FRICTIONLESS MULTI-FACTOR AUTHENTICATION SYSTEM AND METHOD

US 20140157381A1
Filed: 12/05/2012
Published: 06/05/2014
Est. Priority Date: 12/05/2012
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented authentication method, comprising:

receiving a first location corresponding to a computing device having a browser application via which a user accesses an online account by entering a user identifier and a password for the online account;

responsive to successful authentication of the user based on the user identifier and the password, initiating as a background process a location-based authentication without user involvement, the location-based authentication comprising;

retrieving an identifier corresponding to a mobile phone, wherein the computing device and the mobile phone are associated with the user;

obtaining, based on the identifier, a second location corresponding to the mobile phone;

retrieving at least one authentication rule;

determining, by a processor, whether the first and second locations generate a location match in accordance with the at least one authentication rule; and

generating an authentication response to allow or deny the user access to the online account based on whether the first and second locations generate a location match.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A frictionless multi-factor authentication system and method (“FMFA system”) that facilitates verification of the identity of a website user, registrant or applicant. The FMFA system reduces or removes the burden on the user by eliminating the additional manual second step traditionally required by two-factor authentication methods, and replacing the second step with an automated authentication step based on the location of a mobile device that is associated with the user. The FMFA system may be utilized for authenticating users to access sensitive data on online accounts, applications and websites, download files, perform online transactions, store information through websites or data stores, or the like. The FMFA system allows registration information obtained from a previously-registered user to authenticate the user on subsequent visits or logins to the website.

Citations

31 Claims

1. A processor-implemented authentication method, comprising:
- receiving a first location corresponding to a computing device having a browser application via which a user accesses an online account by entering a user identifier and a password for the online account;
  
  responsive to successful authentication of the user based on the user identifier and the password, initiating as a background process a location-based authentication without user involvement, the location-based authentication comprising;
  
  retrieving an identifier corresponding to a mobile phone, wherein the computing device and the mobile phone are associated with the user;
  
  obtaining, based on the identifier, a second location corresponding to the mobile phone;
  
  retrieving at least one authentication rule;
  
  determining, by a processor, whether the first and second locations generate a location match in accordance with the at least one authentication rule; and
  
  generating an authentication response to allow or deny the user access to the online account based on whether the first and second locations generate a location match.
- View Dependent Claims (2, 3, 4, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein in accordance with the at least one authentication rule, the location match is generated when the first and second locations are within a threshold distance from each other.
  - 3. The method of claim 1, further comprising:
    - in accordance with the at least one authentication rule,dynamically reducing a threshold for generating a location match when at least one of the first and second locations is a designated fraud location; and
      
      determining that the first and second locations are within the dynamically reduced threshold distance from each other.
  - 4. The method of claim 1, further comprising:
    - receiving, from a resource provider, a request for the authentication response, the resource provider providing the first location corresponding to the computing device and the identifier corresponding to the mobile phone.
  - 7. The method of claim 1, wherein the identifier corresponding to the mobile phone is a mobile identification number (MIN).
  - 8. The method of claim 7, wherein obtaining the second location further comprises:
    - transmitting a request for location to the mobile phone; and
      
      receiving, in response to the request, the location of the mobile phone.
  - 9. The method of claim 8, wherein the location of the mobile phone is determined using at least one of:
    - a Global Positioning System (GPS), an Assisted Global Positioning System (A-GPS), Cell-ID or nearby Wi-Fi access point data.
  - 10. The method of claim 9, wherein the first location corresponding to the computing device is determined using at least one of:
    - an Internet Protocol (IP) address, a web browser cookie or nearby Wi-Fi access point data.
  - 11. The method of claim 1, wherein if the first and second locations do not generate a location match, initiating an authentication requiring a user response via the computing device associated with the user.
  - 12. The method of claim 11, wherein initiating the authentication requiring a user response further comprises:
    - transmitting a verification code to the mobile phone; and
      
      receiving a verification code input via the computing device or the mobile phone as the user response.

5. (canceled)

6. (canceled)

13. A method of providing a user access to an online resource, comprising:
- receiving, from a personal access device having a browser application, a user request to access an online resource;
  
  authenticating a user associated with the user request based on a first factor of authentication which includes a user identifier and a password entered by the user via the browser application;
  
  wherein the receiving and the authenticating are performed by a host server hosting the online resource;
  
  when the user is successfully authenticated based on the first factor, providing, to another server, an identifier corresponding to a mobile verification device, and data relating to the personal access device to perform authentication based on a second factor; and
  
  receiving, from the another server, a response to the second factor of authentication that includes comparing a location of the mobile verification device with a location of the personal access device, wherein;
  
  the user is allowed access to the online resource when the response indicates a match between the location of the mobile verification device and the location of the personal access device; and
  
  the user is challenged to another form of authentication when the response indicates a mismatch between the location of the mobile verification device and the location of the personal access device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, wherein the data relating to the personal access device includes the location of the personal access device provided by the browser application.
  - 15. The method of claim 13, wherein the user identifier and the password associated with the first factor of authentication are defined by the user.
  - 16. The method of claim 13, wherein the identifier corresponding to the mobile verification device is a mobile identification number (MIN), and the data relating to the personal access device is at least one of:
    - an Internet Protocol (IP) address or nearby Wi-Fi access point data.
  - 17. The method of claim 13,wherein one or more authentication rules are used to determine a match or mismatch between the location of the mobile verification device and the location of the personal access device.
  - 18. The method of claim 17, wherein the host server hosting the online resource configures the one or more authentication rules.

19. An authentication system, comprising:
- a memory storing computer-executable instructions;
  
  a processor in communication with the memory and configured to process the computer-executable instructions to;
  
  receive a first location of a computing device in response to a user inputting a personal identifier and a password on a website or mobile application accessed using the computing device;
  
  receive a phone number of a mobile device of the user;
  
  obtain a second location reported by the mobile device;
  
  retrieve at least one authentication rule;
  
  determine whether that the first and second locations generate a location match in accordance with the at least one authentication rule and characteristics of the first location, the second location, or both the first and second locations; and
  
  generate an authentication response based on whether the first and second locations generate a location match.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, wherein in accordance with the at least one authentication rule, the location match is generated when the first and second locations are within a threshold distance from each other.
  - 21. The system of claim 19, further comprising instructions to:
    - in accordance with the at least one authentication rule,dynamically reduce a threshold for generating a location match when at least one of the first and second locations is a designated fraud location; and
      
      determine that the first and second locations are within the dynamically reduced threshold distance from each other.
  - 22. The system of claim 19, further comprising instructions to:
    - receive, from a resource provider, a request for the authentication response, the resource provider providing the first location of the computing device and the phone number of the mobile device.
  - 23. The system of claim 22, wherein prior to making the request, the resource provider performs an authentication based on the personal identifier and the password entered by the user.
  - 24. The system of claim 23, wherein the authentication based on the personal identifier and the password entered by the user is associated with a first factor of authentication, and the authentication response is associated with a second factor of authentication, and wherein an authentication based on the second factor is performed without an input from the user.

25. A system for providing a user access to a secured online resource, the system comprising:
- a memory storing computer-executable instructions;
  
  a processor in communication with the memory and configured to process the computer-executable instructions to;
  
  authenticate the user based on a first factor of authentication that includes user-defined login credentials entered by the user via a browser application installed on a computing device in order to request access to the secured online resource;
  
  provide, to a server, an identifier corresponding to a mobile device, and data relating to the computing device being used to request access to the secured online resource to request the server to authenticate the user based on a second factor, wherein performing the authentication based on the second factor is conditional on successful authentication of the user based on the first factor;
  
  receive, from the server, a response to the authentication based on the second factor that includes comparing a location of the mobile device with a location of the computing device;
  
  allow the user access to the secured online resource from the computing device when the response to the authentication based on the second factor indicates a successful authentication; and
  
  initiate an authentication based on a third factor when the location of the mobile device or the location of the computing device is suspicious.
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The system of claim 25, wherein the data relating to the computing device is received from the browser application, and includes the location of the computing device.
  - 27. The system of claim 25, further comprising instructions to determine the location of the computing device using at least one of an IP address associated with the computing device or information about one or more Wi-Fi access points that is accessible to the computing device.
  - 28. The system of claim 25, wherein the identifier of the mobile device is a mobile identification number (MIN), and the data relating to the computing device is at least one of:
    - an Internet Protocol (IP) address and nearby Wi-Fi access point data.
  - 29. The system of claim 25, further comprising instructions to:
    - provide one or more authentication rules to the server for performing the authentication based on the second factor.
  - 30. The system of claim 25, wherein the user-defined login credentials are stored in a datastore that is inaccessible to the server performing the authentication based on the second factor.
  - 31. The system of claim 25, further comprising a fraud datastore that includes records of fraud events, including dates and locations of fraud events.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TeleSign Corporation (Government of Belgium)
Original Assignee
TeleSign Corporation (Government of Belgium)
Inventors
Disraeli, Ryan Parker

Granted Patent

US 9,355,231 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04L 67/02   based on web technology, e....

H04W 12/06   Authentication

H04W 12/71   Hardware identity

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

FRICTIONLESS MULTI-FACTOR AUTHENTICATION SYSTEM AND METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

FRICTIONLESS MULTI-FACTOR AUTHENTICATION SYSTEM AND METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links