SYSTEM AND METHOD FOR ACCOMPLISHING TWO-FACTOR USER AUTHENTICATION USING THE INTERNET
First Claim
Patent Images
1. A method of implementing token-based electronic security across multiple secure web sites, in which the user has a security token, comprising:
- storing unique token identification information, and the seed value of each token, in a security system;
requiring the user, upon login to a secure web site, to enter at least the code generated by the user'"'"'s token;
passing the user'"'"'s token code from the web site to the security system;
using the security system to verify whether or not the user'"'"'s token code was generated by the user'"'"'s token; and
passing the verification information from the security system to the web site, for use in web site security.
11 Assignments
0 Petitions
Accused Products
Abstract
A method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.
-
Citations
12 Claims
-
1. A method of implementing token-based electronic security across multiple secure web sites, in which the user has a security token, comprising:
-
storing unique token identification information, and the seed value of each token, in a security system;
requiring the user, upon login to a secure web site, to enter at least the code generated by the user'"'"'s token;
passing the user'"'"'s token code from the web site to the security system;
using the security system to verify whether or not the user'"'"'s token code was generated by the user'"'"'s token; and
passing the verification information from the security system to the web site, for use in web site security. - View Dependent Claims (2, 3)
-
-
4. A method of implementing token-based electronic security across a plurality of secure web sites, including a first and a second secure web site, the method comprising:
-
providing a security token to each user;
storing unique token identification information, and the seed value of each security token, in a security system;
providing each of the plurality of secure web sites with access to the security system;
requiring the user, upon login to one of the plurality of secure web sites, to enter into the secure web site at least the code generated by the user'"'"'s token;
passing the user'"'"'s token code from the secure web site to the security system;
using the security system to generate verification information indicating whether the user'"'"'s token code was generated by the user'"'"'s token; and
passing the verification information from the security system to the secure web site, for use in web site security. - View Dependent Claims (5, 6, 7)
-
-
8. In a system in which each user has a security token, wherein the security token generates a code, a method of implementing token-based electronic security, the method comprising:
-
providing a secure web site;
connecting the secure web site to a third party security system;
storing unique token identification information associated with the security token for each user, and the seed value of each security token, in the third party security system;
requiring the user, upon login to secure web site, to enter into the secure web site at least the code generated by the user'"'"'s token;
passing the user'"'"'s token code from the secure web site to the security system;
receiving from the security system and at the secure web site, verification information verifying if the user'"'"'s token code was generated by the user'"'"'s token; and
authorizing the user as a function of the verification information. - View Dependent Claims (9, 10, 11)
-
-
12. A security system which implements token-based electronic security across a plurality of secure web sites, the system comprising:
-
means for receiving communications from and sending communications to the plurality of secure web sites;
means for storing unique token identification information and the seed value of each security token;
means for receiving, from one or more of the plurality of secure web sites, a token code generated by a user'"'"'s security token;
means for generating verification information indicating whether the user'"'"'s token code was generated by the user'"'"'s token; and
means for passing the verification information from the security system to the secure web site, for use in web site security.
-
Specification