MULTI FACTOR AUTHENTICATION

US 20080120711A1
Filed: 09/26/2007
Published: 05/22/2008
Est. Priority Date: 11/16/2006
Status: Active Grant

First Claim

Patent Images

1. A method to authenticate a resource access request, comprising:

receiving, in an authentication server in a communication network, a primary authentication request transmitted from a user via a first communication channel;

processing the primary authentication request to determine whether the user is authorized to access one or more resources;

in response to a determination that the user is authorized to access one or more resources, initiating, in a network element, a secondary authentication request; and

transmitting the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.

Citations

25 Claims

1. A method to authenticate a resource access request, comprising:
- receiving, in an authentication server in a communication network, a primary authentication request transmitted from a user via a first communication channel;
  
  processing the primary authentication request to determine whether the user is authorized to access one or more resources;
  
  in response to a determination that the user is authorized to access one or more resources, initiating, in a network element, a secondary authentication request; and
  
  transmitting the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the primary authentication request is originated from a first computing device coupled to the communication network and includes a username and a password.
  - 3. The method of claim 2, wherein processing the primary authentication request comprises searching a data file maintained by the authentication server for a corresponding username and password.
  - 4. The method of claim 2, wherein the primary authentication request further comprises an identifier associated with a specific network resource, and wherein processing the primary authentication request comprises searching a data file maintained by the authentication server for a corresponding username and password associated with the specific network resource.
  - 5. The method of claim 4, wherein transmitting the secondary authentication request from the network element to the user via a second communication channel comprises originating a call from a network element to a telephone number associated with the username.
  - 6. The method of claim 5, wherein the call requests an authentication response from the user.
  - 7. The method of claim 6, wherein originating a call from the network element to a telephone number associated with the username comprises playing a prerecorded message approved by the user.
  - 8. The method of claim 1, further comprising:
    - receiving, in the network element, a response to the secondary authentication request;
      
      processing the response to the secondary authentication request to determine whether the user is authentic;
      
      in response to a determination that the user is authentic, granting access to one or more network resources.
  - 9. The method of claim 8, wherein the response to the secondary authentication request comprises at least one of a key sequence entered into a communication device or a voice message entered into the communication device.
  - 10. The method of claim 8, further comprising caching a successful response to the secondary authentication request for a predetermined period of time.

11. A network element, comprising:
- one or more processors;
  
  a memory module communicatively coupled to the processor and comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to;
  
  receive, via a first communication channel, a primary authentication request transmitted from a user from a first device;
  
  process the primary authentication request to determine whether the user is authorized to access one or more resources;
  
  in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request; and
  
  transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The network element of claim 11, wherein the primary authentication request is originated from a first computing device coupled to the communication network element and includes a username and a password.
  - 13. The network element of claim 12, further comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to search a data file maintained by the authentication server for a corresponding username and password.
  - 14. The network element of claim 12, wherein the primary authentication request further comprises an identifier associated with a specific network resource, and further comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to search a data file maintained by the authentication server for a corresponding username and password associated with the specific network resource.
  - 15. The network element of claim 14, further comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to originate a call from the network element to a telephone number associated with the username.
  - 16. The network element of claim 15, wherein the call requests an authentication response from the user.
  - 17. The network element of claim 16, further comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to play a prerecorded message approved by the user.
  - 18. The network element of claim 17, further comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to:
    - receive, in the network element, a response to the secondary authentication request;
      
      process the response to the secondary authentication request to determine whether the user is authentic;
      
      in response to a determination that the user is authentic, grant access to one or more network resources.
  - 19. The network element of claim 18, wherein the response to the secondary authentication request comprises at least one of a key sequence entered into a communication device or a voice message entered into the communication device.
  - 20. The network element of claim 18, further comprising caching a successful response to the secondary authentication request for a predetermined period of time.

21. A computer program product comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to:
- receive, via a first communication channel, a primary authentication request transmitted from a user from a first device;
  
  process the primary authentication request to determine whether the user is authorized to access one or more resources;
  
  in response to a determination that the user is authorized to access one or more resources, initiate a secondary authentication request; and
  
  transmit the secondary authentication request to the user via a second communication channel, different from the first communication channel.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer program product of claim 21, wherein the primary authentication request is originated from a first computing device coupled to the communication network element and includes a username and a password.
  - 23. The computer program product of claim 22, further comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to search a data file maintained by the authentication server for a corresponding username and password.
  - 24. The computer program product of claim 22, wherein the primary authentication request further comprises an identifier associated with a specific network resource, and further comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to search a data file maintained by the authentication server for a corresponding username and password associated with the specific network resource.
  - 25. The computer program product of claim 24, further comprising logic instructions stored in a computer readable medium which, when executed by the processor, configure the processor to originate a call from the network element to a telephone number associated with the username.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Phonefactor Incorporated (Microsoft Corporation)
Inventors
Dispensa, Steven

Granted Patent

US 8,365,258 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 63/18   using different networks or...

MULTI FACTOR AUTHENTICATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI FACTOR AUTHENTICATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links