Single use web based passwords for network login

US 8,365,267 B2
Filed: 11/13/2008
Issued: 01/29/2013
Est. Priority Date: 11/13/2008
Status: Active Grant

First Claim

Patent Images

1. A network device, comprising:

a transceiver to send and receive data over a network; and

a processor that is operative to perform actions, including;

sending an ordered plurality of single use passwords to a requestor;

receiving a request to access secured content or a secured service from the requestor;

receiving from the requestor one password from the ordered plurality of single use passwords, wherein the requestor is instructed which one password of the ordered plurality of single use passwords based on a position in the ordered plurality of single use passwords;

validating the received one password;

based on the validation, displaying to the requestor a first portion of another password from the ordered plurality of single use passwords and requesting that the requestor provide a second portion of the other password, and further requesting that the requestor provide still another password from the ordered plurality of single use passwords, wherein the still other password is specified to the requestor based on a position within the ordered plurality of single use passwords; and

if the requestor provides a correct second portion of the other password and still other password, enabling access to the secured content or service.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards employing a plurality of single use passwords to provide phishing detection and user authentication. A user receives a plurality of single use passwords that expire within a defined time period after having been sent to a registered device. During a login attempt, the user enters a user name and a requested one of the passwords, which once entered expires. If valid, the user then enters a portion of another password to complete a displayed portion of a password, and a specified other one of passwords. If the displayed portion of the other passwords does not match any portion of one of passwords, then the user may detect a phishing attempt and terminate the login. If the user correctly the password data, the user may then access secured data. Each new login request requires a different set of passwords to be used.

Citations

20 Claims

1. A network device, comprising:
- a transceiver to send and receive data over a network; and
  
  a processor that is operative to perform actions, including;
  
  sending an ordered plurality of single use passwords to a requestor;
  
  receiving a request to access secured content or a secured service from the requestor;
  
  receiving from the requestor one password from the ordered plurality of single use passwords, wherein the requestor is instructed which one password of the ordered plurality of single use passwords based on a position in the ordered plurality of single use passwords;
  
  validating the received one password;
  
  based on the validation, displaying to the requestor a first portion of another password from the ordered plurality of single use passwords and requesting that the requestor provide a second portion of the other password, and further requesting that the requestor provide still another password from the ordered plurality of single use passwords, wherein the still other password is specified to the requestor based on a position within the ordered plurality of single use passwords; and
  
  if the requestor provides a correct second portion of the other password and still other password, enabling access to the secured content or service.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The network device of claim 1, wherein the processor that is operative to perform actions, including:
    - expiring the received one password upon validation of the received one password or after a defined time period; and
      
      expiring each of the other passwords in the ordered plurality of single use passwords after the defined time period.
  - 3. The network device of claim 1, wherein if the first portion of the other password is determined not to match any portion of any of the ordered plurality of single use passwords, then detecting that the requester is being phished.
  - 4. The network device of claim 1, wherein the ordered plurality of single use passwords comprises at least four passwords.
  - 5. The network device of claim 1, wherein sending the ordered plurality of single use passwords to the requester further comprises sending the ordered plurality of single use passwords to a registered computing device using a specified messaging service, including at least one of email, SMS, IM, VOIP, or voice.
  - 6. The network device of claim 1, wherein validating the received one password further comprises validating that the one password is received within an expiration time period.

7. A system that is operative to manage a secured access over a network, comprising:
- a password component within a first network device configured to provide an ordered plurality of single use passwords to a computing device, the ordered plurality of single use passwords being configured to expire after a defined time period; and
  
  a login service component within a second network device configured to perform actions, including;
  
  receiving a request from a requester for access to secured content or service;
  
  receiving a password from the ordered plurality of single use passwords, the password being requested from the requestor based on a position within the ordered plurality of single use passwords;
  
  determining that the received password is valid for the requestor;
  
  requesting another password to be provided, wherein the other password is identified to the requestor based on another position within the ordered plurality of single use passwords;
  
  requesting the requester provide a missing portion of yet another password from the ordered plurality of single use passwords by providing to the requestor a first portion of the yet another password;
  
  receiving the missing portion of the yet another password, and the other password;
  
  if the missing portion and other password are determined to be valid, enabling access to the secured content or service by the requester.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein determining that the received password is valid further comprises determining if the password is received within the defined time period.
  - 9. The system of claim 7, wherein the login service component is configured to perform actions, further including:
    - determining if any of the received password, missing portion of the yet another password, or other password is received outside of the defined time period; and
      
      if so, inhibiting access to the secured content or service.
  - 10. The system of claim 7, wherein the ordered plurality of single use passwords comprises at least four passwords, each password being randomly generated.
  - 11. The system of claim 7, wherein the ordered plurality of single use passwords are provided to the computing device, wherein the computing device is registered to the requestor during a registration process.

12. A non-transitory computer-readable storage medium having computer-executable instructions, the computer-executable instructions when installed onto a computing device enable the computing device to perform actions, comprising:
- receiving a request from a requestor for access to secured content or service;
  
  receiving a password from an ordered plurality of single use passwords, the password being requested from the requestor based on a position within the ordered plurality of single use passwords;
  
  determining that the received password is valid for the requestor;
  
  requesting another password to be provided, wherein the other password to be provided is identified to the requestor based on another position within the ordered plurality of single use passwords;
  
  requesting the requestor provide a missing portion of yet another password from the ordered plurality of single use passwords by providing to the requestor a first portion of the yet another password;
  
  receiving the missing portion of the yet another password, and the other password;
  
  if the missing portion and other password are determined to be valid, enabling access to the secured content or service by the requestor.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The non-transitory computer-readable storage medium of claim 12, wherein each password requested from the requestor is randomly selected from the ordered plurality of single use passwords, wherein no password is requested more than once.
  - 14. The non-transitory computer-readable storage medium of claim 12, wherein each password is configured to expire either upon a first use or after a defined time period.
  - 15. The non-transitory computer-readable storage medium of claim 12, wherein if the requestor determines that the first portion of yet another password does not match any portion of any of the ordered plurality of single use passwords, then detecting an attempt to phish access to secure data.
  - 16. The non-transitory computer-readable storage medium of claim 12, enabling the requestor to mark any of the passwords as invalid.

17. A method of performing secure access over a network using a network device that is operative to perform actions, comprising:
- sending an ordered plurality of single use passwords to a requestor, wherein the passwords expire upon first use or after a defined time period;
  
  receiving from the requestor one password from the ordered plurality of single use passwords, wherein the requester is directed which one password of the ordered plurality of single use passwords to provide based indicating to the requestor a position in the ordered plurality of single use passwords from which to select the one password;
  
  validating the received one password;
  
  based on a result of the validation, displaying to the requestor a first portion of another password from the ordered plurality of single use passwords and requesting that the requestor provide a second portion of the other password, and further requesting that the requestor provide still another password from the ordered plurality of single use passwords, wherein the still other password is specified to the requestor based on a position within the ordered plurality of single use passwords; and
  
  if the requestor provides a correct second portion of the other password and the still other password, enabling access to secured content or service.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - randomly selecting the one password that the requestor is to provide from the ordered plurality of single use passwords;
      
      randomly selecting the still other password from the ordered plurality of single use passwords without reselecting the one password; and
      
      randomly selecting the other password from the ordered plurality of single use passwords without reselecting the one password or the still other password.
  - 19. The method of claim 17, wherein validating the received one password further comprises, inhibiting access to the secured content or service if the one password is received from the requester outside of the expiration time period.
  - 20. The method of claim 17, wherein inhibiting access to the secured content or service if the requestor provides a correct second portion of the other password and the still other password outside of the expiration time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
R2 Solutions LLC (Acacia Research Corporation)
Original Assignee
Yahoo! Inc. (Apollo Global Management, Inc.)
Inventors
Wang, Tak Yin, Wong, Patrick
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US12/270,785
Publication Number

US 20100122331A1
Time in Patent Office

1,538 Days
Field of Search

728/9, 726/9
US Class Current

726/8
CPC Class Codes

G06F 21/31 User authentication

Single use web based passwords for network login

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Single use web based passwords for network login

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links