Method and system for managing authentication attempts

US 20060020816A1
Filed: 07/05/2005
Published: 01/26/2006
Est. Priority Date: 07/08/2004
Status: Abandoned Application

First Claim

Patent Images

1. ) A computer-based system for managing illegitimate authentication attempts comprising:

a first application for receiving an authentication attempt from a device connected to said system;

said attempt having been entered into said device by a user;

said user being one of a legitimate user and an illegitimate user;

a second application for capturing and recording said authentication attempt;

a third application for performing an analysis of said authentication attempt and for performing a determination of whether said authentication attempt is potentially from said illegitimate user;

a fourth application for modifying an authentication system database based on results from said third application; and

a communication channel to another device associated with said legitimate user and operable to send messages based on results from said third application to said another device for presentation to said legitimate user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides, in certain embodiments, identification and management of authentication attempts using having a real time communication channel with the end user that is separate from the channel being used for authentication. An example is where Internet users are a) identified by their cell phone numbers and may b) access the internet from many different physical locations. Aspects of the invention allow for authentication issue detection to be extended, utilizing the separate communication channel to communicate directly with the user. This can allow the authenticating authority to take proactive action on a more automatic basis with the ability to distinguish fraud or abuse attempts from user problems aided by the separate communication channel.

44 Citations

View as Search Results

25 Claims

1. ) A computer-based system for managing illegitimate authentication attempts comprising:
- a first application for receiving an authentication attempt from a device connected to said system;
  
  said attempt having been entered into said device by a user;
  
  said user being one of a legitimate user and an illegitimate user;
  
  a second application for capturing and recording said authentication attempt;
  
  a third application for performing an analysis of said authentication attempt and for performing a determination of whether said authentication attempt is potentially from said illegitimate user;
  
  a fourth application for modifying an authentication system database based on results from said third application; and
  
  a communication channel to another device associated with said legitimate user and operable to send messages based on results from said third application to said another device for presentation to said legitimate user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. ) The system according to claim 1 wherein said first application is based on RADIUS protocols.
  - 3. ) The system according to claim 1 wherein an authentication attempt includes a User ID that is based on a non-internet communications system.
  - 4. ) The system according to claim 3 where the non-internet communications system is a cellular phone, and wherein said User ID is a cellular phone number.
  - 5. ) The system according to claim 3 where the non-internet communications system is a pager and wherein the User ID is a pager number.
  - 6. ) The system according to claim 3 wherein the User ID contains the non-internet communications address for the user.
  - 7. ) The system according to claim 3 wherein the User ID is cross referenced to the non-internet communications address for the User.
  - 8. ) The system according to claim 1 where said applications are embedded in one or more centralized servers.
  - 9. ) The system according to claim 1 where said applications are embedded in a self contained authentication device.
  - 10. ) The system according to claim 4 where said messages are by SMS (Short Message Service).
  - 11. ) The system according to claim 4 where said messages are by voice.
  - 12. ) The system according to claim 10 where the SMS is generated by a sixth application.
  - 13. ) The system according to claim 10 where the SMS is generated by a human.
  - 14. ) The system according to claim 11 where said voice is generated by an interactive voice response application.
  - 15. ) The system according to claim 11 where the voice is generated by a human.
  - 16. ) The system according to claim 1 where the analysis identifies said authentication attempt as having a valid User ID and password while a previously authenticated session is still active and the determination concludes that said authentication attempt was potentially from an illegitimate user.
  - 17. ) The system according to claim 1 where the analysis identifies an authentication attempt with valid User ID and password while a previously authenticated session is still active.
  - 18. ) The system according to claim 1 wherein the third application includes permitted geographic coordinates for the locations where said user may authenticate and wherein the analysis identifies actual geographic coordinates of said authentication attempt;
    - and wherein said determination concludes that said authentication attempt was potentially from an illegitimate user if said actual geographic coordinates are outside said permitted geographic coordinates.
  - 19. ) The system according to claim 1 where the analysis identifies actual geographic coordinates of said authentication attempt and said third application is operable to determine a distance travelled and an elapsed time between said actual geographic coordinates and a previous set of geographic coordinates and a previously successful authentication;
    - and wherein said determination concludes that authentication is potentially from an illegitimate user if at least one of said distance and said elapsed time exceed a predefined threshold.
  - 20. ) The system according to claim 1 where the analysis includes determining a number of number of previous authentication attempts prior to using a particular User ID prior to said authentication attempt within a time period and the determination concludes said authentication attempt is potentially from an illegitimate user if said time period does not fall within a predefined range.
  - 21. ) The system according to claim 1 where the analysis includes determining the number of authentication attempts from a particular location within a time period.
  - 22. ) The system according to claim 3 further comprising a fifth application wherein a password associated with said User ID can be modified and said User notified.
  - 23. ) The system according to claim 1 wherein any future authentication attempts associated with said user are flagged as illegitimate in said database if said authentication attempt is from a potentially illegitimate user.
  - 24. ) The system according to claim 1 where the Authentication server may proceed with authentication if the Application has not responded within a defined time and the User ID and password are valid.
  - 25. ) The system according to claim 1 wherein the authentication system is based on other internet protocols, such as DIAMETER.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Air Roamer Incorporated
Original Assignee
Air Roamer Incorporated
Inventors
Campbell, John Robertson

Application Number

US11/172,899
Publication Number

US 20060020816A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 63/083 using passwords cryptograph...

Method and system for managing authentication attempts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for managing authentication attempts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links