METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE

US 20110302641A1
Filed: 11/10/2009
Published: 12/08/2011
Est. Priority Date: 11/10/2008
Status: Active Grant

First Claim

Patent Images

1. A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system from a first user system, the first user system being connectable to a first communications network, the method comprising:

receiving user authentication information entered by the user via a first user-interface of the first user system;

obtaining via the first commutations network at least one item of contextual information chosen from information indicative of the first user system or a property of the first communications network and a session identifier,verifying the user authentication information, and responsive to successful verification of the user authentication information, sending a message from the computer-implemented authentication system via a second communications network to a second user system, the message comprising at least one item of contextual information or derived information of this collected contextual information, allowing the second user system to present at least the at least one item of contextual information to the user via a second user interface so as to allow the user to verify the at least one item of contextual information, and a real-time session-specific one-time passcode associated with the session identifier;

receiving via the first user system and the first communications network a passcode entered by the user into the first user system;

verifying die entered passcode against the real-time session-specific one-time passcode and/or the session identifier; and

responsive to a successful verification of the entered passcode, granting to the first user system access to the target component.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system detecting and protecting against identity theft by abusing a computer users ID and password or protecting a user against identity replication through parallel user session via a second authentication level using a second channel, a one-time-passcode and user contextual location information. When accessing networks, computer systems or programs, the said networks, computer systems or programs will validate user ID and password and collect contextual information about the user, the device, the used network etc. Once validated, a message is send by a second means that may be a cell phone SMS network or an instant message, said message containing a real-time session-specific one-time passcode. The session specific code and the collected information provides information enabling the user to detect a compromised identity through a mismatch between presented information and the information representing the user and the passcode protects against fraudulent access.

56 Citations

View as Search Results

12 Claims

1. A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system from a first user system, the first user system being connectable to a first communications network, the method comprising:
- receiving user authentication information entered by the user via a first user-interface of the first user system;
  
  obtaining via the first commutations network at least one item of contextual information chosen from information indicative of the first user system or a property of the first communications network and a session identifier,verifying the user authentication information, and responsive to successful verification of the user authentication information, sending a message from the computer-implemented authentication system via a second communications network to a second user system, the message comprising at least one item of contextual information or derived information of this collected contextual information, allowing the second user system to present at least the at least one item of contextual information to the user via a second user interface so as to allow the user to verify the at least one item of contextual information, and a real-time session-specific one-time passcode associated with the session identifier;
  
  receiving via the first user system and the first communications network a passcode entered by the user into the first user system;
  
  verifying die entered passcode against the real-time session-specific one-time passcode and/or the session identifier; and
  
  responsive to a successful verification of the entered passcode, granting to the first user system access to the target component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method according to claim 1 wherein the target component is chosen from a computer, a computer program, computer program functionality, a computer resource, a computer network.
  - 3. A method according to claim 1, wherein the first and second user systems are different devices.
  - 4. A method according to claim 3, wherein the second user system is a portable communications device configured to receive and display the message.
  - 5. A method according to claim 1 wherein the first and second user systems are embodied as a single user system adapted to provide the first and second user interfaces, and wherein the method comprises presenting at least the at least one item of contextual information by the single user system via a second user interface of the single user system different from the first user interface.
  - 6. A method according to claim 1, wherein the first and second communications networks are different communications networks.
  - 7. A method according to claim 1, further comprising communicating the passcode from the computer-implemented authentication system to the user.
  - 8. A method according to claim 1, further comprising communicating gathered contextual information from the computer-implemented authentication system to the user via a second passcode window displayed by the first user system.
  - 9. A method according to claim 1 claims where the authentication system creates a passcode in real-time that is only valid for the session ID created by the login attempt that invokes the code being created and sent.
  - 10. A computer-implemented authentication system comprising program code means adapted to cause the computer-implemented authentication system to perform the steps of the method according to claim 1 when the program code means are executed by the computer-implemented authentication system.
  - 11. A computer-implemented authentication system according to claim 10 comprising an authentication server and wherein the program code comprises n login program configured to provide the first user-interface on the first user system.
  - 12. A computer program comprising program code means adapted to cause the data processing system to perform the steps of the method according to claim 1 when the program code means are executed by the data processing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Datacard Denmark A/S (Entrust Corp.)
Original Assignee
SMS Passcode A/S (Entrust Corp.)
Inventors
Hald, David, Rosendal, Claus, Østergaard, Jakob

Granted Patent

US 8,893,243 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/35 communicating wirelessly

G06F 21/43 wireless channels

METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others