Method and system for personalized online security

US 8,082,213 B2
Filed: 06/27/2006
Issued: 12/20/2011
Est. Priority Date: 06/27/2005
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A user-authentication service implemented as routines that execute one or more computer systems interconnected by two or more communications media with both an authentication-service client, and a user, the user-authentication service comprising:

the one or more computer systems;

stored user-authentication policies specified by the user;

stored user information;

account interface routines that implement an account interface by which the user specifies, modifies, adds, and deletes user-authentication policies; and

authentication-interface routines that implement an authentication interface by which, following initiation of a transaction by the user with the authentication-service client, the authentication-service client submits an authentication request, through the first communications medium or through a second communications medium, to authenticate the user, the authentication-interface routines employing a variable-factor authentication, when specified to do so by stored user-authentication policies, to authenticate the user on behalf of the authentication-service client during which the user communicates with the user-authentication service through a third communications medium different from the first and second communications media and a user device different from that employed by the user to initiate the transaction with the authentication-service client.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

Various embodiments of the present invention provide strong authentication of users on behalf of commercial entities and other parties to electronic transactions. In these embodiments of the present invention, a user interacts with an authentication service provider to establish policies for subsequent authentication of the user. Thus, in these embodiments of the present invention, a user controls the level and complexity of authentication processes carried out by the authentication service provider on behalf of both the user and commercial entities and other entities seeking to authenticate the user in the course of conducting electronic transactions, electronic dialogues, and other interactions for which user authentication is needed. The policies specified by a user may include specification of variable-factor authentication, in which the user, during the course of an authentication, provides both secret information as well as evidence of control of a tangible object.

Citations

17 Claims

1. A user-authentication service implemented as routines that execute one or more computer systems interconnected by two or more communications media with both an authentication-service client, and a user, the user-authentication service comprising:
- the one or more computer systems;
  
  stored user-authentication policies specified by the user;
  
  stored user information;
  
  account interface routines that implement an account interface by which the user specifies, modifies, adds, and deletes user-authentication policies; and
  
  authentication-interface routines that implement an authentication interface by which, following initiation of a transaction by the user with the authentication-service client, the authentication-service client submits an authentication request, through the first communications medium or through a second communications medium, to authenticate the user, the authentication-interface routines employing a variable-factor authentication, when specified to do so by stored user-authentication policies, to authenticate the user on behalf of the authentication-service client during which the user communicates with the user-authentication service through a third communications medium different from the first and second communications media and a user device different from that employed by the user to initiate the transaction with the authentication-service client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The user-authentication service of claim 1 wherein the authentication service stores user-authentication policies and user information for multiple users, provides an account interface to the multiple users, and provides an authentication interface to multiple authentication-service clients.
  - 3. The user-authentication service of claim 1 wherein the user-authentication service undertakes the authentication procedure by:
    - using the electronically-encoded information about the user to retrieve all storeduser-authentication policies for the user;
      
      when the retrieved stored user-authentication policies permit the authentication procedure to proceed, conducting the authentication procedure in order to authenticate the user to the authentication-service client; and
      
      returning an authentication result to the authentication-service client.
  - 4. The user-authentication service of claim 3 wherein the authentication procedure for any single policy may comprise:
    - a uni-directional or bi-directional exchange of information with the user through the third communications medium.
  - 5. The user-authentication service of claim 4 wherein the information is a password that the user can subsequently input to the authentication-service client to prove to the authentication-service client that the user has been authenticated by the user-authentication service.
  - 6. The user-authentication service of claim 5 wherein the authentication result includes the password.
  - 7. The user-authentication service of claim 1 wherein the stored user information includes one or more of:
    - the user'"'"'s name;
      
      the user'"'"'s address;
      
      passwords specified by the user;
      
      the user'"'"'s contact information;
      
      the user'"'"'s billing information; and
      
      the user'"'"'s employment information.
  - 8. The user-authentication service of claim 7 wherein the user'"'"'s contact information includes one or more of:
    - the user'"'"'s computer'"'"'s trusted communications addresses;
      
      trusted telephone numbers of the user'"'"'s landline and cell phones;
      
      contact information for the user'"'"'s trusted hand-held computing devices;
      
      the user'"'"'s email addresses; and
      
      internet addresses for interne-related accounts through which the user can receive information.
  - 9. The user-authentication service of claim 1 wherein a user-authentication policy specifies one or more of:
    - constraints and parameters associated with user-authentication processes carried out by the user-authentication service on behalf of one or more, specified authentication-service clients.
  - 10. The user-authentication service of claim 9 wherein constraints include one or more of:
    - geographical constraints;
      
      time-of-day constraints;
      
      date constraints;
      
      communications-medium-related constraints;
      
      user-authentication service actions; and
      
      event constraints.
  - 11. The user-authentication service of claim 10 wherein user-authentication service actions include one or more of:
    - halting authorization service after detecting a specified event;
      
      employing particular types of user-authentication procedures; and
      
      providing alerts upon detecting specified events.

12. A method for authenticating, by an authentication service, a user of the authentication service to an authentication-service client that communicates with the user of the authentication service through a first communications medium, the method comprising:
- receiving user-identifying information from the authentication-service client;
  
  using the user-identifying information received from the authentication-service client to carry out an authentication procedure to authenticate the user of the authentication service by sending information to the user of the authentication service through a communications medium different from the first communications medium; and
  
  returning a authentication result to the authentication-service client.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12 wherein, as part of the authentication procedure, the authentication service transmits information to the user of the authentication service which the user of the authentication service then subsequently transmits to the authentication-service client.
  - 14. The method of claim 12 wherein the user-authentication service undertakes the authentication procedure by:
    - using the electronically-encoded information about the user to retrieve all stored user-authentication policies for the user;
      
      when the retrieved stored user-authentication policies permit the authentication procedure to proceed, conducting the authentication procedure in order to authenticate the user to the authentication-service client; and
      
      returning the authentication result to the authentication-service client.
  - 15. The method of claim 14 wherein the authentication procedure for any single policy may comprise:
    - a uni-directional or bi-directional exchange of information with the user through the third communications medium.
  - 16. The method of claim 15 wherein the information is a password that the user can subsequently input to the authentication-service client to prove to the authentication-service client that the user has been authenticated by the user-authentication service.
  - 17. The method of claim 16 wherein the authentication result includes the password.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Smart Authentication IP, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Jarlath Lyons
Inventors
Lyons, Jarlath
Primary Examiner(s)
ZELASKIEWICZ, CHRYSTINA E

Application Number

US11/477,203
Publication Number

US 20070016527A1
Time in Patent Office

2,002 Days
Field of Search

705/59, 705/50, 705/67
US Class Current

705/67
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/02   involving a neutral party, ...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/00   Commerce

G06Q 30/02   Marketing; Price estimation...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Method and system for personalized online security

First Claim

2 Assignments

Litigations

1 Petition

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for personalized online security

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links