Account creation via a mobile device

US 7,606,918 B2
Filed: 05/20/2004
Issued: 10/20/2009
Est. Priority Date: 04/27/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method of creating a web service account via a mobile device to avoid automated scripts from registering a large number of accounts, said method comprising:

receiving, via a mobile device, a request to create the web service account, said request being received from the mobile device according to a wireless communications protocol, said web service account enabling one or more services provided by the web service;

delivering, in response to the received request, a challenge for rendering on the mobile device to a human user, said challenging comprising a short messaging service (SMS) message or a link within a Wireless Application Protocol (WAP) push message to the mobile device, said link directing the user to obtain the rendered challenge, said rendered challenge including a confirmation message chosen by the web service to confirm that the received request was from the user via the mobile device;

delivering a verification user interface (UI) to be rendered on the mobile device requesting an entry of the confirmation message from the user;

receiving a response, including the confirmation message, to the rendered challenge from the user via the mobile device, said received response indicating that the received response was from the human user and not from automated scripts;

determining if the received response to the rendered challenge corresponds to the delivered confirmation message;

delivering a registration UI to be rendered on the mobile device requesting entries from the user if the received response to the rendered challenge is determined to correspond to the delivered confirmation message, said entries including at least the following;

user profile information, a username for the user, a password for the user, and an e-mail address for the user; and

in response to receiving the user information from the user, creating the web service account for the user if the user is not on a blacklist of successful responses, thereafter generating blacklist data representing the requested web service account that is being created and updating the blacklist of successful responses with the generated blacklist data, said blacklist data including an encrypted field for use in identifying the mobile device requesting the web service account to avoid multiple web service accounts being created by the mobile device when the registration UI is redisplayed on the mobile device, said encrypted field representing a confirmation identifier combined from a device identifier associated with the mobile device, a provider identifier associated with a wireless service provider of the mobile device, and the correct confirmation message to the rendered challenge.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Creating an account via a mobile device. A request to create an account is received from a user via a mobile device. The request is received from the mobile device according to a wireless communications protocol. In response to the received request, a confirmation message is delivered to the mobile device for rendering to the user as a challenge. A response to the rendered challenge is received from the user via the mobile device. It is determined if the received response to the rendered challenge corresponds to the delivered confirmation message. And the account is created for the user if the received response to the rendered challenge is determined to correspond to the delivered confirmation message. Other aspects of the invention are directed to computer-readable media for use with account creation via a mobile device.

234 Citations

40 Claims

1. A method of creating a web service account via a mobile device to avoid automated scripts from registering a large number of accounts, said method comprising:
- receiving, via a mobile device, a request to create the web service account, said request being received from the mobile device according to a wireless communications protocol, said web service account enabling one or more services provided by the web service;
  
  delivering, in response to the received request, a challenge for rendering on the mobile device to a human user, said challenging comprising a short messaging service (SMS) message or a link within a Wireless Application Protocol (WAP) push message to the mobile device, said link directing the user to obtain the rendered challenge, said rendered challenge including a confirmation message chosen by the web service to confirm that the received request was from the user via the mobile device;
  
  delivering a verification user interface (UI) to be rendered on the mobile device requesting an entry of the confirmation message from the user;
  
  receiving a response, including the confirmation message, to the rendered challenge from the user via the mobile device, said received response indicating that the received response was from the human user and not from automated scripts;
  
  determining if the received response to the rendered challenge corresponds to the delivered confirmation message;
  
  delivering a registration UI to be rendered on the mobile device requesting entries from the user if the received response to the rendered challenge is determined to correspond to the delivered confirmation message, said entries including at least the following;
  
  user profile information, a username for the user, a password for the user, and an e-mail address for the user; and
  
  in response to receiving the user information from the user, creating the web service account for the user if the user is not on a blacklist of successful responses, thereafter generating blacklist data representing the requested web service account that is being created and updating the blacklist of successful responses with the generated blacklist data, said blacklist data including an encrypted field for use in identifying the mobile device requesting the web service account to avoid multiple web service accounts being created by the mobile device when the registration UI is redisplayed on the mobile device, said encrypted field representing a confirmation identifier combined from a device identifier associated with the mobile device, a provider identifier associated with a wireless service provider of the mobile device, and the correct confirmation message to the rendered challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein receiving the request comprises communicating with the mobile device according to a Wireless Application Protocol (WAP).
  - 3. The method of claim 1, wherein delivering the confirmation message comprises delivering the confirmation message to the mobile device according to a wireless communications protocol.
  - 4. The method of claim 1, wherein the confirmation message comprises a six-digit numeric code.
  - 5. The method of claim 1, further comprising allowing the user access to an affiliate service in response to creating the web service account for the user, and wherein creating the web service account for the user comprises receiving user profile information from the user via the mobile device and creating the web service account for the user in response to the received user profile information.
  - 6. The method of claim 1, further comprising:
    - receiving a device identifier and a provider identifier from the user via the mobile device, said device identifier identifying the mobile device, said provider identifier identifying a service provider that offers a service to the user via the mobile device; and
      
      storing data on the mobile device, said data specifying the received device identifier and the received provider identifier, said data being stored on the mobile device for a predetermined period.
  - 7. The method of claim 6, further comprising removing the stored data from the mobile device if the received response to the rendered challenge is determined to correspond to the delivered confirmation message.
  - 8. The method of claim 1, further comprising receiving a device identifier and a provider identifier from the user via the mobile device, said device identifier identifying the mobile device, said provider identifier identifying a service provider that offers a service to the user via the mobile device, and wherein creating the web service account for the user comprises storing data representative of the created web service account in a memory area, said data comprising one or more of the following:
    - the received device identifier, the received provider identifier, the received response to the rendered challenge, and a time when the web service account is created.
  - 9. The method of claim 8, wherein storing the data representative of the created web service account in the memory area further comprises storing the received device identifier, the received provider identifier, and the received response to the rendered challenge in the memory area as a hash.
  - 10. The method of claim 1, further comprising:
    - receiving a device identifier and a provider identifier from the user via the mobile device, said device identifier identifying the mobile device, said provider identifier identifying a service provider that offers a service to the user via the mobile device; and
      
      storing one or more of the following data in a memory area;
      
      the received device identifier, the received provider identifier, a hash of the received device identifier and the received provider identifier, the delivered confirmation message, a number of times that a confirmation message is delivered to the mobile device, a number of times that a response to a challenge is received from the user, an indication of whether the received response to the rendered challenge is determined to correspond to the delivered confirmation message, and a time stamp indicating a time when the confirmation message is delivered to the mobile device.
  - 11. The method of claim 10, further comprising removing the data stored in the memory area when the time stamp stored in the memory area is older than a predefined period.
  - 12. The method of claim 10, further comprising:
    - inquiring if the user desires to receive another confirmation message when the received response to the rendered challenge is determined not to correspond to the delivered confirmation message and when the stored number of times that a confirmation message is delivered to the mobile device is less than a predetermined number;
      
      receiving an indication from the user via the mobile device, said indication specifying a desire of the user to receive the other confirmation message; and
      
      delivering the other confirmation message to the mobile device for rendering to the user as another challenge.
  - 13. The method of claim 12, further comprising performing one or more of the following in response to delivering the other confirmation message to the mobile device:
    - updating the stored time stamp with a time when the other confirmation message is delivered to the mobile device, updating the confirmation message stored in the memory area with the other confirmation message delivered to the mobile device, incrementing the stored number of times that a confirmation message is delivered to the mobile device, and setting the stored number of times that a response to a challenge is received to zero.
  - 14. The method of claim 1, further comprising:
    - storing data in a memory area, said data indicating a number of times that a response to a challenge is received from the user;
      
      prompting another response to the rendered challenge from the user if the received response to the rendered challenge is determined not to correspond to the delivered confirmation message and if the indicated number of times that a response to a challenge is received from the user is less than a predetermined number within a predefined period;
      
      receiving the other response to the rendered challenge from the user via the mobile device;
      
      determining if the other response to the rendered challenge corresponds to the delivered confirmation message; and
      
      creating the web service account for the user if the other response to the rendered challenge is determined to correspond to the delivered confirmation message.
  - 15. The method of claim 1, further comprising:
    - receiving a device identifier and a provider identifier from the user via the mobile device, said device identifier identifying the mobile device, said provider identifier identifying a service provider that offers a service to the user via the mobile device; and
      
      delivering the received device identifier and the received provider identifier to an affiliate service in response to creating the web service account for the user.
  - 16. The method of claim 1, wherein receiving the request comprises receiving the request from the user at an affiliate server, said affiliate server associated with an authentication server and providing an affiliate service to the user;
    - and wherein creating the web service account comprises creating the web service account for the user at the authentication server.
  - 17. The method of claim 1, wherein one or more computer-readable media have computer-executable instructions for performing the method recited in claim 1.
  - 18. The method of claim 1, wherein in response to receiving the user information from the user via the mobile device:
    - detecting the encrypted field on the mobile device; and
      
      preventing the web service account for the user from being created based upon the blacklist data of the blacklist of successful responses and the detected encrypted field.

19. A system for creating a web service account via a mobile device to avoid automated scripts from registering a large number of web service accounts, said system comprising:
- a network server for receiving a request to create the web service account via a mobile device, said request being received from the mobile device according to a wireless communications protocol, said web service account enabling one or more services provided by the web service, said network server being configured to deliver a challenge for rendering on the mobile device to a human user, said challenging comprising a short messaging service (SMS) message or a link within a Wireless Application Protocol (WAP) push message to the mobile device in response to receiving the request, said link directing the user to obtain a the rendered challenge, said rendered challenge including a confirmation message chosen by the web service to confirm that the received request was from the user via the mobile device;
  
  said network server being further configured to deliver a verification user interface (UI) to be rendered on the mobile device requesting an entry of the confirmation message from the user, said network server being configured to receive a response, including the confirmation message, to the rendered challenge from the user via the mobile device and to determine if the received response to the rendered challenge corresponds to the delivered confirmation message, said received response indicating that the received response was from the human user and not from the automated scripts, said network server further delivering a registration UI to be rendered on the mobile device requesting entries from the user if the network server determines that the received response to the rendered challenge corresponds to the delivered confirmation message, said entries including at least the following;
  
  user profile information, a username for the user, a password for the user, and an e-mail address for the user; and
  
  an authentication server for creating the web service account for the user, in response to the entries received from the user, if the user is not on a blacklist of successful responses, thereafter generating blacklist data representing the requested web service account that is being created and updating the blacklist of successful responses with the generated blacklist data, said blacklist data including an encrypted field for use in identifying the mobile device requesting the web service account to avoid multiple web service accounts being created by the mobile device when the registration UI is redisplayed on the mobile device, said encrypted field representing a confirmation identifier combined from a device identifier associated with the mobile device, a provider identifier associated with a wireless service provider of the mobile device, and the correct confirmation message to the rendered challenge.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 20. The system of claim 19, wherein the network server is configured to deliver the confirmation message to the mobile device according to a wireless communications protocol.
  - 21. The system of claim 19, further comprising an affiliate server associated with the network server and the authentication server, said affiliate server is configured to initially receive the request from the user via the mobile device and to communicate the request to the network server via a data communications network.
  - 22. The system of claim 19, wherein the network server is configured to receive a device identifier and a provider identifier from the user via the mobile device, said device identifier identifying the mobile device, said provider identifier identifying a service provider that offers a service to the user via the mobile device, said network server further configured to deliver the received device identifier and the received provider identifier to the authentication server.
  - 23. The system of claim 22, further comprising an affiliate server associated with the network server and the authentication server, wherein the authentication server is configured to receive user profile information from the user via the mobile device and to create the web service account for the user in response to the received user profile information, said authentication server further configured to deliver the received device identifier and the received provider identifier to the affiliate server and to allow the user access to an affiliate service provided by the affiliate server in response to creating the web service account for the user.
  - 24. The system of claim 22, further comprising an authentication database associated with the authentication server, said authentication database configured to store data representative of the web service account created by the authentication server, said data comprising one or more of the following:
    - the received device identifier, the received provider identifier, the received response to the rendered challenge, and a time when the web service account is created by the authentication server.
  - 25. The system of claim 22, further comprising a confirmation database associated with the network server, said confirmation database configured to store one or more of the following data:
    - the received device identifier, the received provider identifier, a hash of the received device identifier and the received provider identifier, the delivered confirmation message, a number of times that a confirmation message is delivered to the mobile device, a number of times that a response to a challenge is received from the user, an indication of whether the received response to the rendered challenge is determined to correspond to the delivered confirmation message, and a time stamp indicating a time when the confirmation message is delivered to the mobile device.
  - 26. The system of claim 25, wherein the network server is configured to remove the data stored in the confirmation database when the time stamp stored in the confirmation database is older than a predefined period.
  - 27. The system of claim 25, wherein the network server is configured to prompt another response to the rendered challenge from the user if the network server determines that the received response to the rendered challenge does not correspond to the delivered confirmation message and if the stored number of times that a response to a challenge is received from the user is less than a predetermined number.
  - 28. The system of claim 25, wherein the network server is configured to inquire if the user desires to receive another confirmation message when the network server determines that the received response to the rendered challenge does not correspond to the delivered confirmation message and when the stored number of times that a confirmation message is delivered to the mobile device is less than a predetermined number, said network server further configured to deliver the other confirmation message to the mobile device for rendering to the user as another challenge if the network server receives an indication from the user specifying that the user desires to receive the other confirmation message.
  - 29. The system of claim 28, wherein the network server is configured to access the confirmation database and to perform one or more of the following in response to delivering the other confirmation message to the mobile device:
    - updating the stored time stamp with a time when the other confirmation message is delivered to the mobile device, updating the confirmation message stored in the confirmation database with the other confirmation message delivered to the mobile device, incrementing the stored number of times that a confirmation message is delivered to the mobile device, and setting the stored number of times that a response to a challenge is received to zero.
  - 30. The system of claim 19, wherein the authentication server further comprises:
    - detecting the encrypted field on the mobile device; and
      
      preventing the web service account for the user from being created based upon the blacklist data of the blacklist of successful responses and the detected encrypted field.

31. One or more computer-readable media having stored thereon a data structure for creating a web service account via a mobile device to avoid automated scripts from registering a large number of web service accounts, said data structure comprising:
- a device identifier field for storing a device identifier, said device identifier identifying a mobile device of a user;
  
  a provider identifier field for storing a provider identifier, said provider identifier identifying a service provider that offers a service to the user via the mobile device;
  
  a confirmation message field for storing a challenge comprising a short message service (SMS) message or a link, said challenge including a confirmation message, said confirmation message being chosen by the web service to confirm that the received request was from the user via the mobile device;
  
  a message counter field for storing a number of times that the stored confirmation message included in the challenge is delivered to the mobile device; and
  
  a response counter field for storing a number of times that a response to the rendered challenge is received from the user,wherein at least the device identifier in the device identifier field, the provider identifier in the provider identifier field, the number stored in the message counter field and the number stored in the response counter field are transmitted to the web service to form an encrypted blacklist of successful responses such that the web service uses the blacklist of successful responses to determine whether to create a new web service account for using the web service for the user.
- View Dependent Claims (32, 33, 34)
- - 32. The computer-readable media of claim 31, wherein the data structure further comprises:
    - a hash identification field for storing a hash of the stored device identifier and the stored provider identifier,a verification field for storing an indication of whether the received response to the rendered challenge corresponds to the delivered confirmation message, anda time stamp field for storing a time when the stored confirmation message is delivered to the mobile device.
  - 33. The computer-readable media of claim 32, wherein if the indication stored in the verification field specifies that the received response to the rendered challenge does not correspond to the delivered confirmation message and if the number of times stored in the message counter field is less than a predetermined number, the confirmation message field is updated with another confirmation message, the number of times stored in the message counter field is incremented, the number of times stored in the response counter field is set to zero, and the time stamp field is updated with a time when the other confirmation message is delivered to the mobile device for rendering to the user as another challenge.
  - 34. The computer-readable media of claim 31, wherein the confirmation message stored in the confirmation message field comprises a six-digit numeric code.

35. One or more computer-readable media having computer-executable components for creating a web service account via a mobile device, said computer-readable media comprising:
- an interface component to receive a request to create the web service account, said user requesting to create the web service account via a mobile device, said request being received from the mobile device according to a wireless communications protocol;
  
  a confirmation component to transmit a challenge for rendering on the mobile device to a human user, said challenging comprising a short messaging service (SMS) message or a link within a Wireless Application Protocol (WAP) push message to the mobile device in response to the received request, said link directing the user to obtain the rendered challenge, said rendered challenge including a confirmation message chosen by the web service to confirm that the received request was from the user via the mobile device;
  
  a verification component to deliver a verification user interface (UI) to be rendered on the mobile device requesting an entry of the confirmation message from the user, said verification component is configured to receive a response including the confirmation message to the rendered challenge from the user via the mobile device and to determine if the received response to the rendered challenge corresponds to the transmitted confirmation message, said verification component further delivering a registration UI to be rendered on the mobile device requesting entries from the user if the received response to the rendered challenge is determined to correspond to the delivered confirmation message, said entries including at least the following;
  
  user profile information, a username for the user, a password for the user, and an e-mail address for the user, said received response indicating that the received response was from the human user and not from the automated scripts; and
  
  an account component to create the web service account for the user if the user is not on a blacklist of successful responses, in response to the received entries from the user, thereafter generating blacklist data representing a requested web service account that is being created and updating the blacklist of successful responses with the generated blacklist data, said blacklist data including an encrypted field for use in identifying the mobile device requesting the web service account to avoid multiple web service accounts being created by the mobile device when the registration UI is redisplayed on the mobile device, said encrypted field representing a confirmation identifier combined from a device identifier associated with the mobile device, a provider identifier associated with a wireless service provider of the mobile device, and the correct confirmation message to the rendered challenge.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The computer-readable media of claim 35, wherein the interface component is configured to receive a device identifier and a provider identifier from the user via the mobile device, said device identifier identifying the mobile device, said provider identifier identifying a service provider that offers a service to the user via the mobile service, and wherein the account component is configured to receive user profile information from the user via the mobile device and to create the web service account for the user in response to the received user profile information, said account component further configured to transmit the received device identifier and the received provider identifier to an affiliate service in response to creating the web service account for the user.
  - 37. The computer-readable media of claim 36, further comprising a memory component to store one or more of the following data:
    - the received device identifier, the received provider identifier, a hash of the received device identifier and the received provider identifier, the transmitted confirmation message, a number of times that a confirmation message is transmitted to the mobile device, a number of times that a response to a challenge is received from the user, an indication of whether the received response to the rendered challenge is determined to correspond to the transmitted confirmation message, and a time stamp indicating a time when the confirmation message is transmitted to the mobile device.
  - 38. The computer-readable media of claim 37, wherein the interface component is configured to inquire if the user desires to receive another confirmation message when the verification component determines that the received response to the rendered challenge does not correspond to the delivered confirmation message and when the stored number of times that a confirmation message is transmitted to the mobile device is less than a predetermined number within a predefined period, and wherein the confirmation component is configured to transmit the other confirmation message to the mobile device for rendering to the user as another challenge if the interface component receives an indication from the user specifying that the user desires to receive the other confirmation message.
  - 39. The computer-readable media of claim 37, wherein the interface component is configured to prompt another response to the rendered challenge from the user if the verification component determines that the received response to the rendered challenge does not correspond to the transmitted confirmation message and if the stored number of times that a response to a challenge is received from the user is less than a predetermined number within a predefined period.
  - 40. The computer-readable media of claim 35, wherein the account component can further detect the encrypted field on the mobile device and prevent the web service account for the user from being created based upon the blacklist data of the blacklist of successful responses and the detected encrypted field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Agney, Michael Shayne, Holzman, Aron M., Perumal, Raja Pazhanivel, Khandelwal, Vikas
Primary Examiner(s)
Phillips; Hassan
Assistant Examiner(s)
Chou; Alan S

Application Number

US10/850,010
Publication Number

US 20050239447A1
Time in Patent Office

1,979 Days
Field of Search

709/229, 709/206, 709/207
US Class Current

709/229
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

Account creation via a mobile device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

234 Citations

40 Claims

Specification

Use Cases

Quick Links

Others

Account creation via a mobile device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

234 Citations

40 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others