System and method for second factor authentication

US 8,380,989 B2
Filed: 03/05/2009
Issued: 02/19/2013
Est. Priority Date: 03/05/2009
Status: Active Grant

First Claim

Patent Images

1. A method for providing enhanced transaction security, comprising:

receiving a request message from a third party at a gateway, wherein the request message comprises a plurality of data fields indicative of a transaction involving the third party and a mobile subscriber;

processing the received request message by;

obtaining, from at least one repository, previously collected information about the mobile subscriber involved in the transaction;

identifying, based on the request message, rules and configuration data governing application of Second Factor Authentication (SFA) from at least one source of dynamically configurable data to provide an implementation of SFA; and

generating a SFA token based on the identifying;

saving results of the processing, including saving at least the generated SFA token;

generating a mobile subscriber notification message comprising at least the generated SFA token; and

generating a third party notification message comprising at least the generated SFA token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate through a Second Factor Authentication facility. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.

48 Citations

View as Search Results

36 Claims

1. A method for providing enhanced transaction security, comprising:
- receiving a request message from a third party at a gateway, wherein the request message comprises a plurality of data fields indicative of a transaction involving the third party and a mobile subscriber;
  
  processing the received request message by;
  
  obtaining, from at least one repository, previously collected information about the mobile subscriber involved in the transaction;
  
  identifying, based on the request message, rules and configuration data governing application of Second Factor Authentication (SFA) from at least one source of dynamically configurable data to provide an implementation of SFA; and
  
  generating a SFA token based on the identifying;
  
  saving results of the processing, including saving at least the generated SFA token;
  
  generating a mobile subscriber notification message comprising at least the generated SFA token; and
  
  generating a third party notification message comprising at least the generated SFA token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the obtained mobile subscriber information comprises data supplied by the mobile subscriber during a registration process.
  - 3. The method of claim 2, wherein the registration process captures one or more of:
    - identifying information about the mobile subscriber;
      
      account information associated with the mobile subscriber;
      
      security service information; and
      
      billing information.
  - 4. The method of claim 2, wherein the registration process generates a user profile.
  - 5. The method of claim 2, wherein the registration process is web-based.
  - 6. The method of claim 2, wherein the registration process includes a billing component.
  - 7. The method of claim 1, wherein the information obtained about the mobile subscriber comprises a current physical location of the mobile subscriber.
  - 8. The method of claim 1, wherein the request message processing includes processing a billing transaction.
  - 9. The method of claim 1, wherein at least a portion of the SFA token is generated:
    - randomly;
      
      using a predefined algorithm;
      
      sequentially;
      
      orusing the information obtained about the mobile subscriber.
  - 10. The method of claim 1, wherein the generated mobile subscriber notification message is one of:
    - a Short Message Service (SMS) message;
      
      a Multimedia Messaging Service (MMS) message;
      
      an IP Multimedia Subsystem (IMS) message;
      
      an Instant Messaging (IM) message;
      
      an electronic mail (E-Mail) message;
      
      ora Wireless Application Protocol (WAP) message.
  - 11. The method of claim 10, wherein the generated mobile subscriber notification message comprises one or more of:
    - advertising; and
      
      promotional material.
  - 12. The method of claim 1, further comprising:
    - receiving a reply in response to the generated mobile subscriber notification message.

13. A system configured to provide enhanced transaction security, comprising:
- a gateway configured to receive a request message from a third party, wherein the request message comprises a plurality of data fields indicative of a transaction involving the third party and a mobile subscriber; and
  
  at least one workflow module configured to;
  
  process the received request message by;
  
  obtaining, from at least one repository, previously collected information about the mobile subscriber involved in the transaction;
  
  identifying, based on the request message, rules and configuration data governing application of Second Factor Authentication (SFA) from at least one source of dynamically configurable data to provide an implementation of SFA; and
  
  generating a SFA token based on the identifying;
  
  save the SFA token;
  
  generate a mobile subscriber notification message comprising at least the generated SFA token; and
  
  generate a third party notification message comprising at least the generated SFA token.
- View Dependent Claims (14, 15, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 14. The system of claim 13, wherein the obtained mobile subscriber information comprises data supplied by the mobile subscriber during a registration process.
  - 15. The system of claim 14, wherein the registration process captures one or more of:
    - identifying information about the mobile subscriber;
      
      account information associated with the mobile subscriber;
      
      security service information; and
      
      billing information.
  - 19. The system of claim 14, wherein the registration process generates a user profile.
  - 20. The system of claim 14, wherein the registration process is web-based.
  - 21. The system of claim 14, wherein the registration process includes a billing component.
  - 22. The system of claim 13, wherein the information obtained about the mobile subscriber comprises a current physical location of the mobile subscriber.
  - 23. The system of claim 13, wherein the request message processing includes processing a billing transaction.
  - 24. The system of claim 13, wherein at least a portion of the SFA token is generated:
    - randomly;
      
      using a predefined algorithm;
      
      sequentially;
      
      orusing the information obtained about the mobile subscriber.
  - 25. The system of claim 13, wherein the generated mobile subscriber notification message is one of:
    - a Short Message Service (SMS) message;
      
      a Multimedia Messaging Service (MMS) message;
      
      an IP Multimedia Subsystem (IMS) message;
      
      an Instant Messaging (IM) message;
      
      an electronic mail (E-Mail) message;
      
      ora Wireless Application Protocol (WAP) message.
  - 26. The system of claim 25, wherein the generated mobile subscriber notification message comprises one or more of:
    - advertising; and
      
      promotional material.
  - 27. The system of claim 13, further comprising:
    - a gateway further configured to receive a reply in response to the generated mobile subscriber notification message.

16. A computer-readable storage device having control logic recorded thereon that when executed by a processor, causes the processor to perform operations comprising:
- receiving a request message from a third party at a gateway, wherein the request message comprises a plurality of data fields indicative of a transaction involving the third party and a mobile subscriber;
  
  processing the received request message by;
  
  obtaining, from at least one repository, previously collected information about the mobile subscriber involved in the transaction;
  
  identifying, based on the request message, rules and configuration data governing application of Second Factor Authentication (SFA) from at least one source of dynamically configurable data to provide an implementation of SFA; and
  
  generating a SFA token based on the identifying;
  
  saving results of the processing, including at least the generated SFA token;
  
  generating a mobile subscriber notification message comprising at least the generated SFA token; and
  
  generating a third party notification message comprising at least the generated SFA token.
- View Dependent Claims (17, 18, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 17. The storage device of claim 16, wherein the mobile subscriber notification message is one of:
    - a Short Message Service (SMS) message;
      
      a Multimedia Messaging Service (MMS) message;
      
      an IP Multimedia Subsystem (IMS) message;
      
      an Instant Messaging (IM) message;
      
      an electronic mail (E-Mail) message;
      
      ora Wireless Application Protocol (WAP) message.
  - 18. The storage device of claim 17, wherein the generated mobile subscriber notification message comprises one or more of:
    - advertising; and
      
      promotional material.
  - 28. The storage device of claim 16, wherein the obtained mobile subscriber information comprises data supplied by the mobile subscriber during a registration process.
  - 29. The storage device of claim 28, wherein the registration process captures one or more of:
    - identifying information about the mobile subscriber;
      
      account information associated with the mobile subscriber;
      
      security service information; and
      
      billing information.
  - 30. The storage device of claim 28, wherein the registration process generates a user profile.
  - 31. The storage device of claim 28, wherein the registration process is web-based.
  - 32. The storage device of claim 28, wherein the registration process includes a billing component.
  - 33. The storage device of claim 16, wherein the information obtained about the mobile subscriber comprises a current physical location of the mobile subscriber.
  - 34. The storage device of claim 16, wherein the request message processing includes processing a billing transaction.
  - 35. The storage device of claim 16, wherein at least a portion of the SPA token is generated:
    - randomly;
      
      using a predefined algorithm;
      
      sequentially;
      
      orusing the information obtained about the mobile subscriber.
  - 36. The storage device of claim 16, the operations further comprising:
    - receiving a reply in response to the generated mobile subscriber notification message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sybase Incorporated (SAP SE)
Original Assignee
Sybase Incorporated (SAP SE)
Inventors
Sarmah, Dilip, Erickson, Kyle Warner, Gadagkar, Rajat Mounendrababu
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
TRAN, PHUOC D

Application Number

US12/398,331
Publication Number

US 20100229225A1
Time in Patent Office

1,447 Days
Field of Search

726/5, 726/4, 713/157, 455/411
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/083   using passwords cryptograph...

H04L 9/3213   using tickets or tokens, e....

H04W 12/06   Authentication

H04W 4/14   Short messaging services, e...

System and method for second factor authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for second factor authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links