Two-factor anti-phishing authentication systems and methods

US 8,510,817 B1
Filed: 08/02/2011
Issued: 08/13/2013
Est. Priority Date: 11/16/2007
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium containing thereon instructions for controlling a processor to perform a method of controlling access to a secure resource, comprising:

program code for outputting a link to the secure resource, wherein a specific link is specific to one of a plurality of authorized users and includes a unique password as part of the link;

program code for receiving a request from a browser, wherein the request is an electronic message indicating at least the resource being requested and including at least a submitted password;

program code for comparing the request and the submitted password to a set of specific links that have associated passwords, so as to determine if there is a match between the request and its submitted password to an outputted specific link and its included unique password;

program code for outputting a message to a login screen in a format that a browser can be expected to present to the user to allow for logging in for access to the secure resource, wherein the login screen would provide for user input of a user identification data element and a personal identification element;

program code for receiving a response to the login screen, the response including at least the entered user identification data element and the entered personal identification element;

program code for accessing a database of user records and for determining if the entered user identification data element and the entered personal identification element match the user associated with the submitted password from the request from the browser; and

program code for allowing or denying access to the secure resource based on whether or not the program code for accessing determines that there is a match.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computerized method of providing access to a secure resource includes, to each of a plurality of authorized users, providing a link to the secure resource. Each link includes a unique password embedded therein and each unique password relates to a particular user identification (userID) and personal identification number (PIN). The method also includes receiving a request to access the resource using a link having a password embedded therein, which request originates at a web browser. The method further includes directing the browser to a login screen and receiving via the login screen a userID and PIN. The method also includes determining whether the userID and PIN relate to one another and to the password and allowing or denying access to the resource in accordance with the determination.

16 Citations

View as Search Results

17 Claims

1. A non-transitory computer-readable medium containing thereon instructions for controlling a processor to perform a method of controlling access to a secure resource, comprising:
- program code for outputting a link to the secure resource, wherein a specific link is specific to one of a plurality of authorized users and includes a unique password as part of the link;
  
  program code for receiving a request from a browser, wherein the request is an electronic message indicating at least the resource being requested and including at least a submitted password;
  
  program code for comparing the request and the submitted password to a set of specific links that have associated passwords, so as to determine if there is a match between the request and its submitted password to an outputted specific link and its included unique password;
  
  program code for outputting a message to a login screen in a format that a browser can be expected to present to the user to allow for logging in for access to the secure resource, wherein the login screen would provide for user input of a user identification data element and a personal identification element;
  
  program code for receiving a response to the login screen, the response including at least the entered user identification data element and the entered personal identification element;
  
  program code for accessing a database of user records and for determining if the entered user identification data element and the entered personal identification element match the user associated with the submitted password from the request from the browser; and
  
  program code for allowing or denying access to the secure resource based on whether or not the program code for accessing determines that there is a match.
- View Dependent Claims (2, 5, 6, 7, 8)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the program code for comparing the request and the submitted password is configured to respond with a match indication when there is a match between the request and its submitted password and to respond, when there is not a match, with a request for the user to follow a provided link to enter the user identification data element and the personal identification element, wherein the provided link includes the password from the request.
  - 5. The non-transitory computer-readable medium of claim 1, wherein outputting a link to the secure resource includes electronically communicating the link to the user.
  - 6. The non-transitory computer-readable medium of claim 1, wherein outputting a link to the secure resource includes storing the link on a portable storage medium.
  - 7. The non-transitory computer-readable medium of claim 1, wherein outputting a link includes outputting a bookmark including the link.
  - 8. The non-transitory computer-readable medium of claim 1, wherein the program code for outputting a link to the secure resource includes program code for outputting the link to the secure resource in response to receiving an activation code.

3. A method of providing access to a secure resource, using a network-connected server capable of sending and receiving data messages between the server and a user client computing device, the method comprising:
- outputting a link to the secure resource, wherein a specific link is specific to one of a plurality of authorized users and includes a unique password as part of the link;
  
  receiving a request from a browser, wherein the request is an electronic message indicating at least the resource being requested and including at least a submitted password;
  
  comparing the request and the submitted password to a set of specific links that have associated passwords, so as to determine if there is a match between the request and its submitted password to an outputted specific link and its included unique password;
  
  outputting a message to a login screen in a format that a browser can be expected to present to the user to allow for logging in for access to the secure resource, wherein the login screen would provide for user input of a user identification data element and a personal identification element;
  
  receiving a response to the login screen, the response including at least the entered user identification data element and the entered personal identification element;
  
  accessing a database of user records and for determining if the entered user identification data element and the entered personal identification element match the user associated with the submitted password from the request from the browser; and
  
  allowing or denying access to the secure resource based on whether or not there is a match.
- View Dependent Claims (4, 9, 10, 11)
- - 4. The method of claim 3, wherein comparing the request and the submitted password includes responding with a match indication when there is a match between the request and its submitted password and responding, when there is not a match, with a request for the user to follow a provided link to enter the user identification data element and the personal identification element, wherein the provided link includes the password from the request.
  - 9. The method of claim 3, further comprising instructing the user to bookmark the login screen.
  - 10. The method of claim 9, further comprising instructing the user to close their browser and follow the bookmark.
  - 11. The method of claim 3, further comprising instructing the user to close their browser.

12. A computer server for providing access to a secure resource, the computer server comprising:
- a storage medium for storing instructions; and
  
  a processor coupled to the storage medium, the processor being operable to execute one or more of the instructions to thereby cause the server to;
  
  output a link to the secure resource, wherein a specific link is specific to one of a plurality of authorized users and includes a unique password as part of the link;
  
  receive a request from a browser, wherein the request is an electronic message indicating at least the resource being requested and including at least a submitted password;
  
  compare the request and the submitted password to a set of specific links that have associated passwords, so as to determine if there is a match between the request and its submitted password to an outputted specific link and its included unique password;
  
  output a message to a login screen in a format that a browser can be expected to present to the user to allow for logging in for access to the secure resource, wherein the login screen would provide for user input of a user identification data element and a personal identification element;
  
  receive a response to the login screen, the response including at least the entered user identification data element and the entered personal identification element;
  
  access a database of user records and for determining if the entered user identification data element and the entered personal identification element match the user associated with the submitted password from the request from the browser; and
  
  allow or deny access to the secure resource based on whether or not there is a match.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The computer server of claim 12, wherein comparing the request and the submitted password includes responding with a match indication when there is a match between the request and its submitted password and responding, when there is not a match, with a request for the user to follow a provided link to enter the user identification data element and the personal identification element, wherein the provided link includes the password from the request.
  - 14. The computer server of claim 12, wherein the processor is further operable cause the server to allow access to the secure resource when there is a match and deny access to the secure resource when there is not a match.
  - 15. The computer server of claim 12, wherein the unique password included in the specific link includes a text message interspersed with elements of the password.
  - 16. The computer server of claim 12, wherein the processor is further operable cause the server to preserve the user'"'"'s session context.
  - 17. The computer server of claim 12, wherein the processor is further operable cause the server to receive cookies from a preliminary browsing session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Hird, Geoffrey
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US13/196,780
Time in Patent Office

742 Days
Field of Search

726/7, 726/28, 726/4, 726/5, 726/6
US Class Current

726/7
CPC Class Codes

G06F 21/31 User authentication

Two-factor anti-phishing authentication systems and methods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Two-factor anti-phishing authentication systems and methods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links