METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT

US 20120192255A1
Filed: 01/21/2011
Published: 07/26/2012
Est. Priority Date: 01/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method of providing a user signature on a network transaction, comprising:

receiving, by a security server directly from a network site, transaction information representing a transaction between a network user and a network site;

calculating, by the security server, a one-time-password based on (i) the received transaction information and (ii) a secret shared by the security server and the network site, but not by the user, wherein the one-time-password is independently calculable by the network site based on the shared secret and the transaction information; and

transmitting, by the security server, the calculated one-time-password for application as the user'"'"'s signature on the transaction.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user'"'"'s signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.

40 Citations

View as Search Results

20 Claims

1. A method of providing a user signature on a network transaction, comprising:
- receiving, by a security server directly from a network site, transaction information representing a transaction between a network user and a network site;
  
  calculating, by the security server, a one-time-password based on (i) the received transaction information and (ii) a secret shared by the security server and the network site, but not by the user, wherein the one-time-password is independently calculable by the network site based on the shared secret and the transaction information; and
  
  transmitting, by the security server, the calculated one-time-password for application as the user'"'"'s signature on the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein:
    - the network site is a web site.
  - 3. The method of claim 1, wherein:
    - the calculated one-time-password is transmitted, by the security server to a user network device for presentation on a window displayed by the user network device and entry by the user onto a network page associated with the network site and displayed on the user network device.
  - 4. The method of claim 1, wherein:
    - the calculated one-time-password is transmitted, by the security server to one user network device, for presentation on a window displayed by that user network device and entry by the user onto a network page associated with the network site and displayed on another user network device.
  - 5. The method of claim 4, wherein:
    - the one user network device is of a type that is different than the other user network device.
  - 6. The method of claim 5, wherein:
    - the one user network device is a personal mobile network device, andthe other user network device is a computer.
  - 7. The method of claim 5, wherein:
    - the one user network device is a mobile smart phone; and
      
      the other user network device is a desktop computer.
  - 8. The method of claim 1, further comprising:
    - storing, at the security server, a log of transactions between the user and the network site.
  - 9. The method of claim 8, further comprising:
    - computing, by the security server, a risk profile of the user based on the stored transactions log.
  - 10. The method of claim 8, further comprising:
    - transmitting, by the security server to a third party, the stored transactions log for risk analysis.

11. A method of validating a user signature on a network transaction, comprising:
- receiving, by a network site from a user network device, transaction information representing a transaction between a user and the network site;
  
  transmitting, by the network site directly to a security server, the transaction information;
  
  receiving, by the network site from the user network device, a one-time-password as the user'"'"'s signature on the transaction;
  
  calculating, by the network site, a one-time-password based on (i) the received transaction information and (ii) a secret shared by a security server and the network site, but not by the user; and
  
  verifying, by the network site, the signature based on a comparison of the received one-time-password and the calculated one-time-password.

12. A method of authenticating a user on a network, comprising:
- receiving, by a security server directly from a network site, a request of the network site to have a user authenticated;
  
  calculating, by the security server, a one-time-password based on a secret shared by the security server and the network site, but not by the user, wherein the one-time-password is independently calculable by the network site based on the shared secret; and
  
  transmitting, by the security server to a window displayed on a network device of the user, the calculated one-time-password for entry by the user onto a network page associated with the network site and displayed on another network device of the user, to authenticate the user.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, further comprising:
    - also receiving, by the security server directly from the network site, transaction information relating to a transaction between the user and the network site; and
      
      wherein the one-time-password is calculated based also on the transaction information.
  - 14. The method of claim 12, wherein:
    - the user network device is of a type that is different than the other user network device.
  - 15. The method of claim 14, wherein:
    - the user network device is a mobile smart phone; and
      
      the other user network device is a computer.

20. A method of authenticating a user on a network, comprising:
- transmitting, by a network site directly to a security server, a request to have a user authenticated;
  
  receiving, by the network site from a network device of the user, a one-time-password;
  
  calculating, by the network site, a one-time-password based on a secret shared by the security server and the network site, but not by the user; and
  
  comparing, by the network site, the received one-time-password and the calculated one-time-password to authenticate the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Payfone Incorporated
Original Assignee
Authentify, Inc. (Early Warning Services, LLC)
Inventors
Ganesan, Ravi

Granted Patent

US 8,806,592 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0838   using one-time-passwords

H04L 63/18   using different networks or...

H04L 63/20   for managing network securi...

H04L 9/3215   using a plurality of channe...

H04L 9/3228   One-time or temporary data,...

METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others