System and method for accomplishing two-factor user authentication using the internet

US 7,516,483 B2
Filed: 02/26/2007
Issued: 04/07/2009
Est. Priority Date: 08/24/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of implementing token-based electronic security across multiple secure web sites, in which a user has a security token, wherein the security token authenticates its user based on a first authentication factor, comprising:

storing unique token identification information, and a seed value of each security token, in a security system on a token authenticating web site;

requiring the user, upon login to a secure web site, to enter at least a token code generated by the user'"'"'s security token and data corresponding to a second authentication factor different from the first authentication factor;

authenticating the user based on the second authentication factor using the secure web site;

passing the user'"'"'s token code from the secure web site to the security system on the token authenticating web site if the authenticating is successful;

verifying whether or not the user'"'"'s token code was generated by the user'"'"'s token using the security system on the token authenticating web site; and

passing a result of the verifying from the token authenticating web site, to the secure web site, to authorize access to services provided by the secure web site.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.

Citations

25 Claims

1. A method of implementing token-based electronic security across multiple secure web sites, in which a user has a security token, wherein the security token authenticates its user based on a first authentication factor, comprising:
- storing unique token identification information, and a seed value of each security token, in a security system on a token authenticating web site;
  
  requiring the user, upon login to a secure web site, to enter at least a token code generated by the user'"'"'s security token and data corresponding to a second authentication factor different from the first authentication factor;
  
  authenticating the user based on the second authentication factor using the secure web site;
  
  passing the user'"'"'s token code from the secure web site to the security system on the token authenticating web site if the authenticating is successful;
  
  verifying whether or not the user'"'"'s token code was generated by the user'"'"'s token using the security system on the token authenticating web site; and
  
  passing a result of the verifying from the token authenticating web site, to the secure web site, to authorize access to services provided by the secure web site.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the data corresponding to a second authentication factor includes a user name and user password.
  - 3. The method of claim 1, wherein the security token is a software-based token.

4. A method of implementing token-based electronic security across a plurality of secure web sites, including a first and a second secure web site, the method comprising:
- providing a security token to each user, wherein the security token authenticates its user based on a first authentication factor;
  
  storing unique token identification information, and a seed value of each security token, in a security system on a token authenticating web site;
  
  providing each of the plurality of secure web sites with access to the security system on the token authenticating web site;
  
  requiring the user, upon login to one of the plurality of secure web sites, to enter into the secure web site at least a token code generated by the user'"'"'s security token and data corresponding to a second authentication factor different from the first authentication factor;
  
  authenticating the user based on the second authentication factor using the secure web site;
  
  passing the user'"'"'s token code from the secure web site to the security system on the token authenticating web site if the authenticating is successful;
  
  generating verification information indicating whether the user'"'"'s token code was generated by the user'"'"'s token using the security system on the token authenticating web site; and
  
  passing the verification information from the token authenticating web site to the secure web site, authorize access to services provided by the secure web site.
- View Dependent Claims (5, 6, 7)
- - 5. The method of claim 4, wherein the data corresponding to a second authentication factor includes a user name and password.
  - 6. The method of claim 4, wherein the security token is a software-based token.
  - 7. The method of claim 4, wherein storing unique token identification information, and the seed value of each security token, in a security system on a token authenticating web site includes entering the unique token identification information into one of the plurality of secure web sites and forwarding the unique token identification information from the secure web site to the security system on the token authenticating web site.

8. In a system in which each user has a security token, wherein the security token generates a token code and authenticates its user based on a first authentication factor, a method of implementing token-based electronic security, the method comprising:
- providing a secure web site;
  
  connecting the secure web site to a third party security system on a token authenticating web site;
  
  storing unique token identification information associated with the security token for each user, and a seed value of each security token, in the third party security system on the token authenticating web site;
  
  requiring the user, upon login to the secure web site, to enter into the secure web site at least the token code generated by the user'"'"'s token and data corresponding to a second authentication factor different from the first authentication factor;
  
  authenticating the user based on the second authenticating factor using the secure web site;
  
  passing the user'"'"'s token code from the secure web site to the security system on the token authenticating web site if the authenticating is successful;
  
  receiving from the token authenticating web site and at the secure web site, verification information indicating if the user'"'"'s token code was generated by the user'"'"'s security token; and
  
  authorizing the user to access services provided by the secure web site as a function of the verification information.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the data corresponding to a second authentication factor includes a user name and user password.
  - 10. The method of claim 8, wherein the security token is a software-based token.
  - 11. The method of claim 8, wherein storing unique token identification information, and the seed value of each security token, in the third party security system on the token authenticating web site includes entering the unique token identification information into the secure web site and forwarding the unique token identification information from the secure web site to the security system on the token authenticating web site.

12. A method of strengthening authentication of a user accessing a service web site, wherein the service web site includes a first factor authentication, comprising:
- connecting the service web site to a security web site;
  
  configuring the service web site to add a second factor authentication to the first factor authentication, wherein configuring includes adapting the service web site to forward data corresponding to the second factor authentication to the security web site and to receive an authentication result from the security web site;
  
  receiving a service request from the user at the service web site, wherein receiving a service request includes receiving data corresponding to the first authentication factor of the user and data corresponding to the second authentication factor of the user, wherein the second authentication factor is different from the first authentication factor;
  
  authenticating the user using the data corresponding to the first authentication factor at the service web site;
  
  sending a request for the second factor authentication from the service web site to the security web site if the authenticating based on the first authentication factor is successful, wherein sending a request includes transferring the data corresponding to the second authentication factor;
  
  authenticating, in receipt of the request, the user using the data corresponding to the second authentication factor received from the service web site at the security web site;
  
  returning a result of the authentication based on the second authentication factor from the security web site to the service web site; and
  
  determining, at the service web site, whether to authorize the user to access services provided by the service web site according to the result of the authentication returned from the security web site.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein the data corresponding to the first authentication factor is a username and password for the user.
  - 14. The method of claim 12, wherein the data corresponding to the second authentication factor is a token code generated by a security token distributed to the user.
  - 15. The method of claim 14, wherein the security token is a software-based token.
  - 16. The method of claim 12, wherein sending a request for the second factor authentication further includes checking, at the service web site, whether the second factor authentication is requested by the user.
  - 17. The method of claim 12, wherein sending a request for the second factor authentication further includes transferring at least some of the data corresponding to the first authentication factor.
  - 18. The method of claim 12, wherein authenticating the user using the second authentication factor at the security web site includes validating information in the request for the second factor authentication received from the service web site.

19. A system for strengthening authentication of a user requesting one or more services, comprising:
- a security web site;
  
  a plurality of service web sites, wherein each service web site is connected across a network to the security web site, wherein the service web sites provide services accessible by the user, and wherein each service web site is configured to;
  
  receive, from the user, a service request, wherein the service request includes data corresponding to a first authentication factor of the user and data corresponding to a second authentication factor of the user, wherein the second authentication factor is different from the first authentication factor;
  
  authenticate the user using the data corresponding to the first authentication factor; and
  
  forward a request for second authentication factor authentication if authentication based on the first authentication factor is successful;
  
  wherein the security web site is configured to;
  
  receive the request for second factor authentication of the user from one of the service web sites, wherein the request includes the data corresponding to the second authentication factor of the user;
  
  authenticate, on receipt of the request, the user using the data corresponding to the second authentication factor received from the service web site; and
  
  return a result of the authentication based on the second authentication factor tothe requesting service web site; and
  
  wherein the requesting service web site receives the result from the security web site and uses the result to authorize access to services provided by the requesting service web site.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The system of claim 19, wherein the data corresponding to the first authentication factor is a usemame and password for the user.
  - 21. The system of claim 19, wherein the data corresponding to the second authentication factor is a token code generated by a security token distributed to the user.
  - 22. The system of claim 21, wherein the security token is a software-based token.
  - 23. The system of claim 19, wherein the service web site is further configured to check whether the second factor authentication is requested by the user.
  - 24. The system of claim 19, wherein the security web site is further configured to transfer at least some of the data corresponding to the first authentication factor to the security web site.
  - 25. The system of claim 19, wherein the security web site is further configured to validate information in the request for the second factor authentication received from the service web site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Brennan, Sean
Primary Examiner(s)
Simitoski; Michael J

Application Number

US11/678,921
Publication Number

US 20070136799A1
Time in Patent Office

771 Days
Field of Search

713/184, 713/159, 713/185, 713/186, 713/172, 715/741, 715/742, 726/9, 709/229
US Class Current

726/9
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2463/081   applying self-generating cr...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

System and method for accomplishing two-factor user authentication using the internet

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for accomplishing two-factor user authentication using the internet

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links