System and method of using two or more multi-factor authentication mechanisms to authenticate online parties

US 20070136573A1
Filed: 11/30/2006
Published: 06/14/2007
Est. Priority Date: 12/05/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for improving authentication of interacting parties comprising the use of two or more forms of authentication at least one of which uses at least two methods of authenticating users, said form of authentication comprising:

a multi-factor authentication step for authenticating a user from a computer, said multi-factor authentication comprising steps chosen from the group of using one-time password verification, using certificates, using Public Key Infrastructure components, using hardware devices that can be attached to a system, using physical devices not physically attached to the system, or using biometrics. assessing a trusted status of said computer, said user, and said system, based upon analyzing of a result of said step of multi-factor authentication.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authentication that comprises the use of at least one multiple multi-factor authentication with the optional addition of, mutual (site) authentication, transaction/behavior analysis, that utilizes user-facing geolocation communications and/or information about user device ownership periods, and/or a combination thereof to help prevent fraud.

295 Citations

38 Claims

1. A method for improving authentication of interacting parties comprising the use of two or more forms of authentication at least one of which uses at least two methods of authenticating users, said form of authentication comprising:
- a multi-factor authentication step for authenticating a user from a computer, said multi-factor authentication comprising steps chosen from the group of using one-time password verification, using certificates, using Public Key Infrastructure components, using hardware devices that can be attached to a system, using physical devices not physically attached to the system, or using biometrics. assessing a trusted status of said computer, said user, and said system, based upon analyzing of a result of said step of multi-factor authentication.
- View Dependent Claims (2, 3, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising the step of using site authentication between a user and a system being accessed and optionally further including a step of analyzing a result of said site authentication so as to further assess said trusted status of said computer, said user and said system.
  - 3. The method of claim 2, further comprising the step of utilizing transaction/behavior analysis in performing said authentication.
  - 4. The method of claim 3 wherein said mutual authentication includes the step of providing for said system being accessed to authenticate the user prior to the user having to submit a username or other login credentials.
  - 5. The method of claim 4 further comprising the step of hiding at least some authentication factors from said user.
  - 8. The method of claim 4 further comprising the presentation of a recognizable audible, visual, or other cue indicating the trusted status of the computer of said user.
  - 10. The method of claim 2, wherein said steps of providing site authentication further provide for the authentication of computers involved in online sites, email messages, instant messages, SMS messages, telephone calls, ATM machine, paper-based messages, and other communication systems.
  - 11. The method of claim 10, further including steps to provide a colored box with colored or uncolored characters within said box to said user as a cue for said site authentication.
  - 12. The method of claim 11, further including a step for portraying explanatory textual information along with said cue to said user so as to ensure that said system can authenticate within systems that can only process text.
  - 13. The method of claim 12, further including the step of creating and applying business logic based on information garnered about devices of said user and a length of time during which said computer of said user is known to belong to a specific user and a login pattern of the user from said device.
  - 14. The method of claim 13, further comprising the step of using both identifiers and heuristic analysis to determine the identity of a computer, user, or entity.
  - 15. The method of claim 14, further comprising the ongoing modification of the assessment of said trusted status of a computer of said user based upon analysis of user actions from said computer of said user or from other computers utilized by said user.
  - 16. The method of claim 15, further including the step of presenting a different login page for said user and said computer depending on whether each has been assessed as trusted or not trusted.
  - 17. The method of claim 1 wherein said step of assessing a trusted status further comprising at least one of the following steps:
    - allowing a trusted status for multiple identified users accessing from the same identified computer, disallowing a trusted status for multiple users accessing the same device trusted, or allowing a trusted status for multiple identified users accessing from multiple computers according to pre-set conditions.

6. A method of providing the ability to address man-in-the-middle attacks through the presentation of at least one recognizable cue in order to establish authenticity of a computer only when a user is accessing from an identified computer.
- View Dependent Claims (7)
- - 7. The method of claim 6 further comprising the step of sending a warning message via email, SMS, or other out of band carrier to the user to warn of possible existence of said man-in-the-middle attacks.

9. A method of providing communication out-of-band to a user indicating geolocation information in the form of text or a map that shows at least a general location where the user is accessing a system so that said user can detect any fraudulent access.

18. A method of providing authentication to a mobile electronic device comprising the steps of:
- producing a scannable barcode which can be displayed for scanning by another device, said scannable barcode being produced through calculations performed on processors within the mobile electronic device;
  
  sending a signal to another electronic device for identification and authentication purposes, said signal being modified based on information sent to the mobile electronic through a cellular, network, or other data connection;
  
  sending a signal to another electronic device for identification and authentication purposes, said signal being modified based on information contained within a processor inside the device processing at least an ESN present in said mobile electronic device to authenticate a user;
  
  sending said ESN in a secure encrypted or hashed fashion, to another electronic device as a key;
  
  sending data encrypted or hashed using the ESN as a key to another electronic device.

19. A method of leveraging geolocation information made available by cell phones and handheld devices to a system being accessed in order to authenticate users, comprising the following steps:
- checking the location of a given computer, phone, handheld or other device not being used to access a system while access is attempted from another computer, phone, handheld or other device allowing access only if the location of said given computer, phone, handheld or other device being used to access a system are within a range of pre-set rules within the system;
  
  allowing access only if the location of said computer, phone, handheld, or other device not being used for access are within an acceptable range of the device being used for access; and
  
  allowing access only if the location of said computer, phone, handheld, or other device being used for access are within an acceptable range of the device being used for access.

20. A system for improving authentication of interacting parties comprising the use of two or more authentication modules, at least one of which comprises at least two sub-modules for authenticating users, said system comprising:
- a multi-factor authentication module for authenticating a user from a computer, said multi-factor authentication comprising sub-modules chosen from the group of one-time password verification sub-modules, hardware-checking sub modules, certificate producing sub-modules, Public Key Infrastructure components, or biometric based authentication sub-modules. an assessment module for assessing a trusted status of said computer, said user, and said system, based upon analyzing of a result of said step of multi-factor authentication.
- View Dependent Claims (21, 22, 26, 27, 29, 30, 31, 32, 33, 34, 35, 36)
- - 21. The system of claim 20, further comprising a module for using site authentication between a user and a system being accessed to authenticate themselves to each other and optionally further including a module for analyzing a result of said site authentication so as to further assess said trusted status of said computer, said user and said system.
  - 22. The system of claim 21, further comprising a module for utilizing transaction/behavior analysis in performing said authentication.
  - 26. The system of claim 21 further comprising a module for sending a warning message via email, SMS, or other out of band carrier to the user to warn of possible existence of said man-in-the-middle attacks.
  - 27. The system of claim 21, further comprising a module for presentating a recognizable audible, visual, or other cue indicating the trusted status of the computer of said user.
  - 29. The system of claim 20, wherein said module for providing site authentication further includes a sub-module providing for the authentication of computers involved in online sites, email messages, instant messages, SMS messages, telephone calls, ATM machine, paper-based messages, and other communication systems.
  - 30. The system of claim 29, further including a sub-module for providing a colored box with colored or uncolored characters within said box to said user as a cue for said site authentication.
  - 31. The system of claim 29, further including a sub-module for portraying explanatory textual information along with said cue to said user so as to ensure that said system can authenticate within systems that can only process text.
  - 32. The system of claim 31, further including a sub-module for creating and applying business logic based on information garnered about devices of said user and a length of time during which said computer of said user is known to belong to a specific user and a login pattern of the user from said device.
  - 33. The system of claim 32, further comprising a sub-module for using both identifiers and heuristic analysis to determine the identity of a computer, user, or entity.
  - 34. The system of claim 33, further comprising a sub-module for providing ongoing modification of the assessment of said trusted status of a computer of said user based upon analysis of user actions from said computer of said user or from other computers utilized by said user.
  - 35. The system of claim 34, further including a sub-module for presenting a different login page for said user and said computer depending on whether each has been assessed as trusted or not trusted.
  - 36. The system of claim 20 wherein said module for assessing a trusted status further comprising at least one sub-module for:
    - allowing a trusted status for multiple identified users accessing from the same identified computer, disallowing a trusted status for multiple users accessing the same device trusted, or allowing a trusted status for multiple identified users accessing from multiple computers according to pre-set conditions.

23. The system of claim 23 wherein said mutual authentication module includes a sub-module for providing said system being accessed to authenticate the user prior to the user having to submit a username or other login credentials.
- View Dependent Claims (24)
- - 24. The system of claim 23 further comprising a module for hiding at least some authentication factors from said user.

25. A system having a module for providing the ability to address man-in-the-middle attacks through the presentation of at least one recognizable cue in order to establish authenticity of a computer only when a user is accessing from an identified computer.

28. A system having a module for providing communication out-of-band to a user indicating geolocation information in the form of text or a map that shows at least a general location where the user is accessing a system so that said user can detect any fraudulent access.

37. A system of providing authentication to a mobile electronic device comprising:
- a module for producing a scannable barcode which can be displayed for scanning by another device, said scannable barcode being produced through calculations performed on processors within the mobile electronic device;
  
  a module for sending a signal to another electronic device for identification and authentication purposes, said signal being modified based on information sent to the mobile electronic through a cellular, network, or other data connection;
  
  a module for processing at least an ESN present in said mobile electronic device to authenticate a user;
  
  a module for sending said ESN in a secure encrypted or hashed fashion to another electronic device as a key;
  
  a module for sending a signal to another electronic device for identification and authentication purposes, with said signal being modified based on information contained within a chip inside the device; and
  
  a module for sending data encrypted or hashed using the ESN as a key to another electronic device.

38. A system for leveraging geolocation information made available by cell phones and handheld devices to a system being accessed in order to authenticate users, comprising the following:
- a module for checking the location of a given computer, phone, handheld or other device being used to access a system while access is attempted from another computer, phone, handheld or other device;
  
  a module for allowing access only if the location of said given computer, phone, handheld or other device being used to access a system are within a range of pre-set rules within the system;
  
  a module for allowing access only if the location of said computer, phone, handheld, or other device not being used for access are within an acceptable range of the device being used for access; and
  
  a module for allowing access only if the location of said computer, phone, handheld, or other device being used for access are within an acceptable range of the device being used for access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Joseph Steinberg
Original Assignee
Joseph Steinberg
Inventors
Steinberg, Joseph

Application Number

US11/606,788
Publication Number

US 20070136573A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/35   communicating wirelessly

G06F 21/43   wireless channels

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 2463/082   applying multi-factor authe...

H04L 63/0823   using certificates cryptogr...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 63/1483   service impersonation, e.g....

H04L 63/18   using different networks or...

H04L 9/3226   using a predetermined code,...

H04L 9/3273   for mutual authentication n...

System and method of using two or more multi-factor authentication mechanisms to authenticate online parties

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

295 Citations

38 Claims

Specification

Use Cases

Quick Links

Others

System and method of using two or more multi-factor authentication mechanisms to authenticate online parties

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

295 Citations

38 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others