FRICTIONLESS MULTI-FACTOR AUTHENTICATION SYSTEM AND METHOD
First Claim
1. A processor-implemented authentication method, comprising:
- receiving a first location corresponding to a computing device having a browser application via which a user accesses an online account by entering a user identifier and a password for the online account;
responsive to successful authentication of the user based on the user identifier and the password, initiating as a background process a location-based authentication without user involvement, the location-based authentication comprising;
retrieving an identifier corresponding to a mobile phone, wherein the computing device and the mobile phone are associated with the user;
obtaining, based on the identifier, a second location corresponding to the mobile phone;
retrieving at least one authentication rule;
determining, by a processor, whether the first and second locations generate a location match in accordance with the at least one authentication rule; and
generating an authentication response to allow or deny the user access to the online account based on whether the first and second locations generate a location match.
1 Assignment
0 Petitions
Accused Products
Abstract
A frictionless multi-factor authentication system and method (“FMFA system”) that facilitates verification of the identity of a website user, registrant or applicant. The FMFA system reduces or removes the burden on the user by eliminating the additional manual second step traditionally required by two-factor authentication methods, and replacing the second step with an automated authentication step based on the location of a mobile device that is associated with the user. The FMFA system may be utilized for authenticating users to access sensitive data on online accounts, applications and websites, download files, perform online transactions, store information through websites or data stores, or the like. The FMFA system allows registration information obtained from a previously-registered user to authenticate the user on subsequent visits or logins to the website.
-
Citations
31 Claims
-
1. A processor-implemented authentication method, comprising:
-
receiving a first location corresponding to a computing device having a browser application via which a user accesses an online account by entering a user identifier and a password for the online account; responsive to successful authentication of the user based on the user identifier and the password, initiating as a background process a location-based authentication without user involvement, the location-based authentication comprising; retrieving an identifier corresponding to a mobile phone, wherein the computing device and the mobile phone are associated with the user; obtaining, based on the identifier, a second location corresponding to the mobile phone; retrieving at least one authentication rule; determining, by a processor, whether the first and second locations generate a location match in accordance with the at least one authentication rule; and generating an authentication response to allow or deny the user access to the online account based on whether the first and second locations generate a location match. - View Dependent Claims (2, 3, 4, 7, 8, 9, 10, 11, 12)
-
-
5. (canceled)
-
6. (canceled)
-
13. A method of providing a user access to an online resource, comprising:
-
receiving, from a personal access device having a browser application, a user request to access an online resource; authenticating a user associated with the user request based on a first factor of authentication which includes a user identifier and a password entered by the user via the browser application; wherein the receiving and the authenticating are performed by a host server hosting the online resource; when the user is successfully authenticated based on the first factor, providing, to another server, an identifier corresponding to a mobile verification device, and data relating to the personal access device to perform authentication based on a second factor; and receiving, from the another server, a response to the second factor of authentication that includes comparing a location of the mobile verification device with a location of the personal access device, wherein; the user is allowed access to the online resource when the response indicates a match between the location of the mobile verification device and the location of the personal access device; and the user is challenged to another form of authentication when the response indicates a mismatch between the location of the mobile verification device and the location of the personal access device. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. An authentication system, comprising:
-
a memory storing computer-executable instructions; a processor in communication with the memory and configured to process the computer-executable instructions to; receive a first location of a computing device in response to a user inputting a personal identifier and a password on a website or mobile application accessed using the computing device; receive a phone number of a mobile device of the user; obtain a second location reported by the mobile device; retrieve at least one authentication rule; determine whether that the first and second locations generate a location match in accordance with the at least one authentication rule and characteristics of the first location, the second location, or both the first and second locations; and generate an authentication response based on whether the first and second locations generate a location match. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A system for providing a user access to a secured online resource, the system comprising:
-
a memory storing computer-executable instructions; a processor in communication with the memory and configured to process the computer-executable instructions to; authenticate the user based on a first factor of authentication that includes user-defined login credentials entered by the user via a browser application installed on a computing device in order to request access to the secured online resource; provide, to a server, an identifier corresponding to a mobile device, and data relating to the computing device being used to request access to the secured online resource to request the server to authenticate the user based on a second factor, wherein performing the authentication based on the second factor is conditional on successful authentication of the user based on the first factor; receive, from the server, a response to the authentication based on the second factor that includes comparing a location of the mobile device with a location of the computing device; allow the user access to the secured online resource from the computing device when the response to the authentication based on the second factor indicates a successful authentication; and initiate an authentication based on a third factor when the location of the mobile device or the location of the computing device is suspicious. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
Specification