End user initiated access server authenticity check

US 10,164,971 B2
Filed: 10/22/2015
Issued: 12/25/2018
Est. Priority Date: 10/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computing system of an access management system, from a computing device operated by a user, a validation request to authenticate the access management system, the validation request including user identification information associated with the user;

sending, by the computing system, to a destination associated with the user based on the user identification information, temporary access information for the user to authenticate the access management system;

receiving, by the computing system, a first response including the temporary access information;

upon verifying the temporary access information received in the first response, sending, by the computing system, personal information about the user to the computing device, the personal information being selected from current records of the user available from a third party system that is different from the access management system;

receiving, from the computing device, a second response, the second response indicating a confirmation by the user of the personal information and the second response including credential data of the user; and

determining, by the computing system, authentication of the user to access the resource from the computing device, wherein the authentication is determined based on the credential data and the confirmation of the personal information received in the second response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for enabling a user to validate the authenticity of a computing system (e.g., an access management system) such as one which controls access to one or more resources. A user can determine the authenticity of an access management system before the user provides credential information to the access management system. A user can be presented at a client system with an interface to request authentication of an access management system. The access management system may provide the user at the client system with temporary access information to submit back to the access management system. The access management system may provide recent personal information to the user at the client system to verify the access management system. Upon verification of the personal information, the access management system may prompt the user for credential information to establish a session.

Citations

20 Claims

1. A method comprising:
- receiving, by a computing system of an access management system, from a computing device operated by a user, a validation request to authenticate the access management system, the validation request including user identification information associated with the user;
  
  sending, by the computing system, to a destination associated with the user based on the user identification information, temporary access information for the user to authenticate the access management system;
  
  receiving, by the computing system, a first response including the temporary access information;
  
  upon verifying the temporary access information received in the first response, sending, by the computing system, personal information about the user to the computing device, the personal information being selected from current records of the user available from a third party system that is different from the access management system;
  
  receiving, from the computing device, a second response, the second response indicating a confirmation by the user of the personal information and the second response including credential data of the user; and
  
  determining, by the computing system, authentication of the user to access the resource from the computing device, wherein the authentication is determined based on the credential data and the confirmation of the personal information received in the second response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - upon determining that the user is not authenticated to access the resource from the computing device, sending, to the computing device, a request for credential information of the user; and
      
      wherein the computing device sends the validation request in response to the request for credential information.
  - 3. The method of claim 1, wherein the destination is the computing device.
  - 4. The method of claim 1, wherein the destination is a device associated with the user, and wherein the device is different from the computing device.
  - 5. The method of claim 4, wherein the first response is received from the destination.
  - 6. The method of claim 1, further comprising:
    - determining that the user identification information is associated with the user; and
      
      identifying the destination based on the user identification information.
  - 7. The method of claim 1, wherein the temporary access information is associated with a time period, wherein verifying the temporary access information includes determining a response time is within the time period, and wherein the response time is based on a time for receiving the first response after the temporary access information is sent to the computing device.
  - 8. The method of claim 1, further comprising:
    - upon verifying the temporary access information received in the first response, generating the personal information before sending the personal information.
  - 9. The method of claim 8, wherein the personal information includes financial information about the user determined after the temporary access information is verified.

10. An access management system comprising:
- one or more processors; and
  
  a memory coupled with and readable by the one or more processors, the memory storing a set of instructions that, when executed by the one or more processors, causes the one or more processors to;
  
  receive, from a computing device operated by a user, a validation request to authenticate the access management system, the validation request including user identification information associated with the user;
  
  send, to a destination associated with the user based on the user identification information, temporary access information for the user to authenticate the access management system;
  
  receive a first response including the temporary access information;
  
  upon verifying the temporary access information received in the first response, send personal information about the user to the computing device, the personal information being selected from current records of the user available from a third party system that is different from the access management system;
  
  receive, from the computing device, a second response, the second response indicating a confirmation by the user of the personal information and the second response including credential data of the user; and
  
  determine authentication of the user to access the resource from the computing device, wherein the authentication is determined based on the credential data and the confirmation of the personal information received in the second response.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The access management system of claim 10, wherein the set of instructions, when executed by the one or more processors, further causes the one or more processors to:
    - upon determining that the user is not authenticated to access the resource from the computing device, sending, to the computing device, a request for credential information of the user; and
      
      wherein the computing device sends the validation request in response to the request for credential information.
  - 12. The access management system of claim 10, wherein the destination is a device associated with the user, and wherein the device is different from the computing device.
  - 13. The access management system of claim 10, wherein the set of instructions, when executed by the one or more processors, further causes the one or more processors to:
    - determine that the user identification information is associated with the user; and
      
      identify the destination based on the user identification information.
  - 14. The access management system of claim 10, wherein the temporary access information is associated with a time period, wherein verifying the temporary access information includes determining a response time is within the time period, and wherein the response time is based on a time for receiving the first response after the temporary access information is sent to the computing device.
  - 15. The access management system of claim 10, wherein the set of instructions, when executed by the one or more processors, further causes the one or more processors to:
    - upon verifying the temporary access information received in the first response, generate the personal information before sending the personal information,wherein the personal information includes financial information about the user determined after the temporary access information is verified.

16. A non-transitory computer-readable medium storing a set of instructions that, when executed by one or more processors, causes the one or more processors to:
- receiving, by a computing system of an access management system, from a computing device operated by a user, a validation request to authenticate the access management system, the validation request including user identification information associated with the user;
  
  sending, by the computing system, to a destination associated with the user based on the user identification information, temporary access information for the user to authenticate the access management system;
  
  receiving, by the computing system, a first response including the temporary access information;
  
  upon verifying the temporary access information received in the first response, sending, by the computing system, personal information about the user to the computing device, the personal information being selected from current records of the user available from a third party system that is different from the access management system;
  
  receiving, from the computing device, a second response, the second response indicating a confirmation by the user of the personal information and the second response including credential data of the user; and
  
  determining, by the computing system, authentication of the user to access the resource from the computing device, wherein the authentication is determined based on the credential data and the confirmation of the personal information received in the second response.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein the set of instructions, when executed by the one or more processors, further causes the one or more processors to:
    - upon determining that the user is not authenticated to access the resource from the computing device, send, to the computing device, a request for credential information of the user; and
      
      wherein the computing device sends the validation request in response to the request for credential information.
  - 18. The non-transitory computer-readable medium of claim 16, wherein the destination is a device associated with the user, and wherein the device is different from the computing device.
  - 19. The non-transitory computer-readable medium of claim 16, wherein the set of instructions, when executed by the one or more processors, further causes the one or more processors to:
    - determine that the user identification information is associated with the user; and
      
      identify the destination based on the user identification information.
  - 20. The non-transitory computer-readable medium of claim 16, wherein the set of instructions, when executed by the one or more processors, further causes the one or more processors to:
    - upon verifying the temporary access information received in the first response, generate the personal information before sending the personal information,wherein the personal information includes financial information about the user determined after the temporary access information is verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mathew, Stephen, Subramanya, Ramya, Koottayi, Vipin Anaparakkal
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
Cattungal, Dereena T

Application Number

US14/920,807
Publication Number

US 20170118202A1
Time in Patent Office

1,160 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 21/445   by mutual authentication, e...

H04L 2463/082   applying multi-factor authe...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/0869   for achieving mutual authen...

H04L 63/102   Entity profiles

H04L 63/18   using different networks or...

End user initiated access server authenticity check

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

End user initiated access server authenticity check

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links