MULTI-FACTOR AUTHENTICATION WITH URL VALIDATION

US 20190065724A1
Filed: 08/31/2017
Published: 02/28/2019
Est. Priority Date: 08/31/2017
Status: Active Grant

First Claim

Patent Images

1. A computer program product, the computer program product being tangibly embodied on a non-transitory computer-readable storage medium and comprising instructions that, when executed, are configured to cause at least one computing device to:

receive an authentication request from a user for access to a network resource via a first communications channel, the authentication request including at least one authentication parameter;

generate a user-specific authentication code, based on the at least one authentication parameter;

generate a user-specific authentication Uniform Resource Locator (URL) for an access page, based on the user-specific authentication code;

send the authentication URL to the user via a second communications channel;

receive an access request in response to selection of the authentication URL by the user, the access request associated with at least one access parameter;

validate the access request, including matching the at least one authentication parameter with the at least one access parameter; and

provide the access page to the user, in response to the matching, the access page indicating grant of access to the network resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for providing multi-factor authentication with Uniform Resource Locator (URL) validation (MFAUV). One of the multiple authentication factors used may include a unique, user-specific URL that is sent to the user within a message. In this way, the user may simply click on, or otherwise execute or select, the provided URL, directly from within the message in which the URL is provided.

Citations

20 Claims

1. A computer program product, the computer program product being tangibly embodied on a non-transitory computer-readable storage medium and comprising instructions that, when executed, are configured to cause at least one computing device to:
- receive an authentication request from a user for access to a network resource via a first communications channel, the authentication request including at least one authentication parameter;
  
  generate a user-specific authentication code, based on the at least one authentication parameter;
  
  generate a user-specific authentication Uniform Resource Locator (URL) for an access page, based on the user-specific authentication code;
  
  send the authentication URL to the user via a second communications channel;
  
  receive an access request in response to selection of the authentication URL by the user, the access request associated with at least one access parameter;
  
  validate the access request, including matching the at least one authentication parameter with the at least one access parameter; and
  
  provide the access page to the user, in response to the matching, the access page indicating grant of access to the network resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer program product of claim 1, wherein the authentication request and the validated access request provide a first authentication factor, and the authentication request is received in conjunction with at least a second authentication request that relies on a second authentication factor, to thereby provide multi-factor authentication of the user with respect to the network resource.
  - 3. The computer program product of claim 1, wherein the at least one authentication parameter includes an expiration time defined with respect to a time of the authentication request.
  - 4. The computer program product of claim 1, wherein the at least one authentication parameter includes a telephone number of a mobile device of the user to which the authentication URL is sent.
  - 5. The computer program product of claim 1, wherein the instructions, when executed, are further configured to generate the user-specific authentication code using a one-time password hashing algorithm.
  - 6. The computer program product of claim 1, wherein the instructions, when executed, are further configured to:
    - receive the authentication request by way of a client application program interface (API) of a client providing the network resource,wherein the authentication request is supplemented at the client to include at least one client-specific authentication parameter that is then used when generating the user-specific authentication URL.
  - 7. The computer program product of claim 6, wherein the client-specific authentication parameter includes at least one of:
    - an identifier of the client, a success message to be included within the access page, and a quantity of time before the authentication request expires.
  - 8. The computer program product of claim 6, wherein the instructions, when executed, are further configured to:
    - notify the client of the validation of the access request.
  - 9. The computer program product of claim 1, wherein the at least one authentication parameter and the at least one access parameter each includes location information of the user, and wherein the instructions, when executed, are further configured to validate the access request including verifying a match between the location information of the at least one authentication request and the location information of the at least one access request.
  - 10. The computer program product of claim 1, wherein the instructions, when executed, are further configured to:
    - generate a message in response to the validation of the access request;
      
      include the authentication URL within the message;
      
      send the message to the user via the second communications channel; and
      
      receive the access request in response to the selection of the authentication URL from within the message.
  - 11. The computer program product of claim 1, wherein the instructions, when executed, are further configured to:
    - provide the access page including a quick review (QR) code; and
      
      provide, the network resource in response to receipt of a scanning of the QR code.

12. A computer-implemented method, comprising:
- receiving an authentication request from a user for access to a network resource via a first communications channel, the authentication request including at least one authentication parameter;
  
  generating a user-specific authentication code, based on the at least one authentication parameter;
  
  generating a user-specific authentication Uniform Resource Locator (URL) for an access page, based on the user-specific authentication code;
  
  sending the authentication URL to the user via a second communications channel;
  
  receiving an access request in response to selection of the authentication URL by the user, the access request associated with at least one access parameter;
  
  validating the access request, including matching the at least one authentication parameter with the at least one access parameter; and
  
  providing the access page to the user, in response to the matching, the access page indicating grant of access to the network resource.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the authentication request and the validated access request provide a first authentication factor, and the authentication request is received in conjunction with at least a second authentication request that relies on a second authentication factor, to thereby provide multi-factor authentication of the user with respect to the network resource.
  - 14. The method of claim 12, wherein the at least one authentication parameter includes a time period defined with respect to a time of the authentication request.
  - 15. The method of claim 12, wherein the at least one authentication parameter includes a telephone number of a mobile device of the user to which the authentication URL is sent.
  - 16. The method of claim 12, further comprising:
    - receiving the authentication request by way of a client application program interface (API) of a client providing the network resource,wherein the authentication request is supplemented at the client to include at least one client-specific authentication parameter that is then used when generating the user-specific authentication URL.
  - 17. The method of claim 12, further comprising:
    - generating a message in response to the validation of the access request;
      
      including the authentication URL within the message;
      
      sending the message to the user via the second communications channel; and
      
      receiving the access request in response to the selection of the authentication URL from within the message.

18. A computer program product, the computer program product being tangibly embodied on a non-transitory computer-readable storage medium and comprising instructions that, when executed, are configured to cause at least one computing device to:
- receive an authentication request from a user for a network resource;
  
  execute a first authentication factor with respect to the user;
  
  execute a second authentication factor with respect to the user, includingreceiving at least one authentication parameter that is unique to the user, via a client operable to provide the network resource;
  
  selecting a uniform resource locator (URL) for a web page associated with the client;
  
  parameterizing the URL using the at least one authentication parameter, to obtain an authentication URL that is unique to the usersending a message to the user that contains the authentication URLreceiving at least one access parameter in conjunction with a selection of the authentication URL by the user;
  
  matching the at least one access parameter with the at least one authentication parameter; and
  
  validate the authentication request, based on the matching, to provide the user with access to the network resource.
- View Dependent Claims (19, 20)
- - 19. The computer program product of claim 18, wherein the parameterizing includes:
    - generating an authentication token using a one-time password algorithm; and
      
      generating the authentication URL based on the authentication token and the web page associated with the client.
  - 20. The computer program product of claim 18, further comprising:
    - sending a success page associated with the client informing the user of the validation of the authentication request and access to the network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sybase Incorporated (SAP SE)
Original Assignee
Sybase 365 Incorporated (SAP SE)
Inventors
Dudley, William, Garcia, Steven, Abdullah, Khalid, Nakano, Fernando

Granted Patent

US 10,635,792 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/35   communicating wirelessly

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 67/02   based on web technology, e....

H04L 9/3215   using a plurality of channe...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

MULTI-FACTOR AUTHENTICATION WITH URL VALIDATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-FACTOR AUTHENTICATION WITH URL VALIDATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links