IP address secure multi-channel authentication for online transactions
First Claim
1. A computer-implemented method for multi-factor authenticating of a user using an application server and an authentication server, said user interacting with said application server and said authentication server, said user communicating with at least one of said application server and said authentication server using a user browser program, comprising:
- authenticating using said application server said user using first factor authentication credentials;
providing, from said application server to said authentication server, a first source IP address associated with a request for said authenticating using said first factor authentication credentials;
instructing said user to establish a separate communication channel between said user browser program and said authentication server to perform additional authentication;
comparing said first source IP address with a second source IP address, said second source IP address associated with communication from said user to said authentication server using said separate communication channel; and
if said first source IP address does not match said second source IP address, failing authentication of said user.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for multi-factor authenticating of a user using an application server and an authentication server is disclosed. The method includes receiving from the application server a first source IP address associated with a request for authenticating from the user browser program to the application server. The method also includes receiving from the user browser program a request to perform additional authentication between the user browser program and the authentication server using a separate communication channel. The method additionally includes comparing the first source IP address with a second source IP address associated with the request to perform the additional authentication and failing, if the first source IP address does not match the second source IP address, authentication of the user.
-
Citations
20 Claims
-
1. A computer-implemented method for multi-factor authenticating of a user using an application server and an authentication server, said user interacting with said application server and said authentication server, said user communicating with at least one of said application server and said authentication server using a user browser program, comprising:
-
authenticating using said application server said user using first factor authentication credentials; providing, from said application server to said authentication server, a first source IP address associated with a request for said authenticating using said first factor authentication credentials; instructing said user to establish a separate communication channel between said user browser program and said authentication server to perform additional authentication; comparing said first source IP address with a second source IP address, said second source IP address associated with communication from said user to said authentication server using said separate communication channel; and if said first source IP address does not match said second source IP address, failing authentication of said user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method for multi-factor authenticating of a user using an application server and an authentication server, said user interacting with at least one of said application server and said authentication server using a user browser program, comprising:
-
receiving from said application server a first source IP address associated with a request for authenticating from said user browser program to said application server; receiving from said user browser program a request to perform additional authentication between said user browser program and said authentication server using a separate communication channel from a communication channel employed to communicate between said application server and said authentication server; comparing said first source IP address with a second source IP address, said second source IP address associated with said request to perform said additional authentication between said authentication server and said user browser program; and if said first source IP address does not match said second source IP address, failing authentication of said user. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification