Systems and methods for authentication via mobile communication device
First Claim
1. An authentication server computer system comprising at least one processor configured to:
- communicate with a mobile communication device of a user to authenticate the mobile communication device as authorized to validate a user login session by a user client computer system on a service provider server;
send to the mobile communication device a request for user validation of the user login session on the service provider server;
in response to sending to the mobile communication device the request for user validation of the user login session, receive from the mobile communication device a user acceptance of the request for user validation of the user login session, wherein the user acceptance indicates a user confirmation that a first sensory identification of the login session presented to the user on the mobile communication device matches a second sensory identification of the login session presented to the user on the user client computer system; and
in response to authenticating the mobile communication device and receiving the user acceptance, send to the service provider an indicator of the user'"'"'s acceptance, for allowing the user client computer system access to a restricted resource on the service provider server.
1 Assignment
0 Petitions
Accused Products
Abstract
Described systems and methods allow secure and relatively convenient authentication of a secure login session. When a user initiates a login session on a secure site using a client computer system (e.g. laptop, tablet, smartphone), matching login session identifiers (Ticket IDs) are displayed on the client computer system and a mobile communication device uniquely associated with the user (e.g. the user'"'"'s smartphone). Upon verifying that the two Ticket IDs match, the user accepts the Ticket ID displayed on the mobile communication device, which causes the login session by the client computer system to proceed. Identity verification proceeds largely in the background, through communications between an authentication server, service provider server, and mobile communication device, and involves minimal user input. Techniques are disclosed for reducing the incidence of inadvertent acceptance of incorrect Ticket IDs by users, and reducing system vulnerability to attacks.
-
Citations
30 Claims
-
1. An authentication server computer system comprising at least one processor configured to:
-
communicate with a mobile communication device of a user to authenticate the mobile communication device as authorized to validate a user login session by a user client computer system on a service provider server; send to the mobile communication device a request for user validation of the user login session on the service provider server; in response to sending to the mobile communication device the request for user validation of the user login session, receive from the mobile communication device a user acceptance of the request for user validation of the user login session, wherein the user acceptance indicates a user confirmation that a first sensory identification of the login session presented to the user on the mobile communication device matches a second sensory identification of the login session presented to the user on the user client computer system; and in response to authenticating the mobile communication device and receiving the user acceptance, send to the service provider an indicator of the user'"'"'s acceptance, for allowing the user client computer system access to a restricted resource on the service provider server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A mobile communication device comprising at least one processor configured to:
-
communicate with an authentication server computer system to authenticate the mobile communication device as authorized to validate a user login session by a user client computer system on a service provider server; receive from the authentication server computer system a request for user validation of the user login session on the service provider server; in response to receiving the request for user validation of the user login session, present to the user a first sensory identification of the login session, wherein the first sensory identification matches a second sensory identification of the login session presented to the user on the user client computer system; receive from the user a user acceptance of the request for user validation of the user login session, wherein the user acceptance indicates a user confirmation that the first sensory identification matches the second sensory identification; and in response to receiving the user acceptance, send to the authentication server computer system an indicator of the user acceptance, for allowing the user client computer system access to a restricted resource on the service provider server. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A service provider computer system comprising at least one processor configured to:
-
receive from a user client computer system a request to initiate a user login session for a user; generate and send to the user client computer system a first sensory identification of the login session to be presented to the user by the user client computer system; send to an authentication server computer system a request for user validation of the user login session; receive from the authentication server computer system an indicator of the user'"'"'s acceptance of the request for user validation, wherein receiving the indicator of the user'"'"'s acceptance indicates; an authentication by the authentication server computer system of a mobile communication device of the user as authorized to validate the user login session, and a user confirmation that a second sensory identification of the login session presented to the user on the mobile communication device matches the first sensory identification of the login session presented to the user by the user client computer system; and in response to receiving from the authentication server computer system the indicator of the user'"'"'s acceptance of the request for user validation, allowing the user client computer system access to a restricted resource on the service provider server. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification