Out of band system and method for authentication

US 8,296,562 B2
Filed: 05/01/2009
Issued: 10/23/2012
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authentication of a user with a device who is attempting a first transaction comprising the steps of:

establishing the asserted identity of the user;

informing an authentication server that the user is attempting to conduct a transaction;

conducting a second transaction with the user'"'"'s device and the authentication server to verify that the user is in possession of the device, wherein the second transaction comprises;

providing, via an out of band channel used for establishing the asserted identify of the user, an authentication notification message indicating that the transaction is being conducted and prompting entry of a token, andreceiving, via the out of band channel, the token;

in response to receiving the token, sending an out of band one-time passcode to the device registered to the user;

entering the one-time passcode into the dialogue;

validating the one-time passcode; and

authorizing the first transaction.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for out of band authentication for ensuring a user is in possession of a device.

186 Citations

19 Claims

1. A method for authentication of a user with a device who is attempting a first transaction comprising the steps of:
- establishing the asserted identity of the user;
  
  informing an authentication server that the user is attempting to conduct a transaction;
  
  conducting a second transaction with the user'"'"'s device and the authentication server to verify that the user is in possession of the device, wherein the second transaction comprises;
  
  providing, via an out of band channel used for establishing the asserted identify of the user, an authentication notification message indicating that the transaction is being conducted and prompting entry of a token, andreceiving, via the out of band channel, the token;
  
  in response to receiving the token, sending an out of band one-time passcode to the device registered to the user;
  
  entering the one-time passcode into the dialogue;
  
  validating the one-time passcode; and
  
  authorizing the first transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising providing, at the device, an application to verify that the user is in possession of the device.
  - 3. The method of claim 2, wherein conducting the second transaction further comprises receiving a secure message from the application verifying that the user is in possession of the device is in the authentication server.
  - 4. The method of claim 1 wherein the transaction is authorized via the release of a symmetric key representative of the individual conducting the transaction.
  - 5. The method of claim 4 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.
  - 6. The method of claim 1 wherein the transaction is authorized via the release of an asymmetric key representative of the individual conducting the transaction.
  - 7. The method of claim 6 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.
  - 8. The method of claim 1 wherein the out of band passcode is distributed to the end-user'"'"'s pre-registered device via SMS (text messaging).
  - 9. The method of claim 1 wherein the out of band passcode is distributed to the end-user'"'"'s pre-registered device via voice.
  - 10. The method of claim 1 wherein the out of band passcode is retrieved by the end-user through the use of their pre-registered voice signature and voice biometrics.

11. A method for authentication of a user with a device who is attempting a transaction comprising the steps of:
- establishing the asserted identity of the user;
  
  receiving, via an out of band channel used for establishing the asserted identity of the user, a secure message from an application provided at the device verifying that the user is in possession of the device;
  
  sending an out of band one-time passcode to the device registered to the user;
  
  validating the one-time passcode; and
  
  authorizing the transaction via the release of a key,wherein the key (i) is symmetric or asymmetric, (ii) is representative of the individual conducting the transaction and the server on which the transaction was conducted, and (iii) can be tied to the unique user through non-repudiatory log and audit capabilities.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, further comprising providing the application at the device, wherein the application provides the secure message based on verifying a token.
  - 13. The method of claim 11, wherein the secure message is received a channel other than a second channel used for establishing the asserted identify of the user.

14. A method for authentication of a user with a device who is attempting a first transaction comprising the steps of:
- establishing the asserted identity of the user;
  
  conducting a second transaction with the user'"'"'s device and the authentication server to verify that the user is in possession of the device, wherein the second transaction comprisesproviding, via an out of band channel used for establishing the asserted identify of the user, an authentication notification message to the device indicating that the transaction is being conducted and prompting entry of a token,receiving, via the out of band channel, the token, andreceiving a secure message from an application provided at the device verifying that the user is in possession of the device;
  
  sending an out of band one-time passcode to the device registered to the user; and
  
  entering the one-time passcode into the dialogue to authorize the transaction.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, further comprising providing the application at the device to verify that the user is in possession of the device.
  - 16. The method of claim 14 wherein the transaction is authorized via the release of a symmetric key representative of the individual conducting the transaction.
  - 17. The method of claim 16 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.
  - 18. The method of claim 14 wherein the transaction is authorized via the release of an asymmetric key representative of the individual conducting the transaction.
  - 19. The method of claim 18 wherein the key is representative of the server on which the transaction was conducted, and can be tied to the unique user through non-repudiatory log and audit capabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anakam, Inc. (Equifax, Inc.)
Original Assignee
Anakam, Inc. (Equifax, Inc.)
Inventors
Williams, Jeffrey B., Camaisa, Allan
Primary Examiner(s)
Louie, Oscar

Application Number

US12/434,442
Publication Number

US 20090259848A1
Time in Patent Office

1,271 Days
Field of Search

None
US Class Current

713/155
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 9/3215   using a plurality of channe...

H04L 9/3228   One-time or temporary data,...

Out of band system and method for authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

186 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Out of band system and method for authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others