Website authentication

US 8,762,724 B2
Filed: 09/13/2012
Issued: 06/24/2014
Est. Priority Date: 04/15/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method for website authentication, using at least one computer hardware device for performing the steps of:

receiving a request from a user to view a website within a graphical user interface (GUI);

generating, in response to the receiving a request, a one time password (OTP);

storing the generated OTP in a database;

displaying the generated OTP on the GUI over a first channel;

communicating a number for the user to call on a communication device over a second channel;

verifying an identity of the user by receiving an identification datum from the communication device, wherein the user sends, in response to the displaying, the identification datum using the communication device, wherein the verifying compares the identification datum with a stored identification datum in the database, wherein the identification datum is at least one of a caller ID, an account number, a password and a first geographical location;

determining a second geographical location from the request from the user to view the website and storing the second geographical location in the database;

receiving, in response to the verifying, an entered OTP from the user;

comparing the entered OTP with the generated OTP; and

communicating whether the website is authenticated.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of website authentication including receiving a request from a user to view a website within a graphical user interface (GUI); generating a one time password (OTP); storing the generated OTP in a database; displaying the generated OTP on the GUI; verifying an identity of the user by receiving an identification datum from a communication device; receiving an entered OTP from the user; comparing the entered OTP with the generated OTP; and communicating whether the website is authenticated.

179 Citations

10 Claims

1. A method for website authentication, using at least one computer hardware device for performing the steps of:
- receiving a request from a user to view a website within a graphical user interface (GUI);
  
  generating, in response to the receiving a request, a one time password (OTP);
  
  storing the generated OTP in a database;
  
  displaying the generated OTP on the GUI over a first channel;
  
  communicating a number for the user to call on a communication device over a second channel;
  
  verifying an identity of the user by receiving an identification datum from the communication device, wherein the user sends, in response to the displaying, the identification datum using the communication device, wherein the verifying compares the identification datum with a stored identification datum in the database, wherein the identification datum is at least one of a caller ID, an account number, a password and a first geographical location;
  
  determining a second geographical location from the request from the user to view the website and storing the second geographical location in the database;
  
  receiving, in response to the verifying, an entered OTP from the user;
  
  comparing the entered OTP with the generated OTP; and
  
  communicating whether the website is authenticated.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the identification datum includes at least one of an identification datum automatically generated by the communication device and an identification datum input by the user.
  - 3. The method of claim 1, wherein the communicating includes at least one of storing a fake website in the database and alerting an authentic website administrator of the fake website.

4. A website authentication system, including a computer hardware device comprising:
- a one time password (OTP) generator system for receiving a request from a user to view a website within a graphical user interface (GUI), generating, in response to the receiving a request, a OTP, and displaying the generated OTP on the GUI over a first channel;
  
  a system for communicating a number for the user to call on a communication device over a second channel;
  
  a voice response unit (VRU) system for receiving at least one identification datum from a communication device, wherein the user sends, in response to the displaying, the identification datum using the communication device;
  
  a user verification system for verifying an identity of the user by receiving an identification datum from the communication device, wherein the identification datum includes at least one of an identification datum automatically generated by the communication device and an identification datum input by the user, wherein the identification datum is at least one of a caller ID, an account number, a password and a first geographical location, and wherein the OTP generator system determines a second geographical location from the request from the user to view the website and storing the second geographical location in the database;
  
  a comparison system for receiving, in response to the verifying, an entered OTP from the user and comparing the entered OTP with the generated OTP; and
  
  a security alert system for communicating whether the website is authenticated.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The system of claim 4, wherein the comparison system communicates whether the website is authenticated.
  - 6. The system of claim 4, wherein the OTP generator system stores the generated OTP in a database.
  - 7. The system of claim 4, wherein the verification system compares the identification datum with a stored identification datum in the database.
  - 8. The system of claim 4, wherein the communicating includes at least one of storing a fake website in the database and alerting an authentic website administrator of the fake website.

9. A non-transitory computer readable medium storing a program product including program code for website authentication, which when executed by a computing device, is operable to carry out a method comprising:
- receiving a request from a user to view a website within a graphical user interface (GUI);
  
  generating, in response to the receiving a request, a one time password (OTP);
  
  storing the generated OTP in a database;
  
  displaying the generated OTP on the GUI over a first channel;
  
  communicating a number for the user to call on a communication device over a second channel;
  
  verifying an identity of the user by receiving an identification datum from a communication device, wherein the user sends, in response to the displaying, the identification datum using the communication device, wherein the verifying compares the identification datum with a stored identification datum in the database, wherein the identification datum is at least one of a caller ID, an account number, a password and a first geographical location;
  
  determining a second geographical location from the request from the user to view the website;
  
  receiving, in response to the verifying, an entered OTP from the user;
  
  comparing the entered OTP with the generated OTP; and
  
  communicating whether the website is authenticated.
- View Dependent Claims (10)
- - 10. The program product of claim 9, wherein the identification datum includes at least one of an identification datum automatically generated by the communication device and an identification datum input by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bravo, Jose, Crume, Jeffrey L.
Primary Examiner(s)
Vaughan, Michael R

Application Number

US13/613,502
Publication Number

US 20130007859A1
Time in Patent Office

649 Days
Field of Search

None
US Class Current

713/169
CPC Class Codes

G06F 21/31   User authentication

G06F 21/83   input devices, e.g. keyboar...

H04L 63/0838   using one-time-passwords

H04L 63/1483   service impersonation, e.g....

H04L 9/3228   One-time or temporary data,...

Website authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

179 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Website authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

179 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links