AUTHENTICATION METHOD
First Claim
1. A method for authenticating the identity of a requester of access to a secured resource, said method for authenticating comprising the steps of:
- receiving from a service client a request for access to a secured resource, said request for access having been submitted to said service client by a requester purporting to be an authorized user of said secured resource;
generating a challenge message with a computer server, said challenge message having a challenge string being a random string having a plurality of symbols, wherein at least one of the symbols of said challenge string is a specially designated symbol;
communicating said challenge message through a discrete channel to said authorized user that said requester purports to be, said discrete channel being a communications channel not readily identifiable by information submitted by an end user;
receiving from said service client a response message corresponding to said challenge message, said response message comprising a response string; and
evaluating said response message to authenticate the identity of said requester as the authorized user.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client (such as a retail store, service station, on-line service provider or merchandiser, healthcare provider, medical insurer, information consumer or the like) a request for access to a secured resource, where the request for access was previously submitted to the service client by a requester purporting to be an authorized user of said secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.
-
Citations
20 Claims
-
1. A method for authenticating the identity of a requester of access to a secured resource, said method for authenticating comprising the steps of:
-
receiving from a service client a request for access to a secured resource, said request for access having been submitted to said service client by a requester purporting to be an authorized user of said secured resource; generating a challenge message with a computer server, said challenge message having a challenge string being a random string having a plurality of symbols, wherein at least one of the symbols of said challenge string is a specially designated symbol; communicating said challenge message through a discrete channel to said authorized user that said requester purports to be, said discrete channel being a communications channel not readily identifiable by information submitted by an end user; receiving from said service client a response message corresponding to said challenge message, said response message comprising a response string; and evaluating said response message to authenticate the identity of said requester as the authorized user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification