Systems and methods for strong authentication of electronic transactions

US 8,156,338 B1
Filed: 09/25/2007
Issued: 04/10/2012
Est. Priority Date: 09/25/2007
Status: Active Grant

First Claim

Patent Images

1. A method for an authentication service of an electronic system to verify a token value submitted by a user to such authentication service when requesting access to the electronic system to perform an electronic transaction thereat, the token value representing that the user is in possession of an electronic item known to the authentication service, the method comprising the authentication service:

downloading an authenticator application to the electronic device via a browser on the electronic device;

receiving, via the authenticator application, the token value based on the correct current time as part of a request for access from the user;

obtaining an authentication nonce comprising a current time value from a clock on the electronic item;

wherein obtaining the current time value further comprises sending a message to a time service, receiving therefrom a correct time, and updating the clock with such received correct time, the current time value representing an accumulation of time based on such received correct time;

retrieving predetermined indicia of the electronic item from the database;

combining the obtained authentication nonce and the retrieved indicia of the electronic item to generate a verification token value; and

comparing the received token value with the verification token value, and if a match is found, allowing the access by the user to the electronic system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token value is generated for a user to submit to an authentication service of an electronic system. The token value represents that the user is in possession of an electronic item known to the authentication service, where the electronic item is capable of two-way communications with the authentication service and has thereon an authenticator application transmitted from the authentication service to the electronic item. The authenticator application obtains a current time value from a clock of the electronic item or an authentication value from the authentication service, retrieves predetermined indicia of the electronic item from a location thereon, and combines the obtained value and the retrieved indicia of the electronic item to generate the token value. The authentication service essentially performs the same steps based on information already available at such authentication service to generate a verification token value, and compares the submitted token value to the verification token value.

Citations

24 Claims

1. A method for an authentication service of an electronic system to verify a token value submitted by a user to such authentication service when requesting access to the electronic system to perform an electronic transaction thereat, the token value representing that the user is in possession of an electronic item known to the authentication service, the method comprising the authentication service:
- downloading an authenticator application to the electronic device via a browser on the electronic device;
  
  receiving, via the authenticator application, the token value based on the correct current time as part of a request for access from the user;
  
  obtaining an authentication nonce comprising a current time value from a clock on the electronic item;
  
  wherein obtaining the current time value further comprises sending a message to a time service, receiving therefrom a correct time, and updating the clock with such received correct time, the current time value representing an accumulation of time based on such received correct time;
  
  retrieving predetermined indicia of the electronic item from the database;
  
  combining the obtained authentication nonce and the retrieved indicia of the electronic item to generate a verification token value; and
  
  comparing the received token value with the verification token value, and if a match is found, allowing the access by the user to the electronic system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the obtained authentication value was previously provided to the electronic item by the authentication service in response to a message from the electronic item including the indicia thereof, and was stored in the database as being associated with the electronic item.
  - 3. The method of claim 1 wherein the electronic item is a cellular mobile telephone of the user, the cellular mobile telephone being registered with the authentication service.
  - 4. The method of claim 3 wherein the predetermined indicia of the electronic item is at least one of a network ID of the cellular mobile telephone and a telephone number associated with the cellular mobile telephone.
  - 5. The method of claim 1 comprising hashing the obtained authentication nonce and the retrieved indicia of the electronic item according to a one-way hash function to form the verification token value.
  - 6. The method of claim 1 wherein comparing the received token value with the verification token value comprises comparing the received token value with each of a plurality of verification token values, each verification token value being generated based on one of a plurality of time values including the obtained current time value and a number of time values adjacent the obtained current time value, and if any match is found, allowing the access by the user to the electronic system.
  - 7. The method of claim 1 further comprising registering the electronic item to the authentication service, including receiving the indicia of the electronic item, storing same in the database, and transmitting an authenticator application to the electronic item.
  - 8. The method of claim 1 further comprising:
    - receiving the token value, a user ID, and a password as part of a request for access from the user;
      
      locating an entry for the user based on the user 10 in the database;
      
      confirming that the password is correct for the user ID based on the located entry in the database; and
      
      retrieving the predetermined indicia of the electronic item from the located entry in the database.

9. A non-transitory computer-readable medium having stored thereon computer-executable instruction for performing a method for an authentication service of an electronic system to verify a token value submitted by a user to such authentication service when requesting access to the electronic system to perform an electronic transaction thereat, the token value representing that the user is in possession of an electronic item known to the authentication service, the method comprising the authentication service:
- downloading an authenticator application to the electronic device via a browser on the electronic device;
  
  receiving, via the authenticator application, the token value based on the correct current time as part of a request for access from the user;
  
  obtaining an authentication nonce comprising a current time value from a clock on the electronic item;
  
  wherein obtaining the current time value further comprises sending a message to a time service, receiving therefrom a correct time, and updating the clock with such received correct time, the current time value representing an accumulation of time based on such received correct time;
  
  retrieving predetermined indicia of the electronic item from the database;
  
  combining the obtained authentication nonce and the retrieved indicia of the electronic item to generate a verification token value; and
  
  comparing the received token value with the verification token value, and if a match is found, allowing the access by the user to the electronic system.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The medium of claim 9 wherein the obtained authentication value was previously provided to the electronic item by the authentication service in response to a message from the electronic item including the indicia thereof, and was stored in the database as being associated with the electronic item.
  - 11. The medium of claim 9 wherein the electronic item is a cellular mobile telephone of the user, the cellular mobile telephone being registered with the authentication service.
  - 12. The medium of claim 11 wherein the predetermined indicia of the electronic item is at least one of a network 10 of the cellular mobile telephone and a telephone number associated with the cellular mobile telephone.
  - 13. The medium of claim 9 wherein the method comprises hashing the obtained authentication nonce and the retrieved indicia of the electronic item according to a one-way hash function to form the verification token value.
  - 14. The medium of claim 9 wherein comparing the received token value with the verification token value comprises comparing the received token value with each of a plurality of verification token values, each verification token value being generated based on one of a plurality of time values including the obtained current time value and a number of time values adjacent the obtained current time value, and if any match is found, allowing the access by the user to the electronic system.
  - 15. The medium of claim 9 wherein the method further comprises registering the electronic item to the authentication service, including receiving the indicia of the electronic item, storing same in the database, and transmitting an authenticator application to the electronic item.
  - 16. The medium of claim 9 wherein the method further comprises:
    - receiving the token value, a user ID, and a password as part of a request for access from the user;
      
      locating an entry for the user based on the user ID in the database;
      
      confirming that the password is correct for the user ID based on the located entry in the database; and
      
      retrieving the predetermined indicia of the electronic item from the located entry in the database.

17. A system for an authentication service of an electronic system to verify a token value submitted by a user to such authentication service when requesting access to the electronic system to perform an electronic transaction thereat, the token value representing that the user is in possession of an electronic item known to the authentication service, the system having a processor and memory in a computing apparatus that:
- downloads an authenticator application to the electronic device via a browser on the electronic device;
  
  receives, via the authenticator application, the token value based on the correct current time as part of a request for access from the user;
  
  obtains an authentication nonce comprising a current time value from a clock on the electronic item;
  
  wherein the processor and memory in the computing apparatus that obtains the current time value further comprises a second processor and memory in a computing apparatus that sends a message to a time service, a third processor and memory in a computing apparatus that receives therefrom a correct time, and a fourth processor and memory in a computing apparatus that updates the clock with such received correct time, the current time value representing an accumulation of time based on such received correct time;
  
  retrieves predetermined indicia of the electronic item from the database;
  
  combines the obtained authentication nonce and the retrieved indicia of the electronic item to generate a verification token value; and
  
  compares the received token value with the verification token value, and if a match is found, allowing the access by the user to the electronic system.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17 wherein the obtained authentication value was previously provided to the electronic item by the authentication service in response to a message from the electronic item including the indicia thereof, and was stored in the database as being associated with the electronic item.
  - 19. The system of claim 17 wherein the electronic item is a cellular mobile telephone of the user, the cellular mobile telephone being registered with the authentication service.
  - 20. The system of claim 19 wherein the predetermined indicia of the electronic item is at least one of a network 10 of the cellular mobile telephone and a telephone number associated with the cellular mobile telephone.
  - 21. The system of claim 17, wherein the processor and memory in the computing apparatus hashes the obtained authentication nonce and the retrieved indicia of the electronic item according to a one-way hash function to form the verification token value.
  - 22. The system of claim 17 wherein the processor and memory in the computing apparatus that compares the received token value with the verification token value has a second processor and memory in a computing device that compares the received token value with each of a plurality of verification token values, each verification token value being generated based on one of a plurality of time values including the obtained current time value and a number of time values adjacent the obtained current time value, and if any match is found, a third processor and memory in a computing device allows the access by the user to the electronic system.
  - 23. The system of claim 17 further comprising a processor and memory in a computing device that registers the electronic item to the authentication service, receives the indicia of the electronic item, stores same in the database, and a transmits an authenticator application to the electronic item.
  - 24. The system of claim 17, wherein the processor and memory in the computing apparatus:
    - receives the token value, a user ID, and a password as part of a request for access from the user;
      
      locates an entry for the user based on the user ID in the database;
      
      confirms that the password is correct for the user ID based on the located entry in the database; and
      
      retrieves the predetermined indicia of the electronic item from the located entry in the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Morris, Michael Frank
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US11/861,059
Time in Patent Office

1,659 Days
Field of Search

380/44, 380/286, 380/247, 380/262, 713/178, 713/170, 713/172
US Class Current

713/172
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Systems and methods for strong authentication of electronic transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for strong authentication of electronic transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links