Trust inheritance in network authentication

US 7,565,547 B2
Filed: 02/25/2005
Issued: 07/21/2009
Est. Priority Date: 02/27/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for preventing phishing scams so that a user is able to authenticate electronic services through an untrusted electronic terminal, said user being associated with a username and a trusted personal entity, said method comprising the steps of:

(a) said user providing said username to an authentication interface;

(b) sending said username to at least one validation entity;

(c) identifying said username as an authentication request at said validation entity by an authentication application;

(d) looking up with said username in said validation entity whether said username is already registered in said validation entity;

i. if said username is registered with said validation entity, retrieving a unique identifier of said trusted personal entity associated with said user and generating a one time password, and sending said password to said trusted personal entity using said unique identifier;

ii. if said username is not registered with said validation entity, said authentication application rejecting the authentication attempt;

(e) said user, after retrieving said password from said trusted personal entity, providing said unique identifier and said password to said authentication interface, whereby an application permits access to electronic services through said untrusted electronic terminal and said application recording said electronic services to an account associated with said unique identifier,wherein identifying said username is performed by a processor functionally associated with the computer, and wherein the processor identifies by executing computer-readable instructions embedded on a computer readable storage medium.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing ad hoc controlled user access to wireless and wireline IP communication networks while maintaining privacy for users and traceability for network providers. The method includes an authentication interface accepting user credentials, and a validation entity for credential verification and access authorization. The credentials include a unique identifier and a system generated password. The unique identifier is associated with a personal entity of the user such as a cellular telephone. The password is transmitted to the user through a SMS message to his cellular telephone. The user'"'"'s Internet session is monitored by the system and all records are indexed by his cellular telephone number. The system and method therefore permit fast and traceable access for guest users at networks where they are were not previously known. Alternatively, users do not provide their unique identifiers such as cellular telephone numbers which are instead already stored in the system. A user provides a username and a one time password is generated by the system and sent to the user by SMS. This enables the system to validate the user'"'"'s identity as well as the user to validate the Internet resources'"'"' identity.

Citations

70 Claims

1. A computer implemented method for preventing phishing scams so that a user is able to authenticate electronic services through an untrusted electronic terminal, said user being associated with a username and a trusted personal entity, said method comprising the steps of:
- (a) said user providing said username to an authentication interface;
  
  (b) sending said username to at least one validation entity;
  
  (c) identifying said username as an authentication request at said validation entity by an authentication application;
  
  (d) looking up with said username in said validation entity whether said username is already registered in said validation entity;
  
  i. if said username is registered with said validation entity, retrieving a unique identifier of said trusted personal entity associated with said user and generating a one time password, and sending said password to said trusted personal entity using said unique identifier;
  
  ii. if said username is not registered with said validation entity, said authentication application rejecting the authentication attempt;
  
  (e) said user, after retrieving said password from said trusted personal entity, providing said unique identifier and said password to said authentication interface, whereby an application permits access to electronic services through said untrusted electronic terminal and said application recording said electronic services to an account associated with said unique identifier,wherein identifying said username is performed by a processor functionally associated with the computer, and wherein the processor identifies by executing computer-readable instructions embedded on a computer readable storage medium.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 2. A method according to claim 1, wherein said user is a human person or software or hardware or a combination of hardware and software.
  - 3. A method according to claim 1, wherein said untrusted electronic terminal is a mobile terminal or fixed terminal.
  - 4. The method of claim 3, wherein said mobile terminal is a laptop computer or a personal digital assistant (PDA) or an IP telephone.
  - 5. The method of claim 3, wherein said fixed terminal is a desktop computer.
  - 6. A method according to claim 1, wherein said authentication interface is a web interface accepting authentication requests.
  - 7. The method of claim 6, wherein said web interface resides on at least one web server communicating with at least one database server.
  - 8. A method according to claim 1, wherein said authentication interface is a software or hardware or combination of hardware and software or a human person accepting authentication requests or a combination thereof.
  - 9. The method of claim 8, wherein said authentication interface is at least one SMS server or at least one email server or at least one chat server or at least one voice server or at least one fax server or a combination thereof communicating with at least one database server.
  - 10. The method of claim 8, wherein said authentication interface is at least one phone set or at least one fax machine or a combination thereof.
  - 11. The method of claim 8, wherein said authentication interface is at least one physical security access unit.
  - 12. The method of claim 1, wherein said user accesses said authentication interface through said untrusted electronic terminal.
  - 13. The method of claim 12, wherein said untrusted electronic terminal communicates with said authentication interface through at least one data network.
  - 14. The method of claim 12, wherein said untrusted electronic terminal communicates with said authentication interface through at least one wireline connection or at least one wireless connection or a combination thereof.
  - 15. The method of claim 1, wherein said user accesses said authentication interface through a security access card and said security access card is inserted into said authentication interface and said unique identifier is an embedded property of the security access card.
  - 16. The method of claim 1, wherein said user accesses said authentication interface through a radio frequency (RF) enabled security access tag and said radio frequency enabled security access card communicates with said authentication interface through radio waves and said unique identifier is an embedded property of the security access card.
  - 17. The method of claim 1, wherein said user accesses said authentication interface through an infrared (IR) enabled security access tag and said infrared enabled security access card communicates with said authentication interface through infrared waves and said unique identifier is an embedded property of the security access tag.
  - 18. A method according to claim 1, wherein said trusted personal entity is a mobile terminal or fixed terminal.
  - 19. The method of claim 18, wherein said mobile terminal is a cellular phone and said unique identifier is a phone number of said cellular telephone, or said mobile terminal is a mobile fax machine and said unique identifier is a fax number of said mobile fax machine, or said mobile terminal is a laptop computer and said unique identifier is an email address, or said mobile terminal is a personal digital assistant (PDA) and said unique identifier is an email address, or said mobile terminal is a pager and said unique identifier is a pager number.
  - 20. The method of claim 18, wherein said fixed terminal is a phone set and said unique identifier is a phone number of said phone set, or said fixed terminal is a fax machine and said unique identifier is a fax number of said fax machine, or said fixed terminal is a desktop computer, and said unique identifier is an email address of said desktop computer.
  - 21. The method of claim 1, wherein said step (b) is characterized in that said validation entity is a server farm containing at least one database server or at least one web server or a combination thereof, or said validation entity is at least one human person.
  - 22. The method of claim 1, wherein said step (b) is characterized in that said validation entity is a centralized or decentralized server farm or a combination thereof.
  - 23. The method of claim 1, wherein said step (b) is characterized in that said username is sent by SMS or by email or by pager or by fax or a combination thereof.
  - 24. The method of claim 1, wherein said step (b) is characterized in that said username is sent over a network connection.
  - 25. The method of claim 24 wherein, said network connection travels over the Internet or over a local area network (LAN) or a combination thereof.
  - 26. The method of claim 1, wherein said step (d)i is characterized in that said one time password is sent by SMS or by email or by fax or by IVR or in a pager message or a combination thereof
  - 27. The method of claim 1, wherein said step (d)i is characterized in that said one time password is sent over a network connection.
  - 28. The method of claim 27 wherein, said network connection travels over the Internet or over local area network (LAN) or a combination thereof.

29. A computer implemented system for preventing phishing scams so that a user is able to authenticate electronic services through an untrusted electronic terminal, said user being associated with a username and a trusted personal entity, said personal entity having a unique identifier, said system comprising:
- (a) an authentication interface, said authentication interface being adapted to receive said username and to send said username to at least one validation entity;
  
  (b) said validation entity being adapted to retrieve said unique identifier of said trusted personal entity associated with said user and generate a one time password and said validation entity being adapted to send said password to said trusted personal entity using said unique identifier(c) whereby said authentication interface is further adapted to receive said unique identifier and said password and to enable access to said electronic services through said untrusted electronic terminal upon confirmation,wherein the system utilizes a processor of the computer to perform said generation step, and wherein utilizing the processor comprises utilizing the processor to perform the generation step by executing computer-readable instructions on a computer-readable storage medium.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. A system according to claim 29, wherein said electronic services are internet services or voice telecommunications services or data telecommunications services or local area network (LAN) resources or a combination thereof.
  - 31. A system according to claim 29, wherein said electronic services are local or foreign or a combination of local and foreign services to the network said user is connecting to.
  - 32. The system of claim 29, wherein said electronic services comprise access to local area network (LAIN) servers or local area network (LAN) data traffic or a combination thereof.
  - 33. A system according to claim 29, wherein said untrusted electronic terminal is a mobile terminal or fixed terminal.
  - 34. The system of claim 33, wherein said mobile terminal is a laptop computer or a personal digital assistant (PDA) or an IP telephone or a combination thereof.
  - 35. The system of claim 33, wherein said fixed terminal is a desktop computer.

36. A computer implemented method of performing virus and spyware checks upon authentication of a user attempting to access electronic services through an untrusted electronic terminal said method comprising the steps of:
- (a) said user accessing an authentication interface through said untrusted electronic terminal and inputting a username associated with said user;
  
  (b) sending said username to at least one validation entity;
  
  (c) identifying said username as an authentication request at said validation entity;
  
  (d) said validation entity prompting said user to accept said virus and spyware checks in said untrusted electronic terminal;
  
  (e) said validation entity performing said virus and spyware checks upon acceptance of said user;
  
  (f) said validation entity verifying results of said virus and spyware checks and;
  
  i. if said results do not indicate the presence of virus or spyware in said untrusted electronic terminal, looking up with said username a unique identifier of a trusted personal entity associated with said user, generating a random confirmation code, and sending said code to said user using said unique identifier of said trusted personal entity;
  
  ii. if results indicate the presence of virus or spyware in said untrusted electronic terminal, rejecting the authentication attempt;
  
  (g) said user, after retrieving said code from said trusted personal entity, providing said unique identifier and said code to said authentication interface, whereby an application permits access to electronic services through said untrusted electronic terminals,wherein identifying comprises utilizing a processor functionally associated with a computer, and wherein the processor identifies by executing computer-readable instructions embedded on a computer-readable medium.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 37. A method according to claim 36, wherein said user is a human person or software or hardware or a combination of hardware and software.
  - 38. A method according to claim 36, wherein said untrusted electronic terminal is a mobile terminal or fixed terminal.
  - 39. The method of claim 38, wherein said mobile terminal is a laptop computer or a personal digital assistant (PDA) or an IP telephone.
  - 40. The method of claim 38, wherein said fixed terminal is a desktop computer.
  - 41. A method according to claim 36, wherein said authentication interface is a web interface accepting authentication requests.
  - 42. The method of claim 41, wherein said web interface resides on at least one web server communicating with at least one database server.
  - 43. A method according to claim 36, wherein said authentication interface is a software or hardware or combination of hardware and software or a human person accepting authentication requests or a combination thereof.
  - 44. The method of claim 43, wherein said authentication interface is at least one SMS server or at least one email server or at least one chat server or at least one voice server or at least one fax server or combination thereof communicating with at least one database server.
  - 45. The method of claim 43, wherein said authentication interface is at least one phone set or at least one fax machine or a combination thereof.
  - 46. The method of claim 43, wherein said authentication interface is at least one physical security access unit.
  - 47. The method of claim 36, wherein said user accesses said authentication interface through said untrusted electronic terminal.
  - 48. The method of claim 47, wherein said untrusted electronic terminal communicates with said authentication interface though at least one data network.
  - 49. The method of claim 47, wherein said untrusted electronic terminal communicates with said authentication interface through at least one wireline connection or at least one wireless connection or a combination thereof.
  - 50. The method of claim 36, wherein said user accesses said authentication interface through a security access card and said security access card is inserted into said authentication interface and said unique identifier is an embedded property of the security access card.
  - 51. The method of claim 36, wherein said user accesses said authentication interface through a radio frequency (RF) enabled security access tag and said radio frequency enabled security access card communicates with said authentication interface through radio waves and said unique identifier is an embedded property of the security access card.
  - 52. The method of claim 36, wherein said user accesses said authentication interface through an infrared (IR) enabled security access tag and said infrared enabled security access card communicates with said authentication interface through infrared waves and said unique identifier is an embedded property of the security access tag.
  - 53. A method according to claim 36, wherein said personal entity is a mobile terminal or fixed terminal.
  - 54. The method of claim 53, wherein said mobile terminal is a cellular phone and said unique identifier is a phone number of said cellular telephone, or said mobile terminal is a mobile fax machine and said unique identifier is a fax number of said mobile fax machine, or said mobile terminal is a laptop computer and said unique identifier is an email address, or said mobile terminal is a personal digital assistant (PDA) and said unique identifier is an email address, or said mobile terminal is a pager and said unique identifier is a pager number.
  - 55. The method of claim 53, wherein said fixed terminal is a phone set and said unique identifier is a phone number of said phone set, or said fixed terminal is a fax machine and said unique identifier is a fax number of said fax machine, or said fixed terminal is a desktop computer, and said unique identifier is an email address of said desktop computer.
  - 56. The method of claim 36, wherein said step (b) is characterized in that said validation entity is a server farm containing at least one database server or at least one web server or combination thereof, or said validation entity is at least one human person.
  - 57. The method of claim 36, wherein said step (b) is characterized in that said validation entity is a centralized or decentralized server farm or a combination thereof.
  - 58. The method of claim 36, wherein said step (b) is characterized in that said username is sent by SMS or by email or by pager or by fax or a combination thereof.
  - 59. The method of claim 36, wherein said step (b) is characterized in that said username is sent over a network connection.
  - 60. The method of claim 59 wherein, said network connection travels over the Internet or over a local area network (LAN) or a combination thereof.
  - 61. The method of claim 36, wherein said step (f)i is characterized in that said code is sent by SMS or by email or by fax or by IVR or in a pager message or a combination thereof.
  - 62. The method of claim 36, wherein said step (f)i is characterized in that said code is sent over a network connection.
  - 63. The method of claim 62 wherein, said network connection travels over the Internet or over local area network (LAN) or a combination thereof.

64. A computer implemented system for performing virus and spyware checks upon authentication of a user attempting to access electronic services through an untrusted electronic terminal, said user being associated with a username, said system comprising:
- (a) an authentication interface, said authentication interface being adapted to receive said username and to send said username to at least one validation entity;
  
  (b) said validation entity being adapted to receive said username and prompt said user to accept said virus and spyware checks in said untrusted electronic terminal;
  
  (c) said validation entity being adapted to perform said virus and spyware checks upon acceptance of said user;
  
  (d) said validation entity being adapted to verify results of said virus and spyware checks and;
  
  i. if said results do not indicate the presence of virus or spyware in said untrusted electronic terminal, said validation entity being adapted to look up with said username a unique identifier of a trusted personal entity associated with said user, generating a random confirmation code, and sending said code to said user using said unique identifier of said trusted personal entity;
  
  ii. if results indicate the presence of virus or spyware in said untrusted electronic terminal, said validation entity being adapted to reject the authentication attempt;
  
  (e) whereby said authentication interface is further adapted to receive said unique identifier and said code and to enable access to said electronic services through said electronic terminal upon confirmation,wherein the computer implemented system utilizes a processor of a computer to perform said verify step, and wherein utilizing the processor comprises utilizing the processor to perform the verify step by executing computer-readable instructions on a computer-readable storage medium.
- View Dependent Claims (65, 66, 67, 68, 69, 70)
- - 65. A system according to claim 64, wherein said electronic services are internet services or voice telecommunications services or data telecommunications services or local area network (LAN) resources or a combination thereof.
  - 66. A system according to claim 64, wherein said electronic services are local or foreign or a combination of local and foreign services to the network said user is connecting to.
  - 67. The system of claim 64, wherein said electronic services comprise access to local area network (LAN) servers or local area network (LAN) data traffic or a combination thereof.
  - 68. A system according to claim 64, wherein said electronic terminal is a mobile terminal or fixed terminal.
  - 69. The system of claim 68, wherein said mobile terminal is a laptop computer or a personal digital assistant (PDA) or a combination thereof.
  - 70. The system of claim 68, wherein said fixed terminal is a desktop computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Airroamer Incorporated, Sesame Networks, Inc.
Original Assignee
Airroamer Incorporated, Sesame Networks, Inc.
Inventors
Matta, Johnny Mikhael, Alj, Tarik, Campbell, John Robertson, Lala, Probal Kanti
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US11/067,488
Publication Number

US 20050198534A1
Time in Patent Office

1,607 Days
Field of Search

713/183, 713/182, 726/2
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/145   the attack involving the pr...

H04W 12/06   Authentication

H04W 12/128   Anti-malware arrangements, ...

H04W 12/72   Subscriber identity

Trust inheritance in network authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

70 Claims

Specification

Solutions

Use Cases

Quick Links

Trust inheritance in network authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

70 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links