ADVANCED MULTI-FACTOR AUTHENTICATION METHODS
First Claim
1. A method of authenticating electronic communication between a user operated client device and a vendor, the method comprising:
- receiving a user identifier from a client device;
receiving a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier; and
a keystone identifier;
validating the codebook identifier by determining whether said codebook identifier is associated with said user identifier;
upon successful validation of the codebook identifier, providing an image challenge comprising said keystone identifier located in a predetermined position of said image challenge and at least one first identifier arranged in a sequential order;
receiving a passcode responsive to said image challenge from the client device; and
authenticating said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in said image challenge.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, software, and systems for authenticating electronically accessible sites are described. In general, the development involves querying an identified user connected to an electronically accessible third party vendor site (e.g., a website) for a codebook identifier that corresponds to a codebook having a plurality of identification units, each of which includes a first identifier and a second identifier, and a keystone identifier; following receipt of the codebook identifier, querying the user with a variable image challenge comprised of the keystone and the first identifier for at least one identification unit in the codebook; and prompting the user to enter the second identifier for each identification unit displayed in the image challenge to form a one time passcode. Following entry of a passcode that corresponds to the image challenge, the authenticity of the user is confirmed to the vendor site.
-
Citations
31 Claims
-
1. A method of authenticating electronic communication between a user operated client device and a vendor, the method comprising:
-
receiving a user identifier from a client device;
receiving a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier; and
a keystone identifier;
validating the codebook identifier by determining whether said codebook identifier is associated with said user identifier;
upon successful validation of the codebook identifier, providing an image challenge comprising said keystone identifier located in a predetermined position of said image challenge and at least one first identifier arranged in a sequential order;
receiving a passcode responsive to said image challenge from the client device; and
authenticating said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in said image challenge. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of authenticating an electronic communication of a user who has established a communication channel with an electronically accessible vendor, comprising:
-
providing a first field displayable on a user interface, said first field configured to receive a codebook identifier, said codebook identifier being associated with a codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier, and a keystone identifier;
providing an image challenge displayable on said user interface, said image challenge comprising a keystone identifier and at least one first identifier of an identification unit from a codebook associated with said codebook identifier;
providing a second field displayable on said user interface, said second field configured to receive a valid passcode responsive to said image challenge, said passcode comprising at least one second identifier, each said at least one second identifier corresponding to one first identifier in said image challenge, each second identifier in said passcode being in the same sequential order as each corresponding first identifier in said image challenge. - View Dependent Claims (17, 18)
-
-
19. A method of authenticating communication between an electronically accessible vendor site and a user, the method comprising:
-
prompting for a codebook identifier from a user, said codebook identifier associated with a codebook comprising a plurality of independent identification units, wherein each identification unit comprises a first identifier and a second identifier, and a keystone identifier;
following receipt of said codebook identifier, prompting for a passcode in response to an image challenge displayed to said user, said image challenge comprising said keystone identifier and a first identifier for at least one identification unit in said codebook; and
upon receipt of said passcode, authenticating the user by determining if said passcode comprises a corresponding second identifier of an identification unit for each first identifier of said identification unit displayed in said image challenge. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A method of authenticating electronic communication between a user operated client device and a vendor, the method comprising:
-
receiving a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier, and a keystone identifier;
providing an image challenge based on said codebook identifier, said image challenge comprising said keystone identifier and at least two first identifiers in a sequential order, said keystone identifier being located in a predetermined position of said sequential order, and said at least two first identifiers being located in a random order in said sequential order;
receiving a passcode responsive to said image challenge from said client device; and
authenticating said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in the image challenge.
-
-
28. A machine readable medium comprising instructions for authenticating an electronic communication between a user operated client device and a vendor computer system that upon execution cause a machine to:
-
receive a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier; and
a keystone identifier;
provide an image challenge comprising said keystone identifier and at least two first identifiers in a sequential order, said keystone identifier being located in a predetermined position of said sequential order, and said at least two first identifiers being located in a random order in said sequential order;
receive a passcode responsive to said image challenge from the client device; and
authenticate said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in the image challenge, each second identifier in said passcode being in the same sequential order as each corresponding first identifier in said image challenge.
-
-
29. A method of authenticating an electronic communication between a client device operated by a user and a vendor computer system, comprising:
-
means for receiving a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier; and
a keystone identifier;
means for providing an image challenge comprising said keystone identifier and at least two first identifiers in a sequential order, said keystone identifier being located in a predetermined position of said sequential order, and said at least two first identifiers being located in a random order in said sequential order;
means for receiving a passcode responsive to said image challenge from the client device; and
means for authenticating said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in the image challenge, each second identifier in said passcode being in the same sequential order as each corresponding first identifier in said image challenge.
-
-
30. A system for authenticating an electronic communication, comprising:
-
a user identifier module configured to receive a user identifier and determine if said user identifier is associated with a known user;
a codebook identifier module configured to receive a codebook identifier and validate said codebook identifier by determining whether said codebook identifier is associated with said user identifier and associated with a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier, and a keystone identifier;
an image challenge module configured to provide an image challenge upon successful validation of the codebook identifier, said image challenge comprising said keystone identifier located in a predetermined position of said image challenge and a plurality of first identifiers arranged in a sequential order;
a passcode comparison module configured to authenticate said passcode by determining whether said passcode comprises a corresponding second identifier of an identification unit for each first identifier of said identification unit in said image challenge, and whether said corresponding second identifier in said passcode is in the same sequential order as each first identifier in said image challenge. - View Dependent Claims (31)
-
Specification