System and method for accomplishing two-factor user authentication using the internet

US 7,590,859 B2
Filed: 01/16/2002
Issued: 09/15/2009
Est. Priority Date: 08/24/2001
Status: Active Grant

First Claim

Patent Images

1. A method of accomplishing two-factor user authentication, comprising:

providing first and second user authentication methods, wherein the first user authentication method is an authentication method selected from authentication methods based on what a user knows and authentication methods based on a characteristic of the user and the second user authentication method is based on a token distributed to the user;

communicating authentication data for both user authentication methods to a first web site using the internet;

authenticating the user at the first web site using the first user authentication method;

if the user is successfully authenticated at the first web site, enabling the communication of token-based authentication data corresponding to the token from the first web site to a second web site using the internet, the authentication data including a token code;

authenticating the user at the second web site based on the token-based authentication data transferred from the first web site;

transmitting results of the authentication at the second web site to the first web site; and

if the authentication at the second web site is unsuccessful, restricting access to sensitive web content on the first web site.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.

70 Citations

View as Search Results

14 Claims

1. A method of accomplishing two-factor user authentication, comprising:
- providing first and second user authentication methods, wherein the first user authentication method is an authentication method selected from authentication methods based on what a user knows and authentication methods based on a characteristic of the user and the second user authentication method is based on a token distributed to the user;
  
  communicating authentication data for both user authentication methods to a first web site using the internet;
  
  authenticating the user at the first web site using the first user authentication method;
  
  if the user is successfully authenticated at the first web site, enabling the communication of token-based authentication data corresponding to the token from the first web site to a second web site using the internet, the authentication data including a token code;
  
  authenticating the user at the second web site based on the token-based authentication data transferred from the first web site;
  
  transmitting results of the authentication at the second web site to the first web site; and
  
  if the authentication at the second web site is unsuccessful, restricting access to sensitive web content on the first web site.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the first web site initially authenticates the user based on the data relating to the first user authentication method.
  - 3. The method of claim 1, wherein the first web site communicates to the second web site data identifying the user.
  - 4. The method of claim 1, wherein the first user authentication method employs a password.
  - 5. The method of claim 1, wherein the token is hardware-based, and generates the token code.
  - 6. The method of claim 5, wherein the token is a stand-alone, portable device.
  - 7. The method of claim 5, wherein the token is USB-based and is accessed by a browser.
  - 8. The method of claim 1, wherein the second user authentication method employs a fixed complex code.
  - 9. The method of claim 8, wherein the fixed complex code comprises a one-time password encrypted using a public key infrastructure.
  - 10. The method of claim 1, wherein the second user authentication method is software-based.
  - 11. The method of claim 1, wherein at least one user authentication method can be used across multiple web sites.
  - 12. The method of claim 1, wherein the token is embedded in a cell phone.

13. A method of adding a second method of authentication to a first web site performing a first method of authentication, the method including:
- distributing a token to a user, the token producing a token code;
  
  providing a second website to authorize the user based on the token code;
  
  receiving the token code and authentication data for the first method of authentication at the first web site;
  
  receiving authorization data at the second web site from the first website, the authorization data including user identification data and the token code from the first web site upon the first web site successfully authorizing the user using the first authentication method;
  
  authorizing the user at the second web site based on the token code and the user identification data; and
  
  if the authorization at the second website is successful, transmitting data to the first web site indicating the user has been successfully authenticated using at least two methods of authentication, wherein the user is granted access to web content on the first web site only if the user has been authenticated using at least two methods of authentication.

14. A method of adding a second method of authentication to a plurality of web sites performing a first method of authentication, the method including:
- distributing a token to a user, the token producing a token code;
  
  providing an authentication web site to authorize the user based on the token code;
  
  receiving the token code and authentication data for the first method of authentication at a first web site from the plurality of web sites;
  
  receiving authorization data from the first web site, the authorization data including user identification data and the token code from the first web site upon the first web site successfully authorizing the user using the first authentication method;
  
  authorizing the user at the authentication web site based on the token code and the user identification data; and
  
  if the authorization at the authentication website is successful, transmitting data to the first web site indicating the user has been successfully authenticated using at least two methods of authentication, wherein the user is granted access to web content on the plurality of web sites only if the user has been authenticated using at least two methods of authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Brennan, Sean
Primary Examiner(s)
Simitoski; Michael J

Application Number

US10/050,752
Publication Number

US 20030046551A1
Time in Patent Office

2,799 Days
Field of Search

713/159, 713/184, 713/185, 713/186, 713/172, 726/9, 726/28, 709/229, 715/742
US Class Current

713/185
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2463/081   applying self-generating cr...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

System and method for accomplishing two-factor user authentication using the internet

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for accomplishing two-factor user authentication using the internet

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links