Single token multifactor authentication system and method

US 20070022196A1
Filed: 06/28/2006
Published: 01/25/2007
Est. Priority Date: 06/29/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system for authenticating the identity of a user of the services provided by one or more on-line service providers, said system comprising:

an item of information known by the user, said item of information providing a first identification factor;

an object in the possession of the user, said object providing a second identification factor;

a client infrastructure for first receiving and then transmitting said first and second identification factors to an authentication infrastructure for;

verifying the accuracy of said first and second identification factors;

generating a message to one of the one or more on-line service providers in said client infrastructure that said first and second identification factors have been authenticated;

connecting the user to the on-line service provider;

whereby the users need only one of said item of information and only one of said item object in possession to gain individual access to the one or more on-line service providers.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for using multiple factors to verify and thereby authenticate the identity of a user attempting to gain access to a personal account at an on-line service provider. The disclosed system and method may be used by multiple on-line service providers thereby enabling the user to be in possession of a single set of identification factors to gain access to one of multiple accounts. Once the user provides the proper identification factors and the identification factors are verified by matching them against factors stored in a computer, the identity of the user is deemed to be authentic and the user is passed onto the on-line service provider for access to the user'"'"'s personal account.

73 Citations

View as Search Results

20 Claims

1. A system for authenticating the identity of a user of the services provided by one or more on-line service providers, said system comprising:
- an item of information known by the user, said item of information providing a first identification factor;
  
  an object in the possession of the user, said object providing a second identification factor;
  
  a client infrastructure for first receiving and then transmitting said first and second identification factors to an authentication infrastructure for;
  
  verifying the accuracy of said first and second identification factors;
  
  generating a message to one of the one or more on-line service providers in said client infrastructure that said first and second identification factors have been authenticated;
  
  connecting the user to the on-line service provider;
  
  whereby the users need only one of said item of information and only one of said item object in possession to gain individual access to the one or more on-line service providers.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system as identified in claim 1 wherein said object in the possession of the user is selected from a group including:
    - biometric measurement, software tokens, smart cards, and public key authentication.
  - 3. The system as identified in claim 1 wherein said client infrastructure includes one or more application computer servers and said authentication infrastructure includes one or more authentication computer servers.
  - 4. The system as defined in claim 3 wherein data obtained from the user and data obtained from said application computer server is organized into a custom table stored in a data base in said client infrastructure.
  - 5. The system as defined in claim 4 wherein one or more of the data items placed into said custom table are selected from a group including:
    - a transaction control number, an authentication system identification number, and an authentication system identification name.

6. A method for authenticating the rights of a single user to one or more on-line service providers, said method comprising the steps of:
- providing the user with an item of information known only to the user, said item of information known only to the user being a first identification factor;
  
  providing the an object to the possession of the user, said object in the possession of the user being a second identification factor;
  
  receiving said first identification factor and said second identification factor at a computer terminal;
  
  transmitting said first and second identification factors from said computer terminal to an authentication infrastructure;
  
  verifying the accuracy of said first and said second identification factors;
  
  generating a message to a selected one of the one or more on-line service providers that said first and second identification factors have been verified;
  
  connecting the user to said selected on-line service provider.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 7. The method as defined in claim 6 wherein the object in the possession of the user is a physical token.
  - 8. The method as defined in claim 7 further including the step of mapping information regarding said physical token to on-line service providers.
  - 9. The method as defined in claim 7 further including the step of receiving user information from other on line service providers to register a new user.
  - 10. The method as defined in claim 7 further including the step of using information from other on-line service providers to register new mapping with an existing physical token.
  - 11. The method as defined in claim 6 further including the step of suspending authentication when fraud is detected.
  - 12. The method as defined in claim 7 further including the step of registering a user who is not in possession of a physical token.
  - 13. The method as defined in claim 7 further including the step of transmitting updating information to mapped on-line service providers when information regarding a physical token is updated due to loss or damage of the token.
  - 14. The method as defined in claim 7 further including the step of mapping a directory of all authorized on-line service providers to a single physical token.
  - 15. The method as defined in claim 6 further including the step of validating the use of first identification factor and said second identification factor to assure that the same identification factors are not used sequentially for validation.
  - 16. The method as defined in claim 6 further including the step of controlling the on-line service provider'"'"'s application navigation depending on the user status.
  - 17. The method as defined in claim 7 further including the step of validating the enrollment request for existing users within the system requesting use of an existing physical token with other on-line service providers.
  - 18. The method as defined in claim 6 further including the step of integrating multiple on-line providers with the authentication infrastructure without sharing the critical identifying information of the user selected from a group including:
    - Social Security Number, Tax ID, Date of Birth, and UserID.

19. A method for authenticating the rights of a single user to a set of one or more on-line service providers, said method comprising the steps of:
- providing the user with an item of information known only to the user, said item of information known only to the user being a first identification factor;
  
  providing the user with a physical token generating a random number, said random number being a second identification factor;
  
  transmitting said first identification factor and said second identification factor to a customer service representative of the on-line service provider whereby said customer service representative may verify the authenticity of said first and said second identification factors using an authentication infrastructure;
  
  generating a message to the set of on-line service providers of the verification of the authenticity of said first and said second identification factors;
  
  connecting the user to a selected on-line service provider from the set of on-line service providers.
- View Dependent Claims (20)
- - 20. The method as defined in claim 19 wherein said authentication infrastructure will supply said customer service representative of the on-line service provider with said random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Subodh Agrawal
Original Assignee
Subodh Agrawal
Inventors
Agrawal, Subodh

Application Number

US11/477,051
Publication Number

US 20070022196A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

Single token multifactor authentication system and method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Single token multifactor authentication system and method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links