TECHNICAL FIELD
[0001] The present subject matter relates, in general, to remote user authentication, and
particularly, but not exclusively, to methods and devices of remote user authentication through short distance wireless communication.
BACKGROUND
[0002] Computing devices, such as desktop computers, laptops, and tablets, have become
popular for daily activities of many users. Nowadays, users increasingly rely upon such devices for performance of a wide-range of online transactions, such as online-banking, online-auctions, online-shopping, accessing social-websites, sending and receiving e-mails, and etc. For the online transactions, the users of the computing devices usually access their accounts through web, by providing login credentials, such as a username, a password, and other identifiers. Further, in some cases, the users may have to manually provide the login credentials on computing devices, say, desktop computers, located in a public area or an unsanitized environment, which may cause vulnerability to the user's information security and creates opportunities for parties to steal and misuse the login credentials.
SUMMARY
[0003] This summary is provided to introduce concepts related to a remote user
authentication, which is further described below in the detailed description. This summary is neither intended to identify essential features of the claimed subject matter nor is it intended for use in determining or limiting the scope of the claimed subject matter.
[0004] Method(s) and device(s) for authenticating a user through a short distance
wireless communication. In one embodiment, the method comprises receiving instructions from a user at a hand-held device to communicatively pair the hand-held device to a computing device. The pairing is performed through a short distance wireless communication link. Further, based on the received instructions, a online account is identified from a plurality of online accounts stored in the hand-held device. The login information associated with the identified online account are retrieved from the hand-held device, where the login information may include

a Uniform Resource Location (URL) address, login credentials, such as a user ID, a username, a password, and other information. The retrieved login information is then transmitted from the hand-held device to the computing device, to authenticate the user.
BRIEF DESCRIPTION OF DRAWINGS
[0005] The detailed description is described with reference to the accompanying figures.
In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to reference like features and components.
[0006] Fig. 1 illustrates a computing environment implementing an application deployed
on a hand-held device, according to one embodiment of the present subject matter.
[0007] Fig. 2 illustrates a computing environment of the application deployed on a
computing device, according to another embodiment of the present subject matter.
[0008] Fig. 3(a) illustrates exemplary interaction instances of the computing device and a
hand-held device, according to an embodiment of the present subject matter.
[0009] Fig 3(b) illustrates a call-flow diagram indicating a data transfer process between
the computing device and the hand-held device, according to an embodiment of the present subject matter.
[0010] Fig. 4 illustrates a method for remotely authenticating a user, according to one
embodiment of the present subject matter.
DETAILED DESCRIPTION
[0011] Nowadays, users are increasingly relying on Internet for accessing a plurality of
online services through a computing device, such as desktop computers, laptops, and tablets, to perform a wide-range of online transactions. In an example, the online transaction may include, but is not limited to, online-banking, online-auctions, online-shopping, accessing social-websites, and exchange e-mails. Each of the online accounts may be accessed through separate web portals. Such web portals may often require the users to provide their login credentials, such as a

user ID, a username, a password, or other identifiers, for accessing their online accounts through a manually activated interface, such as a keyboard.
[0012] This login credentials based accessing over different online accounts is
inconvenient for the users and creates opportunities for malicious parties to steal the login credentials key-stroked on computing devices, say, desktop computers, located in a public area. For example, a malware present on the desktop computer may log keystrokes associated with the login credentials. In order to overcome this issue, the users may regularly change the password, associated with the login credentials, to a different password immediately after being used in the unsanitized environment. Also, the user may have many such online accounts to manage. Thus, changing of the password may result in a large number of passwords for the users to manage for several such online accounts. Furthermore it may also be the case that the users forget their passwords, and therefore can find themselves unable to access their online accounts when required.
[0013] To address this issue, users may choose write down their passwords in accessible
locations on their computing devices, but this creates a security risk as an unauthorized access of the users’ devices may reveal the login information. Another partial solution is the use of a password manager application on the computing devices, but this only works on a computing device on which the password manager application is installed, or on a computing device that is synchronized thereto. This leaves the users unable to access their online accounts from other computing devices, such as those implemented in hotel business centres, internet cafes, libraries, etc.
[0014] In accordance with the present subject matter, methods and devices are provided
for remote user authentication. According to the present subject matter, a hand-held device implements a method to allow users to authenticate themselves at a computing device over a short distance wireless communication. The hand-held device may include, but is not limited to, a tablet computer, a Phablet, a mobile phone, a Personal Digital Assistant (PDA), and a Smart phone.
[0015] In one implementation, when a user intends to access his/her online account on
the computing device, the user may provide login information for the intended online account

from the hand-held device to the computing device. For providing the login information to the computing device, the hand-held device may include a login information (LI) feeder unit. The LI feeder unit may receive instructions from the user to provide the login information on the computing device. In an example, the user may provide the instructions by providing a single input on the hand-held device. The single input may include one of a single touch, one keystroke, speech, and one scroll.
[0016] In one implementation, based on the instructions received from the user, the LI
feeder unit may communicatively pair the hand-held device and the computing device. The pairing may be performed over a short distance wireless communication link, such as Bluetooth, infrared (Ir), Ir simple, Ir simple shot (IrSS), ultra wide band (UWB), Piconet, Wibree, Zigbee, Acoustics, and the like.
[0017] Once the hand-held device and the computing device are paired, the LI feeder unit
may identify, based on an input of the user, the online account from a plurality of online accounts stored in the hand-held device. Based on the identification, the LI feeder unit retrieves the login information associated with the identified online account from the hand-held device. In an example, the login information may be stored in an encrypted form in the hand-held device, and may need to be decrypted when the login information is retrieved. The retrieved login information is then transmitted, by the LI feeder unit, from the hand-held device to the computing device for user authentication.
[0018] In an example, the login information may include, but is not limited to, a Uniform
Resource Location (URL) address, login credentials, and other information. In an example, the login credentials may include a user ID, a username, a password, and other identifiers. In addition to the URL address and the login credentials, the login information may also include a policy attribute that is usually set for managing an application running on the computing device. Further, the login information may also include a txnMode attribute, used to convey the computing device whether the data transmission from the hand-held device is in encrypted-form or plain-text-form. In the said example, the login information, including the URL address, the login credentials, the policy attribute, txnMode attribute and the other information, is transmitted from the hand-held device to the computing device for remote user authentication. In another example, the user may manually open the URL address on the computing device and only the

login credentials are transmitted from the hand-held device to the computing device, for user authentication.
[0019] In an example, before transmitting the login information, the LI feeder unit may
provide the user with an option to transmit the login information in either an encrypted-form or in a plain-text-form using the txnMode attribute. In case the user sets the txnMode attribute, then the LI feeder unit may encrypt the login information before transmitting it. Otherwise, resetting the txnMode attribute makes the LI feeder unit to transmit the login information in plain-text-form from the hand-held device to the computing device.
[0020] Therefore, the LI feeder unit deployed on the hand-held device may facilitate in
sharing the login information, including the URL address, the login credentials, the policy attribute, the txnMode attribute, and the other information, through the short distance wireless communication link. This may facilitate in, secure transmission of the login information from the hand-held device to the computing device. The URL address transmitted along with the login information may then automatically open the web portal associated with the online account on the computing device. Further, the login credentials transmitted along with the login information may then get automatically filled-in in the web portal opened using the URL address associated with the online account, at the computing device.
[0021] Accordingly, the LI feeder unit securely stores the plurality of online accounts,
along with their URL address, the login credentials, the policy attribute and the other information, in an encrypted-form in the hand-held device. The URL address, the login credentials, the policy attribute, the txnMode attribute and the other information may be shared by the hand-held device with any computing device for accessing an online account. The users may share the URL address, the login credentials and the other information with a single touch on the hand-held device without remembering them. The single touch may prevent a malware from logging keystrokes or grabbing screenshots of the keystrokes.
[0022] In this way, access to user's private information stored at remote web portal can be
controlled so that an intended user alone can access the confidential information associated with the intended user. Thus, remote user authentication can be made secure and chances of confidential information being exposed to unsanitized environment can be reduced considerably.

[0023] The above-mentioned method(s) and device(s) are further described in
conjunction with the following figures. It should be noted that the description and figures merely illustrate the embodiments of the present subject matter. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described or shown herein, embody the embodiments of the present subject matter and are included within its spirit and scope. Furthermore, all embodiments recited herein are principally intended expressly to be only for pedagogical purposes to aid the reader in understanding the embodiments of the present subject matter and the concepts contributed by the inventor(s) to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the present subject matter, as well as specific examples thereof, are intended to encompass equivalents thereof.
[0024] Methods and devices for authenticating a user through a short distance wireless
communication are described herein with reference to the figures. The methods of the present subject matter can be implemented in various hand-held devices with computing and communication capabilities along with multi-tasking functionalities. Although the description herein is with reference to smart-phones, the methods may be implemented in other hand-held devices, albeit with a few variations, as will be understood by a person skilled in the art.
[0025] Fig. 1 illustrates, as an example, a computing environment 100, for authenticating
a user through a short distance wireless communication, according to one embodiment of the present subject matter.
[0026] The computing environment 100 described herein may include a plurality of
authentication servers out of which one authentication server 102 is shown for the sake of simplicity. In an example, the authentication server 102 may be a web server, data server, database or file. Further, in an example, the authentication server 102 can manage access to a plurality of web portals associated with a plurality of online accounts, such as bank accounts, multiple credit card accounts, gift card accounts, email accounts, and etc.
[0027] In one implementation, the authentication server 102 is connected to plurality of
computing devices, out of which only one computing device 104 is shown, in Fig. 1, for the sake

for simplicity. Examples of the computing device 104 may include, but is not limited to, workstation, personal computer, desktop computer, personal digital assistant (PDA), laptop computer, notebook, smart television set, automated teller machine (ATM), and the like.
[0028] In an example, the authentication server 102 and the computing device 104 are
connected over a network 106 via wired, wireless, optical, or other types of network connections. The network 106 may be a single network or a combination of multiple networks. The network 106 may include one or more area networks, such as a local area network (LAN), a wide area network (WAN), an intranet, the internet, or any other type of network. In an example, the network 106 may include a mobile communication network, for example, 2G, 3G or 4G mobile communication networks.
[0029] In one implementation, when the user intends to access a web portal associated
with an online account through the computing device 104, the user may provide instructions to a login information (LI) feeder unit 108 deployed on a hand-held device 110. In an example, the LI feeder unit 108 may be a mobile application implemented on the hand-held device 110. Examples of the hand-held device 110 may include, but not limited to, tablet computer, Phablet, mobile phone, personal digital assistance (PDA), Smartphone, and the like. In one implementation, the hand-held device 110 can be a non near field communication (non-NFC) mobile phone. The hand-held device 110 may include processor(s) 112, interface(s) 114, and a memory 116. The processor 112 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. The processor 112 is coupled to the memory 116. Among other capabilities, the processor 112 is provided to fetch and execute computer-readable instructions and/or applications stored in the memory 116.
[0030] The interface(s) 114 may include a variety of application programs and hardware
interfaces, for example, a network interface allowing the hand-held device 110 to interact with the computing devices. Further, the interface(s) 114 may enable the hand-held device 110 to communicate with other computing devices, such as web servers and external repositories or databases. The interface(s) 114 can also facilitate multiple communications within a wide variety

of networks and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or satellite.
[0031] The memory 116 can include any non-transitory computer-readable medium
known in the art including volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
[0032] In one implementation, the hand-held device 110 may include module(s) 118. The
module(s) 118 may be coupled to the processor(s) 112 and amongst other things, may include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types. In another implementation, some or all of the module(s) 118 may be present on a non-transitory computer readable medium that is internal or external to the hand-held device 110. In such an implementation, a processing resource, such as the processor 112 or a processor of any other computing device, may access the modules from the non-transitory computer readable medium, and may fetch and execute instructions corresponding to the modules.
[0033] The module(s) 118 includes the LI feeder unit 108, including a manager module
120, a connection module 122, and an authentication module 124, and other module(s) 126. In an example, the LI feeder unit 108 deployed on the hand-held device 110 may be a password protected application. The LI feeder unit 108 may be deployed to use a communication protocol of the hand-held device 110 to communicate with the computing device 104. The LI feeder unit 108 may manage the online accounts and login information associated with the online accounts, on the hand-held device 110. Further, the other module(s) 128 may include programs or coded instructions that supplement applications and functions of the hand-held device 110. It will be appreciated that such modules may be represented as a single module or as a combination of different modules.
[0034] In an example, the LI feeder unit 108 may interface with sensors, such as
accelerometer, gyroscope, proximity senor, touch screen, located on the hand-held device 110. The data from these sensors may be used to detect the user interaction happening on the hand-

held device 110. Presuming if the user is out of interaction scope, the LI feeder unit 108 may lock itself and await for the instructions from the user. This may secure the unauthorized usage of the LI feeder unit 108 in case the user is out of the interaction scope of the hand-held device 110.
[0035] In one implementation, the manager module 120 of the LI feeder unit 108 may be
configured to receive a plurality of online accounts along with login information associated with the plurality of online accounts, from a user. In an example, the manager module 120 may manage the plurality of online accounts on the hand-held device 110. In the said example, the manager module 120 may facilitate the user to create a new online account, delete an existing online account, sort existing online accounts, search existing online account or edit existing online account. In another example, the manager module 120 may also facilitate the user to manage the login information associated with the plurality of online accounts on the hand-held device 110. The login information may include, but is not limited to, a URL address of a online account, login credentials, a policy attribute, a txnMode attribute and other information. In an example, the login credentials may include a user ID, a username, and a password. Further, the manger module 120 may store the plurality of online accounts along with login information on a shared memory allocated to the LI feeder unit 108, where the said shared memory is allocated by an operating system of the hand-held device 110.
[0036] In an example, the manager module 120 may encrypt the login information of the
online account before storing on the hand-held device 110. The manager module 120 may encrypt the login credentials using the state of art IBE (Identity Based Encryption: which is certificate-less and no key exchange scheme). The IBE is a type of public key encryption in which the public key of the user, is used for encryption and the encrypted data can only be decrypted by using the private key of the user. The login information is stored in an encrypted-form to prevent a malware from determining the online account’s login information.
[0037] In one implementation, the hand-held device 110 may include data 128. The data
128 serves, amongst other things, as a repository for storing data processed, received and generated by one or more of the modules 118. The data 128 includes, for example, encrypted data 130 and other data 132.

[0038] Further, in one implementation the LI feeder unit 108 may receive instructions
from the user, when the user intends to access a web portal of any online account on the computing device 104. In an example, the user may provide the instructions by providing a single input on the hand-held device 110. The single input may include one of a single touch, one keystroke, speech, and one scroll. Based on the instructions provided by the user, the connection module 122 of the LI feeder unit 108 may communicatively pair the hand-held device 110 and the computing device 104. The pairing may be performed over a short distance wireless communication link 136, such as Bluetooth, infrared (Ir), Ir simple, Ir simple shot (IrSS), ultra wide band (UWB), Piconet, Wibree, Zigbee, Acoustics and the like. In an example, the short distance wireless communication link 136 is established by the hand-held device 110 after validation of the computing device 104. The short distance wireless communication link 136 is validated based on medium access control (MAC) address, personal identification number (PIN), password, and the like. In this way, a secure communication between the hand-held device 110 and the computing device 104 is ensured.
[0039] Once the hand-held device 110 and the computing device 104 are paired, the
authentication module 124 of the LI feeder unit 108 may identify, based on the instructions provided by the user, the online account to be accessed from a plurality of online accounts stored in the hand-held device 110. Based on the identification, the authentication module 124 retrieves the login information associated with the identified online account from the hand-held device 110. In an example, since the login information is stored in an encrypted-form, the manager module 120 may decrypt the login information when the login information is retrieved. The retrieved login information is then transmitted from the hand-held device 110 to the computing device 104, over the short distance wireless communication link 136.
[0040] In an example, in case the login information include a URL address along with the
login credentials of the identified online account, the authentication module 124 may transmit the URL address and the login credentials from the hand-held device 110 to the computing device 104. The computing device 104 may then automatically access the web portal through the URL address, received along with the login credentials. In another example, in case the login information does not include a URL address, the user may open the web portal associated with the online account by manually entering the URL address of the web portal on the computing

device 104. In the said example, only the login credentials are transmitted from the hand-held device 110 to the computing device 104.
[0041] In an example, as described earlier, at the time of transmission of the login
information, the manager module 120 may provide the user with an option to transmit the login information in either an encrypted-form or in a plain text-form by setting or resetting the txnMode attribute. In case the user sets the txnMode attribute, the manager module 120 may then encrypt the login information using IBE scheme before transmitting it. In such IBE scheme, the manager module 120 may encrypt login information, such as the URL address, login credentials, and the policy attribute, by using the public key of the computing device 104. The encrypted login information along with the txnMode attribute, for example, encrypted URL address, encrypted login credentials, and encrypted policy attribute, is then transmitted from the handheld device 110 to the computing device 104. In the said example, a login information (LI) receiving unit deployed on the computing device 104 may decrypt the received encrypted login information using the computing device's private key, as explained in detail later with reference to Fig. 2.
[0042] Further, upon receipt of the login information on the computing device 104, the
login credentials transmitted along with the login information may then get automatically filled-in the web portal opened using the URL address associated with the online account, at the computing device 104. It will be understood that the login credentials may be then transmitted from the computing device 104 to the authentication server 102. At the authentication server 102, the login credentials received from the hand-held device 110 are validated against correctness. In case the login credentials received form the hand-held device 110 are authenticated, the user can be provided with an access to confidential information associated with the online account against which the user is authenticated.
[0043] Accordingly, the user may store the URL and login credentials in the hand-held
device 110, and then use them to access a plurality of online accounts on the computing device 104 with providing just a single input on the hand-held device 110 without remembering them. The single input may prevent malware from logging keystrokes or grabbing screenshots of the keystrokes. The hand-held device 110 may then automatically fill up credentials fields in web portals associated with the online accounts and allow the users to access the online accounts.

This ensures that the access to confidential information stored at the authentication server 102 can be so controlled that an intended user alone can access the confidential information associated with the intended user. Thus, in this way, the remote user authentication can be made secure and chances of confidential information being shared with unauthorized persons can be reduced considerably.
[0044] Fig. 2 illustrates, as an example, a computing environment 200, for remote user
authentication through a short wireless communication, according to another embodiment of the present subject matter. Fig. 3(a) and 3(b) illustrate exemplary interaction instances of the computing device 104 and the hand-held device 110, in accordance with an embodiment of the present subject matter.
[0045] In Fig. 2, devices and units that are the same as their counterparts shown in Fig.
1 are provided with the same reference numerals and are not explained in detail hereunder for the sake of simplicity. The computing environment 200 may include a plurality of authentication servers out of which one authentication server 102 is shown. Similarly, the computing environment 200 may include a plurality of computing devices out of which one computing device 104 is shown. In an example, the authentication server 102 and the computing device 104 are connected over the network 106 via wired, wireless, optical, or other types of network connections.
[0046] Further, in an example, the authentication server 102 may store and manage
access to a plurality of web portals associated with a plurality of online accounts. In one implementation, the authentication server 102 may provide access to his/her online account based on the login credentials provided by the user. The user can provide the login credentials by accessing a web portal of the online account on any of a plurality of computing devices. In Fig. 2, only one computing device 104 is shown for the sake of simplicity.
[0047] In accordance with the present subject matter, the computing device 104 may
receive login information, including a txnMode attribute, URL address, login credentials, a policy attribute and other information, from the LI feeder unit 108 implemented on the hand-held device 110 depending on user’s instructions. In an example, the LI feeder unit 108 may facilitate the user to create a new online account, delete an existing online account, sort existing online

accounts, search existing online account or edit existing online account. The online accounts may include login information, for example, a URL address of a online account, a policy attribute, login credentials, including a user ID, a username, and a password, and other information. Further, in an example, the LI feeder unit 108 may store the online accounts along with their login information on the hand-held device 110 in an encrypted form.
[0048] In accordance with the present subject matter, when a user intends to access a
online account on the computing device 104, the user may transmit the login information associated with the online account to the computing device 104 using the LI feeder unit 108. The LI feeder unit 108 may pair the computing device 104 and the hand-held device 110 using the standard pairing procedures. The pairing is performed over a short distance wireless communication link 136, such as Bluetooth, infrared (Ir), Ir simple, Ir simple shot (IrSS), ultra wide band (UWB), Piconet, Wibree, Zigbee, Acoustics, and the like.
[0049] In one implementation in which the pairing of the computing device 104 and the
hand-held device 110 is performed through Bluetooth, the LI feeder unit 108 may retrieve the login information associated with the online account that is to be accessed. In an example, since the login information is stored in an encrypted-form in the hand-held device 110, the LI feeder unit 108 may decrypt the login information when the login information is retrieved. Once retrieved, the LI feeder unit 108 may transmit the txnMode attribute along with other login information of the online account from the hand-held device 110 to a Bluetooth port of the computing device 104, as depicted in block 302 of Fig 3(a).
[0050] In an example, at the block 302, a login information (LI) receiving unit 202
deployed on the computing device 104 may receive the login information at a Bluetooth port of the computing device 104. The LI receiving unit 202 may receive the txnMode attribute along with other login information and depending on the txnMode attribute, the received login information may then be decrypted or treated as plain-text at the computing device 104. Then, the LI receiving unit 202 may further process to launch and authenticate the user remotely on a web portal associated with the online account. In an example, the LI receiving unit 202 may automatically launch the web portal at the computing device 104 for the URL address received along with the login information from the hand-held device 110. The LI receiving unit 202 may

then fill-in the login credentials received along with the login information in the launched web portal for remote user authentication.
[0051] In one implementation, the LI receiving unit 202 may be installed either by
downloading the LI receiving unit 202 from a centralized server or the LI receiving unit 202 may be installed by the user through standard communication protocol on the computing device 104.
[0052] In accordance with an implementation as depicted in Fig. 2, the LI receiving unit
202 may include module(s) 204. The module(s) 204 may include routines, programs, objects, components, data structures, etc, which perform particular tasks or implement particular abstract data types. In another implementation, some or all of the module(s) 204 may be present on a non-transitory computer readable medium that is internal or external to the LI receiving unit 202.
[0053] The module(s) 204 may include a connection module 206, a decryption module
208, and other module(s) 210. The other module(s) 210 may include programs or coded instructions that supplement applications and functions of the LI receiving unit 202. It will be appreciated that such modules may be represented as a single module or as a combination of different modules. Further, the LI receiving unit 202 may include data 212. The data 212 serves, amongst other things, as a temporary repository for storing data processed, received and generated by one or more of the modules 204. However, the LI receiving unit 202 at any point of time does not store the received login information on the computing device 104.
[0054] In an example, the LI receiving unit 202 can be an application that includes, but is
not limited to, a plug-in application, a browser extension, and an add-on application. The LI receiving unit 202 may be all together different system service running on the computing device 104. The LI receiving unit 202 may use the standard communication protocol supported by the computing device 104. Further, the LI receiving unit 202 also receives the instructions from the hand-held device 110 and process those instructions. Further in an example, the LI receiving unit 202 may include the functionality of decrypting the received login information and further use the system service to fetch the URL address from the login information and providing the login credentials in the URL address to authenticate the user.
[0055] In operation, at the block 302 as represented in Fig. 3(a), the connection module
206 of the LI receiving unit 202 can be configured to connect the computing device 104 with the

hand-held device 110. In an example, the connection module 206 is further configured to receive the login information from the hand-held device 110. The login information received from the hand-held device 110 may include a URL address, a txnMode attribute, login credentials, and a policy attribute, along with other information.
[0056] At block 304, the connection module 206 may verify the contents of the received
login information for the presence of the URL address, the txnMode attribute, the login credentials, and the policy attribute, along with other information.
[0057] At block 306, the connection module 206 may verify that whether the received
login information is in an encrypted-form or in a plain text-form by evaluating the txnMode attribute received along with the login information. In case the user has set the txnMode attribute at the hand-held device 110, then the login information may be received in the encrypt-form. Otherwise, the login information may be received in a plain-text-form from the hand-held device 110.
[0058] At block 310, the connection module 206 employs the decryption module 208 of
the LI receiving unit 202 to decrypt the received encrypted login information in case the txnMode attribute is set by the user at the hand-held device 110. The decryption module 208 may employ the state of the art IBE scheme to decrypt the received encrypted login information. In an example, the decryption module 208 normally decrypts the login information using a private key of the computing device 104.
[0059] At block 312, the connection module 206 may determine whether the URL
address of the online account is present in the received login information, based on the verification of the login information. In case the URL address is present in the login information, the connection module 206 may launch the URL address using system service of the computing device 104, at block 314. The call-flow diagram for the block 312 is represented in detail with reference to Fig. 3(b).
[0060] At block 316, in case the URL address is not present in the login information, a
user may manually open the URL address of the intended online account on the computing device 104.

[0061] At block 318, once the URL address is opened manually by the user or by the
system service of the computing device 104, the connection module 206 may then fill the received login credentials in the an active URL address that is open on the computing device 104.
[0062] At block 320, the user may be authenticated by the authentication server 102 to
grant access of the online account for which the login credentials are provided by the LI receiving unit 202.
[0063] At block 322, the connection module 206 of the LI receiving unit 202 may read
the policy attribute received along with the login information upon completion of remote user authentication. The connection module 206 may then perform actions based on the policy attribute set by the user. In an example, based on the policy attribute, the LI receiving unit 202 on the computing device 104 may be retained or uninstalled. In another example, based on the policy attribute, the LI receiving unit 202 may be uninstalled once the user has completed the transaction or the communication link 136 fails. In another example, based on the policy attribute, the LI receiving unit 202 may be retained on the computing device 104 when the handheld device 110 and the computing device 104 belong to the same user. In yet another example, based on the policy attribute, the LI receiving unit 202 may be removed from the computing device 104 in case the computing device 104 is in the unsanitized environment.
[0064] Fig. 3(b) illustrate, as an example, a call-flow diagram indicating a process that
may occur when login information includes the URL address of the online account. The various arrow indicators used in the call-flow diagram depict the transfer of data between the hand-held device 110 and the computing device 104, over the short distance wireless communication link 136.
[0065] In an implementation, as discussed earlier, once it is determined that the login
information includes the URL address and the txnMode attribute, the LI receiving unit 202 on the computing device 104 may then receive the URL address and the txnMode attribute from the hand-held device 110 (step 308-a). Subsequently, it is determined by the LI receiving unit 202 that whether the txnMode attribute is set by the user on the hand-held device 110. In case the txnMode attribute is set by the user, then the LI receiving unit 202 may employ the decryption

module 208 to decrypt the received encrypted login information (step 308-b). Further, based on the received URL address, a web portal associated with the received URL address may be automatically launched at the computing device 104 using the system service of the computing device 104 (step 308-c). Next, the computing device 104 may receive the login credentials and policy attribute from the hand-held device 110 (step 308-d). Then, the computing device 104 may automatically fill-in the login credentials in the web portal launched through the URL address received from the hand-held device 110 (step 308-e). Subsequently, once the login credentials are provided to the web portal, the computing device 104 may be disconnected from the hand-held device 110 (step 308-f). Then, as mentioned earlier, the computing device 104 may perform any action based on the received policy attribute (step 308-g).
[0066] In this way, access to user's private information stored at the authentication server
102 can be controlled so that an intended user alone can access the confidential information associated with the intended user. Thus, remote user authentication can be made secure and chances of confidential information being exposed to unsanitized environment can be reduced considerably.
[0067] Fig. 4 illustrates a method 400 for authenticating a user over short distance
wireless communication, in accordance with one embodiment of the present subject matter. The method 400 may be described in the general context of computer executable instructions. The method 400 may be a computer implementable method. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, and the like, that perform particular functions or implement particular abstract data types.
[0068] The order in which the method 400 is described is not intended to be construed as
a limitation, and any number of the described method blocks can be combined in any order to implement the method, or an alternate method. Additionally, individual blocks may be deleted from the method 400 without departing from the spirit and scope of the subject matter described herein. Furthermore, the method 400 can be implemented in any suitable hardware, software, firmware, or combination thereof.

[0069] At block 402, the method 400 may include receiving instructions from a user at
the hand-held device 110 to communicatively pair the hand-held device 110 to a computing device 104 depending on the standard pairing procedures. The pairing is performed over a short distance wireless communication link 136, such as Bluetooth, infrared (Ir), Ir simple, Ir simple shot (IrSS), ultra wide band (UWB), Piconet, Wibree, Zigbee, Acoustics and the like.
[0070] At block 404, the method 400 may include identifying, based on the received
instructions, a online account from a plurality of online accounts stored in the hand-held device 110.
[0071] At block 406, the method 400 may include decrypting login information
associated with the identified online account from the hand-held device 110. In an example, the login information may be stored in an encrypted-form in the hand-held device 110. In said example, the login information needs to be decrypted at the time of retrieval of the login information. The login information may include a URL address, login credentials, a txnMode attribute, a policy attribute, and other information. In an example, the login credentials may include a user ID, a username, or a password.
[0072] At block 408, the method 400 may include retrieving the login information
associated with the identified online account from the hand-held device 110.
[0073] At block 410, the method 400 may include transmitting the retrieved login
information from the hand-held device 110 to the computing device 104, for remotely authenticating the user.
[0074] In this way, access to confidential information stored at the authentication server
102 can be controlled so that an intended user alone can access the confidential information associated with the intended user. Thus, online authentication can be made secure and chances of confidential information being exposed to unsanitized environment can be reduced considerably.
[0075] Although embodiments for the secured computer based assessment have been
described in language specific to structural features and/or methods, it is to be understood that the invention is not necessarily limited to the specific features or methods described. Rather, the

specific features and methods are disclosed as exemplary embodiments for secured computer based assessments.

I/We claim:
1. A method of remote user authentication through short distance wireless communication,
the method comprising:
receiving instructions, from a user through a hand-held device (110), to communicatively pair the hand-held device (110) to a computing device (104), wherein the pairing is over a short distance wireless communication link (136);
identifying, based on the received instructions, an online account from a plurality of online accounts;
retrieving login information corresponding to the identified online account; and
transmitting the retrieved login information from the hand-held device (110) to the computing device (104), for authenticating the user.
2. The method as claimed in claim 1, wherein the retrieving of the login information comprises decrypting the login information associated with the identified online account, and wherein the login information is stored in an encrypted-form in the hand-held device (110).
3. The method as claimed in claim 1, wherein the login information comprises a Uniform Resource Location (URL) address, login credentials, a policy attribute, a txnMode attribute, and other information associated with the plurality of online accounts.
4. The method as claimed in claim 1, wherein the transmitting comprises communicating the retrieved login information along with a txnMode attribute from the hand-held device (110) to the computing device (104), and wherein the txnMode attribute signifies whether the login information is in encrypted-form or in a plain text-form to the computing device (104).
5. The method as claimed in claim 3, wherein the communicating comprises:
encrypting the login information using Identity Based Encryption (IBE) to generate encrypted login information at the hand-held device (110); and
transmitting the encrypted login information from the hand-held device (110) to the computing device (104).

6. The method as claimed in claim 1, wherein the short distance wireless communication link (136) is at least one of Bluetooth, infrared (Ir), Ir simple, Ir simple shot (IrSS), ultra wide band (UWB), Piconet, Wibree, Acoustics, and Zigbee.
7. The method as claimed in claim 1, wherein the instructions are provided by one of a single touch, one keystroke, and one scroll on the hand-held device (110).
8. The method as claimed in claim 1, further comprising downloading a login information receiving unit (202) on the computation device (104) based on availability of the login information receiving unit (202) on the computation device (104).
9. The method as claimed in claim 8 further comprises retaining or removing the login information receiving unit (202) from the computing device (104) based on a policy attribute specified in the login information.
10. A hand-held device (110) to remotely authenticate a user through a short distance wireless communication, the hand-held device (110) comprising:
a processor (112);
a login information feeder unit (108) coupled to the processor (112), wherein the login information feeder unit (108) comprising:
a manager module (120) coupled to the processor (112), the manger module (120) configured to:
receive a plurality of login information associated with a plurality of online accounts from the user, wherein the login information comprises a txnMode attribute, Uniform Resource Location (URL) address, login credentials, a policy attribute and other information associated with the plurality of online accounts;
encrypt the login information to store the login information in an encrypted-form in the hand-held device (110);
store the plurality of online accounts along with corresponding login information in the hand-held device (110); and
an authentication module (124) coupled to the processor (112), the authentication module (124) configured to:
identify, based on user instruction, a online account from the plurality of online accounts stored in the hand-held device (110);

retrieve the login information associated with the identified online account from the hand-held device (110) and decrypt correspondingly; and
transmit the login information from the hand-held device (110) to a computing device (104), for authenticating the user.
11. The hand-held device (110) as claimed in claim 10, wherein the login information feeder unit (108) is a mobile application implemented on the hand-held device (110).
12. The hand-held device (110) as claimed in claim 10, wherein the hand-held device (110) is communicatively paired with the computing device (104) over a short distance wireless communication link (136).
13. The hand-held device (110) as claimed in claim 12, wherein the short distance wireless communication link (136) is at least one of Bluetooth, infrared (Ir), Ir simple, Ir simple shot (IrSS), ultra wide band (UWB), Piconet, Wibree, Acoustics, and Zigbee.
14. The hand-held device (110) as claimed in claim 10, wherein the hand-held device (110) locks a user interface of the hand-held device (110) depending on variation of accelerometer-data, gyroscope-data, proximity sensor, touch screen interaction available on the hand-held device (110) looking for user’s interaction scope.
15. A non-transitory computer-readable medium having a set of computer readable instructions that, when executed, cause a processor to:
receive instructions, from a user through a hand-held device (110), to communicatively pair the hand-held device (110) to a computing device (104), wherein the pairing is over a short distance wireless communication link (136);
identify, based on the received instructions, an online account from a plurality of online accounts;

retrieve login information corresponding to the identified online account; and transmit the retrieved login information from the hand-held device (110) to the computing device (104), for authenticating the user.