Method and system for strong, convenient authentication of a web user

US 6,970,853 B2
Filed: 06/06/2001
Issued: 11/29/2005
Est. Priority Date: 06/06/2000
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a web user, comprising:

registering the user by an authenticating authority based upon identification of the user using a strong authentication technique;

providing an authenticating token to the user by the authenticating authority in connection with the user registration;

enrolling at least one web-enabled user device for the user by the authenticating authority based on presentation of the authenticating token by the user;

authenticating the user for a transaction by the authenticating authority based on presentation by the user of a user password via the enrolled user device;

wherein registering the user based upon identification of the user using the strong authentication technique further comprises registering the user based upon identification of the user using at least one of biometric information and shared secret information; and

wherein registering the user based upon identification of the user using shared secret information further comprises registering the user based upon identification of the user using a special code posted by the authenticating authority to the user that can be used only within a predetermined time frame.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for strong, convenient authentication of a web user makes use, for example, of a computing device, such as a user'"'"'s personal computer (PC), coupled over a network, such as the Internet, to one or more servers, such as the host server of an authenticating authority, as well as one or more databases of the authenticating authority. The authentication process is broken into three phases, namely a registration phase, an enrollment phase, and a transaction authentication phase, with each phase being less intrusive and less secure than the preceding phase. In the registration phase, an authenticating authority registers the user based upon identification of the user using a strong authentication technique and provides an authenticating token to the user, which can be used in the enrollment phase to enroll one or more user devices for the user. Thereafter, in the transaction authentication phase, the authenticating authority can authenticate the user for a transaction based on presentation by the user of a user password via the enrolled user device.

66 Citations

View as Search Results

36 Claims

1. A method for authenticating a web user, comprising:
- registering the user by an authenticating authority based upon identification of the user using a strong authentication technique;
  
  providing an authenticating token to the user by the authenticating authority in connection with the user registration;
  
  enrolling at least one web-enabled user device for the user by the authenticating authority based on presentation of the authenticating token by the user;
  
  authenticating the user for a transaction by the authenticating authority based on presentation by the user of a user password via the enrolled user device;
  
  wherein registering the user based upon identification of the user using the strong authentication technique further comprises registering the user based upon identification of the user using at least one of biometric information and shared secret information; and
  
  wherein registering the user based upon identification of the user using shared secret information further comprises registering the user based upon identification of the user using a special code posted by the authenticating authority to the user that can be used only within a predetermined time frame.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein registering the user based upon identification of the user using shared secret information further comprises registering the user based upon identification of the user using the user'"'"'s answer to a question posed by the authenticating authority about a specific matter which only the user would know.
  - 3. The method of claim 1, wherein registering the user based upon identification of the user using at least one of the biometric information and the shared secret information further comprises combining the information with at least one of a unique, known attribute of the user and a secret entered and known only by the authenticating authority.
  - 4. The method of claim 1, wherein registering the user based upon identification of the user using at least one of the biometric information and the shared secret information further comprises receiving the information from the user at a transaction terminal.
  - 5. The method of claim 4, wherein receiving the information from the user at a transaction terminal further comprises allowing the user to enter the information at the transaction terminal using a transaction terminal card and a user password.
  - 6. The method of claim 5, wherein allowing the user to enter the information at the transaction terminal using the transaction terminal card and the user password further comprises allowing the user to enter the information at the transaction terminal using the transaction terminal card and a personal identification number of the user through a control device that identifies the user.
  - 7. The method of claim 4, wherein receiving the information from the user at a transaction terminal further comprises allowing the user to enter the biometric information consisting of at least one of fingerprint information and handwriting information at the transaction terminal.
  - 8. The method of claim 1, wherein providing the authenticating token further comprises providing the authenticating token to the user consisting of a one-way hash of user identification information known only to the authenticating authority and the user.
  - 9. The method of claim 8, wherein providing the authenticating token consisting of the one-way hash further comprises producing the one-way hash of user identification information consisting of at least one of biometric information and shared secret information.
  - 10. The method of claim 9, wherein providing the authenticating token further comprises producing the one-way hash of the user identification information by the authenticating authority using one of a Secure Hash Algorithm (SHA) or a message digest algorithm (MD-5).
  - 11. The method of claim 9, wherein providing the authenticating token further comprises producing the authenticating token consisting of an index derived from the one-way hash.
  - 12. The method of claim 1, wherein enrolling the web-enabled user device based on presentation of the authenticating token further comprises enrolling the web-enabled user device based on presentation of the authenticating token consisting of a one-way hash of user identification information known only to the authenticating authority and the user.
  - 13. The method of claim 12, wherein enrolling the web-enabled user device based on presentation of the authenticating token further comprises enrolling at least one computing device from which the user can perform transactions.
  - 14. The method of claim 13, wherein enrolling at least one computing device further comprises enrolling at least one of a laptop computer, a personal computer (PC), a set-top box, and a personal data assistant for the user.
  - 15. The method of claim 1, wherein enrolling the web-enabled user device based on presentation of the authenticating token further comprises allowing the user to log onto a web site for the authenticating authority and supply the authenticating token and a user password to the authenticating authority.
  - 16. The method of claim 15, wherein enrolling the web-enabled user device based on presentation of the authenticating token further comprises producing a hash of user information consisting of at least identification information for the user device and the user password.
  - 17. The method of claim 1, wherein authenticating the user based on presentation by the user of the user password via the enrolled user device further comprises receiving a hash of user information by the authenticating authority via the enrolled user device consisting of at least identification information for the user device.
  - 18. The method of claim 17, wherein authenticating the user based on presentation by the user of the user password via the enrolled user device further comprises performing a look-up by the authenticating authority to confirm a pre-defined relationship between the user password and the enrolled user device.

19. A system for authenticating a web user, comprising:
- means for registering the user by an authenticating authority based upon identification of the user using a strong authentication technique;
  
  means for providing an authenticating token to the user by the authenticating authority in connection with the user registration;
  
  means for enrolling at least one web-enabled user device for the user by the authenticating authority based on presentation of the authenticating token by the user;
  
  means for authenticating the user for a transaction by the authenticating authority based on presentation by the user of a user password via the enrolled user device;
  
  wherein the means for registering the user based upon identification of the user using the strong authentication technique further comprises means for registering the user based upon identification of the user using at least one of biometric information and shared secret information; and
  
  wherein the means for registering the user based upon identification of the user using shared secret information further comprises means for registering the user based upon identification of the user using a special code posted by the authenticating authority to the user that can be used only within a predetermined time frame.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 20. The system of claim 19, wherein the means for registering the user based upon identification of the user using shared secret information further comprises means for registering the user based upon identification of the user using the user'"'"'s answer to a question posed by the authenticating authority about a specific matter which only the user would know.
  - 21. The system of claim 19, wherein the means for registering the user based upon identification of the user using at least one of the biometric information and the shared secret information further comprises means for combining the information with at least one of a unique, known attribute of the user and a secret entered and known only by the authenticating authority.
  - 22. The system of claim 19, wherein the means for registering the user based upon identification of the user using at least one of the biometric information and the shared secret information further comprises means for receiving the information from the user at a transaction terminal.
  - 23. The system of claim 22, wherein the means for receiving the information from the user at a transaction terminal further comprises means for allowing the user to enter the information at the transaction terminal using a transaction terminal card and a user password.
  - 24. The system of claim 23, wherein the means for allowing the user to enter the information at the transaction terminal using the transaction terminal card and the user password further comprises means for allowing the user to enter the information at the transaction terminal using the transaction terminal card and a personal identification number of the user through a control device that identifies the user.
  - 25. The system of claim 22, wherein the means for receiving the information from the user at a transaction terminal further comprises means for allowing the user to enter the biometric information consisting of at least one of fingerprint information and handwriting information at the transaction terminal.
  - 26. The system of claim 19, wherein the means for providing the authenticating token further comprises means for providing the authenticating token to the user consisting of a one-way hash of user identification information known only to the authenticating authority and the user.
  - 27. The system of claim 26, wherein the means for providing the authenticating token consisting of the one-way hash further comprises means for producing the one-way hash of user identification information consisting of at least one of biometric information and shared secret information.
  - 28. The system of claim 27, wherein the means for providing the authenticating token further comprises means for producing the one-way hash of the user identification information by the authenticating authority using one of a Secure Hash Algorithm (SHA) or a message digest algorithm (MD-5).
  - 29. The system of claim 27, wherein the means for providing the authenticating token further comprises means for producing the authenticating token consisting of an index derived from the one-way hash.
  - 30. The system of claim 27, wherein the means for enrolling the web-enabled user device based on presentation of the authenticating token further comprises means for enrolling the web-enabled user device based on presentation of the authenticating token consisting of a one-way hash of user identification information known only to the authenticating authority and the user.
  - 31. The system of claim 30, wherein the means for enrolling the web-enabled user device based on presentation of the authenticating token further comprises means for enrolling at least one computing device from which the user can perform transactions.
  - 32. The system of claim 31, wherein the means for enrolling at least one computing device further comprises means for enrolling at least one of a laptop computer, a personal computer (PC), a set-top box, and a personal data assistant for the user.
  - 33. The system of claim 27, wherein the means for enrolling the web-enabled user device based on presentation of the authenticating token further comprises means for allowing the user to log onto a web site for the authenticating authority and supply the authenticating token and a user password to the authenticating authority.
  - 34. The system of claim 33, wherein the means for enrolling the web-enabled user device based on presentation of the authenticating token further comprises means for producing a hash of user information consisting of at least identification information for the user device and the user password.
  - 35. The system of claim 27, wherein the means for authenticating the user based on presentation by the user of the user password via the enrolled user device further comprises means for receiving a hash of user information by the authenticating authority via the enrolled user device consisting of at least identification information for the user device.
  - 36. The system of claim 35, wherein the means for authenticating the user based on presentation by the user of the user password via the enrolled user device further comprises means for performing a look-up by the authenticating authority to confirm a pre-defined relationship between the user password and the enrolled user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Schutzer, Daniel
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Elmore, John

Application Number

US09/875,651
Publication Number

US 20020053035A1
Time in Patent Office

1,637 Days
Field of Search

713155-159, 713/168, 713/172, 713/182, 713/185, 713/186, 713/201, 713/202, 705 65- 69
US Class Current

705/67
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06Q 20/3674   involving authentication

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

Method and system for strong, convenient authentication of a web user

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for strong, convenient authentication of a web user

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links