Single Action Authentication via Mobile Devices

US 20110145899A1
Filed: 12/10/2009
Published: 06/16/2011
Est. Priority Date: 12/10/2009
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for authenticating a user, the method comprising:

receiving at a relying party from a user at least one first factor, wherein the first factor includes at least one from the group of a user identifier, a user password, a user One Time Password, a digital signature and user biometric data;

verifying at the relying party the at least one first factor sent from the user to the relying party;

sending a message from the relying party to the user requesting the user to contact a third party authentication service through a mobile device;

sending from the user mobile device to the third party authentication service at least one second factor, where the second factor sent to the third party authentication service includes at least one from the group of a user identifier, a user password, a user One Time Password, a digital signature and user biometric data;

verifying at the third party authentication service the at least one second factor sent to the authentication service;

sending a message from the third party authentication service to the relying party indicating whether the second factor sent to the third party authentication service has been successfully verified;

if the message received from the third party authentication service indicates that the second factor sent to the third party authentication service has been successfully verified and if the relying party successfully verifies the first factor sent to the relying party, then determining that the user is authentic.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a user includes receiving a user identification, confirming the user identification, sending a request to the user to perform a single action on a communication device, creating a session to receive the single action from the communication device, receiving an identifier from the communication device, using the identifier to verify that the user has the communication device, and authenticating the user based on the confirmed user information and the verification that the user has the communication device. The identification can include a username and a password or can be a one time password.

176 Citations

31 Claims

1. A computer-implemented method for authenticating a user, the method comprising:
- receiving at a relying party from a user at least one first factor, wherein the first factor includes at least one from the group of a user identifier, a user password, a user One Time Password, a digital signature and user biometric data;
  
  verifying at the relying party the at least one first factor sent from the user to the relying party;
  
  sending a message from the relying party to the user requesting the user to contact a third party authentication service through a mobile device;
  
  sending from the user mobile device to the third party authentication service at least one second factor, where the second factor sent to the third party authentication service includes at least one from the group of a user identifier, a user password, a user One Time Password, a digital signature and user biometric data;
  
  verifying at the third party authentication service the at least one second factor sent to the authentication service;
  
  sending a message from the third party authentication service to the relying party indicating whether the second factor sent to the third party authentication service has been successfully verified;
  
  if the message received from the third party authentication service indicates that the second factor sent to the third party authentication service has been successfully verified and if the relying party successfully verifies the first factor sent to the relying party, then determining that the user is authentic.
- View Dependent Claims (2)
- - 2. The method of claim 1, further comprising:
    - sending from the relying party to the user a first image;
      
      displaying the first image to the user;
      
      showing on the mobile device a group of images that includes the first image;
      
      receiving from the mobile device at the third party authentication service a signal corresponding to an image selected by the user;
      
      if the image from the mobile device corresponds to the first image, then determining that the user is authentic.

3. A computer-implemented method for authenticating a user, the method comprising:
- receiving at least one credential from a group of user credentials;
  
  validating the user credential;
  
  creating a session to receive a single action from a communication device;
  
  associating a first image with the session;
  
  sending a request to a user to select the same first image on the communication device;
  
  receiving an identifier from the communication device, the identifier comprises a selected image selected by the user;
  
  using the identifier to verify that the user has the communication device; and
  
  authenticating the user based on the confirmed user information and the verification that the user has the communication device and has selected the image.

4. A computer-implemented method for authenticating a user, comprising:
- receiving a user identification;
  
  sending a request to the user to perform a single action on a communication device;
  
  receiving a verification that the user is using the communication device; and
  
  authenticating the user based on the user information and the verification that the user is using the communication device.

5. A computer-implemented method for authenticating a user, comprising:
- receiving a user identification;
  
  confirming the user identification;
  
  sending a request to the user to perform a single action on a communication device;
  
  creating a session to receive the single action from the communication device;
  
  receiving an identifier from the communication device;
  
  using the identifier to verify that the user has the communication device; and
  
  authenticating the user based on the confirmed user information and the verification that the user has the communication device.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The method of claim 5 wherein the user identification comprises a username and a password.
  - 7. The method of claim 5 wherein the identifier comprises a one time password.
  - 8. The method of claim 5 wherein the identifier comprises a signed message based on a certificate and a one time password.
  - 9. The method of claim 5 wherein the communication device is a handheld communication device.
  - 10. The method of claim 9 wherein the identifier comprises a phone number of the handheld communication device.
  - 11. The method of claim 5 further comprising associating the authentication of the communication device with the session.

12. A method for authenticating a user comprising:
- receiving an identification of a one click communication device associated with a user identification;
  
  sending to the identified single action communication device a request that the user perform a single action on the communication device;
  
  receiving an identifier from the communication device;
  
  using the identifier to verify that the user has the communication device; and
  
  authenticating the user based on the user information and the verification that the user has the communication device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12 wherein the user identification comprises a username and a password.
  - 14. The method of claim 12 wherein the identifier is dynamically generated and is different depending on whether it is for transactions or authentication.
  - 15. The method of claim 12 wherein the identifier comprises a one time password.
  - 16. The method of claim 12 wherein the identifier comprises a signed message with a certificate.
  - 17. The method of claim 12 wherein the communication device is a handheld communication device.
  - 18. The method of claim 17 wherein the identifier comprises a phone number of the handheld communication device.
  - 19. The method of claim 12 further comprising:
    - sending the first image to the user; and
      
      sending a request to the user to select the same first image on the communication device.
  - 20. The method of claim 19 wherein the first image corresponds to a specific transaction.
  - 21. The method of claim 19 further comprising requesting that the user select an image on the communication device identifying a specific transaction.
  - 22. The method of claim 12 further comprising associating the authentication of the communication device with the session.

23. A computer-implemented method for creating a secure communication channel between a handheld communication device and an entity, the handheld communication device having an identifier and security data associated therewith, the method comprising:
- receiving the identifier from the entity;
  
  creating a session for a transaction between the entity and the handheld communication device;
  
  associating the session with the identifier;
  
  sending a request for the identifier and the security data to the handheld communication device;
  
  receiving the identifier and the security data from the handheld communication device;
  
  authenticating the handheld communication device based, in part, on the received identifier and the received security data; and
  
  notifying the entity of the authentication of the handheld communication device.
- View Dependent Claims (24, 25)
- - 24. The method of claim 23 wherein the identifier comprises a phone number of the handheld communication device.
  - 25. The method of claim 23 further comprising associating the authentication of the handheld communication device with the session.

26. A computer-implemented method for authenticating a mobile communication device to an entity, the method comprising:
- receiving, from the entity, an identifier associated with the mobile communication device;
  
  creating a session for communication between the mobile communication device and the entity;
  
  associating a first image with the session;
  
  transmitting the first image to the entity;
  
  receiving the identifier and a second image from the mobile communication device;
  
  validating the mobile communication device based, in part, on the identifier, the first image, and the second image; and
  
  communicating the validation of the mobile communication device to the entity.
- View Dependent Claims (27, 28)
- - 27. The method of claim 26 wherein validating the mobile communication device includes determining a match between the first image and the second image.
  - 28. The method of claim 26 further comprising receiving, from the mobile communication device, security data associated with the mobile communication device.

29. A method for creating a communication channel between a handheld communication device and an entity, the method comprising:
- receiving, from the handheld communication device, a signal associated with initiation of a transaction;
  
  receiving, from the entity, an identifier associated with the handheld communication device;
  
  providing information associated with the transaction to the handheld communication device;
  
  receiving input from the handheld communication device; and
  
  authenticating the handheld communication device based, in part, on the identifier and the input from the handheld communication device.
- View Dependent Claims (30, 31)
- - 30. The method of claim 29 wherein the input includes the identifier and security data associated with the handheld communication device.
  - 31. The method of claim 30 wherein the input further comprises confirmation of the information associated with the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
VeriSign, Inc.
Inventors
Huang, Erica, Antonyraj, Rosarin, Cao, Rong, Yi, Liyu, Toyoshiba, Len Osamu

Application Number

US12/635,252
Publication Number

US 20110145899A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

Single Action Authentication via Mobile Devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

176 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Single Action Authentication via Mobile Devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

176 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links