Multi-party, secure Multi-Channel Authentication

US 20080086767A1
Filed: 05/22/2007
Published: 04/10/2008
Est. Priority Date: 10/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method of using multiple channels to provide a resource to a user, the method comprising:

receiving a first authentication parameter from a first device, wherein the first device is associated with a first user;

receiving a request for a resource from the first user, wherein the resource requires an indication of approval of a second user;

transmitting a token value to the first device;

receiving a second authentication parameter and the token value from a second device, wherein the second device is associated with the second user; and

using the token value to associate the first authentication parameter with the second authentication parameter.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for using multiple channels to access a resource, wherein a first user requests a resource that requires an indication of approval from a second user, a token value is transmitted to the first user on the first channel, and the second user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the first user is allowed access to the resource on the first. The first and second user may be independently authenticated in some implementations and not independently authenticated in other implementations.

229 Citations

36 Claims

1. A method of using multiple channels to provide a resource to a user, the method comprising:
- receiving a first authentication parameter from a first device, wherein the first device is associated with a first user;
  
  receiving a request for a resource from the first user, wherein the resource requires an indication of approval of a second user;
  
  transmitting a token value to the first device;
  
  receiving a second authentication parameter and the token value from a second device, wherein the second device is associated with the second user; and
  
  using the token value to associate the first authentication parameter with the second authentication parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1 the method further comprising:
    - receiving an indication of approval from the second user to allow the request from the first user.
  - 3. The method of claim 1, wherein receiving a first authentication parameter from a first device further comprises receiving a first authentication parameter from a first device over a first channel.
  - 4. The method of claim 1 wherein the second user is authenticated using a single channel or multi-channel authentication process.
  - 5. The method of claim 1, wherein receiving a second authentication parameter and the token value from a second device further comprises receiving a first authentication parameter from a first device over a first channel.
  - 6. The method of claim 1, the method comprising:
    - using the token value to associate the request received from the first device with the indication of approval from the second user received over the second channel.
  - 7. The method of claim 1, the method comprising:
    - providing the resource to the first device.
  - 8. The method of claim 1 wherein the first authentication parameter is a user ID, a descriptive title, password, hard token, soft token, wireless applet, voiceprint, or any combination thereof.
  - 9. The method of claim 1 wherein the first authentication parameter is associated with the second user.
  - 10. The method of claim 1 wherein the second authentication parameter is a user ID, a descriptive title, password, hard token, soft token, wireless applet, voiceprint, or any combination thereof.
  - 11. The method of claim 1, wherein the resource requires the second authentication parameter and at least one additional authentication parameter, the method comprising:
    - receiving the token value and at least one additional authentication parameter over at least one additional channel; and
      
      using the token value to associate the request received over the first channel with the at least one additional authentication parameter received over the at least one additional channel.
  - 12. The method of claim 11 wherein the at least one additional authentication parameter is associated with at least one additional user.
  - 13. The method of claim 11, wherein the additional authentication parameter is a user ID, a password, a partial password, a portion of the first authentication parameter, a portion of the second authentication parameter, or a combination of the first and the second authentication parameters, a hard token, a soft token, a wireless applet, a voiceprint, or any combination thereof.
  - 14. The method of claim 11, further comprising using the token value to associate the first authentication parameter, the second authentication parameter, and the at least one additional authentication parameter.
  - 15. The method of claim 11, further comprising using the first authentication parameter, the second authentication parameter, and the at least one additional authentication parameter to authenticate the first user.
  - 16. The method of claim 11, wherein the at least one additional channel is not the first or second channel.
  - 17. The method of claim 1, the method comprising:
    - generating a credential with information that indicates whether the resource may be provided to the first device without the indication of approval from the second user.
  - 18. The credential of claim 17, wherein the credential comprises:
    - a cookie, a permanent credential, a time-sensitive credential, a credential that expires after a pre-set number of user sessions, or any combination thereof.
  - 19. The method of claim 17, wherein the first user has exited an initial session and is attempting to begin a new session, the method comprising:
    - receiving the first authentication parameter from the first device, wherein the first device is associated with the first user;
      
      receiving a request for the resource from the first device, wherein access to the resource requires an indication of approval from the second user; and
      
      processing information associated with the credential.
  - 20. The method of claim 19, the method comprising:
    - providing the resource if the information associated with the credential indicates that the resource should be provided to the first device without the approval of the second user.

21. A method to use multiple channels to provide a resource to a user, the method comprising:
- authenticating a first user;
  
  receiving a request for a resource from a first device over a first channel that requires an indication of approval from a second user, wherein the first device is associated with the first user;
  
  transmitting a token value to the first device;
  
  authenticating the second user;
  
  receiving the token value from a second device over the second channel, wherein the second device is associated with the second user;
  
  receiving the indication of approval from the second device; and
  
  using the token value to associate the request from the first device with the indication of approval from the second device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The method of claim 21, further comprising:
    - providing the resource to the first device.
  - 23. The method of claim 21, wherein authenticating comprises authenticating using a multi-channel process, a multi-channel process, or any combination thereof.
  - 24. The method of claim 21, wherein authenticating the first user comprises:
    - receiving a user ID and first password associated with a first user over a first channel and authenticating the first user based on the user ID and the first password.
  - 25. The method of claim 21, wherein authenticating the second user comprises:
    - receiving a user ID and second password associated with a second user over a second channel and authenticating the second user based on the user ID and second password.
  - 26. The method of claim 21, wherein the resource requires the second authentication parameter and at least one additional authentication parameter, the method comprising:
    - authenticating at least one additional user;
      
      receiving the token value and at least one additional authentication parameter from at least one additional device over at least one additional channel, wherein the at least one additional device is associated with at least one additional user; and
      
      using the token value to associate the request received from the first device with the indication of approval received from the at least one additional device.
  - 27. The method of claim 26 wherein the token value is used to associate the request received from the first device with the indication of approval received from the second device and the at least one additional device.
  - 28. The method of claim 21, the method comprising:
    - generating a credential that indicates whether the resource may be provided to the first device without the indication of approval from the second user.
  - 29. The credential of claim 28, wherein the credential comprises:
    - a cookie, a permanent credential, a time-sensitive credential, a credential that expires after a pre-set number of user sessions, or any combination thereof.
  - 30. The method of claim 21 wherein the first user has exited an initial session and is attempting to begin a new session, the method comprising:
    - authenticating the first user;
      
      receiving a request for the resource from the first device, wherein the first device is associated with the first user; and
      
      processing information associated with the credential.
  - 31. The method of claim 30, the method comprising:
    - providing the resource if the information associated with the credential indicates that the resource should be provided to the first device without the approval of the second user.

32. A method of determining a user'"'"'s access to a resource, the method comprising:
- authenticating a second user;
  
  receiving a token value, wherein the token value is associated with a user session wherein a first user has access to a resource based on an indication of approval from the second user;
  
  transmitting information about the user session to the device; and
  
  receiving instruction from the device regarding access of the first user to the resource.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The method of claim 32, wherein authenticating a second user comprises receiving an authentication parameter from a device, wherein the authentication parameter is associated with the second user.
  - 34. The method of claim 32, wherein receiving instructions from the second user comprises receiving instructions from the second user to terminate the access of the first user to the resource.
  - 35. The method of claim 32, wherein receiving instructions from the second user comprises receiving instructions from the second user to limit the access of the first user to the resource.
  - 36. The method of claim 35, wherein the second user may limit the access of the first user according to a time deadline, or a pre-set number of user sessions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FMR LLC
Original Assignee
FMR LLC
Inventors
Thornton, William A., Greenberg, Adam, Marotto, Anthony M., Kulkarni, Rajandra Luxman

Granted Patent

US 8,474,028 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 9/3215   using a plurality of channe...

H04L 9/3234   involving additional secure...

Multi-party, secure Multi-Channel Authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

229 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-party, secure Multi-Channel Authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

229 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links