Use of personal communication devices for user authentication
DCFirst Claim
1. A method of authenticating a user on a first secure computer network, the user having a user account on said first secure computer network, the method comprising:
- associating the user with a personal communication device possessed by the user, said personal communication device in communication over a second network, wherein said second network is a cell phone network different from the first secure computer network;
receiving a request from the user for a token via the personal communication device, over the second network;
generating a new password for said first secure computer network based at least upon the token and a passcode, wherein the token is not known to the user and wherein the passcode is known to the user;
setting a password associated with the user to be the new password;
activating access the user account on the first secure computer network;
transmitting the token to the personal communication device;
receiving the password from the user via the first secure computer network; and
deactivating access to the user account on the first secure computer network within a predetermined amount of time after said activating, such that said user account is not accessible through any password, via said first secure computer network.
4 Assignments
Litigations
5 Petitions
Accused Products
Abstract
A password setting system for a secure system includes a user token server and a communication module. The user token server generates a random token in response to a request for a new password from a user. The server creates a new password by concatenating a secret passcode that is known to the user with the token. The server sets the password associated with the user'"'"'s user ID to be the new password. The communication module transmits the token to a personal communication device, such as a mobile phone or a pager carried by the user. The user concatenates the secret passcode with the received token in order to form a valid password, which the user submits to gain access to the secure system. Accordingly, access to the system is based upon: nonsecret information known to the user, such as the user ID; secret information known to the user, such as the passcode; and information provided to the user through an object possessed by the user, such as the token.
-
Citations
7 Claims
-
1. A method of authenticating a user on a first secure computer network, the user having a user account on said first secure computer network, the method comprising:
-
associating the user with a personal communication device possessed by the user, said personal communication device in communication over a second network, wherein said second network is a cell phone network different from the first secure computer network; receiving a request from the user for a token via the personal communication device, over the second network; generating a new password for said first secure computer network based at least upon the token and a passcode, wherein the token is not known to the user and wherein the passcode is known to the user; setting a password associated with the user to be the new password; activating access the user account on the first secure computer network; transmitting the token to the personal communication device; receiving the password from the user via the first secure computer network; and deactivating access to the user account on the first secure computer network within a predetermined amount of time after said activating, such that said user account is not accessible through any password, via said first secure computer network. - View Dependent Claims (2, 3, 4)
-
-
5. A user authentication system comprising:
-
a computer processor; a user database configured to associate a user with a personal communication device possessed by the user, said personal communication device configured to communicate over a cell phone network with the user authentication system; a control module executed on the computer processor configured to create a new password based at least upon a token and a passcode, wherein the token is not known to the user and wherein the passcode is known to the user, the control module further configured to set a password associated with the user to be the new password; a communication module configured to transmit the token to the personal communication device through the cell phone network; and an authentication module configured to receive the password from the user through a secure computer network, said secure computer network being different from the cell phone network, wherein the user has an account on the secure computer network, wherein the authentication module activates access to the account in response to the password and deactivates the account within a predetermined amount of time after activating the account, such that said account is not accessible through any password via the secure computer network. - View Dependent Claims (6, 7)
-
Specification