Flexible quasi out of band authentication architecture
First Claim
1. A method of operating a network site to obtain approval of network transactions at different levels of security by a user, comprising:
- selecting, based on a predetermined security level for a transaction, a form in which a transaction will be presented to the user from a group of transaction presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device;
selecting, based on the predetermined security level for the transaction, a type of approval of the transaction required from the user from a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction; and
transmitting the transaction, the selected transaction presentation form, and the selected type of user transaction approval, to obtain approval of the transaction by the user.
11 Assignments
0 Petitions
Accused Products
Abstract
To obtain user approval of network transactions at different levels of security, a network site selects a form in which a transaction with be presented to the user from a group of transaction presentation forms including presentation of the transaction in a browser pop-up window on a user network device, in a security software application window on the user network device, and in a security application window on another user network device. The network site also selects a type of approval of the transaction required from the user from a group of transaction approval types including approval requiring no action by the user after presentation of the transaction, the user to actively approve the presented transaction, and the user to sign the presented transaction. The transaction, the selected transaction presentation form, and the selected type of user transaction approval, are transmitted to obtain approval of the transaction by the user.
-
Citations
20 Claims
-
1. A method of operating a network site to obtain approval of network transactions at different levels of security by a user, comprising:
-
selecting, based on a predetermined security level for a transaction, a form in which a transaction will be presented to the user from a group of transaction presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device; selecting, based on the predetermined security level for the transaction, a type of approval of the transaction required from the user from a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction; and transmitting the transaction, the selected transaction presentation form, and the selected type of user transaction approval, to obtain approval of the transaction by the user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An article of manufacture for obtaining approval of a user of network transactions with a network station at different levels of security, comprising:
-
non-transitory processor readable storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to; select, based on a predetermined security level for a transaction, a form in which a transaction will be presented to the user from a group of transaction presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device; select, based on the predetermined security level for the transaction, a type of approval of the transaction required from the user from a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction; and transmit the transaction, the selected transaction presentation form, and the selected type of user transaction approval, to obtain approval of the transaction by the user. - View Dependent Claims (8, 9, 10)
-
-
11. A method of operating a security server to present network transactions requiring different levels of security for approval by a user, comprising:
-
receiving a transaction having a predetermined security level from a network site transacting with the user;
presenting the transaction to the user in one of a group of presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device, wherein the one presentation form corresponds to a predetermined security level for the transaction; andrequesting one of a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction selecting, wherein the one transaction approval type corresponds to the predetermined security level for the transaction. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. An article of manufacture for presentation by a security server of network transactions requiring different levels of security for approval by a user, comprising:
-
non-transitory processor readable storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to; receive a transaction having a predetermined security level from a network site transacting with the user;
present the transaction to the user in one of a group of presentation forms including at least two of (i) a first form of presentation corresponding to presentation of the transaction in a browser pop-up window on a first network device associated with the user, (ii) a second to form of presentation corresponding to presentation of the transaction in a security software application window on the first network device, and (iii) a third form of presentation corresponding to presentation of the transaction in a security application window on a second network device associated with the user and different than the first network device, wherein the one presentation form corresponds to a predetermined security level for the transaction; andrequest one of a group of transaction approval types including at least two of (i) a first type approval requiring no action by the user after presentation of the transaction, (ii) a second type approval requiring the user to actively approve the presented transaction, and (iii) a third type approval requiring the user to sign the presented transaction selecting, wherein the one transaction approval type corresponds to the predetermined security level for the transaction. - View Dependent Claims (18, 19, 20)
-
Specification