Two-factor anti-phishing authentication systems and methods
First Claim
1. A non-transitory computer-readable medium containing thereon instructions for controlling a processor to perform a method of controlling access to a secure resource, comprising:
- program code for outputting a link to the secure resource, wherein a specific link is specific to one of a plurality of authorized users and includes a unique password as part of the link;
program code for receiving a request from a browser, wherein the request is an electronic message indicating at least the resource being requested and including at least a submitted password;
program code for comparing the request and the submitted password to a set of specific links that have associated passwords, so as to determine if there is a match between the request and its submitted password to an outputted specific link and its included unique password;
program code for outputting a message to a login screen in a format that a browser can be expected to present to the user to allow for logging in for access to the secure resource, wherein the login screen would provide for user input of a user identification data element and a personal identification element;
program code for receiving a response to the login screen, the response including at least the entered user identification data element and the entered personal identification element;
program code for accessing a database of user records and for determining if the entered user identification data element and the entered personal identification element match the user associated with the submitted password from the request from the browser; and
program code for allowing or denying access to the secure resource based on whether or not the program code for accessing determines that there is a match.
3 Assignments
0 Petitions
Accused Products
Abstract
A computerized method of providing access to a secure resource includes, to each of a plurality of authorized users, providing a link to the secure resource. Each link includes a unique password embedded therein and each unique password relates to a particular user identification (userID) and personal identification number (PIN). The method also includes receiving a request to access the resource using a link having a password embedded therein, which request originates at a web browser. The method further includes directing the browser to a login screen and receiving via the login screen a userID and PIN. The method also includes determining whether the userID and PIN relate to one another and to the password and allowing or denying access to the resource in accordance with the determination.
16 Citations
17 Claims
-
1. A non-transitory computer-readable medium containing thereon instructions for controlling a processor to perform a method of controlling access to a secure resource, comprising:
-
program code for outputting a link to the secure resource, wherein a specific link is specific to one of a plurality of authorized users and includes a unique password as part of the link; program code for receiving a request from a browser, wherein the request is an electronic message indicating at least the resource being requested and including at least a submitted password; program code for comparing the request and the submitted password to a set of specific links that have associated passwords, so as to determine if there is a match between the request and its submitted password to an outputted specific link and its included unique password; program code for outputting a message to a login screen in a format that a browser can be expected to present to the user to allow for logging in for access to the secure resource, wherein the login screen would provide for user input of a user identification data element and a personal identification element; program code for receiving a response to the login screen, the response including at least the entered user identification data element and the entered personal identification element; program code for accessing a database of user records and for determining if the entered user identification data element and the entered personal identification element match the user associated with the submitted password from the request from the browser; and program code for allowing or denying access to the secure resource based on whether or not the program code for accessing determines that there is a match. - View Dependent Claims (2, 5, 6, 7, 8)
-
-
3. A method of providing access to a secure resource, using a network-connected server capable of sending and receiving data messages between the server and a user client computing device, the method comprising:
-
outputting a link to the secure resource, wherein a specific link is specific to one of a plurality of authorized users and includes a unique password as part of the link; receiving a request from a browser, wherein the request is an electronic message indicating at least the resource being requested and including at least a submitted password; comparing the request and the submitted password to a set of specific links that have associated passwords, so as to determine if there is a match between the request and its submitted password to an outputted specific link and its included unique password; outputting a message to a login screen in a format that a browser can be expected to present to the user to allow for logging in for access to the secure resource, wherein the login screen would provide for user input of a user identification data element and a personal identification element; receiving a response to the login screen, the response including at least the entered user identification data element and the entered personal identification element; accessing a database of user records and for determining if the entered user identification data element and the entered personal identification element match the user associated with the submitted password from the request from the browser; and allowing or denying access to the secure resource based on whether or not there is a match. - View Dependent Claims (4, 9, 10, 11)
-
-
12. A computer server for providing access to a secure resource, the computer server comprising:
-
a storage medium for storing instructions; and a processor coupled to the storage medium, the processor being operable to execute one or more of the instructions to thereby cause the server to; output a link to the secure resource, wherein a specific link is specific to one of a plurality of authorized users and includes a unique password as part of the link; receive a request from a browser, wherein the request is an electronic message indicating at least the resource being requested and including at least a submitted password; compare the request and the submitted password to a set of specific links that have associated passwords, so as to determine if there is a match between the request and its submitted password to an outputted specific link and its included unique password; output a message to a login screen in a format that a browser can be expected to present to the user to allow for logging in for access to the secure resource, wherein the login screen would provide for user input of a user identification data element and a personal identification element; receive a response to the login screen, the response including at least the entered user identification data element and the entered personal identification element; access a database of user records and for determining if the entered user identification data element and the entered personal identification element match the user associated with the submitted password from the request from the browser; and allow or deny access to the secure resource based on whether or not there is a match. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification