System and method for second factor authentication services

US 8,533,791 B2
Filed: 06/19/2008
Issued: 09/10/2013
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a request to perform a second factor authentication from a firstauthentication server subsequent to a successful first factor authentication of a user computer by the first authentication server; and

responsive to receiving the request, performing, by a second authentication server that is separate from the first authentication server, the second factor authentication of the user computer subsequent to the successful first factor authentication by the first authentication server, the second factor authentication comprising;

outputting a challenge to the user computer, the challenge being a type of challenge selected by the first authentication server from a plurality of types of challenges that the second authentication server is configured to output, wherein outputting the challenge to the user computer comprises establishing a direct communication channel between the second authentication server and the user computer;

receiving a response from the user computer to the challenge; and

performing at least one of;

responsive to determining the response from the user computer to the challenge is correct, outputting an indication to the first authentication server that the user computer passed the second factor authentication, orresponsive to determining the response from the user computer to the challenge is incorrect, outputting an indication to the first authentication server that the user computer failed the second factor authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A customer server receives a client request to access protected resources over the Internet. First factor authentication is performed and if it is successful a vendor authentication engine is invoked to undertake second factor authentication. The results of the second factor authentication are returned to the customer server, which grants access only if both first and second factor authentication succeeds.

180 Citations

12 Claims

1. A method, comprising:
- receiving a request to perform a second factor authentication from a firstauthentication server subsequent to a successful first factor authentication of a user computer by the first authentication server; and
  
  responsive to receiving the request, performing, by a second authentication server that is separate from the first authentication server, the second factor authentication of the user computer subsequent to the successful first factor authentication by the first authentication server, the second factor authentication comprising;
  
  outputting a challenge to the user computer, the challenge being a type of challenge selected by the first authentication server from a plurality of types of challenges that the second authentication server is configured to output, wherein outputting the challenge to the user computer comprises establishing a direct communication channel between the second authentication server and the user computer;
  
  receiving a response from the user computer to the challenge; and
  
  performing at least one of;
  
  responsive to determining the response from the user computer to the challenge is correct, outputting an indication to the first authentication server that the user computer passed the second factor authentication, orresponsive to determining the response from the user computer to the challenge is incorrect, outputting an indication to the first authentication server that the user computer failed the second factor authentication.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the first factor authentication comprises testing for correct user name and password received from the user computer.
  - 3. The method of claim 2, wherein the plurality of types of challenges comprise a security question.
  - 4. The method of claim 1, wherein the challenge is outputted by a transmission method selected from the group consisting of:
    - a telephone text message;
      
      an email message; and
      
      an interactive voice response.
  - 5. The method of claim 1, wherein the plurality of types of challenges comprise a security question.

6. A customer server comprising:
- at least one processor;
  
  at least one tangible computer readable medium accessible by the at least one processor and having instructions embodying logic that when executed by the at least one processor are configured to cause the customer server to;
  
  receive from a user computer a request to access information on the customer server, the request comprising a user name and a password for a user;
  
  respond to the user name and the password not matching data stored for the user by denying the user computer access to the information on the customer server;
  
  respond to the user name and the password matching data stored for the user by outputting a command to a Vendor authentication server to perform a second factor authentication of the user using a type of challenge selected by the customer server from a plurality of types of challenges that the vendor authentication server is configured to perform, wherein performing the second factor authentication comprises establishing a direct communication channel between the vendor authentication server and the user computer;
  
  respond to receiving from the vendor authentication server an indication that the user failed the second factor authentication by denying the user computer access to the information on the customer server; and
  
  respond to receiving from the vendor authentication server an indication that the user passed the second factor authentication by granting the user computer access to the information on the customer server.
- View Dependent Claims (7)
- - 7. The customer server of claim 6, wherein the plurality of types of challenges comprise a security question.

8. A second authentication server device, comprising:
- a tangible computer-readable media having code stored thereon; and
  
  at least one processor configured for executing the code to cause the second authentication server device to;
  
  receive a request to perform a second factor authentication from a first authentication server device subsequent to a successful first factor authentication of a user computer by the first authentication server device, wherein the second authentication server device is separate from the first authentication server device; and
  
  perform the second factor authentication of the user computer responsive to receiving the request and subsequent to the successful first factor authentication by the first authentication server device, wherein the second factor authentication comprises;
  
  outputting a challenge to the seer computer, the challenge being a type of challenge selected by the first authentication server device from a plurality of types of challenges that the second authentication server device is configured to output, wherein outputting the challenge to the user computer comprises establishing a direct communication channel between the second authentication server device and the user computer;
  
  responsive to determining the response from the user computer to the challenge is correct, outputting an indication to the first authentication server device that the user computer passed the second factor authentication; and
  
  responsive to determining the response from the user computer to the challenge is incorrect, outputting an indication to the first authentication server device that the user computer failed the second factor authentication.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The second authentication server device of claim 8, wherein the first factor authentication comprises testing for correct user name and password received from the user computer.
  - 10. The second authentication server device of claim 9, wherein the plurality of types of challenges comprise a security question.
  - 11. The second authentication server device of claim 8, wherein the challenge is outputted by a transmission method selected from the group consisting of:
    - a telephone text message;
      
      an email message; and
      
      an interactive voice response.
  - 12. The second authentication server device of claim 8, wherein the plurality of types of challenges comprise a security question.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anakam, Inc. (Equifax, Inc.)
Original Assignee
Anakam, Inc. (Equifax, Inc.)
Inventors
Samuelsson, Jonas, Camaisa, Allan
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
KANAAN, SIMON P

Application Number

US12/142,232
Publication Number

US 20080250477A1
Time in Patent Office

1,909 Days
Field of Search

None
US Class Current

726/5
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/60   Protecting data

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/18   using different networks or...

H04L 9/321   involving a third party or ...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3273   for mutual authentication n...

System and method for second factor authentication services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

180 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for second factor authentication services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

180 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links