Verification request

US 10,277,584 B2
Filed: 04/30/2014
Issued: 04/30/2019
Est. Priority Date: 04/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a computing device from a client device over a network, a verification request via a unique web-key of the computing device on the network and accessed by the client device, the unique web-key comprising a uniform resource locator (URL);

determining, with the computing device, whether the web-key is account-associated;

in response to determining that the web-key is account-associated with a specific account, sending, by the computing device to the client device over the network, a private login page unique to the specific account and requesting an electronic authentication, the electronic authentication including an electronic token and a password;

after sending the private login page, responsively receiving, at the computing device from the client device over the network, the requested electronic authentication;

verifying, with the computing device, that the password is associated with the token, and that the password and the token are associated with the unique web-key in that an account of the electronic authentication is the specific account with which the web-key is associated; and

granting, with the computing device, the verification request and permitting the client device access to the computing device when the unique web-key is associated with the specific account, the password is associated with the token, and the electronic authentication is associated with the unique web-key,wherein the method reduces a risk of phishing attacks nefariously soliciting the electronic authentication by rendering the electronic authentication unusable without the web-key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method is provided in according with one implementation of the present disclosure. The method includes receiving a verification request from a unique web-key, determining whether the web-key is associated with an account, and receiving an electronic authentication associated with the web-key. The method further includes verifying the electronic authentication and the association between the web-key and the electronic authentication, and granting, with the computing device, the verification request.

Citations

17 Claims

1. A method comprising:
- receiving, at a computing device from a client device over a network, a verification request via a unique web-key of the computing device on the network and accessed by the client device, the unique web-key comprising a uniform resource locator (URL);
  
  determining, with the computing device, whether the web-key is account-associated;
  
  in response to determining that the web-key is account-associated with a specific account, sending, by the computing device to the client device over the network, a private login page unique to the specific account and requesting an electronic authentication, the electronic authentication including an electronic token and a password;
  
  after sending the private login page, responsively receiving, at the computing device from the client device over the network, the requested electronic authentication;
  
  verifying, with the computing device, that the password is associated with the token, and that the password and the token are associated with the unique web-key in that an account of the electronic authentication is the specific account with which the web-key is associated; and
  
  granting, with the computing device, the verification request and permitting the client device access to the computing device when the unique web-key is associated with the specific account, the password is associated with the token, and the electronic authentication is associated with the unique web-key,wherein the method reduces a risk of phishing attacks nefariously soliciting the electronic authentication by rendering the electronic authentication unusable without the web-key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the URL comprises an unguessable string of characters.
  - 3. The method of claim 1, further comprising denying the verification request when at least one of the following occurs:
    - the password or the electronic authentication is not verified,the association between the web-key and the electronic authentication is not verified, andthe web-key is not associated with an account.
  - 4. The method of claim 1, further comprises providing a new web-key associated with a specific account when an existing web-key is compromised.
  - 5. The method of claim 1, further comprising:
    - receiving, at the computing device from a second client device over the network, a second verification request via a second unique web-key of the computing device on the network and accessed by the second client device, the second unique web-key comprising a second URL;
      
      determining, with the computing device, whether the second unique web-key is account-associated;
      
      in response to determining that the second unique web-key is not account-associated, denying, by the computing device, the second verification request.
  - 6. The method of claim 1, wherein the token comprises an account name or a user name.

7. A system comprising:
- at least one computing device having at least one processing device with a control unit to;
  
  analyze a login request received from a client device over a network via a unique uniform resource locator (URL) of the at least one computing device on the network and accessed by the client device to determine whether the unique URL is account-associated;
  
  in response to determining that the unique URL is associated with a specific account, send to the client device over the network a private login request unique to the account and requesting an electronic token and a password;
  
  after sending the private login request, responsively receive the electronic token and the password from the client device over the network;
  
  analyze the password to determine whether the password is associated with the token;
  
  analyze the password and the token to determine whether the electronic token and the password are associated with the unique URL, in that an account of the electronic token and the password is the specific account with which the unique URL is associated; and
  
  grant the login request when the unique URL is associated with the specific account, the password is associated with the token, and the electronic token and the password are associated with the unique URL,wherein a risk of phishing attacks nefariously soliciting the electronic token or the password is reduced by the electronic token and the password being rendered unusable without the unique URL.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein the unique URL includes an unguessable sequence of identifiers.
  - 9. The system of claim 7, wherein the electronic token is received from the client device in communication with the computing device, wherein the client device is associated with the specific account and the unique URL.
  - 10. The system of claim 7, wherein the control unit is further to reject the login request when at least one of the associations between:
    - a) the unique URL and the specific account, b) the electronic token and the unique URL, and
      
      3) the password, the unique URL and the token is not verified.
  - 11. The system of claim 7, wherein the token comprises an account name or a user name.

12. A non-transitory machine-readable storage medium encoded with instructions executable by at least one processor of at least computing device, the machine-readable storage medium comprising instructions to:
- generate a unique web-key associated with an account;
  
  associate an electronic authentication generating device with the web-key;
  
  analyze a verification request received from a page designated by the web-key and accessible at a uniform resource locator (URL);
  
  verify that the web-key is account-associated;
  
  in response to verifying that the web-key is account-associated with a specific account, receive an electronic authentication, the electronic authentication including an electronic token and a password;
  
  upon receiving the electronic authentication, verify that the password is associated with the token, and that the password and the token are associated with the unique web-key in that an account of the electronic authentication is the specific account with which the web-key is associated; and
  
  grant the verification request and permitting the client device access to the computing device when the unique web-key is associated with the specific account, the password is associated with the token, and the electronic authentication is associated with the unique web-key,wherein a risk of phishing attacks nefariously soliciting the electronic authentication is reduced by the electronic token and the password being rendered unusable without the page designed by the web-key.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory machine-readable storage medium of claim 12, wherein the URL comprises an unguessable sequence of identifiers.
  - 14. The non-transitory machine-readable storage medium of claim 12, wherein the electronic authentication includes an electronic token received from electronic authentication generating device in communication with the computing device.
  - 15. The non-transitory machine-readable storage medium of claim 12, further comprising instructions to:
    - analyze a password associated with the web-key and the electronic authentication; and
      
      verify the password.
  - 16. The non-transitory machine-readable storage medium of claim 15, further comprising instructions to reject the verification request when:
    - the password or the electronic authentication is not verified,the association between the web-key and the electronic authentication is not verified, andthe web-key is not associated with a specific account.
  - 17. The non-transitory machine-readable storage medium of claim 12, wherein the token comprises an account name or a user name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Stiegler, Marc Douglas, Dolan, Gerald R
Primary Examiner(s)
Schmidt, Kari L

Application Number

US15/116,610
Publication Number

US 20170214680A1
Time in Patent Office

1,826 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/445   by mutual authentication, e...

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2129   Authenticate client device ...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/1483   service impersonation, e.g....

Verification request

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Verification request

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links