MULTI FACTOR AUTHORISATIONS UTILISING A CLOSED LOOP INFORMATION MANAGEMENT SYSTEM
First Claim
1. A secure information management system for accessing sensitive information and conducting transactions comprising a data store and information systems manager connected to the Internet and a telecommunications network via an Internet server and telecommunications gateway, the information management system being adapted to:
- receive an authorisation request,prepare content containing details of the authorisation request,generate an information token and store it in association with the content and a list of addressee'"'"'s entitled to view the content,send a first message to the addressee'"'"'s mobile telephone containing the information token and invitation to log into the information management system for access to the content,receive from the addressee'"'"'s mobile telephone the information token and request to log into the information management system during a secure wireless Internet session,authenticate the addressee based on the provision of the information token recorded in the database and associated with the content,provide access to a log in screen to the addressee during a secure wireless Internet session,authenticate the addressee on the log in details provided, andif the log in details match those contained in the database in association with the information token and the content, provide the addressee with the content, andreceive from the addressee'"'"'s mobile telephone, instructions sent by the addressee during the secure wireless Internet session.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and Apparatus are disclosed for a multi-factor authentication service which permits customers and account holders to provide secure instructions to entities via their Internet enabled mobile telephone handsets. In preferred embodiments, requests to authorise account holder not present transactions are received from a merchant'"'"'s terminal (90) and are routed through the bank'"'"'s proprietary network (95) and the bank'"'"'s information system (40) through to the Internet (50) and eventually the information management system (20) of the service operator. When the operator receives the request to contact the addressee and obtain instructions it sends out to the addressee an alert message inviting the addressee to log into the information manage system (20) so that the request can be provided and instructions obtained which are eventually routed back to the bank'"'"'s information system (40) where the instructions are processed. The present invention provides multi-factor authentication. In preferred embodiments the authentication is based on the provision of information tokens, user ID and passwords, post instruction interrogation for pre-registered information, and encryption of information provided during the secure mobile internet sessions in which the request to provide instructions and the provision of instructions occur.
55 Citations
44 Claims
-
1. A secure information management system for accessing sensitive information and conducting transactions comprising a data store and information systems manager connected to the Internet and a telecommunications network via an Internet server and telecommunications gateway, the information management system being adapted to:
-
receive an authorisation request, prepare content containing details of the authorisation request, generate an information token and store it in association with the content and a list of addressee'"'"'s entitled to view the content, send a first message to the addressee'"'"'s mobile telephone containing the information token and invitation to log into the information management system for access to the content, receive from the addressee'"'"'s mobile telephone the information token and request to log into the information management system during a secure wireless Internet session, authenticate the addressee based on the provision of the information token recorded in the database and associated with the content, provide access to a log in screen to the addressee during a secure wireless Internet session, authenticate the addressee on the log in details provided, and if the log in details match those contained in the database in association with the information token and the content, provide the addressee with the content, and receive from the addressee'"'"'s mobile telephone, instructions sent by the addressee during the secure wireless Internet session. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for receiving addressee'"'"'s secure instructions, the method comprising:
-
an information management system receiving a request; the information management system creating a content for storage in a database of the information management system relating to the request and containing a request to provide instructions; the information management system creating an information token to be associated with the content for use as first authentication means, and with the addressee'"'"'s pre-registered user ID and password for use as a second authentication means; the information management system sending a message to the addressee'"'"'s registered Internet enabled mobile telephone containing the information token, an alert and an invitation to log into the information management system; the addressee initiating a secure wireless Internet session and providing therein, at least, the information token; the information management system authenticating the addressee by querying the database for instances of the information token, and if it is present, presenting the addressee with a login screen for the entry of a user ID and password; the information management system providing the addressee access to the content during the secure wireless Internet session if the information token provided in the previous step is associated with the at least user ID, password and the content contained in the database; the information management system receiving the addressee'"'"'s instructions provided during the secure wireless Internet session and forwarding the instruction for processing. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 31)
-
-
30. A method for receiving an addressee'"'"'s secure instructions, the methods comprising:
-
an information system of a provider receiving a request; the information system of the provider storing the request in a database under the control of the information system; the information system of the provider forwarding the request to the information management system of an operator which uses it to generate a content; the information management system of the operator generating an information token for use as first authentication means as associating it with the content; the information management system of the operator sending a message to the addressee'"'"'s registered Internet enabled mobile telephone containing the information token, an alert and an invitation to log into the information system of the provider to access the content; the information management system of the operator sending the information token to the provider along with details of the message sent to the addressee; the information manager of the provider recording the information token and other details in its database in association with the request. the addressee providing the information token to the information system of the provider; the information system of the provider authenticating the addressee by querying the database for instances of the information token, and if it is present, presenting the addressee with a login screen for the entry of second authorisation means which include, at least, a user ID and password; the information system of the provider granting the addressee access to the content if the information token provided in the previous step is associated with the at least user ID, password and the content provided in the second step; the information system of the provider receiving the addressee'"'"'s instructions provided. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
-
38. A method for receiving addressee'"'"'s secure instructions, the method comprising:
-
an information system of a provider receiving a request; the information system of the provider forwarding the request to the information management system of an operator; the information management system of the operator generating an information token for use as first authentication means, and generating a content from the request, and storing the associated information token and the content in a database of the information management system; the information management system of the operator sending a message to the addressee'"'"'s registered Internet enabled mobile telephone containing the information token, an alert and an invitation to log into the information management system of the operator; the addressee providing the information token to the information management system of the provider; the information system of the provider authenticating the addressee by querying its database for instances of the information token, and if it is present, presenting the addressee with a login screen for the entry of second authorisation means include, at least, a user ID and password; the information management system of the operator granting the addressee access to the content if the information token provided in the previous step is associated with the at least the user ID, password and the content provided in the second step; the information management system of the operator receiving the addressee'"'"'s instructions provided and forwarding the instruction on to the information system of the provider for processing. - View Dependent Claims (39, 40, 41, 42, 43, 44)
-
Specification