Method and system for multi-network authorization and authentication

US 7,142,840 B1
Filed: 02/20/2003
Issued: 11/28/2006
Est. Priority Date: 02/20/2003
Status: Active Grant

First Claim

Patent Images

1. An authentication system comprising:

a first communication interface connectable to an access communication channel;

a second communication interface connectable to a confirmation communication channel;

service control logic in communication with the first communication interface for receiving through the first communication interface an access request associated with a user;

user data storage including a confirmation-channel address associated with the user;

access control logic in communication with the second communication interface for sending a pass code request to the user at the confirmation-channel address, receiving a confirmation message from the user, and testing the received confirmation message to determine whether the received commation message includes a valid pass code.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authenticating and/or authorizing users of a service includes one communication interface with an access communication channel and another communication interface with a confirmation communication channel. Requests for a user to access a service are received over the access communication channel, and confirmation codes for the user are received over a trusted confirmation channel, such as an SMS text messaging system. Confirmation codes may be received from the user requesting access to the service or by a third party acting as a gatekeeper to the service. The system tests the validity of received confirmation codes, and enables the user to access the service if a valid confirmation code is received.

83 Citations

View as Search Results

19 Claims

1. An authentication system comprising:
- a first communication interface connectable to an access communication channel;
  
  a second communication interface connectable to a confirmation communication channel;
  
  service control logic in communication with the first communication interface for receiving through the first communication interface an access request associated with a user;
  
  user data storage including a confirmation-channel address associated with the user;
  
  access control logic in communication with the second communication interface for sending a pass code request to the user at the confirmation-channel address, receiving a confirmation message from the user, and testing the received confirmation message to determine whether the received commation message includes a valid pass code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the service control logic is operative to enable the user access to a service only after the access control logic determines that the received confirmation message includes a valid pass code.
  - 3. The system of claim 1, wherein the confirmation message is received by the access control logic through the second communication interface.
  - 4. The system of claim 1, wherein the service control logic is operative to provide a service to the first user only after the access control logic determines that the received confirmation message includes a valid pass code.
  - 5. The system of claim 1, wherein the service control logic is operative to send an authentication message to a service provider to inform the service provider that the user is authenticated only after the access control logic determines that the received confirmation message includes a valid pass code.
  - 6. The system of claim 1, wherein the service control logic includes an Internet server and the service is a restricted-access Web site.
  - 7. The system of claim 1, wherein the second communication interface comprises an interface to a wireless mobile telephone network.
  - 8. The system of claim 1, wherein the second communication interface comprises a short message entity.
  - 9. The system of claim 1, wherein the access control logic includes SMS message interpretation logic.
  - 10. The system of claim 1, wherein the user data storage includes confirmation codes, the access control logic being operational to compare the received confirmation message with a confirmation code in the user data storage.
  - 11. The system of claim 1, wherein the access request message includes a user identifier.
  - 12. The system of claim 1, wherein the user data storage includes user identifiers and confirmation-channel addresses associated with the user identifiers.
  - 13. The system of claim 1, wherein the user data storage includes user identifiers and at least one confirmation channel address associated with each user identifier.
  - 14. The system of claim 1, wherein the access control logic includes logic for intercepting request messages and for testing request messages for requests requiring authentication.
  - 15. The system of claim 1 wherein the confirmation-channel address is an unresolved address.
  - 16. The system of claim 1 wherein the pass code request includes a callback telephone number, the access control logic being operative to receive a confirmation message from the user over a telephone call received at the callback telephone number.

17. An authentication system comprising:
- a processor;
  
  data storage;
  
  a first communication interface connectable to an access communication channel;
  
  a second communication interface connectable to a confirmation communication channel;
  
  machine language instructions stored in the data storage and executable by the processor (i) to receive through the first communication interface an access request associated with a user;
  
  (ii) to send a pass code request to the user through the second communication interface;
  
  (iii) to receive a confirmation message through the second communication interface; and
  
  (iii) to test the received confirmation message to determine whether the received confirmation message includes a valid pass code;
  
  wherein the access request includes a user identifier;
  
  further comprising confirmation-channel addresses associated with user identifiers stored in the data storage, the machine language instructions for sending a pass code request including machine language instructions for sending a pass code request to a confirmation-channel address associated with the user identifier included in the access request.

18. A method for authenticating users of a service, comprising:
- receiving, over an access communication channel, a request for a user to access a service;
  
  sending to the user, over a confirmation communication channel different from the access communication channel, a request for a pass code;
  
  receiving a confirmation message from the user; and
  
  testing the confirmation message to determine whether the confirmation message includes a valid pass code;
  
  wherein receiving a request for a user to access a service includes receiving a user identifier, and sending a request for a confirmation code includes selecting a confirmation-channel address associated with the user identifier and sending the request for a confirmation code to the selected confirmation-channel address.

19. A method for authenticating users of a service, comprising:
- receiving from a service, over an access communication channel, a request for a user to access the service;
  
  sending a valid pass code to the user over a confirmation communication channel different from the access communication channel;
  
  receiving, over the access communication channel, a confirmation message associated with the user;
  
  testing the confirmation message to determine whether the confirmation message includes the valid pass code; and
  
  enabling the user to access the service only after the confirmation message is determined to include the valid pass codewherein receiving a service request includes intercepting request messages and testing request messages for requests requiring authentication; and
  
  wherein receiving a request for a user to access a service includes receiving a user identifier, and sending a valid pass code includes selecting a confirmation-channel address associated with the user identifier and sending the valid pass code to the selected confirmation-channel address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Spectrum LP (Deutsche Telekom AG)
Original Assignee
Sprint Spectrum LP (Deutsche Telekom AG)
Inventors
Jethwa, Piyush, Anderson, David, Geddes, Martin, Weaver, Farni, McConnell, Von, Ginn, Christopher
Primary Examiner(s)
LE, DANH C

Application Number

US10/370,238
Time in Patent Office

1,377 Days
Field of Search

455/411, 455/410, 455/466, 455/418, 713/186, 713/202, 713/155, 713/200, 709/237, 379/93.04, 379/93.02, 379/93.03
US Class Current

455/411
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

H04W 12/088   using filters or firewalls

Method and system for multi-network authorization and authentication

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for multi-network authorization and authentication

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links