System and method for blocking unauthorized network log in using stolen password
First Claim
Patent Images
1. A method for authenticating a user to grant access to data by the user:
- at a Web server, responsive to receiving by a first channel a user name and password that are valid from a user computer, determining that a cookie previously deposited on the user computer includes a machine ID and a login key that are invalid based on respectively comparing the machine ID with a test machine ID and a stored key;
responsive to determining that the machine ID and the login key are invalid, (i) receiving an audible phrase over a second channel, the second channel being a different type of channel than the first channel and (ii) determining an access right for the user computer by;
comparing the audible phrase to a stored biometric associated with the user;
responsive to determining that the audible phrase matches the stored biometric, providing a pass code in a user-defined human-readable language to the user computer over the second channel subsequent to determining that the audible phrase matches the stored biometric; and
responsive to receiving the pass code from the user computer over the first channel, granting access to the data to the user computer.
3 Assignments
0 Petitions
Accused Products
Abstract
The authenticity of a website is determined using a unique string of characters known only to the user and the website on each page of the website that is displayed to the user, with a false site being incapable of displaying this unique string of characters, thereby putting the user on notice that the current site is not the authentic one the user desires to access. Voice methods for conveying one-time pass codes to users and for permitting customer institutions to select authentication rules are also disclosed.
-
Citations
23 Claims
-
1. A method for authenticating a user to grant access to data by the user:
-
at a Web server, responsive to receiving by a first channel a user name and password that are valid from a user computer, determining that a cookie previously deposited on the user computer includes a machine ID and a login key that are invalid based on respectively comparing the machine ID with a test machine ID and a stored key; responsive to determining that the machine ID and the login key are invalid, (i) receiving an audible phrase over a second channel, the second channel being a different type of channel than the first channel and (ii) determining an access right for the user computer by; comparing the audible phrase to a stored biometric associated with the user; responsive to determining that the audible phrase matches the stored biometric, providing a pass code in a user-defined human-readable language to the user computer over the second channel subsequent to determining that the audible phrase matches the stored biometric; and responsive to receiving the pass code from the user computer over the first channel, granting access to the data to the user computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A server comprising:
-
a processor; and a non-transitory program storage comprising logic stored thereon, wherein the logic, when executed by the processor, is configured to cause the server to; determine that a user name and a password received from a user computer via a first channel of communication are valid; and respond to determining that the user name and the password are valid by; determining that a cookie previously deposited on the user computer includes a machine ID and a login key that are invalid based on respectively comparing the machine ID and the login key with a test machine ID and a stored key; responsive to determining that the machine ID and the login key are invalid; (i) receiving an audible phrase over a second channel of communication, the second channel of communication being a different type of channel than the first channel of communication; (ii) granting access to data to the user computer in response to determining that the audible phrase matches a stored biometric; and (iii) providing a pass code in a human-readable language to the user over the second channel of communication and granting access to the data to the user computer in response to receiving the pass code over the first channel of communication. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a user computer associated with a user; and a server configured for, in response to determining that (i) a user name and a password received from the user computer by a first channel of communication are valid and (ii) that a cookie previously deposited on the user computer includes a machine ID and a login key that are invalid based on respectively comparing the machine ID and the login key with a test machine ID and a stored key; determining that the user has selected at least one of providing an audible phrase over a second channel of communication or receiving a one-time pass code over the second channel of communication; based on determining that the user has selected providing the audible phrase, receiving the audible phrase over the second channel of communication, the second channel of communication being a different type of channel than the first channel of communication, and granting access to data to the user computer in response to determining that the audible phrase matches a stored biometric; based on determining that the user has selected receiving the one-time pass code, providing the one-time pass code in a human-readable language to the user over the second channel of communication and granting access to the data to the user computer in response to receiving the pass code over the first channel of communication. - View Dependent Claims (20, 21, 22, 23)
-
Specification