System and method for accomplishing two-factor user authentication using the internet
First Claim
Patent Images
1. A method of implementing token-based electronic security across multiple secure web sites, in which a user has a security token, wherein the security token authenticates its user based on a first authentication factor, comprising:
- storing unique token identification information, and a seed value of each security token, in a security system on a token authenticating web site;
requiring the user, upon login to a secure web site, to enter at least a token code generated by the user'"'"'s security token and data corresponding to a second authentication factor different from the first authentication factor;
authenticating the user based on the second authentication factor using the secure web site;
passing the user'"'"'s token code from the secure web site to the security system on the token authenticating web site if the authenticating is successful;
verifying whether or not the user'"'"'s token code was generated by the user'"'"'s token using the security system on the token authenticating web site; and
passing a result of the verifying from the token authenticating web site, to the secure web site, to authorize access to services provided by the secure web site.
11 Assignments
0 Petitions
Accused Products
Abstract
A method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.
-
Citations
25 Claims
-
1. A method of implementing token-based electronic security across multiple secure web sites, in which a user has a security token, wherein the security token authenticates its user based on a first authentication factor, comprising:
-
storing unique token identification information, and a seed value of each security token, in a security system on a token authenticating web site; requiring the user, upon login to a secure web site, to enter at least a token code generated by the user'"'"'s security token and data corresponding to a second authentication factor different from the first authentication factor; authenticating the user based on the second authentication factor using the secure web site; passing the user'"'"'s token code from the secure web site to the security system on the token authenticating web site if the authenticating is successful; verifying whether or not the user'"'"'s token code was generated by the user'"'"'s token using the security system on the token authenticating web site; and passing a result of the verifying from the token authenticating web site, to the secure web site, to authorize access to services provided by the secure web site. - View Dependent Claims (2, 3)
-
-
4. A method of implementing token-based electronic security across a plurality of secure web sites, including a first and a second secure web site, the method comprising:
-
providing a security token to each user, wherein the security token authenticates its user based on a first authentication factor; storing unique token identification information, and a seed value of each security token, in a security system on a token authenticating web site; providing each of the plurality of secure web sites with access to the security system on the token authenticating web site; requiring the user, upon login to one of the plurality of secure web sites, to enter into the secure web site at least a token code generated by the user'"'"'s security token and data corresponding to a second authentication factor different from the first authentication factor; authenticating the user based on the second authentication factor using the secure web site; passing the user'"'"'s token code from the secure web site to the security system on the token authenticating web site if the authenticating is successful; generating verification information indicating whether the user'"'"'s token code was generated by the user'"'"'s token using the security system on the token authenticating web site; and passing the verification information from the token authenticating web site to the secure web site, authorize access to services provided by the secure web site. - View Dependent Claims (5, 6, 7)
-
-
8. In a system in which each user has a security token, wherein the security token generates a token code and authenticates its user based on a first authentication factor, a method of implementing token-based electronic security, the method comprising:
-
providing a secure web site; connecting the secure web site to a third party security system on a token authenticating web site; storing unique token identification information associated with the security token for each user, and a seed value of each security token, in the third party security system on the token authenticating web site; requiring the user, upon login to the secure web site, to enter into the secure web site at least the token code generated by the user'"'"'s token and data corresponding to a second authentication factor different from the first authentication factor; authenticating the user based on the second authenticating factor using the secure web site; passing the user'"'"'s token code from the secure web site to the security system on the token authenticating web site if the authenticating is successful; receiving from the token authenticating web site and at the secure web site, verification information indicating if the user'"'"'s token code was generated by the user'"'"'s security token; and authorizing the user to access services provided by the secure web site as a function of the verification information. - View Dependent Claims (9, 10, 11)
-
-
12. A method of strengthening authentication of a user accessing a service web site, wherein the service web site includes a first factor authentication, comprising:
-
connecting the service web site to a security web site; configuring the service web site to add a second factor authentication to the first factor authentication, wherein configuring includes adapting the service web site to forward data corresponding to the second factor authentication to the security web site and to receive an authentication result from the security web site; receiving a service request from the user at the service web site, wherein receiving a service request includes receiving data corresponding to the first authentication factor of the user and data corresponding to the second authentication factor of the user, wherein the second authentication factor is different from the first authentication factor; authenticating the user using the data corresponding to the first authentication factor at the service web site; sending a request for the second factor authentication from the service web site to the security web site if the authenticating based on the first authentication factor is successful, wherein sending a request includes transferring the data corresponding to the second authentication factor; authenticating, in receipt of the request, the user using the data corresponding to the second authentication factor received from the service web site at the security web site; returning a result of the authentication based on the second authentication factor from the security web site to the service web site; and determining, at the service web site, whether to authorize the user to access services provided by the service web site according to the result of the authentication returned from the security web site. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A system for strengthening authentication of a user requesting one or more services, comprising:
-
a security web site; a plurality of service web sites, wherein each service web site is connected across a network to the security web site, wherein the service web sites provide services accessible by the user, and wherein each service web site is configured to; receive, from the user, a service request, wherein the service request includes data corresponding to a first authentication factor of the user and data corresponding to a second authentication factor of the user, wherein the second authentication factor is different from the first authentication factor; authenticate the user using the data corresponding to the first authentication factor; and forward a request for second authentication factor authentication if authentication based on the first authentication factor is successful; wherein the security web site is configured to; receive the request for second factor authentication of the user from one of the service web sites, wherein the request includes the data corresponding to the second authentication factor of the user; authenticate, on receipt of the request, the user using the data corresponding to the second authentication factor received from the service web site; and return a result of the authentication based on the second authentication factor to the requesting service web site; and wherein the requesting service web site receives the result from the security web site and uses the result to authorize access to services provided by the requesting service web site. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification