Environment-Based Two-Factor Authentication without Geo-Location

US 20160050203A1
Filed: 08/25/2015
Published: 02/18/2016
Est. Priority Date: 04/26/2005
Status: Active Grant

First Claim

Patent Images

1. A method of activating an account, comprising the steps of:

(a) receiving a mobile voice device'"'"'s phone number(b) receiving the Internet user username or get user identifier(c) initiating an SMS transfer to the mobile voice device, where such SMS originates from a phone number local to the user'"'"'s phone number, contains an unique access link to a website that is associated with a unique pairing code, and where the unique access link is sent via SMS and not via the Internet(d) receiving a message that contains the unique pairing code and unique mobile voice device identifier, where that message is sent from software installed on the mobile phone and such message is sent to a server(e) requesting that the user reply via SMS with a specific code(f) receiving the user'"'"'s reply via SMS with the specific code(g) receiving the phone number from which the user replies via SMS(h) receiving the phone number from which the used for sending the SMS to the user(i) checking the phone number from which the user replies matches with the phone number the SMS was sent to(j) checking whether the unique code in the reply matches with the requested code(k) checking whether the phone number the user reply to is the same phone number the SMS was sent from, and(l) if the user'"'"'s reply in step 6 matches with the requested code from step 5, and if the phone number the user replies from matches with the phone number the SMS sent to, and if the phone number the user replies to matches with the phone number the SMS was sent from, then activating the user'"'"'s account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method and system for accomplishing two-factor authentication for internet transactions, wherein the user of the device through which the transaction is negotiated needs to give only a single yes/no verification to the system. In some embodiments, the second factor authentication is automated without any action on the part of the user. The method calls on the user'"'"'s wireless voice device for the detection of environmental wireless signals (“Short Distance Wireless Information” or “SDWI”), and uses these signals collectively as a “fingerprint” that uniquely identifies the wireless signals near the wireless voice device. The system stores these SDWI fingerprints, and later uses the stored information to establish whether or not the user'"'"'s wireless voice device is near a previously-recognized SDWI.

78 Citations

19 Claims

1. A method of activating an account, comprising the steps of:
- (a) receiving a mobile voice device'"'"'s phone number(b) receiving the Internet user username or get user identifier(c) initiating an SMS transfer to the mobile voice device, where such SMS originates from a phone number local to the user'"'"'s phone number, contains an unique access link to a website that is associated with a unique pairing code, and where the unique access link is sent via SMS and not via the Internet(d) receiving a message that contains the unique pairing code and unique mobile voice device identifier, where that message is sent from software installed on the mobile phone and such message is sent to a server(e) requesting that the user reply via SMS with a specific code(f) receiving the user'"'"'s reply via SMS with the specific code(g) receiving the phone number from which the user replies via SMS(h) receiving the phone number from which the used for sending the SMS to the user(i) checking the phone number from which the user replies matches with the phone number the SMS was sent to(j) checking whether the unique code in the reply matches with the requested code(k) checking whether the phone number the user reply to is the same phone number the SMS was sent from, and(l) if the user'"'"'s reply in step 6 matches with the requested code from step 5, and if the phone number the user replies from matches with the phone number the SMS sent to, and if the phone number the user replies to matches with the phone number the SMS was sent from, then activating the user'"'"'s account.

2. A computer-implemented method of controlling the access of an Internet user to conduct a transaction via a website, where the user has access to a mobile voice device that is paired with an identifier of the user, and is in communication with the website via a computer having a computer signature, the method comprising the computer-implemented steps of:
- a. receiving the computer signature;
  
  b. receiving an identifier of the user;
  
  c. checking whether the computer signature is stored in a database;
  
  d. sending a notification from a server to the mobile voice device that is paired with the identifier received in step (b), which causes the mobile voice device to acquire and report available SDWI;
  
  e. if SDWI is not available, then attempting to authenticate the transaction, and if the transaction is authenticated then communicating an indication of success to the website;
  
  orf. if the stored computer signature is correlated in the database with stored SDWI that matches the SDWI acquired at step (d), then communicating an indication of success to the website; and
  
  g. if the stored SDWI does not match the SDWI acquired at step (d), then attempting to authenticate the transaction, and if the transaction is authenticated then communicating an indication of success to the website, and correlating the computer signature in the database with the SDWI acquired at step (d).
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 3. The method of claim 2, wherein the SDWI is an IP address of a wireless device that is independent and separate from both the mobile voice device and the computer.
  - 4. The method of claim 2, wherein the SDWI is at least one identifier of a wireless device that is independent and separate from both the mobile voice device and the computer.
  - 5. The method of claim 4, wherein the SDWI comprises at least one of:
    - a. Wi-Fi MAC address;
      
      b. Wi-Fi SSID; and
      
      c. Wi-Fi signal strength.
  - 6. The method of claim 2, wherein the user is not presented with an option to automate future transactions.
  - 7. The method of claim 2, wherein the process of authenticating the transaction in steps (e) and (g) is performed by the software installed on the mobile voice device.
  - 8. The method of claim 7, wherein the user is not presented with an option to automate future transactions.
  - 9. The method of claim 2, further comprising the step of receiving an indication of a change in SDWI during an active session in which the transaction has been authenticated, and if the received SDWI is not correlated with the computer signature, sending notification to the mobile voice device or to a server.
  - 10. The method of claim 2, wherein the process of authenticating the user in steps (e) and (g) is done by presenting options to the user, via the software installed on the mobile voice device, the options including at least one of:
    - a. the option to approve or not approve the transaction; and
      
      b. the option to use the association of SDWI and computer signature of another user;
      
      but not includingc. an option to automate future transactions.
  - 11. The method of claim 10, wherein the software installed on the mobile voice device presents to the user an option to delete from the database the correlation of the computer signature with the stored SDWI.
  - 12. The method of claim 2, wherein if the access to the website in steps (e) and (g) is successfully authenticated, then the acquired SDWI is correlated in the database with the computer signature.
  - 13. The method of claim 2, wherein the process of authenticating the user in steps (e) and (g) is done by presenting to the user, via the software installed on the mobile voice device, two options, and wherein if the user chooses to allow access to the website, then all future access to the website that are characterized by the same computer signature and the same acquired SDWI are allowed automatically.
  - 14. The method of claim 2, wherein in step (d), if the SDWI is not available or is not reported within a pre-set period of time, the method further comprises the step of sending a notification to the mobile voice device.
  - 15. The method of claim 2, wherein the received SDWI is correlated in the database with the computer signature only if the SDWI is that of a Wi-Fi device that is protected by a password and is using encrypted communications.
  - 16. The method of claim 2, wherein the stored and correlated SDWI and computer signature were correlated by a prior user who is not the current user, and the prior user was granted access to the website.
  - 17. The method of claim 2, wherein the match in step (f) is between the SDWI and computer signature of a prior user granted access to the website, and the SDWI and computer signature of the current user, and if both match then allowing access to the current user.
  - 18. The method of claim 2, wherein in step (d) the notification sent to the user is a silent notification which does not alert the user that the notification arrived.
  - 19. The method of claim 2, further comprising the step of receiving an indication of a change in SDWI during an active session in which the transaction has been authenticated, and if the received SDWI is not correlated with the computer signature, then attempting to authenticate the-transaction, and if the transaction is authenticated then communicating an indication of success to the website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Spriv LLC
Original Assignee
Guy Hefetz
Inventors
HEFETZ, GUY

Granted Patent

US 9,391,985 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/73   by creating or determining ...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/3272   using an audio code

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

G06Q 30/06   Buying, selling or leasing ...

G06Q 50/265   Personal security, identity...

H04L 2463/082   applying multi-factor authe...

H04L 51/18   Commands or executable codes

H04L 51/58   Message adaptation for wire...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04L 63/18   using different networks or...

H04M 15/8033   location-dependent, e.g. bu...

H04W 12/06 : Authentication

H04W 12/08 : Access security

H04W 12/79 : Radio fingerprint

H04W 4/02 : Services making use of loca...

H04W 4/029 : Location-based management o...

H04W 4/14 : Short messaging services, e...

H04W 4/80 : Services using short range ...

View All

Environment-Based Two-Factor Authentication without Geo-Location

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Environment-Based Two-Factor Authentication without Geo-Location

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links