ACTION VERIFICATION METHODS AND SYSTEMS

US 20140223185A1
Filed: 07/24/2012
Published: 08/07/2014
Est. Priority Date: 07/25/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method of verifying that an action is authorised by a user, including:

receiving a request from a first user device to a remote service via a first communications channel to perform an action at the remote service,receiving a user identifier from the first user device via the first communications channel, the user identifier identifying the user,associating the user identifier with data relating to the requested action,communicating the data to a second user device associated with the same user identifier via a second communications channel,receiving a user verification code associated with the user identifier, anddetermining if the user verification code includes the data, which is digitally signed using a code generation algorithm based on at least a key associated with the user identifier, the digitally signed data verifying that the action is authorised by the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method of verifying that an action is authorised by a user, including receiving a request from a first user device to a remote service via a first communications channel to perform an action at the remote service, receiving a user identifier from the first user device via the first communications channel, the user identifier identifying the user, associating the user identifier with data relating to the requested action, communicating the data to a second user device associated with the same user identifier via a second communications channel, receiving a user verification code associated with the user identifier, and determining if the user verification code includes the data, which is digitally signed using a code generation algorithm based on at least a key associated with the user identifier, the digitally signed data verifying that the action is authorised by the user.

14 Citations

View as Search Results

33 Claims

1. A method of verifying that an action is authorised by a user, including:
- receiving a request from a first user device to a remote service via a first communications channel to perform an action at the remote service,receiving a user identifier from the first user device via the first communications channel, the user identifier identifying the user,associating the user identifier with data relating to the requested action,communicating the data to a second user device associated with the same user identifier via a second communications channel,receiving a user verification code associated with the user identifier, anddetermining if the user verification code includes the data, which is digitally signed using a code generation algorithm based on at least a key associated with the user identifier, the digitally signed data verifying that the action is authorised by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method according to claim 1, wherein the data relating to the action includes a session identifier associated with an application on the first user device used to request performance of the action.
  - 3. A method according to claim 1, wherein the data relating to the action includes information about the action.
  - 4. A method according to claim 1, wherein the action relates to a purchase of one or more items and the data relating to the action includes information about the one or more items.
  - 5. A method according to claim 1, wherein the code generation algorithm for digitally signing the data is based on user entered information as well as the key associated with the user identifier.
  - 6. A method according to claim 1, further including:
    - associating the user identifier with additional data relating to the action,communicating the additional data to the second user device via the second communications channel,receiving an additional user verification code associated with the user identifier, anddetermining if the additional user verification code includes the additional data, digitally signed using at least the key associated with the user identifier.
  - 7. A method according to claim 1, wherein the user verification code associated with the user identifier is received from the first user device via the first communications channel.
  - 8. A method according to claim 7, further including:
    - the remote service receiving from the first user device the data together with the user verification code,wherein determining if the user verification code includes the data, digitally signed includes determining if the digitally signed data matches the data received with the user verification code.
  - 9. A method according to claim 1, wherein the user verification code associated with the user identifier is received from the second user device via the second communications channel.
  - 10. A method according to claim 1, wherein the first communications channel is an internet communications channel.
  - 11. A method according to claim 1, wherein the second communications channel is a mobile phone network communications channel.
  - 12. A method according to claim 1, further including:
    - before the remote service communicates the data to the second user device,the remote service receiving a request from the second user device via the second communications channel to communicate the data.
  - 13. A method according to claim 12, wherein the request from the second user device includes a user authentication code, further including:
    - determining whether the user authentication code authenticates the user, andcommunicating the data to the second user device only if the user authentication code authenticates the user.
  - 14. A method according to claim 12, wherein the request from the second user device includes information relating to the second user device, further including:
    - determining a risk score based on the information relating to the second user device.
  - 15. A method according to claim 12, further includingthe remote service communicating a remote service authentication code to the second user device via the second communications network, the remote service authentication code enabling the user to authenticate the remote service.

16. A method of a user authorising an action at a remote service, including:
- communicating a request from a first user device to a remote service via a first communications channel to perform an action at the remote service,communicating a user identifier from the first user device to the remote service via the first communications channel, the user identifier identifying the user,receiving data relating to the requested action at a second user device associated with the same user identifier via a second communications channel,executing a code generation algorithm on the second user device to digitally sign the data thereby generating a user verification code, the code generation algorithm being based on at least a key associated with the user identifier,communicating the generated user verification code to the remote service, the user verification code enabling the remote service to verify that the action is authorised by the user.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. A method according to claim 16, further including:
    - receiving information entered by the user at the second user device before executing the code generation algorithm,wherein the code generation algorithm is based on the user entered information as well as the key associated with the user identifier.
  - 18. A method according to claim 16, further including:
    - before executing the code generation algorithm,displaying the data on the second user device for the user to check.
  - 19. A method according to claim 16, further including:
    - after executing the code generation algorithm on the second user device, receiving the user verification code into the first user device, wherein the first user device communicates the generated user verification code to the remote service.
  - 20. A method according to claim 16, wherein the second user device communicates the generated user verification code to the remote service.
  - 21. A method according to claim 16, wherein the data relating to the action includes a session identifier associated with an application on the first user device used to request performance of the action.
  - 22. A method according to claim 16, wherein the data relating to the action includes information about the action.
  - 23. A method according to claim 16, wherein the action relates to a purchase of one or more items and the data relating to the action includes information about the one or more items.
  - 24. A method according to claim 16, further including:
    - before receiving data relating to the requested action at the second user device,the second user device communicating a request to communicate the data to the remote service via the second communications channel.
  - 25. A method according to claim 24, wherein the request from the second user device to the remote service includes a user authentication code, the user authentication code enabling the remote service to authenticate the user.
  - 26. A method according to claim 24, wherein the request from the second user device to the remote service includes information relating to the second user device.
  - 27. A method according to claim 16, further including:
    - before executing the code generation algorithm,receiving a remote service authentication code from the remote service,determining whether the remote service authentication code authenticates the remote service, andexecuting the code generation algorithm and communicating the generated user verification code to the remote service only if the remote service authentication code authenticates the remote service.
  - 28. A method according to claim 27, further including:
    - if the remote service authentication code authenticates the remote service, providing an indication to the user on the second user device.

29. A method of verifying that an action is authorised by a user, including:
- receiving a request from a first user device to a remote service via a first communications channel to perform an action at the remote service,receiving a user identifier from the first user device via the first communications channel, the user identifier identifying the user,associating the user identifier with data relating to the requested action,communicating the data to a second user device associated with the same user identifier via a second communications channel,executing a code generation algorithm on the second user device to digitally sign the data thereby generating a user verification code, the code generation algorithm being based on at least a key associated with the user identifier,communicating the user verification code to the remote service,the remote service determining if the user verification code includes the data, which is digitally signed using at least the key associated with the user identifier, the digitally signed data verifying that the action is authorised by the user.

30. (canceled)

31. (canceled)

32. (canceled)

33. A remote service system including:
- a communications port,a processor,a memory, andsoftware resident in memory accessible to the processor, the software including a series of instructions executable by the processor to carry out a method of verifying that an action is authorised by a user, including;
  
  receiving a request from a first user device to a remote service via a first communications channel to perform an action at the remote service,receiving a user identifier from the first user device via the first communications channel, the user identifier identifying the user,associating the user identifier with data relating to the requested action,communicating the data to a second user device associated with the same user identifier via a second communications channel,receiving a user verification code associated with the user identifier, anddetermining if the user verification code includes the data, which is digitally signed using a code generation algorithm based on at least a key associated with the user identifier, the digitally signed data verifying that the action is authorised by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMUE Limited
Original Assignee
EMUE Holdings Pty Limited
Inventors
Bender, Jason Frederick, Lenon, James Evan

Application Number

US14/235,008
Publication Number

US 20140223185A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/42   using separate channels for...

G06Q 30/06   Buying, selling or leasing ...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0853   using an additional device,...

H04L 9/3215   using a plurality of channe...

H04L 9/3247   involving digital signatures

ACTION VERIFICATION METHODS AND SYSTEMS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

ACTION VERIFICATION METHODS AND SYSTEMS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others