invention eliminates the need of a user to remember or store the additional security information, thereby, preventing the theft of such information. Further, in some embodiments, the invention also eliminates the remote misuse of the additional security information by hacking, as in some embodiments the invention includes a physical input mechanism to ensure physical presence of a user. Additionally, the PCB of the authentication device of the present invention has components constructed or mounted by COB technique, thereby making the authentication device highly reliable, shock resistant, water resistant and robust.
[0086] While the invention has been disclosed in connection with the preferred embodiments shown and described in detail, various modifications and improvements thereon will become readily apparent to those skilled in the art. Accordingly, the spirit and scope of the present invention is not to be limited by the foregoing examples, but is to be understood in the broadest sense allowable by law.
[0087] All documents referenced herein are hereby incorporated by reference.

WE CLAIMS
1. An authentication device for enabling access to a network resource, the network resource
being accessed over a network through an electronic device, and the network resource being
hosted on a remote server, the authentication device comprising:
a Universal Serial Bus connector for connecting the authentication device to the electronic device; and
a printed circuit board comprising:
an identity-unit configured to store an identity information, the identity information being associated with the authentication device; and
a network circuitry operatively coupled to the identity-unit, the network circuitry being capable of transmitting the identity information to the remote server when a predefined condition is satisfied, wherein a substantial access to the network resource is allowed when the identity information is verified by the remote server, and wherein each of the identity-unit and the network circuitry is directly mounted on the printed circuit board in a Chip-on-Board (CoB) construction.
2. The authentication device as recited in claim 1 further comprising a physical input mechanism being operated by a user of the authentication device.
3. The authentication device as recited in claim 1, wherein the predefined condition is at least one of:
an attempt to access the network resource;
a fetching of the identity information by the remote server;
a request by the remote server to obtain the identity information; and
an input to a physical input mechanism provided on the authentication device.
4. The authentication device as recited in claim 1, wherein the network circuitry is further
capable of wirelessly communicating with a remote device to obtain the identity information.
5. The authentication device as recited in claim 1 further comprising a casing to securely hold the authentication device, wherein a form factor of the casing is selected from the group comprising a conventional credit or debit card-shape form factor, a cap-less sliding form factor, a rotating form factor and a capped form factor.
6. An authentication system for enabling access to a network resource by an electronic device, the network resource being accessed over a network, the authentication system comprising:
an authentication device capable of being connected to the electronic device, comprising:
a Universal Serial Bus connector for connecting the authentication device to the electronic device; and
a printed circuit board comprising:
an identity-unit configured to store an identity information, the identity information being associated with the authentication device; and
a network circuitry operatively coupled to the identity-unit, the network circuitry being capable of transmitting the identity information over the network when a predefine condition is satisfied, wherein each of the identity-unit and the network circuitry is directly mounted on the printed circuit board in a Chip-on-Board (CoB) construction;
a remote server hosting the network resource, the remote server comprising:
a receiver capable of receiving a primary authentication information from the electronic device and the identity information from the authentication device;
a database comprising:
a plurality of reference identity information associated with a plurality of authentication devices; and
a plurality of reference primary authentication information associated with the plurality of authentication devices;
a processor capable of:
comparing the primary authentication information with the plurality of reference
primary authentication information and the identity information with the plurality
of reference identity information; and
allowing a substantial access to the network resource based on the comparing.
7. The authentication system as recited in claim 6, wherein the predefined condition is at
least one of:
an attempt to access the network resource;
a fetching of the identity information by the remote server;
a request by the remote server to obtain the identity information; and
an input to a physical input mechanism provided on the authentication device.
8. The authentication device as recited in claim 6, wherein the identity-unit is further capable of wirelessly communicating with a remote device to obtain the identity information.
9. A method for secure access of a network resource hosted on a remote server through an electronic device, the method comprising:
receiving a communication request from the electronic device to access the network resource;
obtaining an identity information associated with an authentication device connected to the electronic device, wherein the authentication device stores the identity information associated with the authentication device, further wherein the authentication device transmits the identity information to the remote server, and wherein one or more components of the authentication device are mounted using a Chip-on-Board (CoB) construction;
comparing the primary authentication information with a plurality of reference primary authentication information and the identity information with a plurality of reference identity information; and
providing substantial access to the network resource based on the comparison.
10. The method as recited in claim 9 further comprising:
transmitting instructions to the electronic device to seek a primary authentication information; and
receiving the primary authentication information from the electronic device prior to obtaining the identity information.
11. The method as recited in claim 9, wherein obtaining the identity information comprises fetching the identity information from the authentication device.
12. The method as recited in claim 9, wherein obtaining the identity information comprises receiving the identity information from the authentication device.
13. The method as recited in claim 9, wherein obtaining the identity information comprises:
transmitting instructions to the electronic device to seek the identity information; and
receiving the identity information from the electronic device.