System for detecting unauthorized account access

US 5,696,824 A
Filed: 06/07/1995
Issued: 12/09/1997
Est. Priority Date: 06/07/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for both authorizing access from a user device to an electronic account record stored at a computer authentication device, and for detecting attempted unauthorized access to said electronic account record, said method comprising the steps of:

recording at said computer authentication device an plurality of access sequence numbers and an account profile consisting essentially of an account identification number and a user device identification number and associating said recorded account profile with said electronic account record at said computer authentication device;

independently recording at said user device the same plurality of access sequence numbers and said account profile;

selecting at said authentication device from among said plurality of access sequence numbers a first access sequence number and associating said first access sequence number with said electronic account record;

independently selecting at said user device the same first access sequence number and associating said first access sequence number with said account profile at said user device;

transmitting a request for electronic access to said electronic account record from said user device to said computer authentication device, wherein said request comprises said first access sequence number and said account profile;

receiving said request at said computer authentication device and comparing said first access sequence number and said account profile received from said user device with said first access sequence number and account profile associated with said electronic account record;

determining at said computer authorization device that said received first access sequence number and said associated first access sequence number are the equal or unequal;

authorizing access to said electronic account record when said determination is equal;

whether or not said first access sequence numbers are equal or unequal, independently selecting from said plurality a second access sequence number at said user device and replacing said first access sequence number with said second access sequence number;

only if said first access sequence numbers are equal, independently selecting from said plurality a second access sequence number at said computer authentication device and replacing said first associated access sequence number with said second access sequence number;

wherein said method for detecting attempted unauthorized access comprises the step of determining that said first access sequence number or said account profile received from said user device and said first sequence number or account profile associated with said electronic account record are unequal and reporting the unequal finding to an account holder, a user, the computer authorization device or the user device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for detecting unauthorized account access. The system may operate in conjunction with known methods of remote access authentication. The system provides a unique account for each authorized person (i.e., each user) and a system sequence number and a user sequence number for each account. For each access to the account, the system updates the system sequence number corresponding to that account to the next number in a preselected sequence, and the user updates the user sequence number in like manner. The preselected sequence comprises a sequence of pseudorandom numbers and the update comprises selecting the next pseudorandom number using a pseudorandom number generator, but the sequence number may be updated using other techniques, so long as the system and the user are both capable of performing the same updates. The system and the user perform a handshake process, to assure that the system updates the system sequence number, and the user updates the user sequence number, in synchrony. Normally, the system sequence number and the user sequence number will be the same, but when there is an authorized access by third party the system will update the system sequence number and the user will not update the user sequence number, causing the two sequence numbers to be unequal. When the two sequence numbers are unequal, when the user next accesses the account, the user is made aware that an unauthorized access has occurred.

145 Citations

14 Claims

1. A method for both authorizing access from a user device to an electronic account record stored at a computer authentication device, and for detecting attempted unauthorized access to said electronic account record, said method comprising the steps of:
- recording at said computer authentication device an plurality of access sequence numbers and an account profile consisting essentially of an account identification number and a user device identification number and associating said recorded account profile with said electronic account record at said computer authentication device;
  
  independently recording at said user device the same plurality of access sequence numbers and said account profile;
  
  selecting at said authentication device from among said plurality of access sequence numbers a first access sequence number and associating said first access sequence number with said electronic account record;
  
  independently selecting at said user device the same first access sequence number and associating said first access sequence number with said account profile at said user device;
  
  transmitting a request for electronic access to said electronic account record from said user device to said computer authentication device, wherein said request comprises said first access sequence number and said account profile;
  
  receiving said request at said computer authentication device and comparing said first access sequence number and said account profile received from said user device with said first access sequence number and account profile associated with said electronic account record;
  
  determining at said computer authorization device that said received first access sequence number and said associated first access sequence number are the equal or unequal;
  
  authorizing access to said electronic account record when said determination is equal;
  
  whether or not said first access sequence numbers are equal or unequal, independently selecting from said plurality a second access sequence number at said user device and replacing said first access sequence number with said second access sequence number;
  
  only if said first access sequence numbers are equal, independently selecting from said plurality a second access sequence number at said computer authentication device and replacing said first associated access sequence number with said second access sequence number;
  
  wherein said method for detecting attempted unauthorized access comprises the step of determining that said first access sequence number or said account profile received from said user device and said first sequence number or account profile associated with said electronic account record are unequal and reporting the unequal finding to an account holder, a user, the computer authorization device or the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising the step of denying the user device electronic access at said authorization device when said step of determining that said first access sequence number or said account profile received from said user device and said first sequence number associated or account profile associated with said electronic account record are unequal and terminating the transmission from said user device.
  - 3. The method of claim 1, wherein said step of reporting said unequal finding comprising sending a message to a pre-selected destination.
  - 4. The method of claim 1, further comprising the steps of:
    - recording at said computer authentication device a user device identification number and associating said user device identification number with said electronic account record;
      
      independently recording at said user device the same user device identification number;
      
      wherein said step of transmitting a request for electronic access from said user device further comprises transmitting said user device identification number; and
      
      ,wherein said step of authorizing electronic access to said electronic account record further comprises determining at said computer authorization device that said received user identification number and said recorded user identification number associated with the electronic account record are the same.
  - 5. The method of claim 1, further comprising the steps of:
    - recording at said computer authentication device a user voice print and associating said user voice print with said electronic account record;
      
      wherein said step of transmitting a request for electronic access from said user device further comprises transmitting a user voice message; and
      
      ,wherein said step of authorizing electronic access to said electronic account record further comprises determining at said computer authorization device that said received user voice message and said recorded user voice print are substantially the same.
  - 6. The method of claim 5, wherein said step of authorizing, electronic access to said electronic account record further comprises determining at said computer authorization device that said received user voice and said recorded user voice are substantially same comprises a determination made by a human operator.
  - 7. The method of claim 1, further comprising the steps of:
    - recording at said computer authentication device a user PIN and associating said user PIN with said electronic account record;
      
      wherein said step of transmitting a request for electronic access from said user device further comprises transmitting the user PIN; and
      
      ,wherein said step of authorizing electronic access to said electronic account record further comprises determining at said computer authorization device that said received user PIN and said recorded user PIN are the same.
  - 8. The method of claim 1, wherein said method for detecting unauthorized access further comprises the steps of:
    - recording at said authentication device and at said user device that said first access sequence number received from said user device and said first sequence number associated with said electronic account record were not the same.
  - 9. The method of claim 1, wherein said plurality of access sequence numbers and said selected first access sequence number and said selected second access sequence number are stored in a protected memory at said user device.
  - 10. The method of claim 1, wherein said account profile and said sign on message further comprises data selected from among a user identification number, a voice print, a user telephone number, a PIN or an encryption profile comprising an encryption protocol, a selected protocol option and an encryption key.
  - 11. The method of claim 1, wherein after said independently selecting step at said user device and prior to said step of transmitting, said user device further performs the additional steps of:
    - encrypting said sequence number at said user device into an encrypted message;
      
      transmitting said encrypted message to said authentication device; and
      
      the additional step at said computer authentication device performed after said receiving step of;
      
      decrypting said encrypted message.
  - 12. The method of claim 1, wherein after said determining step prior to said replacing of said first access sequence number the computer authentication device performs the additional step of computing a pseudorandom number to be used as said second sequence number in said replacing step.
  - 13. The method of claim 1, wherein after said receiving step and before said determining step said method further comprises the steps of:
    - initiating a handshake process between said computer authentication device and said user device;
      
      storing a second sequence number in a sequence flag location in said computer authentication device;
      
      independently replacing said first sequence number with said second sequence number at said user device;
      
      attempting to perform a step of completing said handshake process between said computer authentication device and said user device; and
      
      retrieving said sequence second sequence number from said sequence flag location if said attempt to perform said step of completing fails.

14. A method for detecting unauthorized access to an account at an authentication device, said method comprising the steps of:
- recording a first sequence number and associating said sequence number with said account at the authentication device;
  
  recording a second sequence number at a location in a user device;
  
  transmitting a request from a user device to the authentication device, wherein said request comprises said second sequence number;
  
  controlling access to said account in response to the request for access by determining whether said first sequence number and said second sequence number are the same or different and allowing access only if the first sequence number and the second sequence number are the same;
  
  replacing said first sequence number with a third sequence number and associating said third sequence number with said account;
  
  transmitting said third sequence number to said location in said user device; and
  
  replacing said second sequence number in said location in said user device with said third sequence number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Moce Solutions Limited Liability Company
Original Assignee
E-Comm Inc.
Inventors
Walsh, Joe
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/480,614
Time in Patent Office

916 Days
Field of Search

380/4, 380/9, 380/23, 380/24, 380/25, 380/49, 380/50
US Class Current

705/75
CPC Class Codes

G06K 7/10   by electromagnetic radiatio...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4037   Remote solvency checks

G07F 7/08   by coded identity card or c...

System for detecting unauthorized account access

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

145 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

System for detecting unauthorized account access

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others