System and method for blocking unauthorized network log in using stolen password

US 20070266257A1
Filed: 07/02/2007
Published: 11/15/2007
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for selectively granting a user access to data, comprising:

at a Web server, receiving a user name and password from a user computer;

only if a cookie previously deposited on the user computer by the server, the user name, and the password are valid, granting access to the data to the user computer; and

displaying a user-approved secret on at least one page for presentation thereof to the user so that the user can view the secret for anti-phishing confirmation.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The authenticity of a website is determined using a unique string of characters known only to the user and the website on each page of the website that is displayed to the user, with a false site being incapable of displaying this unique string of characters, thereby putting the user on notice that the current site is not the authentic one the user desires to access. Voice methods for conveying one-time pass codes to users and for permitting customer institutions to select authentication rules are also disclosed.

339 Citations

38 Claims

1. A method for selectively granting a user access to data, comprising:
- at a Web server, receiving a user name and password from a user computer;
  
  only if a cookie previously deposited on the user computer by the server, the user name, and the password are valid, granting access to the data to the user computer; and
  
  displaying a user-approved secret on at least one page for presentation thereof to the user so that the user can view the secret for anti-phishing confirmation.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the cookie includes at least a login key and a machine ID.
  - 3. The method of claim 2, wherein the login key is a first login key, and wherein if access is granted to the user computer, a new cookie is downloaded to the user computer, the new cookie including the machine ID and a second login key different from the first login key, the new cookie being used in a subsequent login to the Web server.
  - 4. The method of claim 1, wherein the Web server is an online banking server.
  - 5. The method of claim 1, wherein the Web server is a content subscription server.

6. A system for impeding a thief possessing a password of a user from accessing information intended to be accessed by the user from a user computer, comprising:
- a server computer controlling access to the information, the server computer granting access to the information only upon receipt of a valid password and determination that a valid verification string resides on the user computer, the server computer also presenting, on plural web pages presented to the user, a secret previously approved by the user and correlated to a user identification.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein a valid verification string is downloaded to the user computer during a registration process.
  - 8. The system of claim 6, wherein the verification string is a cookie and the cookie includes at least a login key and a machine ID.
  - 9. The system of claim 8, wherein the login key is a first login key, and wherein if access is granted to the user computer, the server downloads a new cookie to the user computer, the new cookie including the machine ID and a second login key different from the first login key.
  - 10. The system of claim 6, wherein the Web server is an online banking server.
  - 11. The system of claim 6, wherein the Web server is a content subscription server.

12. A method for selectively granting a user access to data, comprising:
- at a server, receiving a user name and password from a user computer;
  
  at a server, determining whether a cookie previously deposited on the user computer includes a machine ID matching a machine ID stored in a database and a login key matching a login key stored in a database, and if so, granting the user computer access to the data, and refreshing the login key; and
  
  retrieving a secret associated with an identification of the user and presenting the secret on at least one web page presented to the user.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein if the machine ID does not match the machine ID stored in a database, additional authentication steps are executed.
  - 14. The method of claim 12, wherein if the machine ID matches the machine ID stored in a database but the login key does not match the login key stored in a database, no additional authentication steps are executed and an account associated with the user is disabled.
  - 15. The method of claim 13, wherein the additional authentication steps include sending a pass code to a wireless telephone associated with the user, and receiving from the user computer the PIN code from the user obtained from the wireless telephone.
  - 16. The method of claim 12, wherein the information server is an online banking server.
  - 17. The method of claim 12, wherein the information server is an e-commerce server.
  - 18. The method of claim 12, wherein the information server is a VPN server.

19. A method for selectively granting a user access to data, comprising:
- at a Web server, receiving a user name and password from a user computer;
  
  selectively providing a one-time pass code to the user over a phone link; and
  
  only if the user name, the password, and when provided to the user the one-time pass code are valid, granting access to the data to the user computer.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19, wherein a cookie on the user computer is tested as part of the act of granting access, and the cookie includes at least a login key and a machine ID, the pass code being provided to the user only if the machine ID is found to be invalid.
  - 21. The method of claim 20, wherein the login key is a first login key, and wherein, if access is granted to the user computer, a new cookie is downloaded to the user computer, the new cookie including the machine ID and a second login key different from the first login key, the new cookie being used in a subsequent login to the Web server.
  - 22. The method of claim 19, wherein the Web server is an online banking server or content subscription server.
  - 23. The method of claim 19, comprising receiving an audible phrase over the phone link, comparing it to a stored biometric, and based on the comparing act, determining whether to provide the pass code over the phone link.
  - 24. The method of claim 19, wherein the pass code is provided over the phone link as a secondary mode only if a primary mode of provision of the pass code has failed.
  - 25. The method of claim 19, wherein the pass code is provided over the phone link as a primary mode of provision of the pass code.

26. A system for impeding a thief possessing a password of a user from accessing information intended to be accessed by the user from a user computer, comprising:
- a server computer controlling access to the information, the server computer granting access to the information only upon receipt of a valid password and determination that a valid verification string resides on the user computer and further upon reception of a valid one-time pass code, the pass code being selectively provided to the user over a phone link.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The system of claim 26, wherein the verification string is a cookie and the cookie includes at least a login key and a machine ID, wherein the login key is a first login key, and wherein if access is granted to the user computer, the server downloads a new cookie to the user computer, the new cookie including the machine ID and a second login key different from the first login key.
  - 28. The system of claim 26, wherein the Web server is an online banking server and/or a content subscription server.
  - 29. The system of claim 26, wherein the server compares an audible phrase received over the phone link to a stored biometric, and based on the comparing act, determines whether to provide the pass code over the phone link.
  - 30. The system of claim 26, wherein the pass code is provided over the phone link as a secondary mode only if a primary mode of provision of the pass code has failed.
  - 31. The system of claim 26, wherein the pass code is provided over the phone link as a primary mode of provision of the pass code.

32. A method for selectively granting a user access to data, comprising:
- at a server, receiving a user name and password from a user computer;
  
  at a server, determining whether a cookie previously deposited on the user computer includes a machine ID matching a machine ID stored in a database and a login key matching a login key stored in a database, and if so, granting the user computer access to the data, and refreshing the login key;
  
  if the machine ID does not match the machine ID stored in a database, sending a pass code to a telephone associated with the user, and granting access only if the pass code is received from the user computer.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The method of claim 32, wherein the information server is an online banking server and/or an e-commerce server and/or a VPN server.
  - 34. The method of claim 32, wherein the server compares an audible phrase received over a phone link to a stored biometric, and based on the comparing act, determines whether to provide the pass code over the phone link.
  - 35. The method of claim 32, wherein the pass code is provided over a phone link as a secondary mode only if a primary mode of provision of the pass code has failed.
  - 36. The method of claim 32, wherein the pass code is provided over a phone link as a primary mode of provision of the pass code.

37. A service for permitting a customer institution to establish authentication rules for end users to access information at a server operated by the institution, comprising:
- permitting the customer institution to access at least one authentication web page listing plural authentication factors selected from the group consisting of;
  
  security questions being properly answered, one-time pass code being correctly input, pass code delivery to user via email, pass code delivery to user via short message service (SMS), pass code delivery to user via interactive voice response (IVR), pass code delivery to user using voice biometrics, proper cookie on user machine seeking access, authentication based on satisfactory geographic location of user machine seeking access, authentication based on proper browser version of machine seeking access, authentication based on acceptable internet service provider of machine seeking access; and
  
  permitting the customer institution to select one or more factors on the list for implementation thereof in allowing end users to access information at the server operated by the institution.
- View Dependent Claims (38)
- - 38. The service of claim 37, wherein the customer institution is also permitted to choose at least one of plural additional authentication options related to the voice biometric factor including one or more of a number of devices required for enrollment, whether enrollment is optional or required, a frequency with which end users much re-enroll, a human language used to deliver the pass code, a telephone number to dial to access a voice pass code delivery system, an expiration time of a session ID, and an expiration time of the pass code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anakam, Inc. (Equifax, Inc.)
Original Assignee
Anakam, Inc. (Equifax, Inc.)
Inventors
Samuelsson, Jonas, Camaisa, Allan

Granted Patent

US 8,528,078 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

System and method for blocking unauthorized network log in using stolen password

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

339 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for blocking unauthorized network log in using stolen password

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

339 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links