System and method for blocking unauthorized network log in using stolen password

US 8,528,078 B2
Filed: 07/02/2007
Issued: 09/03/2013
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user to grant access to data by the user:

at a Web server, responsive to receiving by a first channel a user name and password that are valid from a user computer, determining that a cookie previously deposited on the user computer includes a machine ID and a login key that are invalid based on respectively comparing the machine ID with a test machine ID and a stored key;

responsive to determining that the machine ID and the login key are invalid, (i) receiving an audible phrase over a second channel, the second channel being a different type of channel than the first channel and (ii) determining an access right for the user computer by;

comparing the audible phrase to a stored biometric associated with the user;

responsive to determining that the audible phrase matches the stored biometric, providing a pass code in a user-defined human-readable language to the user computer over the second channel subsequent to determining that the audible phrase matches the stored biometric; and

responsive to receiving the pass code from the user computer over the first channel, granting access to the data to the user computer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The authenticity of a website is determined using a unique string of characters known only to the user and the website on each page of the website that is displayed to the user, with a false site being incapable of displaying this unique string of characters, thereby putting the user on notice that the current site is not the authentic one the user desires to access. Voice methods for conveying one-time pass codes to users and for permitting customer institutions to select authentication rules are also disclosed.

Citations

23 Claims

1. A method for authenticating a user to grant access to data by the user:
- at a Web server, responsive to receiving by a first channel a user name and password that are valid from a user computer, determining that a cookie previously deposited on the user computer includes a machine ID and a login key that are invalid based on respectively comparing the machine ID with a test machine ID and a stored key;
  
  responsive to determining that the machine ID and the login key are invalid, (i) receiving an audible phrase over a second channel, the second channel being a different type of channel than the first channel and (ii) determining an access right for the user computer by;
  
  comparing the audible phrase to a stored biometric associated with the user;
  
  responsive to determining that the audible phrase matches the stored biometric, providing a pass code in a user-defined human-readable language to the user computer over the second channel subsequent to determining that the audible phrase matches the stored biometric; and
  
  responsive to receiving the pass code from the user computer over the first channel, granting access to the data to the user computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the Web server is an online banking server or content subscription server.
  - 3. The method of claim 1, wherein providing the pass code to the user over the second channel in the user-defined human language comprises providing a one-time pass code over a phone link as the second channel in response to determining a primary mode of provision of the one-time pass code that is different than the phone link has failed.
  - 4. The method of claim 1, wherein the second channel comprises a phone link.
  - 5. The method of claim 1, further comprising:
    - responsive to receiving by the first channel the user name and the password are valid from the user computer, providing a web page to the user computer for display to the user, the web page comprising a secret previously established with the user.
  - 6. The method of claim 1, further comprising:
    - determining a geographic location for the user computer; and
      
      responsive to determining the geographic location for the user computer is an approved geographic location, granting the user computer access to the information.
  - 7. The method of claim 6, wherein the geographic location comprises:
    - an identification of a political boundary in which the user computer is positioned; and
      
      a type of location within the political boundary in which the user computer is positioned.
  - 8. The method of claim 1, further comprising, responsive to granting access to the data to the user computer, providing a new cookie to the user computer, the new cookie including the machine ID, the new cookie being used by the Web server to validate the user computer in a subsequent login to the Web server.

9. A server comprising:
- a processor; and
  
  a non-transitory program storage comprising logic stored thereon, wherein the logic, when executed by the processor, is configured to cause the server to;
  
  determine that a user name and a password received from a user computer via a first channel of communication are valid; and
  
  respond to determining that the user name and the password are valid by;
  
  determining that a cookie previously deposited on the user computer includes a machine ID and a login key that are invalid based on respectively comparing the machine ID and the login key with a test machine ID and a stored key;
  
  responsive to determining that the machine ID and the login key are invalid;
  
  (i) receiving an audible phrase over a second channel of communication, the second channel of communication being a different type of channel than the first channel of communication;
  
  (ii) granting access to data to the user computer in response to determining that the audible phrase matches a stored biometric; and
  
  (iii) providing a pass code in a human-readable language to the user over the second channel of communication and granting access to the data to the user computer in response to receiving the pass code over the first channel of communication.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The server of claim 9, wherein the server is one of an online banking server or a content subscription server.
  - 11. The server of claim 9, wherein the logic is configured to cause the server to provide the pass code in the human-readable language to the user over the second channel of communication by:
    - providing the pass code in the human-readable language to the user over a phone link in response to determining that an attempt to provide the pass code over a primary mode of provision has failed.
  - 12. The server of claim 9, wherein the logic is configured to cause the server to provide the pass code in the human-readable language to the user over the second channel of communication by:
    - dialing a telephone number associated with the user to cause a phone link to be established between the server and telephone equipment associated with the telephone number;
      
      in response to receiving an audible response from a live person over the phone link,audibly outputting the pass code in the human-readable language; and
      
      in response to receiving an audible response from an answering machine over the phone link and in response to determining that providing messages to the answering machine is approved,audibly outputting the pass code in the human-readable language.
  - 13. The server of claim 9, wherein the logic is configured to cause the server to compare the audible phrase to the stored biometric associated with the user by analyzing voice samples of the audible phrase for an acceptable audio quality and for similarity with the stored biometric.
  - 14. The server of claim 9, wherein the first channel of communication comprises an Internet communication channel and the second channel of communication comprises at least one of:
    - an audible phone link;
      
      ora short message service phone link.
  - 15. The server of claim 9, wherein the logic is further configured to cause the server to, in response to determining that the user name and the password received from the user computer via the first channel of communication are valid, provide a web page to the user computer for display to the user, the web page comprising a secret previously established with the user.
  - 16. The server of claim 9, wherein the logic is further configured to cause the server to:
    - determine a geographic location for the user computer; and
      
      approved geographic location by granting the user computer access to the information.
  - 17. The server of claim 16, wherein the geographic location comprises:
    - an identification of a political boundary in which the user computer is positioned; and
      
      a type of location within the political boundary in which the user computer is positioned.
  - 18. The server of claim 9, wherein the logic, when executed by the processor, is further configured to cause the server to responsive to granting access to the data to the user computer, provide a new cookie to the user computer, the new cookie including the machine ID, the new cookie being used to validate the user computer in a subsequent login.

19. A system comprising:
- a user computer associated with a user; and
  
  a server configured for, in response to determining that (i) a user name and a password received from the user computer by a first channel of communication are valid and (ii) that a cookie previously deposited on the user computer includes a machine ID and a login key that are invalid based on respectively comparing the machine ID and the login key with a test machine ID and a stored key;
  
  determining that the user has selected at least one of providing an audible phrase over a second channel of communication or receiving a one-time pass code over the second channel of communication;
  
  based on determining that the user has selected providing the audible phrase, receiving the audible phrase over the second channel of communication, the second channel of communication being a different type of channel than the first channel of communication, andgranting access to data to the user computer in response to determining that the audible phrase matches a stored biometric;
  
  based on determining that the user has selected receiving the one-time pass code, providing the one-time pass code in a human-readable language to the user over the second channel of communication and granting access to the data to the user computer in response to receiving the pass code over the first channel of communication.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The system of claim 19, wherein the server is one of an online banking server or a content subscription server.
  - 21. The system of claim 19, wherein the first channel of communication comprises an Internet communication channel and the second channel of communication comprises at least one of:
    - an audible phone link;
      
      or a short message service phone link.
  - 22. The system of claim 19, wherein the server is further configured to, in response to determining that the user name and the password received from the user computer via the first channel of communication are valid, provide a web page to the user computer for display to the user, the web page comprising a secret previously established with the user.
  - 23. The system of claim 19, wherein the server is further configured for, in response to granting access to the data to the user computer, providing a new cookie to the user computer, the new cookie including the machine ID, the new cookie being used to validate the user computer in a subsequent login.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anakam, Inc. (Equifax, Inc.)
Original Assignee
Anakam, Inc. (Equifax, Inc.)
Inventors
Camaisa, Allan, Samuelsson, Jonas
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US11/824,694
Publication Number

US 20070266257A1
Time in Patent Office

2,255 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

System and method for blocking unauthorized network log in using stolen password

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for blocking unauthorized network log in using stolen password

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links