Multi factor authentication

US 8,365,258 B2
Filed: 09/26/2007
Issued: 01/29/2013
Est. Priority Date: 11/16/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authenticating a user for accessing a resource, said method relying on multi-factor authentication of the user, the method comprising the steps of:

associating the user with registration information particular to the user, wherein said registration information includes a first factor authentication information;

associating the user with a second factor authentication information;

subsequent to associating the user with a second factor authentication information, receiving information of a first instance of a first factor authentication step, said first factor authentication step comprising the user inputting a first live user authentication information across a first communications network and matching the first live user authentication information to the registered first factor authentication information;

confirming that the first live user authentication information matches the first factor authentication information for the user;

upon receipt of the information of the first instance of the first factor authentication step, performing a first instance of a second factor authentication step, said second factor authentication step comprising—

placing a telephone call or sending a text message to the user across a second communications network and at a previously-stored number associated with a telecommunications device of the user,in response to placing said telephone call or sending said text message to the user, receiving a second live user authentication information inputted by the user at the user'"'"'s telecommunications device,confirming that said second live user authentication information provided by the user via the user'"'"'s telecommunications device matches the second factor authentication information associated with the user, andupon confirming that the second live user authentication information matches the second factor authentication information, identifying the user as being authorized to access the resource;

wherein said second live user authentication information is only the pound key or only the star key on a keypad of the user'"'"'s telecommunications device;

receiving information of the user performing a second instance of said first factor authentication step;

determining if the second instance of said first factor authentication step is within a predetermined period of time since the first instance of said second factor authentication step;

if the second instance of said first factor authentication step is outside the predetermined period of time, performing a second instance of said second factor authentication step for the user; and

if the second instance of said first factor authentication step is within the predetermined period of time, not performing the second instance of said second factor authentication step for the user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.

Citations

22 Claims

1. A method of authenticating a user for accessing a resource, said method relying on multi-factor authentication of the user, the method comprising the steps of:
- associating the user with registration information particular to the user, wherein said registration information includes a first factor authentication information;
  
  associating the user with a second factor authentication information;
  
  subsequent to associating the user with a second factor authentication information, receiving information of a first instance of a first factor authentication step, said first factor authentication step comprising the user inputting a first live user authentication information across a first communications network and matching the first live user authentication information to the registered first factor authentication information;
  
  confirming that the first live user authentication information matches the first factor authentication information for the user;
  
  upon receipt of the information of the first instance of the first factor authentication step, performing a first instance of a second factor authentication step, said second factor authentication step comprising—
  
  placing a telephone call or sending a text message to the user across a second communications network and at a previously-stored number associated with a telecommunications device of the user,in response to placing said telephone call or sending said text message to the user, receiving a second live user authentication information inputted by the user at the user'"'"'s telecommunications device,confirming that said second live user authentication information provided by the user via the user'"'"'s telecommunications device matches the second factor authentication information associated with the user, andupon confirming that the second live user authentication information matches the second factor authentication information, identifying the user as being authorized to access the resource;
  
  wherein said second live user authentication information is only the pound key or only the star key on a keypad of the user'"'"'s telecommunications device;
  
  receiving information of the user performing a second instance of said first factor authentication step;
  
  determining if the second instance of said first factor authentication step is within a predetermined period of time since the first instance of said second factor authentication step;
  
  if the second instance of said first factor authentication step is outside the predetermined period of time, performing a second instance of said second factor authentication step for the user; and
  
  if the second instance of said first factor authentication step is within the predetermined period of time, not performing the second instance of said second factor authentication step for the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as set forth in claim 1, wherein the first communications network is selected from the group consisting of a private data network, a local area network, a wide area network, or a public network.
  - 3. The method as set forth in claim 1, wherein the first communications network is the Internet.
  - 4. The method as set forth in claim 1, wherein the input of said first live user authentication information is immediately prior to the user accessing said resource.
  - 5. The method as set forth in claim 1, wherein said registration information includes the number associated with the user'"'"'s telecommunications device.
  - 6. The method as set forth in claim 1, wherein the first factor authentication information comprises a username and password.
  - 7. The method as set forth in claim 1, wherein the second communications network is selected from the group consisting of a public switched telephone network and an Internet Protocol network.

8. A non-transitory computer-readable storage medium with an executable program stored thereon for directing operation of at least one computer to authenticate a user for accessing a resource, wherein the program instructs the at least one computer to perform the following steps:
- associate the user with registration information particular to the user, wherein said registration information includes a first factor authentication information;
  
  associate the user with a second factor authentication information;
  
  subsequent to associating the user with a second factor authentication information, receive information of a first instance of a first factor authentication step, said first factor authentication step comprising the user inputting a first live user authentication information across a first communications network and match the first live user authentication information to the registered first factor authentication information;
  
  confirm that the first live user authentication information matches the first factor authentication information for the user;
  
  upon receipt of the information of the first instance of the first factor authentication step, perform a first instance of a second factor authentication step, said second factor authentication step comprising—
  
  place a telephone call or send a text message to the user across a second communications network and at a previously-stored number associated with a telecommunications device of the user,in response to placing said telephone call or sending said text message to the user, receive a second live user authentication information inputted by the user at the user'"'"'s telecommunications device,confirm that said second live user authentication information provided by the user via the user'"'"'s telecommunications device matches the second factor authentication information associated with the user, andupon confirming that the second live user authentication information matches the second factor authentication information, identify the user as being authorized to access the resource;
  
  wherein said second live user authentication information is only the pound key or only the star key on a keypad of the user'"'"'s telecommunications device;
  
  receive information of the user performing a second instance of said first factor authentication step;
  
  determine if the second instance of said first factor authentication step is within a predetermined period of time since the first instance of said second factor authentication step;
  
  if the second instance of said first factor authentication step is outside the predetermined period of time, perform a second instance of said second factor authentication step for the user; and
  
  if the second instance of said first factor authentication step is within the predetermined period of time, not perform the second instance of said second factor authentication step for the user.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The program as set forth in claim 8, wherein the first communications network is selected from the group consisting of a private data network, a local area network, a wide area network, or a public network.
  - 10. The method as set forth in claim 8, wherein the first communications network is the Internet.
  - 11. The method as set forth in claim 8, wherein the input of said first live user authentication information is immediately prior to the user accessing said resource.
  - 12. The method as set forth in claim 8, wherein said registration information includes the number associated with the user'"'"'s telecommunications device.
  - 13. The method as set forth in claim 8, wherein the first factor authentication information comprises a username and password.
  - 14. The method as set forth in claim 8, wherein the second communications network is selected from the group consisting of a public switched telephone network and an Internet Protocol network.

15. A method of authenticating a user for accessing a resource, wherein the user registered with the resource prior to accessing the resource, and during said registration, the user provided registration information comprising a first factor authentication information, and upon the user accessing the resource, the user provides a first live user authentication information to the resource across a first communications network for comparison to the first factor authentication information, and further wherein the user is associated with a second factor authentication information, the method comprising the steps of:
- subsequent to associating the user with the second factor authentication information, receiving information of a first instance of a first factor authentication step, said first factor authentication step comprising the user inputting the first live user authentication information across the first communications network and matching the first live user authentication information to the registered first factor authentication information;
  
  upon receipt of the information of the first instance of the first factor authentication step, performing a first instance of a second factor authentication step, said second factor authentication step comprising—
  
  placing a telephone call or sending a text message to the user across a second communications network and at a previously-stored number associated with a telecommunications device of the user,in response to placing said telephone call or sending said text message to the user, receiving a second live user authentication information inputted by the user at the user'"'"'s telecommunications device,confirming that said second live user authentication information provided by the user via the user'"'"'s telecommunications device matches the second factor authentication information associated with the user, andupon confirming that the second live user authentication information matches the second factor authentication information, identifying the user as being authorized to access the resource;
  
  wherein said second live user authentication information is only the pound key or only the star key on a keypad of the user'"'"'s telecommunications device;
  
  receiving information of the user performing a second instance of said first factor authentication step;
  
  determining if the second instance of said first factor authentication step is within a predetermined period of time since the first instance of said second factor authentication step;
  
  if the second instance of said first factor authentication step is outside the predetermined period of time, performing a second instance of said second factor authentication step for the user; and
  
  if the second instance of said first factor authentication step is within the predetermined period of time, not performing the second instance of said second factor authentication step for the user.
- View Dependent Claims (16, 17, 18)
- - 16. The method as set forth in claim 15, wherein the first communications network is selected from the group consisting of a private data network, a local area network, a wide area network, or a public network.
  - 17. The method as set forth in claim 15, wherein the first factor authentication information comprises a username and password.
  - 18. The method as set forth in claim 15, wherein the second communications network is selected from the group consisting of a public switched telephone network and an Internet Protocol network.

19. A non-transitory computer-readable storage medium with an executable program stored thereon for directing operation of at least one computer to authenticate a user for accessing a resource, wherein the user registered with the resource prior to accessing the resource, and during said registration, the user provided registration information comprising a first factor authentication information, and upon the user accessing the resource, the user provides a first live user authentication information to the resource across a first communications network for comparison to the first factor authentication information, and further wherein the user is associated with a second factor authentication information, wherein the program instructs the at least one computer to perform the following steps:
- subsequent to associating the user with the second factor authentication information, receive information of a first instance of a first factor authentication step, said first factor authentication step comprising the user inputting the first live user authentication information across the first communications network and matching the first live user authentication information to the registered first factor authentication information;
  
  upon receipt of the information of the first instance of the first factor authentication step, perform a first instance of a second factor authentication step, said second factor authentication step comprising—
  
  place a telephone call or send a text message to the user across a second communications network and at a previously-stored number associated with a telecommunications device of the user,in response to placing said telephone call or sending said text message to the user, receive a second live user authentication information inputted by the user at the user'"'"'s telecommunications device,confirm that said second live user authentication information provided by the user via the user'"'"'s telecommunications device matches the second factor authentication information associated with the user, andupon confirming that the second live user authentication information matches the second factor authentication information, identify the user as being authorized to access the resource;
  
  wherein said second live user authentication information is only the pound key or only the star key on a keypad of the user'"'"'s telecommunication'"'"'s device;
  
  receive information of the user performing a second instance of said first factor authentication step;
  
  determine if the second instance of said first factor authentication step is within a predetermined period of time since the first instance of said first factor authentication step;
  
  if the second instance of said first factor authentication step is outside the predetermined period of time, perform a second instance of said second factor authentication step for the user; and
  
  if the second instance of said first factor authentication step is within the predetermined period of time, not perform the second instance of said second factor authentication step for the user.
- View Dependent Claims (20, 21, 22)
- - 20. The method as set forth in claim 19, wherein the first communications network is selected from the group consisting of a private data network, a local area network, a wide area network, or a public network.
  - 21. The method as set forth in claim 19, wherein the first factor authentication information comprises a username and password.
  - 22. The method as set forth in claim 19, wherein the second communications network is selected from the group consisting of a public switched telephone network and an Internet Protocol network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Phonefactor Incorporated (Microsoft Corporation)
Inventors
Dispensa, Stephen T.
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Su, Sarah

Application Number

US11/862,173
Publication Number

US 20080120711A1
Time in Patent Office

1,952 Days
Field of Search

726/2, 726/3, 726/4, 726/5, 713/155, 713/182, 713/183, 709/225, 709/226, 705/64, 705/72, 705/76
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 63/18   using different networks or...

Multi factor authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Multi factor authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links