Preventing fraudulent internet account access

US 7,748,047 B2
Filed: 04/29/2005
Issued: 06/29/2010
Est. Priority Date: 04/29/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

maintaining, in a storage device of a server, network address information associated with a network resource user;

receiving, at the server, a request to authenticate the network resource user, the request including a network address identifier;

authenticating, by the server, the network resource user based on the network address information and the network address identifier;

sending, by the server and based on the authenticating, a response to the request, the response indicating an authenticity of the network resource user;

denying, by the server and when the authenticity of the network resource user is not established, the request to authenticate the network resource user;

requesting, by the server and when the request to authenticate the network resource user is denied, verification information from the network resource user;

receiving, by the server, the verification information;

determining, by the server, a validity of the verification information;

overriding, by the server and when the validity of the verification information is established, the denial of the request to authenticate the network resource user; and

modifying, by the server and when the denial of the request to authenticate the network resource user is overridden, the network address information to indicate the authenticity of the network address identifier.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating requests for accessing network resources are described. Network address information may be associated with a network resource user. An authenticator may maintain the associated network address information. The authenticator may receive, from a requesting party, a request to authenticate the network resource user, where the request may include a network address identifier. The network resource user may be authenticated based on the network address information and the network address identifier. The authentication determination may be forwarded to the requesting party for purposes of controlling access to a network resource of a network resource provider in response to an access request made by the network resource user.

Citations

19 Claims

1. A method comprising:
- maintaining, in a storage device of a server, network address information associated with a network resource user;
  
  receiving, at the server, a request to authenticate the network resource user, the request including a network address identifier;
  
  authenticating, by the server, the network resource user based on the network address information and the network address identifier;
  
  sending, by the server and based on the authenticating, a response to the request, the response indicating an authenticity of the network resource user;
  
  denying, by the server and when the authenticity of the network resource user is not established, the request to authenticate the network resource user;
  
  requesting, by the server and when the request to authenticate the network resource user is denied, verification information from the network resource user;
  
  receiving, by the server, the verification information;
  
  determining, by the server, a validity of the verification information;
  
  overriding, by the server and when the validity of the verification information is established, the denial of the request to authenticate the network resource user; and
  
  modifying, by the server and when the denial of the request to authenticate the network resource user is overridden, the network address information to indicate the authenticity of the network address identifier.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, where maintaining network address information comprises maintaining at least one discrete range of network addresses associated with the network resource user.
  - 3. The method of claim 2, where authenticating comprises selectively establishing an authenticity of the network resource user when the network address identifier is included in the at least one discrete range.
  - 4. The method of claim 1, where receiving the verification information comprises receiving voice data.
  - 5. The method of claim 1, where receiving the verification information comprises receiving biometric data.
  - 6. The method of claim 1, further comprising sending a message to the network resource user that includes the validity determination.

7. A method comprising:
- establishing, in a storage device of a server, an authorization list including at least one network address, the authorization list being associated with at least one network resource;
  
  receiving, at the server, a request to access the at least one network resource, where the request includes a source network address;
  
  providing, by the server and when the source network address is included in the authorization list, access to the at least one network resource;
  
  restricting, by the server and when the source network address is not included in the authorization list, access to the at least one network resource;
  
  requesting, by the server and based on the restricted access, verification information associated with the at least one network resource be provided to the server;
  
  determining, by the server, whether provided verification information, responsive to the request, is valid;
  
  maintaining, by the server and upon a determination that the provided verification information is invalid, the access restriction to the at least one network resource;
  
  overriding, by the server and upon a determination that the provided verification information is valid, the access restriction to the at least one network resource;
  
  providing, by the server and based on the overridden access restriction, access to the at least one network resource; and
  
  adding, by the server and upon the access to the at least one network resource being provided, the source network address to the authorization list.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, where establishing the authorization list comprises including at least one discrete range of network addresses associated with the at least one network resource.
  - 9. The method of claim 7, further comprising revising the authorization list by:
    - adding at least one additional network address, orremoving the at least one network address.
  - 10. The method of claim 7, where establishing the authorization list comprises adding, to the authorization list, at least one source network address that has been previously used to access the at least one network resource.
  - 11. The method of claim 7, where establishing the authorization list comprises designating a network entity for which associated network addresses are identifiable.
  - 12. The method of claim 7, where the at least one network address is authorized for prescribed periods.
  - 13. The method of claim 12, where the prescribed periods comprise at least one day of the week, at least one time of day, or both.
  - 14. The method of claim 7, where controlling access comprises:
    - receiving login information; and
      
      permitting access to the at least one network resource based on the login information, the authorization list, and the source network address.

15. An apparatus comprising:
- a server to;
  
  pre-authorize at least one network address to connect to the server;
  
  receive a request, from a client device having a source address, to connect to the server;
  
  determine whether the source address matches the at least one network address that has been pre-authorized to connect to the server;
  
  grant the request based on the determination that the source address matches the at least one network address that has been pre-authorized;
  
  deny the request based on the determination that the source address does not match the at least one network address that has been pre-authorized;
  
  obtain, based on the denied request, verification information from a user of the client device;
  
  determine whether, responsive to the request, the obtained verification information is valid;
  
  maintain the denied request based upon a determination that the obtained verification information is invalid;
  
  override the denied request based upon a determination that the obtained verification information is valid;
  
  allow, based on the overridden denied request, the client device to connect to the server; and
  
  designate, upon the connection being allowed, the source address as being pre-authorized to connect to the server.
- View Dependent Claims (16, 17, 18)
- - 16. The apparatus of claim 15, where the at least one network address comprises a discrete range of network addresses.
  - 17. The apparatus of claim 15, where the server is further to:
    - receive login information; and
      
      selectively grant the request further based on the received login information.
  - 18. The apparatus of claim 15, where the server is further to:
    - pre-authorize the at least one network address, when the at least one network address has been previously used to connect to the server.

19. A system comprising:
- means for receiving, from a client device having a dynamically assigned source network address from a range of network addresses, a request for connection to a network resource;
  
  means for selectively authenticating the source network address, where the source network address is compared to a list of authorized network addresses;
  
  means for connecting an authenticated source network address to the network resource;
  
  means for restricting access to the network resource when the source network address is not on the list of authorized network addresses;
  
  means for sending, to the client device and when the access is restricted, a response to the request indicating that access to the network resource is restricted and requesting verification information to override the access restriction;
  
  means for receiving the verification information;
  
  means for determining a validity of the received verification information;
  
  means for overriding, when the validity of the received verification information is established, the access restriction; and
  
  means for adding, when the access restriction is overridden, the source network address to the list of authorized network addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Business Global LLC (Verizon Communications Inc.)
Inventors
O'Neill, David J.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Abyaneh; Ali S

Application Number

US11/117,512
Publication Number

US 20060248600A1
Time in Patent Office

1,887 Days
Field of Search

726/1, 726/27, 726/29, 713/182
US Class Current

726/29
CPC Class Codes

G06F 16/95   Retrieval from the web

G06F 21/31   User authentication

G06F 2221/2115   Third party

H04L 63/0236   Filtering by address, proto...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

Preventing fraudulent internet account access

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing fraudulent internet account access

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links