ADVANCED MULTI-FACTOR AUTHENTICATION METHODS

US 20080052245A1
Filed: 08/21/2007
Published: 02/28/2008
Est. Priority Date: 08/23/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of authenticating electronic communication between a user operated client device and a vendor, the method comprising:

receiving a user identifier from a client device;

receiving a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier; and

a keystone identifier;

validating the codebook identifier by determining whether said codebook identifier is associated with said user identifier;

upon successful validation of the codebook identifier, providing an image challenge comprising said keystone identifier located in a predetermined position of said image challenge and at least one first identifier arranged in a sequential order;

receiving a passcode responsive to said image challenge from the client device; and

authenticating said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in said image challenge.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, software, and systems for authenticating electronically accessible sites are described. In general, the development involves querying an identified user connected to an electronically accessible third party vendor site (e.g., a website) for a codebook identifier that corresponds to a codebook having a plurality of identification units, each of which includes a first identifier and a second identifier, and a keystone identifier; following receipt of the codebook identifier, querying the user with a variable image challenge comprised of the keystone and the first identifier for at least one identification unit in the codebook; and prompting the user to enter the second identifier for each identification unit displayed in the image challenge to form a one time passcode. Following entry of a passcode that corresponds to the image challenge, the authenticity of the user is confirmed to the vendor site.

Citations

31 Claims

1. A method of authenticating electronic communication between a user operated client device and a vendor, the method comprising:
- receiving a user identifier from a client device;
  
  receiving a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier; and
  
  a keystone identifier;
  
  validating the codebook identifier by determining whether said codebook identifier is associated with said user identifier;
  
  upon successful validation of the codebook identifier, providing an image challenge comprising said keystone identifier located in a predetermined position of said image challenge and at least one first identifier arranged in a sequential order;
  
  receiving a passcode responsive to said image challenge from the client device; and
  
  authenticating said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in said image challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein said authenticating further comprises determining whether each second identifier in said passcode are in the same sequential order as each corresponding first identifier in said image challenge.
  - 3. The method of claim 1, wherein said first identifier comprise an image.
  - 4. The method of claim 1, wherein said second identifier comprises an alphanumeric character.
  - 5. The method of claim 1, wherein said image challenge comprises at least three first identifiers.
  - 6. The method of claim 1, wherein the position of said keystone identifier in said image challenge is predetermined by an authentication system.
  - 7. The method of claim 1, wherein said providing said image challenge comprises:
    - selecting at least one identification unit from said plurality of identification units; and
      
      assembling the first identifier of each selected identification unit and said keystone identifier into said image challenge.
  - 8. The method of claim 1, wherein said image challenge comprises at least two first identifiers, and wherein said providing said image challenge further comprises determining a random order for said at least two first identifiers in said image challenge.
  - 9. The method of claim 1, further comprising:
    - determining whether said user identifier matches a known user identifier; and
      
      initiating a secure communication channel between said client device and said vendor if the user identifier matches a known user identifier.
  - 10. The method of claim 9, wherein initiating a secure communication channel comprises providing vendor information to said client device to authenticate said vendor.
  - 11. The method of claim 10, wherein said vendor information comprises a digital certificate identifying said vendor.
  - 12. The method of claim 1, further comprising:
    - receiving user identity information from said client device; and
      
      determining whether to allow access to said vendor based on said identity information and said passcode.
  - 13. The method of claim 12, wherein said user identity information is selected from the group consisting of a password, biometric data, and bibliographic information.
  - 14. The method of claim 1, wherein said user identifier comprises a username.
  - 15. The method of claim 1, wherein said user identifier comprises information provided by a software token on said client device.

16. A method of authenticating an electronic communication of a user who has established a communication channel with an electronically accessible vendor, comprising:
- providing a first field displayable on a user interface, said first field configured to receive a codebook identifier, said codebook identifier being associated with a codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier, and a keystone identifier;
  
  providing an image challenge displayable on said user interface, said image challenge comprising a keystone identifier and at least one first identifier of an identification unit from a codebook associated with said codebook identifier;
  
  providing a second field displayable on said user interface, said second field configured to receive a valid passcode responsive to said image challenge, said passcode comprising at least one second identifier, each said at least one second identifier corresponding to one first identifier in said image challenge, each second identifier in said passcode being in the same sequential order as each corresponding first identifier in said image challenge.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein said first identifier comprise an image, and wherein said second identifier comprises an alphanumeric character.
  - 18. The method of claim 16, wherein keystone identifier position in said image challenge is predetermined.

19. A method of authenticating communication between an electronically accessible vendor site and a user, the method comprising:
- prompting for a codebook identifier from a user, said codebook identifier associated with a codebook comprising a plurality of independent identification units, wherein each identification unit comprises a first identifier and a second identifier, and a keystone identifier;
  
  following receipt of said codebook identifier, prompting for a passcode in response to an image challenge displayed to said user, said image challenge comprising said keystone identifier and a first identifier for at least one identification unit in said codebook; and
  
  upon receipt of said passcode, authenticating the user by determining if said passcode comprises a corresponding second identifier of an identification unit for each first identifier of said identification unit displayed in said image challenge.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The method of claim 19, wherein said authenticating further comprises determining if said corresponding second identifier in said passcode is in the same sequential order as said each first identifier in said image challenge.
  - 21. The method of claim 19, further comprising prompting for a user identifier, and authenticating the user using the user identifier and the codebook identifier.
  - 22. The method of claim 20, wherein the user identifier comprises at least one of a user name, a password, and a software token.
  - 23. The method of claim 19, wherein the user connection is made via an automated teller machine (ATM).
  - 24. The method of claim 19, wherein the user connection is made via a wide area network having a user side and a vendor side, wherein said user side comprises a user computing device configured for electronic communication over said network, and wherein said vendor site comprises a vendor computing device configured for electronic communication over said network.
  - 25. The method of claim 24, wherein the vendor site comprises a website.
  - 26. The method of claim 19, wherein said first identifier comprises an image, and wherein said second identifier comprises an alphanumeric character.

27. A method of authenticating electronic communication between a user operated client device and a vendor, the method comprising:
- receiving a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier, and a keystone identifier;
  
  providing an image challenge based on said codebook identifier, said image challenge comprising said keystone identifier and at least two first identifiers in a sequential order, said keystone identifier being located in a predetermined position of said sequential order, and said at least two first identifiers being located in a random order in said sequential order;
  
  receiving a passcode responsive to said image challenge from said client device; and
  
  authenticating said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in the image challenge.

28. A machine readable medium comprising instructions for authenticating an electronic communication between a user operated client device and a vendor computer system that upon execution cause a machine to:
- receive a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier; and
  
  a keystone identifier;
  
  provide an image challenge comprising said keystone identifier and at least two first identifiers in a sequential order, said keystone identifier being located in a predetermined position of said sequential order, and said at least two first identifiers being located in a random order in said sequential order;
  
  receive a passcode responsive to said image challenge from the client device; and
  
  authenticate said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in the image challenge, each second identifier in said passcode being in the same sequential order as each corresponding first identifier in said image challenge.

29. A method of authenticating an electronic communication between a client device operated by a user and a vendor computer system, comprising:
- means for receiving a codebook identifier from said client device that identifies a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier; and
  
  a keystone identifier;
  
  means for providing an image challenge comprising said keystone identifier and at least two first identifiers in a sequential order, said keystone identifier being located in a predetermined position of said sequential order, and said at least two first identifiers being located in a random order in said sequential order;
  
  means for receiving a passcode responsive to said image challenge from the client device; and
  
  means for authenticating said passcode by determining if said passcode comprises a second identifier corresponding to each first identifier in the image challenge, each second identifier in said passcode being in the same sequential order as each corresponding first identifier in said image challenge.

30. A system for authenticating an electronic communication, comprising:
- a user identifier module configured to receive a user identifier and determine if said user identifier is associated with a known user;
  
  a codebook identifier module configured to receive a codebook identifier and validate said codebook identifier by determining whether said codebook identifier is associated with said user identifier and associated with a codebook, said codebook comprising a plurality of identification units, each identification unit having a first identifier and a corresponding second identifier, and a keystone identifier;
  
  an image challenge module configured to provide an image challenge upon successful validation of the codebook identifier, said image challenge comprising said keystone identifier located in a predetermined position of said image challenge and a plurality of first identifiers arranged in a sequential order;
  
  a passcode comparison module configured to authenticate said passcode by determining whether said passcode comprises a corresponding second identifier of an identification unit for each first identifier of said identification unit in said image challenge, and whether said corresponding second identifier in said passcode is in the same sequential order as each first identifier in said image challenge.
- View Dependent Claims (31)
- - 31. The system of claim 30, wherein said first identifier comprises an image, and wherein said second identifier comprises an alphanumeric character.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acuprint Incorporated
Original Assignee
Acuprint Incorporated
Inventors
Love, Richard

Application Number

US11/842,353
Publication Number

US 20080052245A1
Time in Patent Office

Days
Field of Search
US Class Current

705/76
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06Q 20/3821   Electronic credentials

G06Q 30/06   Buying, selling or leasing ...

H04L 9/3228   One-time or temporary data,...

H04L 9/3271   using challenge-response

H04W 12/77   Graphical identity

ADVANCED MULTI-FACTOR AUTHENTICATION METHODS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

ADVANCED MULTI-FACTOR AUTHENTICATION METHODS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links