Methods and systems for secure user authentication

US 20070050840A1
Filed: 07/27/2006
Published: 03/01/2007
Est. Priority Date: 07/29/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for secure user authentication in electronic commerce, comprising:

maintaining electronic information having a first aspect and a second aspect, said first aspect being accessible by a user over a first electronic communication channel in response to entry of a first credential known to the user and said second aspect being accessible by the user over the first electronic communication channel in response to entry of a second credential provided to the user;

pre-registering a delivery address on a second electronic communication channel that is different from the first electronic communication channel for providing the second credential to the user;

allowing a user a current session of access to the first aspect of the electronic information in response to entry of the first credential and providing the second credential to the user at the pre-registered delivery address via the second electronic communication channel in response to entry of a pre-determined user selection during said session of user access to the first aspect if no change has occurred in the pre-registered delivery address for the user within a pre-determined period of time; and

allowing the user a session of access to the second aspect of the electronic information via the first electronic communication channel in response to entry of the second credential during one of said current session of user access to the first aspect and a succeeding session of user access to the first aspect.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method and system for secure user authentication in electronic commerce involves maintaining electronic information having a first aspect that is accessible over a first electronic communication channel in response to entry of a first credential known to the user and a second aspect that is accessible by the user over the first electronic communication channel in response to entry of a second credential provided to the user at a pre-registered delivery address on a second electronic communication channel. The second credential is provided to the user via the second electronic communication channel in response to entry of a pre-determined user selection during a current session of user access to the first aspect if no change has occurred in the pre-registered delivery address within a pre-determined period of time, and the user is allowed a session of access to the second aspect in response to entry of the second credential either during the current session of user access to the first aspect or during a succeeding session of user access to the first aspect.

Citations

18 Claims

1. A computer-implemented method for secure user authentication in electronic commerce, comprising:
- maintaining electronic information having a first aspect and a second aspect, said first aspect being accessible by a user over a first electronic communication channel in response to entry of a first credential known to the user and said second aspect being accessible by the user over the first electronic communication channel in response to entry of a second credential provided to the user;
  
  pre-registering a delivery address on a second electronic communication channel that is different from the first electronic communication channel for providing the second credential to the user;
  
  allowing a user a current session of access to the first aspect of the electronic information in response to entry of the first credential and providing the second credential to the user at the pre-registered delivery address via the second electronic communication channel in response to entry of a pre-determined user selection during said session of user access to the first aspect if no change has occurred in the pre-registered delivery address for the user within a pre-determined period of time; and
  
  allowing the user a session of access to the second aspect of the electronic information via the first electronic communication channel in response to entry of the second credential during one of said current session of user access to the first aspect and a succeeding session of user access to the first aspect.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein said first aspect further comprises pre-selected non-sensitive transaction aspects of the electronic information and said second aspect further comprises pre-selected sensitive transaction aspects of the electronic information.
  - 3. The method of claim 1, wherein said first electronic communication channel further comprises a computing device coupled over a global network to a website server.
  - 4. The method of claim 3, wherein said first electronic communication channel further comprises the computing device coupled over the global network to a transaction server via the website server.
  - 5. The method of claim 1, wherein said first electronic communication channel further comprises a self-service financial transaction terminal coupled over a self-service financial transaction terminal network to a host server.
  - 6. The method of claim 1, wherein said first credential further comprises a password selected by the user for identifying the user.
  - 7. The method of claim 1, wherein said second credential further comprises a randomly generated secret code for identifying the user that is provided to the user.
  - 8. The method of claim 1, wherein said second credential is provided to the user for a single session of access to the second aspect of the electronic information.
  - 9. The method of claim 1, wherein said second credential has a pre-determined expiry, after which the second identifying credential is no longer valid for accessing the second aspect of the electronic information.
  - 10. The method of claim 1, wherein pre-registering said delivery address on the second electronic communication channel further comprises pre-registering one of a mobile telecommunication device address and an email address for providing the user the second credential.
  - 11. The method of claim 1, wherein providing said second credential to the user via the second electronic communication channel further comprises providing the second credential to the user by text message.
  - 12. The method of claim 1, wherein providing said second credential to the user in response to the user selection further comprises providing the second identifying credential to the user in response to a user log-off of at a conclusion of said current session of user access to the first aspect.
  - 13. The method of claim 12, wherein providing said second credential to the user in response to the user log-off further comprises providing the second credential to the user for use during a succeeding session of user access to the first aspect.
  - 14. The method of claim 1, wherein providing said second credential to the user in response to the user selection further comprises providing the second credential to the user in response to a user request for the second credential during said current session of user access to the first aspect.
  - 15. The method of claim 1, wherein providing said second credential to the user in response to the user selection further comprises providing the second credential to the user in response to a user attempt to access the second aspect of the electronic information during said current session of user access to the first aspect.
  - 16. The method of claim 15, wherein providing said second credential to the user in response to the user attempt to access the second aspect of the electronic information further comprises providing the second credential to the user in response to a user attempt to access pre-selected sensitive transaction aspects of the electronic information.
  - 17. The method of claim 16, wherein providing said second credential to the user in response to the user attempt to access pre-selected sensitive transaction aspects of the electronic information further comprises providing the second credential to the user in response to receiving an indication of the user'"'"'s attempt to navigate to the pre-selected sensitive transaction aspects of the electronic information.

18. A computer system for secure user authentication in electronic commerce, comprising:
- data storage means storing electronic information having a first aspect and a second aspect;
  
  first electronic communication channel means over which said first aspect is accessible by a user in response to entry of a first credential known to a user and over which said second aspect is accessible by the user in response to entry of a second credential provided to the user;
  
  second electronic communication channel means that is different from the first electronic communication channel means for providing the second credential to the user at a pre-registered delivery address;
  
  said first electronic communication channel means being adapted for allowing the user a current session of access to the first aspect of the electronic information in response to entry of the first credential and for providing the second credential to the user at the pre-registered delivery address via the second electronic communication channel in response to entry of a pre-determined user selection during said session of user access to the first aspect if no change has occurred in the pre-registered delivery address within a pre-determined period of time; and
  
  said first electronic communication channel means being further adapted for allowing the user a session of access to the second aspect of the electronic information via the first electronic communication channel in response to entry of the second credential during one of said current session of user access to the first aspect and a succeeding session of user access to the first aspect.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citicorp Credit Services Incorporated (Citigroup Incorporated)
Original Assignee
Citicorp Development Center Incorporated (Citigroup Incorporated)
Inventors
Grandcolas, Michael, Herrig, Robert, Koryakovtseva, Irina, Vos, Jennifer

Granted Patent

US 8,181,232 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/42   using separate channels for...

G06Q 20/4014   Identity check for transact...

G06Q 20/425   using two different network...

G06Q 30/06   Buying, selling or leasing ...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 63/18   using different networks or...

Methods and systems for secure user authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for secure user authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links