Environment-Based Two-Factor Authentication without Geo-Location
First Claim
1. A method of activating an account, comprising the steps of:
- (a) receiving a mobile voice device'"'"'s phone number(b) receiving the Internet user username or get user identifier(c) initiating an SMS transfer to the mobile voice device, where such SMS originates from a phone number local to the user'"'"'s phone number, contains an unique access link to a website that is associated with a unique pairing code, and where the unique access link is sent via SMS and not via the Internet(d) receiving a message that contains the unique pairing code and unique mobile voice device identifier, where that message is sent from software installed on the mobile phone and such message is sent to a server(e) requesting that the user reply via SMS with a specific code(f) receiving the user'"'"'s reply via SMS with the specific code(g) receiving the phone number from which the user replies via SMS(h) receiving the phone number from which the used for sending the SMS to the user(i) checking the phone number from which the user replies matches with the phone number the SMS was sent to(j) checking whether the unique code in the reply matches with the requested code(k) checking whether the phone number the user reply to is the same phone number the SMS was sent from, and(l) if the user'"'"'s reply in step 6 matches with the requested code from step 5, and if the phone number the user replies from matches with the phone number the SMS sent to, and if the phone number the user replies to matches with the phone number the SMS was sent from, then activating the user'"'"'s account.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a method and system for accomplishing two-factor authentication for internet transactions, wherein the user of the device through which the transaction is negotiated needs to give only a single yes/no verification to the system. In some embodiments, the second factor authentication is automated without any action on the part of the user. The method calls on the user'"'"'s wireless voice device for the detection of environmental wireless signals (“Short Distance Wireless Information” or “SDWI”), and uses these signals collectively as a “fingerprint” that uniquely identifies the wireless signals near the wireless voice device. The system stores these SDWI fingerprints, and later uses the stored information to establish whether or not the user'"'"'s wireless voice device is near a previously-recognized SDWI.
78 Citations
19 Claims
-
1. A method of activating an account, comprising the steps of:
-
(a) receiving a mobile voice device'"'"'s phone number (b) receiving the Internet user username or get user identifier (c) initiating an SMS transfer to the mobile voice device, where such SMS originates from a phone number local to the user'"'"'s phone number, contains an unique access link to a website that is associated with a unique pairing code, and where the unique access link is sent via SMS and not via the Internet (d) receiving a message that contains the unique pairing code and unique mobile voice device identifier, where that message is sent from software installed on the mobile phone and such message is sent to a server (e) requesting that the user reply via SMS with a specific code (f) receiving the user'"'"'s reply via SMS with the specific code (g) receiving the phone number from which the user replies via SMS (h) receiving the phone number from which the used for sending the SMS to the user (i) checking the phone number from which the user replies matches with the phone number the SMS was sent to (j) checking whether the unique code in the reply matches with the requested code (k) checking whether the phone number the user reply to is the same phone number the SMS was sent from, and (l) if the user'"'"'s reply in step 6 matches with the requested code from step 5, and if the phone number the user replies from matches with the phone number the SMS sent to, and if the phone number the user replies to matches with the phone number the SMS was sent from, then activating the user'"'"'s account.
-
-
2. A computer-implemented method of controlling the access of an Internet user to conduct a transaction via a website, where the user has access to a mobile voice device that is paired with an identifier of the user, and is in communication with the website via a computer having a computer signature, the method comprising the computer-implemented steps of:
-
a. receiving the computer signature; b. receiving an identifier of the user; c. checking whether the computer signature is stored in a database; d. sending a notification from a server to the mobile voice device that is paired with the identifier received in step (b), which causes the mobile voice device to acquire and report available SDWI; e. if SDWI is not available, then attempting to authenticate the transaction, and if the transaction is authenticated then communicating an indication of success to the website;
orf. if the stored computer signature is correlated in the database with stored SDWI that matches the SDWI acquired at step (d), then communicating an indication of success to the website; and g. if the stored SDWI does not match the SDWI acquired at step (d), then attempting to authenticate the transaction, and if the transaction is authenticated then communicating an indication of success to the website, and correlating the computer signature in the database with the SDWI acquired at step (d). - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification