System and method of using two or more multi-factor authentication mechanisms to authenticate online parties
First Claim
Patent Images
1. A method for improving authentication of interacting parties comprising the use of two or more forms of authentication at least one of which uses at least two methods of authenticating users, said form of authentication comprising:
- a multi-factor authentication step for authenticating a user from a computer, said multi-factor authentication comprising steps chosen from the group of using one-time password verification, using certificates, using Public Key Infrastructure components, using hardware devices that can be attached to a system, using physical devices not physically attached to the system, or using biometrics. assessing a trusted status of said computer, said user, and said system, based upon analyzing of a result of said step of multi-factor authentication.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authentication that comprises the use of at least one multiple multi-factor authentication with the optional addition of, mutual (site) authentication, transaction/behavior analysis, that utilizes user-facing geolocation communications and/or information about user device ownership periods, and/or a combination thereof to help prevent fraud.
295 Citations
38 Claims
-
1. A method for improving authentication of interacting parties comprising the use of two or more forms of authentication at least one of which uses at least two methods of authenticating users, said form of authentication comprising:
-
a multi-factor authentication step for authenticating a user from a computer, said multi-factor authentication comprising steps chosen from the group of using one-time password verification, using certificates, using Public Key Infrastructure components, using hardware devices that can be attached to a system, using physical devices not physically attached to the system, or using biometrics. assessing a trusted status of said computer, said user, and said system, based upon analyzing of a result of said step of multi-factor authentication. - View Dependent Claims (2, 3, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 17)
-
- 6. A method of providing the ability to address man-in-the-middle attacks through the presentation of at least one recognizable cue in order to establish authenticity of a computer only when a user is accessing from an identified computer.
-
9. A method of providing communication out-of-band to a user indicating geolocation information in the form of text or a map that shows at least a general location where the user is accessing a system so that said user can detect any fraudulent access.
-
18. A method of providing authentication to a mobile electronic device comprising the steps of:
-
producing a scannable barcode which can be displayed for scanning by another device, said scannable barcode being produced through calculations performed on processors within the mobile electronic device;
sending a signal to another electronic device for identification and authentication purposes, said signal being modified based on information sent to the mobile electronic through a cellular, network, or other data connection;
sending a signal to another electronic device for identification and authentication purposes, said signal being modified based on information contained within a processor inside the device processing at least an ESN present in said mobile electronic device to authenticate a user;
sending said ESN in a secure encrypted or hashed fashion, to another electronic device as a key;
sending data encrypted or hashed using the ESN as a key to another electronic device.
-
-
19. A method of leveraging geolocation information made available by cell phones and handheld devices to a system being accessed in order to authenticate users, comprising the following steps:
-
checking the location of a given computer, phone, handheld or other device not being used to access a system while access is attempted from another computer, phone, handheld or other device allowing access only if the location of said given computer, phone, handheld or other device being used to access a system are within a range of pre-set rules within the system;
allowing access only if the location of said computer, phone, handheld, or other device not being used for access are within an acceptable range of the device being used for access; and
allowing access only if the location of said computer, phone, handheld, or other device being used for access are within an acceptable range of the device being used for access.
-
-
20. A system for improving authentication of interacting parties comprising the use of two or more authentication modules, at least one of which comprises at least two sub-modules for authenticating users, said system comprising:
-
a multi-factor authentication module for authenticating a user from a computer, said multi-factor authentication comprising sub-modules chosen from the group of one-time password verification sub-modules, hardware-checking sub modules, certificate producing sub-modules, Public Key Infrastructure components, or biometric based authentication sub-modules. an assessment module for assessing a trusted status of said computer, said user, and said system, based upon analyzing of a result of said step of multi-factor authentication. - View Dependent Claims (21, 22, 26, 27, 29, 30, 31, 32, 33, 34, 35, 36)
-
- 23. The system of claim 23 wherein said mutual authentication module includes a sub-module for providing said system being accessed to authenticate the user prior to the user having to submit a username or other login credentials.
-
25. A system having a module for providing the ability to address man-in-the-middle attacks through the presentation of at least one recognizable cue in order to establish authenticity of a computer only when a user is accessing from an identified computer.
-
28. A system having a module for providing communication out-of-band to a user indicating geolocation information in the form of text or a map that shows at least a general location where the user is accessing a system so that said user can detect any fraudulent access.
-
37. A system of providing authentication to a mobile electronic device comprising:
-
a module for producing a scannable barcode which can be displayed for scanning by another device, said scannable barcode being produced through calculations performed on processors within the mobile electronic device;
a module for sending a signal to another electronic device for identification and authentication purposes, said signal being modified based on information sent to the mobile electronic through a cellular, network, or other data connection;
a module for processing at least an ESN present in said mobile electronic device to authenticate a user;
a module for sending said ESN in a secure encrypted or hashed fashion to another electronic device as a key;
a module for sending a signal to another electronic device for identification and authentication purposes, with said signal being modified based on information contained within a chip inside the device; and
a module for sending data encrypted or hashed using the ESN as a key to another electronic device.
-
-
38. A system for leveraging geolocation information made available by cell phones and handheld devices to a system being accessed in order to authenticate users, comprising the following:
-
a module for checking the location of a given computer, phone, handheld or other device being used to access a system while access is attempted from another computer, phone, handheld or other device;
a module for allowing access only if the location of said given computer, phone, handheld or other device being used to access a system are within a range of pre-set rules within the system;
a module for allowing access only if the location of said computer, phone, handheld, or other device not being used for access are within an acceptable range of the device being used for access; and
a module for allowing access only if the location of said computer, phone, handheld, or other device being used for access are within an acceptable range of the device being used for access.
-
Specification