Verification request
First Claim
Patent Images
1. A method comprising:
- receiving, at a computing device from a client device over a network, a verification request via a unique web-key of the computing device on the network and accessed by the client device, the unique web-key comprising a uniform resource locator (URL);
determining, with the computing device, whether the web-key is account-associated;
in response to determining that the web-key is account-associated with a specific account, sending, by the computing device to the client device over the network, a private login page unique to the specific account and requesting an electronic authentication, the electronic authentication including an electronic token and a password;
after sending the private login page, responsively receiving, at the computing device from the client device over the network, the requested electronic authentication;
verifying, with the computing device, that the password is associated with the token, and that the password and the token are associated with the unique web-key in that an account of the electronic authentication is the specific account with which the web-key is associated; and
granting, with the computing device, the verification request and permitting the client device access to the computing device when the unique web-key is associated with the specific account, the password is associated with the token, and the electronic authentication is associated with the unique web-key,wherein the method reduces a risk of phishing attacks nefariously soliciting the electronic authentication by rendering the electronic authentication unusable without the web-key.
2 Assignments
0 Petitions
Accused Products
Abstract
An example method is provided in according with one implementation of the present disclosure. The method includes receiving a verification request from a unique web-key, determining whether the web-key is associated with an account, and receiving an electronic authentication associated with the web-key. The method further includes verifying the electronic authentication and the association between the web-key and the electronic authentication, and granting, with the computing device, the verification request.
-
Citations
17 Claims
-
1. A method comprising:
-
receiving, at a computing device from a client device over a network, a verification request via a unique web-key of the computing device on the network and accessed by the client device, the unique web-key comprising a uniform resource locator (URL); determining, with the computing device, whether the web-key is account-associated; in response to determining that the web-key is account-associated with a specific account, sending, by the computing device to the client device over the network, a private login page unique to the specific account and requesting an electronic authentication, the electronic authentication including an electronic token and a password; after sending the private login page, responsively receiving, at the computing device from the client device over the network, the requested electronic authentication; verifying, with the computing device, that the password is associated with the token, and that the password and the token are associated with the unique web-key in that an account of the electronic authentication is the specific account with which the web-key is associated; and granting, with the computing device, the verification request and permitting the client device access to the computing device when the unique web-key is associated with the specific account, the password is associated with the token, and the electronic authentication is associated with the unique web-key, wherein the method reduces a risk of phishing attacks nefariously soliciting the electronic authentication by rendering the electronic authentication unusable without the web-key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
at least one computing device having at least one processing device with a control unit to; analyze a login request received from a client device over a network via a unique uniform resource locator (URL) of the at least one computing device on the network and accessed by the client device to determine whether the unique URL is account-associated; in response to determining that the unique URL is associated with a specific account, send to the client device over the network a private login request unique to the account and requesting an electronic token and a password; after sending the private login request, responsively receive the electronic token and the password from the client device over the network; analyze the password to determine whether the password is associated with the token; analyze the password and the token to determine whether the electronic token and the password are associated with the unique URL, in that an account of the electronic token and the password is the specific account with which the unique URL is associated; and grant the login request when the unique URL is associated with the specific account, the password is associated with the token, and the electronic token and the password are associated with the unique URL, wherein a risk of phishing attacks nefariously soliciting the electronic token or the password is reduced by the electronic token and the password being rendered unusable without the unique URL. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory machine-readable storage medium encoded with instructions executable by at least one processor of at least computing device, the machine-readable storage medium comprising instructions to:
-
generate a unique web-key associated with an account; associate an electronic authentication generating device with the web-key; analyze a verification request received from a page designated by the web-key and accessible at a uniform resource locator (URL); verify that the web-key is account-associated; in response to verifying that the web-key is account-associated with a specific account, receive an electronic authentication, the electronic authentication including an electronic token and a password; upon receiving the electronic authentication, verify that the password is associated with the token, and that the password and the token are associated with the unique web-key in that an account of the electronic authentication is the specific account with which the web-key is associated; and grant the verification request and permitting the client device access to the computing device when the unique web-key is associated with the specific account, the password is associated with the token, and the electronic authentication is associated with the unique web-key, wherein a risk of phishing attacks nefariously soliciting the electronic authentication is reduced by the electronic token and the password being rendered unusable without the page designed by the web-key. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification