Authentication apparatus

US 8,649,766 B2
Filed: 12/30/2009
Issued: 02/11/2014
Est. Priority Date: 12/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method of using authentication apparatus to authenticate an access operation by a user by means of a multi-factor authentication process, the user having an associated access device and an associated notification device, said method including the step of notifying to the user'"'"'s notification device at least one factor for use in the multi-factor authentication process, the method comprising:

transmission by the authentication apparatus of a first factor of the multi-factor authentication process, in a notification message addressed to the notification device, said transmission occurring prior to the user requesting initiation of the multi-factor authentication process;

detection at the authentication apparatus of initiation of the multi-factor authentication process from the access device;

maintaining at the authentication apparatus a store of two or more valid first factors transmitted to a specified notification device;

maintaining a store of two or more valid first factors in relation to a single user at the same time;

locking by the authentication apparatus each transmitted first factor after receipt at the authentication apparatus for use in an authentication process, against subsequent use;

receipt at the authentication apparatus, from the access device, of the first factor and a second factor,whereby the authentication apparatus is provided with two factors for use in said multi-factor authentication process.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Multi-factor authentication apparatus pre-loads a first factor, for example a passcode, to user equipment such as a mobile telephone. The user subsequently initiates access to a protected product or service, triggering the apparatus to run a multi-factor authentication process, via an access device such as a computer connected to the Internet. The user enters the pre-loaded first factor, together with another factor such as a UserID and PIN. The pre-loading avoids vulnerability to communications problems at the time the user initiates access. Pre-loading is done every time an access session terminates for the user, either successful or failed and a user profile data store is used to manage passcodes in a manner that allows incorrectly entered first factors to be retried when delivery to user equipment is not possible.

Citations

9 Claims

1. A method of using authentication apparatus to authenticate an access operation by a user by means of a multi-factor authentication process, the user having an associated access device and an associated notification device, said method including the step of notifying to the user'"'"'s notification device at least one factor for use in the multi-factor authentication process, the method comprising:
- transmission by the authentication apparatus of a first factor of the multi-factor authentication process, in a notification message addressed to the notification device, said transmission occurring prior to the user requesting initiation of the multi-factor authentication process;
  
  detection at the authentication apparatus of initiation of the multi-factor authentication process from the access device;
  
  maintaining at the authentication apparatus a store of two or more valid first factors transmitted to a specified notification device;
  
  maintaining a store of two or more valid first factors in relation to a single user at the same time;
  
  locking by the authentication apparatus each transmitted first factor after receipt at the authentication apparatus for use in an authentication process, against subsequent use;
  
  receipt at the authentication apparatus, from the access device, of the first factor and a second factor,whereby the authentication apparatus is provided with two factors for use in said multi-factor authentication process.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1 wherein the access device comprises computer apparatus for accessing a product or service online in a secure manner.
  - 3. A method according to claim 1 wherein the notification device is independent of the access device.
  - 4. A method according to claim 1 wherein the notification device comprises a mobile device and the notification message is addressed by use of a mobile telephone number.
  - 5. A method according to claim 4 wherein the notification message comprises a text message.
  - 6. A method according to claim 1, further comprising:
    - termination of a multi-factor authentication process in relation to a user; and
      
      in response to said termination, transmission of a new first factor for use in the multi-factor authentication, in a notification message addressed to the notification device of that user.
  - 7. A method according to claim 1, wherein said transmission of a first factor, or of a new first factor, comprises transmission over a public network.

8. Authentication apparatus comprising a processor, for use in authenticating an access operation by a user by means of a multi-factor authentication process, the user having an associated access device and an associated notification device, said apparatus further comprising:
- a user profile data assembler for assembling data in relation to the user;
  
  a notification message transmitter for assembling and transmitting a message containing a first factor to the user'"'"'s notification device; and
  
  an authentication factor receiver for receiving factors of the multi-factor authentication from the user'"'"'s access device and for authenticating the user;
  
  wherein the notification message transmitter is triggerable to assemble and transmit a message containing a new first factor to the user'"'"'s notification device by termination of the multi-factor authentication process in respect of that user;
  
  wherein the user profile data assembler is adapted to store two or more valid first factors in relation to one user at the same time, each transmitted first factor being locked after receipt at the authentication apparatus for use in the authentication process, against subsequent use;
  
  wherein the user profile data assembler is adapted to store each transmitted first factor in the assembled data in relation to the user, and to lock each stored first factor once received by the authentication factor receiver from the user'"'"'s access device; and
  
  wherein the user'"'"'s access device and notification device have different network addresses and the notification message transmitter is configured to transmit the message containing a new first factor to the network address of the notification device.
- View Dependent Claims (9)
- - 9. Authentication apparatus according to claim 8, further comprising a user profile database structured to store two or more valid first factors in relation to one user at the same time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurEnvoy Ltd. (Shearwater Group Plc)
Original Assignee
Secureenvoy PLC
Inventors
Kemshall, Andrew C.
Primary Examiner(s)
Hu, Jinsong
Assistant Examiner(s)
TAYLOR, NATHAN SCOTT

Application Number

US12/649,485
Publication Number

US 20110159846A1
Time in Patent Office

1,504 Days
Field of Search

726/2, 726/5, 705/72, 713184-185, 455410-411
US Class Current

455/411
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/43   wireless channels

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/068   using credential vaults, e....

Authentication apparatus

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication apparatus

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links