Using a mobile device number (MDN) service in multifactor authentication

US 10,218,698 B2
Filed: 10/29/2015
Issued: 02/26/2019
Est. Priority Date: 10/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, by a processor of a verification data generation system, an encryption key associated with a verification device, wherein the verification device is different from the verification data generation system;

determining, by the processor, attributes of a session between a source device and the verification device, wherein the source device is different from the verification data generation system, wherein first verification data is sent from the source device to the verification device via the session, wherein the first verification data identifies an account, wherein the account is associated with a user device, wherein the verification device generates user device data associated with a first identifier of the user device, and wherein the verification device sends the source device a request for additional verification data;

receiving, by the processor and from the source device, the request for additional verification data;

determining, by the processor and in response to receiving the request for additional verification data, a second identifier associated with the source device based on information in the request for additional verification data and information regarding sessions established between the source device and the verification device stored in a storage associated with the verification data generation system;

generating, by the processor, second verification data based on the second identifier associated with the source device;

encrypting, by the processor and based on the encryption key associated with the verification device, the second verification data; and

forwarding, by the processor, the encrypted second verification data toward the verification device, wherein the verification device decrypts the encrypted second verification data to recover the second verification data, wherein the verification device compares the second verification data to the user device data associated with the first identifier of the user device, and wherein the verification device determines that the source device corresponds to the user device when the user device data corresponds to the second verification data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Attributes of a session, between a source device and a verification device, for sending first verification data, such as a password and an account identifier, are determined. The verification device generates user device data based on an identifier, such as a mobile device number (MDN), for a user device associated with the account identifier. An identifier, such as an MDN, associated with the source device and an encryption key associated with the verification device are determined based on session attributes. Second verification data is generated based on the identifier associated with the source device. The second verification data is encrypted using the encryption key and forwarded to the verification device. The verification device decrypts the second verification data and compares the identifier for the user device to the identifier for the source device to determine whether the first verification data was sent from the user device.

116 Citations

20 Claims

1. A method comprising:
- identifying, by a processor of a verification data generation system, an encryption key associated with a verification device, wherein the verification device is different from the verification data generation system;
  
  determining, by the processor, attributes of a session between a source device and the verification device, wherein the source device is different from the verification data generation system, wherein first verification data is sent from the source device to the verification device via the session, wherein the first verification data identifies an account, wherein the account is associated with a user device, wherein the verification device generates user device data associated with a first identifier of the user device, and wherein the verification device sends the source device a request for additional verification data;
  
  receiving, by the processor and from the source device, the request for additional verification data;
  
  determining, by the processor and in response to receiving the request for additional verification data, a second identifier associated with the source device based on information in the request for additional verification data and information regarding sessions established between the source device and the verification device stored in a storage associated with the verification data generation system;
  
  generating, by the processor, second verification data based on the second identifier associated with the source device;
  
  encrypting, by the processor and based on the encryption key associated with the verification device, the second verification data; and
  
  forwarding, by the processor, the encrypted second verification data toward the verification device, wherein the verification device decrypts the encrypted second verification data to recover the second verification data, wherein the verification device compares the second verification data to the user device data associated with the first identifier of the user device, and wherein the verification device determines that the source device corresponds to the user device when the user device data corresponds to the second verification data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first identifier corresponds to a first mobile device number (MDN) associated with the user device and the second identifier corresponds to a second MDN associated with the source device.
  - 3. The method of claim 1, wherein the user device data includes a first hash of the first identifier, and wherein generating the second verification data includes:
    - forming a second hash of the second identifier.
  - 4. The method of claim 3, wherein the verification device forms the first hash by determining a first hash message authentication code (HMAC) based on the first identifier, attributes of the user device, and attributes of the verification device, andwherein forming the second hash includes generating a second HMAC based on the second identifier and the attributes of the session.
  - 5. The method of claim 1, wherein the first verification data further identifies a password, wherein the verification device determines whether the password is associated with the account, and wherein the second verification data is generated based on the verification device determining that the password is associated with the account.
  - 6. The method of claim 1, wherein identifying the encryption key associated with the verification device includes:
    - providing a provisioning portal to receive registration data from a plurality of verification devices, wherein the registration data identifies internet protocol (IP) addresses and encryption keys associated with the plurality of verification devices, and wherein determining the attributes of the session includes;
      
      identifying a destination IP address of a device that received the first verification data via the session; and
      
      selecting, as the encryption key associated with the verification device, one of the encryption keys associated with an IP address, of the IP addresses, that corresponds to the destination IP address.
  - 7. The method of claim 1, wherein the verification device requests third verification data from the source device when the verification device determines that the source device does not correspond to the user device, wherein the third verification data include a user input from the source device, and wherein the verification device determines whether the user input corresponds to data associated with the account.

8. A device comprising:
- a memory to store one or more instructions; and
  
  a processor configured to execute the one or more instructions to;
  
  identify an encryption key associated with a verification device, wherein the verification device determines whether a source device is eligible to access a service or data, wherein the verification device is different from the device;
  
  determine attributes of a session between the source device and the verification device, wherein the source device is different from the device, wherein first verification data is sent from the source device to the verification device via the session, wherein the first verification data identifies an account, wherein the account is associated with a user device, wherein the verification device generates user device data associated with a first identifier of the user device, and wherein the verification device sends the source device a request for additional verification data;
  
  receive, from the source device, the request for additional verification data;
  
  determine, in response to receiving the request for the additional verification data and based on information in the request for additional verification data and information regarding sessions established between the source device and the verification device stored in a storage associated with the device, a second identifier associated with the source device;
  
  generate second verification data based on the second identifier associated with the source device;
  
  encrypt, based on the encryption key associated with the verification device, the second verification data; and
  
  forward the encrypted second verification data toward the verification device, wherein the verification device decrypts the encrypted second verification data to recover the second verification data, wherein the verification device compares the second verification data to the user device data associated with the first identifier of the user device, and wherein the verification device determines that the source device corresponds to the user device when the user device data corresponds to the second verification data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device of claim 8, wherein the first identifier corresponds to a first mobile device number (MDN) associated with the user device and the second identifier corresponds to a second MDN associated with the source device.
  - 10. The device of claim 8, wherein the user device data includes a first hash of the first identifier, and wherein the processor, when executing the one or more instructions to generate the second verification data, is further configured to:
    - form a second hash of the second identifier.
  - 11. The device of claim 10, wherein the verification device forms the first hash by determining a first hash message authentication code (HMAC) based on the first identifier, attributes of the user device, and attributes of the verification device, andwherein the processor, when executing the one or more instructions to form the second hash, is further configured to:
    - generate a second HMAC based on the second identifier and the attributes of the session.
  - 12. The device of claim 8, wherein the first verification data further identifies a password, wherein the verification device determines whether the password is associated with the account, and wherein the second verification data is generated based on the verification device determining that the password is associated with the account.
  - 13. The device of claim 8, wherein the processor, when executing the one or more instructions to identify the encryption key associated with the verification device, is further configured to:
    - provide a provisioning portal to receive registration data from a plurality of verification devices, wherein the registration data identifies internet protocol (IP) addresses and encryption keys associated with the plurality of verification devices, andwherein the processor, when executing the one or more instructions to determine the attributes of the session, is further configured to;
      
      identify a destination IP address of a second device that received the first verification data via the session; and
      
      select, as the encryption key associated with the verification device, one of the encryption keys associated with an IP addresses, of the IP addresses, that corresponds to the destination IP address.
  - 14. The device of claim 8, wherein the verification device requests third verification data from the source device when the verification device determines that the source device does not correspond to the user device, wherein the third verification data includes a user input from the source device, and wherein the verification device determines whether the user input corresponds to data associated with the account.

15. A non-transitory computer-readable medium to store instructions, the instructions comprising:
- one or more instructions that when executed by a processor associated with a verification data generation system, cause the processor to;
  
  identify an encryption key associated with a verification device, wherein the verification device determines whether a source device is eligible to access a service or data, and wherein verification data generation system is different from the verification device and the source device;
  
  determine attributes of a session between the source device and the verification device, wherein first verification data is sent from the source device to the verification device via the session, wherein the first verification data identifies an account, wherein the account is associated with a user device, wherein the verification device generates user device data associated with a first identifier of the user device, and wherein the verification device sends the source device a request for additional verification data;
  
  receive, from the source device, the request for additional verification data;
  
  determine, in response to receiving the request for the additional verification data and based on information in the request for additional verification data and information regarding sessions established between the source device and the verification device stored in a storage associated with the verification data generation system, a second identifier associated with the source device;
  
  generate second verification data based on the second identifier associated with the source device;
  
  encrypt, based on the encryption key associated with the verification device, the second verification data; and
  
  forward the encrypted second verification data toward the verification device, wherein the verification device decrypts the encrypted second verification data to recover the second verification data, wherein the verification device compares the second verification data to the user device data associated with the first identifier of the user device, and wherein the verification device determines that the source device corresponds to the user device when the user device data corresponds to the second verification data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the first identifier corresponds to a first mobile device number (MDN) associated with the user device and the second identifier corresponds to a second MDN associated with the source device.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the user device data includes a first hash of the first identifier, and wherein the one or more instructions cause the processor, when generating the second verification data, to be further configured to:
    - form a second hash of the second identifier.
  - 18. The non-transitory computer-readable medium of claim 17, wherein the verification device forms the first hash by determining a first hash message authentication code (HMAC) based on the first identifier, attributes of the user device, and attributes of the verification device, andwherein the one or more instructions cause the processor, when forming the second hash, to be further configured to:
    - generate a second HMAC based on the second identifier and the attributes of the session.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the first verification data further identifies a password, wherein the verification device determines whether the password is associated with the account, and wherein the second verification data is generated based on the verification device determining that the password is associated with the account.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the one or more instructions cause the processor, when identifying the encryption key associated with the verification device, to be further configured to:
    - provide a provisioning portal to receive registration data from a plurality of verification devices, wherein the registration data identifies internet protocol (IP) addresses and encryption keys associated with the plurality of verification devices, andwherein the one or more instructions cause the processor, when determining the attributes of the session, to be further configured to;
      
      identify a destination IP address of a device that received the first verification data via the session; and
      
      select, as the encryption key associated with the verification device, one of the encryption keys associated with an IP address, of the IP addresses, that corresponds to the destination IP address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Yin, Fenglin, Hao, Jianxiu, Chen, Zhong
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US14/926,234
Publication Number

US 20170126675A1
Time in Patent Office

1,216 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/3242   involving keyed hash functi...

Using a mobile device number (MDN) service in multifactor authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using a mobile device number (MDN) service in multifactor authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links