OUT OF BAND SYSTEM AND METHOD FOR AUTHENTICATION

US 20090259848A1
Filed: 05/01/2009
Published: 10/15/2009
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authentication of a user with a device who is attempting a first transaction comprising the steps of:

Establishing the asserted identity of the user;

Informing an authentication server that the user is attempting to conduct a transaction;

Conducting a second transaction with the user'"'"'s device and the authentication server to verify that the user is in possession of the device;

Sending an out of band one-time passcode to the device registered to the user;

Entering the one-time passcode into the dialogue;

Validating the one-time passcode; and

Authorizing the first transaction.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for out of band authentication for ensuring a user is in possession of a device.

Citations

24 Claims

1. A method for authentication of a user with a device who is attempting a first transaction comprising the steps of:
- Establishing the asserted identity of the user;
  
  Informing an authentication server that the user is attempting to conduct a transaction;
  
  Conducting a second transaction with the user'"'"'s device and the authentication server to verify that the user is in possession of the device;
  
  Sending an out of band one-time passcode to the device registered to the user;
  
  Entering the one-time passcode into the dialogue;
  
  Validating the one-time passcode; and
  
  Authorizing the first transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the device has an application to verify that the user is in possession of the device.
  - 3. The method of claim 2 wherein the application that verifies the user is in possession of the device is in the authentication server.
  - 4. The method of claim 1 wherein the transaction is authorized via the release of a symmetric key representative of the individual conducting the transaction.
  - 5. The method of claim 4 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.
  - 6. The method of claim 1 wherein the transaction is authorized via the release of an asymmetric key representative of the individual conducting the transaction.
  - 7. The method of claim 6 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.
  - 8. The method of claim 1 wherein the out of band passcode is distributed to the end-user'"'"'s pre-registered device via SMS (text messaging).
  - 9. The method of claim 1 wherein the out of band passcode is distributed to the end-user'"'"'s pre-registered device via voice.
  - 10. The method of claim 1 wherein the out of band passcode is retrieved by the end-user through the use of their pre-registered voice signature and voice biometrics.

11. A method for authentication of a user with a device who is attempting a transaction comprising the steps of:
- Establishing the asserted identity of the user;
  
  Sending an out of band one-time passcode to the device registered to the user;
  
  Validating the one-time passcode; and
  
  Authorizing the transaction.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11 wherein the device has an application to verify that the user is in possession of the device.
  - 13. The method of claim 12 wherein the application that verifies the user is in possession of the device is in the authentication server.
  - 14. The method of claim 11 wherein the transaction is authorized via the release of a symmetric key representative of the individual conducting the transaction.
  - 15. The method of claim 14 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.
  - 16. The method of claim 11 wherein the transaction is authorized via the release of an asymmetric key representative of the individual conducting the transaction.
  - 17. The method of claim 16 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.

18. A method for authentication of a user with a device who is attempting a first transaction comprising the steps of:
- Establishing the asserted identity of the user;
  
  Conducting a second transaction with the user'"'"'s device and the authentication server to verify that the user is in possession of the device;
  
  Sending an out of band one-time passcode to the device registered to the user; and
  
  Entering the one-time passcode into the dialogue to authorize the transaction.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method of claim 18 wherein the device has an application to verify that the user is in possession of the device.
  - 20. The method of claim 19 wherein the application that verifies the user is in possession of the device is in the authentication server.
  - 21. The method of claim 18 wherein the transaction is authorized via the release of a symmetric key representative of the individual conducting the transaction.
  - 22. The method of claim 21 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.
  - 23. The method of claim 18 wherein the transaction is authorized via the release of an asymmetric key representative of the individual conducting the transaction.
  - 24. The method of claim 23 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anakam, Inc. (Equifax, Inc.)
Original Assignee
Anakam, Inc. (Equifax, Inc.)
Inventors
Williams, Jeffrey B., Camaisa, Allan

Granted Patent

US 8,296,562 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 9/3215   using a plurality of channe...

H04L 9/3228   One-time or temporary data,...

OUT OF BAND SYSTEM AND METHOD FOR AUTHENTICATION

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

OUT OF BAND SYSTEM AND METHOD FOR AUTHENTICATION

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links