METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE
First Claim
1. A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system from a first user system, the first user system being connectable to a first communications network, the method comprising:
- receiving user authentication information entered by the user via a first user-interface of the first user system;
obtaining via the first commutations network at least one item of contextual information chosen from information indicative of the first user system or a property of the first communications network and a session identifier,verifying the user authentication information, and responsive to successful verification of the user authentication information, sending a message from the computer-implemented authentication system via a second communications network to a second user system, the message comprising at least one item of contextual information or derived information of this collected contextual information, allowing the second user system to present at least the at least one item of contextual information to the user via a second user interface so as to allow the user to verify the at least one item of contextual information, and a real-time session-specific one-time passcode associated with the session identifier;
receiving via the first user system and the first communications network a passcode entered by the user into the first user system;
verifying die entered passcode against the real-time session-specific one-time passcode and/or the session identifier; and
responsive to a successful verification of the entered passcode, granting to the first user system access to the target component.
4 Assignments
0 Petitions
Accused Products
Abstract
A system detecting and protecting against identity theft by abusing a computer users ID and password or protecting a user against identity replication through parallel user session via a second authentication level using a second channel, a one-time-passcode and user contextual location information. When accessing networks, computer systems or programs, the said networks, computer systems or programs will validate user ID and password and collect contextual information about the user, the device, the used network etc. Once validated, a message is send by a second means that may be a cell phone SMS network or an instant message, said message containing a real-time session-specific one-time passcode. The session specific code and the collected information provides information enabling the user to detect a compromised identity through a mismatch between presented information and the information representing the user and the passcode protects against fraudulent access.
56 Citations
12 Claims
-
1. A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system from a first user system, the first user system being connectable to a first communications network, the method comprising:
-
receiving user authentication information entered by the user via a first user-interface of the first user system; obtaining via the first commutations network at least one item of contextual information chosen from information indicative of the first user system or a property of the first communications network and a session identifier, verifying the user authentication information, and responsive to successful verification of the user authentication information, sending a message from the computer-implemented authentication system via a second communications network to a second user system, the message comprising at least one item of contextual information or derived information of this collected contextual information, allowing the second user system to present at least the at least one item of contextual information to the user via a second user interface so as to allow the user to verify the at least one item of contextual information, and a real-time session-specific one-time passcode associated with the session identifier; receiving via the first user system and the first communications network a passcode entered by the user into the first user system; verifying die entered passcode against the real-time session-specific one-time passcode and/or the session identifier; and
responsive to a successful verification of the entered passcode, granting to the first user system access to the target component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification