Flexible quasi out of band authentication architecture

US 8,745,699 B2
Filed: 04/06/2011
Issued: 06/03/2014
Est. Priority Date: 05/14/2010
Status: Active Grant

First Claim

Patent Images

1. A method of operating a network site to obtain approval of network transactions at different levels of security by a user, comprising:

selecting, based on a predetermined security level for a transaction, a form in which a transaction will be presented to the user from a group of transaction presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device;

selecting, based on the predetermined security level for the transaction, a type of approval of the transaction required from the user from a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction; and

transmitting the transaction, the selected transaction presentation form, and the selected type of user transaction approval, to obtain approval of the transaction by the user.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To obtain user approval of network transactions at different levels of security, a network site selects a form in which a transaction with be presented to the user from a group of transaction presentation forms including presentation of the transaction in a browser pop-up window on a user network device, in a security software application window on the user network device, and in a security application window on another user network device. The network site also selects a type of approval of the transaction required from the user from a group of transaction approval types including approval requiring no action by the user after presentation of the transaction, the user to actively approve the presented transaction, and the user to sign the presented transaction. The transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to obtain approval of the transaction by the user.

Citations

20 Claims

1. A method of operating a network site to obtain approval of network transactions at different levels of security by a user, comprising:
- selecting, based on a predetermined security level for a transaction, a form in which a transaction will be presented to the user from a group of transaction presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device;
  
  selecting, based on the predetermined security level for the transaction, a type of approval of the transaction required from the user from a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction; and
  
  transmitting the transaction, the selected transaction presentation form, and the selected type of user transaction approval, to obtain approval of the transaction by the user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein the first network device is a computer and the second network device is a mobile communications device.
  - 3. The method according to claim 1, wherein the first network device is a desktop computer and the second network device is a smart mobile phone.
  - 4. The method according to claim 1, wherein the selected type of user transaction approval is the third type approval, and the transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to the user via a security server to obtain authorization of a user, and further comprising:
    - receiving, from the user, a personal identification number (PIN) that serves as a signature of the user on the transaction;
      
      computing a validation PIN based on a secret shared only by the network site and the security server, and not by the user;
      
      comparing the received PIN and the computed PIN; and
      
      accepting the received PIN as approval of the transaction by the user only if the received PIN and the computed PIN match.
  - 5. The method according to claim 1, wherein the selected type of user transaction approval is the second type approval, and the transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to the user via a security server to obtain authorization of a user, and further comprising:
    - receiving, from the security server, an indication that the user has approved or denied approval of the presented transaction.
  - 6. The method according to claim 1, wherein the transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to the user via a security server to obtain approval of the user, and further comprising:
    - transmitting the transaction to the user for presentation in a browser window on the first network device;
      
      receiving, from the security server, comfort indicia of the user; and
      
      transmitting the received comfort indicia and the approved transaction to the user for presentation in the browser window.

7. An article of manufacture for obtaining approval of a user of network transactions with a network station at different levels of security, comprising:
- non-transitory processor readable storage medium; and
  
  logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to;
  
  select, based on a predetermined security level for a transaction, a form in which a transaction will be presented to the user from a group of transaction presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device;
  
  select, based on the predetermined security level for the transaction, a type of approval of the transaction required from the user from a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction; and
  
  transmit the transaction, the selected transaction presentation form, and the selected type of user transaction approval, to obtain approval of the transaction by the user.
- View Dependent Claims (8, 9, 10)
- - 8. The article of manufacture according to claim 7, wherein the selected type of user transaction approval is the third type approval, and the transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to the user via a security server to obtain authorization of a user, and the stored logic is further configured to cause the processor to operate so as to:
    - receive, from the user, a personal identification number (PIN) that serves as a signature of the user on the transaction;
      
      compute a validation PIN based on a secret shared only by the network site and the security server, and not by the user;
      
      compare the received PIN and the computed PIN; and
      
      accept the received PIN as approval of the transaction by the user only if the received PIN and the computed PIN match.
  - 9. The article of manufacture according to claim 7, wherein the selected type of user transaction approval is the second type approval, and the transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to the user via a security server to obtain authorization of a user, and the stored logic is further configured to cause the processor to operate so as to:
    - receive, from the security server, an indication that the user has approved or denied approval of the presented transaction.
  - 10. The article of manufacture according to claim 7, wherein the transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to the user via a security server to obtain approval of the user, and the stored logic is further configured to cause the processor to operate so as to:
    - transmit the transaction to the user for presentation in a browser window on the first network device;
      
      receive, from the security server, comfort indicia of the user; and
      
      transmit the received comfort indicia and the approved transaction to the user for presentation in the browser window.

11. A method of operating a security server to present network transactions requiring different levels of security for approval by a user, comprising:
- receiving a transaction having a predetermined security level from a network site transacting with the user;
  
  presenting the transaction to the user in one of a group of presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device, wherein the one presentation form corresponds to a predetermined security level for the transaction; and
  
  requesting one of a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction selecting, wherein the one transaction approval type corresponds to the predetermined security level for the transaction.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method according to claim 11, wherein the first network device is a computer and the second network device is a mobile communications device.
  - 13. The method according to claim 11, wherein the first network device is a desktop computer and the second network device is a smart mobile phone.
  - 14. The method according to claim 11, wherein the one transaction approval type is the third type approval, and further comprising:
    - receiving an identifier of the one transaction presentation form and the one transaction approval type from the network site;
      
      computing a personal identification number (PIN) based on a secret shared only by the network site and the security server, and not by the user; and
      
      presenting the computed PIN to the user for use as a signature of the user on the transaction.
  - 15. The method according to claim 11, wherein the one transaction approval type is the second type approval, and further comprising:
    - receiving an identifier of the one transaction presentation form and the one transaction approval type from the network site;
      
      receiving an indication of approval of the presented transaction from the user; and
      
      transmitting the received indication of approval to the network site.
  - 16. The method according to claim 11, further comprising:
    - receiving comfort indicia from the user; and
      
      presenting the received comfort indicia to the user in the one presentation form, with the transaction.

17. An article of manufacture for presentation by a security server of network transactions requiring different levels of security for approval by a user, comprising:
- non-transitory processor readable storage medium; and
  
  logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to;
  
  receive a transaction having a predetermined security level from a network site transacting with the user;
  
  present the transaction to the user in one of a group of presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second to form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device, wherein the one presentation form corresponds to a predetermined security level for the transaction; and
  
  request one of a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction selecting, wherein the one transaction approval type corresponds to the predetermined security level for the transaction.
- View Dependent Claims (18, 19, 20)
- - 18. The article of manufacture according to claim 17, wherein the one transaction approval type is the third type approval, and the stored logic is further configured to cause the processor to operate so as to:
    - receive an identifier of the one transaction presentation form and the one transaction approval type from the network site;
      
      compute a personal identification number (PIN) based on a secret shared only by the network site and the security server, and not by the user; and
      
      present the computed PIN to the user for use as a signature of the user on the transaction.
  - 19. The article of manufacture according to claim 17, wherein the one transaction approval type is the second type approval, and the stored logic is further configured to cause the processor to operate so as to:
    - receive an identifier of the one transaction presentation form and the one transaction approval type from the network site;
      
      receive an indication of approval of the presented transaction from the user; and
      
      transmit the received indication of approval to the network site.
  - 20. The article of manufacture according to claim 17, wherein the stored logic is further configured to cause the processor to operate so as to:
    - receive comfort indicia from the user; and
      
      present the received comfort indicia to the user in the one presentation form, with the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Payfone Incorporated
Original Assignee
Authentify, Inc. (Bank of America Corp.)
Inventors
Ganesan, Ravi
Primary Examiner(s)
Follansbee, John
Assistant Examiner(s)
STILTNER, WEIWEI YE

Application Number

US13/081,150
Publication Number

US 20110283340A1
Time in Patent Office

1,154 Days
Field of Search

726 1- 21, 726 26- 33
US Class Current

726/4
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 21/52   during program execution, e...

G06Q 20/382   insuring higher security of...

G06Q 20/4012   Verifying personal identifi...

H04L 41/04   Network management architec...

H04L 41/344   Out-of-band transfers

H04L 63/0853   using an additional device,...

H04L 63/105   Multiple levels of security

Flexible quasi out of band authentication architecture

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible quasi out of band authentication architecture

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links