MULTI FACTOR AUTHORISATIONS UTILISING A CLOSED LOOP INFORMATION MANAGEMENT SYSTEM

US 20100146259A1
Filed: 01/25/2008
Published: 06/10/2010
Est. Priority Date: 01/25/2007
Status: Abandoned Application

First Claim

Patent Images

1. A secure information management system for accessing sensitive information and conducting transactions comprising a data store and information systems manager connected to the Internet and a telecommunications network via an Internet server and telecommunications gateway, the information management system being adapted to:

receive an authorisation request,prepare content containing details of the authorisation request,generate an information token and store it in association with the content and a list of addressee'"'"'s entitled to view the content,send a first message to the addressee'"'"'s mobile telephone containing the information token and invitation to log into the information management system for access to the content,receive from the addressee'"'"'s mobile telephone the information token and request to log into the information management system during a secure wireless Internet session,authenticate the addressee based on the provision of the information token recorded in the database and associated with the content,provide access to a log in screen to the addressee during a secure wireless Internet session,authenticate the addressee on the log in details provided, andif the log in details match those contained in the database in association with the information token and the content, provide the addressee with the content, andreceive from the addressee'"'"'s mobile telephone, instructions sent by the addressee during the secure wireless Internet session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and Apparatus are disclosed for a multi-factor authentication service which permits customers and account holders to provide secure instructions to entities via their Internet enabled mobile telephone handsets. In preferred embodiments, requests to authorise account holder not present transactions are received from a merchant'"'"'s terminal (90) and are routed through the bank'"'"'s proprietary network (95) and the bank'"'"'s information system (40) through to the Internet (50) and eventually the information management system (20) of the service operator. When the operator receives the request to contact the addressee and obtain instructions it sends out to the addressee an alert message inviting the addressee to log into the information manage system (20) so that the request can be provided and instructions obtained which are eventually routed back to the bank'"'"'s information system (40) where the instructions are processed. The present invention provides multi-factor authentication. In preferred embodiments the authentication is based on the provision of information tokens, user ID and passwords, post instruction interrogation for pre-registered information, and encryption of information provided during the secure mobile internet sessions in which the request to provide instructions and the provision of instructions occur.

55 Citations

View as Search Results

44 Claims

1. A secure information management system for accessing sensitive information and conducting transactions comprising a data store and information systems manager connected to the Internet and a telecommunications network via an Internet server and telecommunications gateway, the information management system being adapted to:
- receive an authorisation request,prepare content containing details of the authorisation request,generate an information token and store it in association with the content and a list of addressee'"'"'s entitled to view the content,send a first message to the addressee'"'"'s mobile telephone containing the information token and invitation to log into the information management system for access to the content,receive from the addressee'"'"'s mobile telephone the information token and request to log into the information management system during a secure wireless Internet session,authenticate the addressee based on the provision of the information token recorded in the database and associated with the content,provide access to a log in screen to the addressee during a secure wireless Internet session,authenticate the addressee on the log in details provided, andif the log in details match those contained in the database in association with the information token and the content, provide the addressee with the content, andreceive from the addressee'"'"'s mobile telephone, instructions sent by the addressee during the secure wireless Internet session.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. An information management system according to claim 1 which is adapted to forward the addressee'"'"'s instruction for processing.
  - 3. An information management system according to claim 1 which is capable of requesting the addressee to provide further pre-registered information in response to instructions to transact or provide access to information, the further pre-registered information being required to be provided before the addressee'"'"'s instructions are forwarded for processing.
  - 4. An information management system according to claim 1 which is capable of processing the addressee'"'"'s instructions.
  - 5. An information management system according to claim 1 wherein a secure mobile Internet session involves an encrypted WAP mediated exchange of WML information over the Internet.
  - 6. An information management system according to claim 1 wherein a secure mobile Internet session involves an encrypted HTTP mediated exchange of HTML information over the Internet.

7. A method for receiving addressee'"'"'s secure instructions, the method comprising:
- an information management system receiving a request;
  
  the information management system creating a content for storage in a database of the information management system relating to the request and containing a request to provide instructions;
  
  the information management system creating an information token to be associated with the content for use as first authentication means, and with the addressee'"'"'s pre-registered user ID and password for use as a second authentication means;
  
  the information management system sending a message to the addressee'"'"'s registered Internet enabled mobile telephone containing the information token, an alert and an invitation to log into the information management system;
  
  the addressee initiating a secure wireless Internet session and providing therein, at least, the information token;
  
  the information management system authenticating the addressee by querying the database for instances of the information token, and if it is present, presenting the addressee with a login screen for the entry of a user ID and password;
  
  the information management system providing the addressee access to the content during the secure wireless Internet session if the information token provided in the previous step is associated with the at least user ID, password and the content contained in the database;
  
  the information management system receiving the addressee'"'"'s instructions provided during the secure wireless Internet session and forwarding the instruction for processing.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 31)
- - 8. A method for receiving addressee'"'"'s secure instructions according to claim 7 wherein a secure mobile Internet session involves an encrypted WAP mediated exchange of WML information over the Internet.
  - 9. A method for receiving addressee'"'"'s secure instructions according to claim 7 wherein a secure mobile Internet session involves an encrypted HTTP mediated exchange of HTML information over the Internet.
  - 10. A method according to claim 7 wherein the request received by the information management system is a request to authorise a transaction or access to information in which the addressee is not physically present.
  - 11. A method according to claim 7 wherein the information management system conducts post instruction authentication in which the addressee is requested to provide further pre-registered information, stored in its database, in response to instructions to transact or provide access to information, the further pre-registered information being required to be provide before the addressee'"'"'s instructions are acted upon.
  - 12. A method according to claim 7 wherein the invitation to log into the information management system is contained within a first text message to the mobile telephone.
  - 13. A method according to claim 12 wherein the first text message sent to the addressee'"'"'s mobile telephone comprises a SMS or SI with embedded URL.
  - 14. A method according to claim 13 wherein the URL is embedded in the SMS or SI message such that the user does not have to re-enter the URL in the mobile telephones Internet browser in order to log on to the information management system.
  - 15. A method according to claim 7 wherein the information token is a unique alphanumeric string included in the SMS or SI that contains the invitation to log in and the URL.
  - 16. A method according to claim 15 wherein the alphanumeric string is contained within the URL such that when the URL is selected by the addressee the request to log in sent out to the information management system by the mobile telephone'"'"'s mobile Internet browser includes the unique alphanumeric string.
  - 17. A method according to claim 16 wherein the alphanumeric string generated by the information management system can only be used as an authentication means only once and can be made to expire even before it has been used once if a certain period of time has elapsed.
  - 18. A method according to claim 7 wherein the step of on forwarding the addressee'"'"'s instruction for processing includes the information management system providing the system which originally requested the transaction or access authorised with the instruction to either accept or decline the transaction or access.
  - 19. A method according to claim 7 wherein the steps of receiving from the addressee a URL request to log into the information management system containing the unique alphanumeric string, requesting at least a username and password from the one or more addressees, providing access to the content, and receiving the addressee'"'"'s instructions all occur during a secure wireless Internet session initiated by the addressee through their mobile telephone.
  - 20. A method according to claim 7 wherein the steps of receiving the request is carried out by the information management system by:
    - forwarding a form to a provider over the Internet, the form having fields for the provider to indicate at least an addressee and a content relating to the event or transaction requiring authorisation;
      
      the information management system being adapted to receive the form completed by the provider, create the content and store it in the information management systems database, and send the first message to the addressee containing the alert, the information token, and the invitation to log into the information management system.
  - 21. A method according to claim 20 wherein the form is provided in a web page accessible by standard web browsers over the Internet.
  - 22. A method according to claim 7 wherein the content and first message are dynamically constructed by the information management system without further human intervention in response to the receipt of the request containing details of the event or transaction requiring authorisation.
  - 23. A method according to claim 7 wherein the information management system may provide for a window of time in which the one or more addressee'"'"'s can access the content.
  - 24. A method according to claim 7 wherein the information management system may provide a certain number of times in which the one or more addressee'"'"'s can access the content.
  - 25. A method according to claim 7 wherein the information management system may provide that the one or more addressee'"'"'s can access the content only once.
  - 26. A method according to claim 7 wherein the wireless device is a mobile telephone with at least SMS/SI capabilities and WAP/HTML browser capabilities.
  - 27. A method according to claim 7 wherein the first message contains an embedded URL which directs the recipient of the message to the login screen to the information management system.
  - 28. A method according to claim 7 wherein the information management system automatically generates content for an addressee in response to the information received by systems connected to the information management system containing requests to process and authorise cardholder not present transactions or other online transactions occurring in which case one party in not present.
  - 29. A method according to claim 7 wherein the content automatically generated in response to information received by systems connected to the information management system containing requests to process and authorise cardholder not present transactions or other online transactions occurring in which case one party is not present includes details of the requested transaction and a request to provide instructions whether to proceed with the transaction, said instructions being provided during a secure mobile Internet browser session, and where the information management system manager routes the instruction back to the system connected to the information management system for processing.
  - 31. The method according to claim 29 where the information system of the provider receiving the addressee'"'"'s instructions also carries out the instructions.

30. A method for receiving an addressee'"'"'s secure instructions, the methods comprising:
- an information system of a provider receiving a request;
  
  the information system of the provider storing the request in a database under the control of the information system;
  
  the information system of the provider forwarding the request to the information management system of an operator which uses it to generate a content;
  
  the information management system of the operator generating an information token for use as first authentication means as associating it with the content;
  
  the information management system of the operator sending a message to the addressee'"'"'s registered Internet enabled mobile telephone containing the information token, an alert and an invitation to log into the information system of the provider to access the content;
  
  the information management system of the operator sending the information token to the provider along with details of the message sent to the addressee;
  
  the information manager of the provider recording the information token and other details in its database in association with the request.the addressee providing the information token to the information system of the provider;
  
  the information system of the provider authenticating the addressee by querying the database for instances of the information token, and if it is present, presenting the addressee with a login screen for the entry of second authorisation means which include, at least, a user ID and password;
  
  the information system of the provider granting the addressee access to the content if the information token provided in the previous step is associated with the at least user ID, password and the content provided in the second step;
  
  the information system of the provider receiving the addressee'"'"'s instructions provided.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. A method according to claim 30 wherein the request received by the information management system is a request to authorise a transaction or access to information in which the addressee is not physically present.
  - 33. A method according to claim 30 wherein the information system of the provider conducts post instruction authentication in which the addressee is requested to provide further pre-registered information, stored in the providers database, in response to instructions to transact or provide access to information, the further pre-registered information being required to be provided before the addressee'"'"'s instructions are processed.
  - 34. A method according to claim 33 wherein the steps of providing the information token to the providers information system, providing log in details including at least the user ID and password of an addressee, providing access to the content, and receiving the addressee'"'"'s instructions are all conducted during a secure mobile Internet session.
  - 35. A method according to claim 34 wherein a secure mobile Internet session involves an encrypted WAP mediated exchange of WML information over the Internet.
  - 36. A method according to claim 34 a wherein a secure mobile Internet session involves an encrypted HTTP mediated exchange of HTML information over the Internet.
  - 37. A method according to claim 33 wherein the step of providing the information token during a secure mobile Internet session can be carried out by requesting a URL of a domain maintained by the provider, wherein the URL contains a unique alphanumeric string that is the information token.

38. A method for receiving addressee'"'"'s secure instructions, the method comprising:
- an information system of a provider receiving a request;
  
  the information system of the provider forwarding the request to the information management system of an operator;
  
  the information management system of the operator generating an information token for use as first authentication means, and generating a content from the request, and storing the associated information token and the content in a database of the information management system;
  
  the information management system of the operator sending a message to the addressee'"'"'s registered Internet enabled mobile telephone containing the information token, an alert and an invitation to log into the information management system of the operator;
  
  the addressee providing the information token to the information management system of the provider;
  
  the information system of the provider authenticating the addressee by querying its database for instances of the information token, and if it is present, presenting the addressee with a login screen for the entry of second authorisation means include, at least, a user ID and password;
  
  the information management system of the operator granting the addressee access to the content if the information token provided in the previous step is associated with the at least the user ID, password and the content provided in the second step;
  
  the information management system of the operator receiving the addressee'"'"'s instructions provided and forwarding the instruction on to the information system of the provider for processing.
- View Dependent Claims (39, 40, 41, 42, 43, 44)
- - 39. A method according to claim 38 wherein the request received by the information management system is a request to authorise a transaction or access to information in which the addressee is not physically present.
  - 40. A method according to claim 39 wherein the information management system of the operator conducts post instruction authentication in which the addressee is requested to provide further pre-registered information, stored in the providers database, in response to instructions to transact or provide access to information, the further pre-registered information being required to be provided before the addressee'"'"'s instructions are on forwarded to the information system of the provider for processing.
  - 41. A method according to claim 39 wherein the steps of providing the information token to the operator'"'"'s information management system, providing log in details including at least the user ID and password of an addressee, providing access to the content, and receiving the addressee'"'"'s instructions are all conducted during a secure mobile Internet session.
  - 42. A method according to claim 41 wherein a secure mobile Internet session involves an encrypted WAP mediated exchange of WML information over the Internet.
  - 43. A method according to claim 41 a wherein a secure mobile Internet session involves an encrypted HTTP mediated exchange of HTML information over the Internet.
  - 44. A method according to claim 39 wherein the step of providing the information token during the mobile Internet session can be carried out by requesting a URL of a domain maintained by the operator, wherein the URL contains a unique alphanumeric string that comprises the information token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A & Mt Projects Pty Limited
Original Assignee
A & Mt Projects Pty Limited
Inventors
Tatham, Adrian M.

Application Number

US12/449,164
Publication Number

US 20100146259A1
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

G06F 21/31 User authentication

MULTI FACTOR AUTHORISATIONS UTILISING A CLOSED LOOP INFORMATION MANAGEMENT SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI FACTOR AUTHORISATIONS UTILISING A CLOSED LOOP INFORMATION MANAGEMENT SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links