Adaptive policies and protections for securing financial transaction data at rest

US 8,850,539 B2
Filed: 06/22/2010
Issued: 09/30/2014
Est. Priority Date: 06/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method for challenge-response authentication, the method comprising:

receiving, from an external terminal over a communication network, a request for access to a service;

presenting to a user, via a display, a plurality of images;

receiving, via the external terminal, an arrangement of the plurality of images;

receiving, over the communication network, a plurality of codes based on the arrangement of the plurality of images, each of the plurality of codes corresponding to an image of the plurality of images and to an alphanumeric character of a plurality of alphanumeric characters, the plurality of codes being distinct from the plurality of alphanumeric characters;

matching the plurality of codes to the plurality of alphanumeric characters based on a predetermined one-time use table, wherein the one-time use table associates each image of the plurality of images with a corresponding code of the plurality of codes and with a corresponding alphanumeric character of the plurality of alphanumeric characters, wherein each of the plurality of codes is generated, by a pseudorandom number generator, independently from the plurality of alphanumeric characters;

generating an alphanumeric string from the plurality of alphanumeric characters based on the matching;

comparing the alphanumeric string to an alphanumeric user identifier stored in a database; and

determining whether to grant the user access to the service based on a result of the comparing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for challenge-response authentication is provided by receiving, from an external terminal over a communication network, a request for access to a service. A plurality of objects is presented to a user via a display. A plurality of codes is received over the communication network, each of the plurality of codes corresponding to one of the plurality of objects. The plurality of codes are matched to a plurality of alphanumeric characters according to a predetermined table. An alphanumeric string is generated from the plurality of alphanumeric characters and the alphanumeric string is compared to a user identifier stored in a database. Based on the comparing, a determination is made as to whether to grant the user access to the service.

Citations

20 Claims

1. A method for challenge-response authentication, the method comprising:
- receiving, from an external terminal over a communication network, a request for access to a service;
  
  presenting to a user, via a display, a plurality of images;
  
  receiving, via the external terminal, an arrangement of the plurality of images;
  
  receiving, over the communication network, a plurality of codes based on the arrangement of the plurality of images, each of the plurality of codes corresponding to an image of the plurality of images and to an alphanumeric character of a plurality of alphanumeric characters, the plurality of codes being distinct from the plurality of alphanumeric characters;
  
  matching the plurality of codes to the plurality of alphanumeric characters based on a predetermined one-time use table, wherein the one-time use table associates each image of the plurality of images with a corresponding code of the plurality of codes and with a corresponding alphanumeric character of the plurality of alphanumeric characters, wherein each of the plurality of codes is generated, by a pseudorandom number generator, independently from the plurality of alphanumeric characters;
  
  generating an alphanumeric string from the plurality of alphanumeric characters based on the matching;
  
  comparing the alphanumeric string to an alphanumeric user identifier stored in a database; and
  
  determining whether to grant the user access to the service based on a result of the comparing.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein generating an alphanumeric string includes generating an alphanumeric string based on the order the codes were received over the communication network.
  - 3. The method of claim 1, wherein the plurality of images includes at least one of:
    - an undistorted image of an alphanumeric character, a distorted image of an alphanumeric character, an image including a plurality of sub-images, an image pre-selected by the user, an image including a plurality of overlaying sub-images, or an image including a portion of a mathematical equation.
  - 4. The method of claim 1, wherein the request for access includes at least one of:
    - a request for authorization to complete a financial transaction using a financial transaction account linked to the external terminal;
      
      ora request for access to financial data associated with the financial transaction account linked to the external terminal.
  - 5. The method of claim 1, wherein presenting the plurality of images further includes presenting the plurality of images as at least one of:
    - a multidimensional grid of the plurality of images, a horizontal arrangement of the plurality of images, or a spatial overlay of the plurality of images.
  - 6. The method of claim 1, wherein the alphanumeric user identifier stored in the database is an alphanumeric string that uniquely identifies the user and a financial account of the user.

7. A system for challenge-response authentication, the system comprising:
- a processor, coupled to a memory, configured to;
  
  receive, from an external terminal over a communication network, a request for access to a service;
  
  present to a user, via a display, a plurality of images;
  
  receive, via the external terminal, an arrangement of the plurality of images;
  
  receive, over the communication network, a plurality of codes based on the arrangement of the plurality of images, each of the plurality of codes corresponding to an image of the plurality of images and to an alphanumeric character of a plurality of alphanumeric characters, the plurality of codes being distinct from the plurality of alphanumeric characters;
  
  match the plurality of codes to the plurality of alphanumeric characters based on a predetermined one-time use table, wherein the one-time use table associates each image of the plurality of images with a corresponding code of the plurality of codes and with a corresponding alphanumeric character of the plurality of alphanumeric characters, wherein each of the plurality of codes is generated, by a pseudorandom number generator, independently from the plurality of alphanumeric characters;
  
  generate an alphanumeric string from the plurality of alphanumeric characters based on the matching;
  
  compare the alphanumeric string to an alphanumeric user identifier stored in a database; and
  
  determine whether to grant the user access to the service based on a result of the comparing.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein generating an alphanumeric string includes generating an alphanumeric string based on the order the codes were received over the communication network.
  - 9. The system of claim 7, wherein the plurality of images includes at least one of:
    - an undistorted image of an alphanumeric character, a distorted image of an alphanumeric character, an image including a plurality of sub-images, an image pre-selected by the user, an image including a plurality of overlaying sub-images, or an image including a portion of a mathematical equation.
  - 10. The system of claim 7, wherein the request for access includes at least one of:
    - a request for authorization to complete a financial transaction using a financial transaction account linked to the external terminal;
      
      ora request for access to financial data associated with the financial transaction account linked to the external terminal.
  - 11. The system of claim 7, wherein the processor is further configured to:
    - present the plurality of images as at least one of;
      
      a multidimensional grid of the plurality of images, a horizontal arrangement of the plurality of images, or a spatial overlay of the plurality of images.
  - 12. The system of claim 7, wherein the alphanumeric user identifier stored in the database is an alphanumeric string that uniquely identifies the user and a financial account of the user.

13. A non-transitory computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions, which, when executed by a computer system, cause the computer system to perform:
- receiving, from an external terminal over a communication network, a request for access to a service;
  
  presenting to a user, via a display, a plurality of images;
  
  receiving, via the external terminal, an arrangement of the plurality of images;
  
  receiving, over the communication network, a plurality of codes based on the arrangement of the plurality of images, each of the plurality of codes corresponding to an image of the plurality of images and to an alphanumeric character of a plurality of alphanumeric characters, the plurality of codes being distinct from the plurality of alphanumeric characters;
  
  matching the plurality of codes to the plurality of alphanumeric characters based on a predetermined one-time use table, wherein the one-time use table associates each image of the plurality of images with a corresponding code of the plurality of codes and with a corresponding alphanumeric character of the plurality of alphanumeric characters, wherein each of the plurality of codes is generated, by a pseudorandom number generator, independently from the plurality of alphanumeric characters;
  
  generating an alphanumeric string from the plurality of alphanumeric characters based on the matching;
  
  comparing the alphanumeric string to an alphanumeric user identifier stored in a database; and
  
  determining whether to grant the user access to the service based on a result of the comparing.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer readable medium of claim 13, wherein generating an alphanumeric string includes generating an alphanumeric string based on the order the codes were received over the communication network.
  - 15. The non-transitory computer readable medium of claim 13, wherein the plurality of images includes at least one of:
    - an undistorted image of an alphanumeric character, a distorted image of an alphanumeric character, an image including a plurality of sub-images, an image pre-selected by the user, an image including a plurality of overlaying sub-images, or an image including a portion of a mathematical equation.
  - 16. The non-transitory computer readable medium of claim 13, wherein the request for access includes at least one of:
    - a request for authorization to complete a financial transaction using a financial transaction account linked to the external terminal;
      
      ora request for access to financial data associated with the financial transaction account linked to the external terminal.
  - 17. The non-transitory computer readable medium of claim 13, wherein presenting the plurality of images further includes presenting the plurality of images as at least one of:
    - a multidimensional grid of the plurality of images, a horizontal arrangement of the plurality of images, or a spatial overlay of the plurality of images.
  - 18. The non-transitory computer readable medium of claim 13, wherein the alphanumeric user identifier stored in the database is an alphanumeric string that uniquely identifies the user and a financial account of the user.

19. A method for generating a challenge-response authentication interface, the method comprising:
- generating a plurality of images;
  
  generating a plurality of codes, each of the plurality of codes corresponding to an image of the plurality of images and to an alphanumeric character of a plurality of alphanumeric characters, wherein each of the plurality of codes is generated, by a pseudorandom number generator, independently from the plurality of alphanumeric characters;
  
  generating a one-time use table that associates each image of the plurality of images with a corresponding code of the plurality of codes and with a corresponding alphanumeric character of the plurality of alphanumeric characters, the plurality of codes being distinct from the plurality of alphanumeric characters; and
  
  generating an interactive graphical presentation of the plurality of images, wherein the interactive graphical presentation is configured to;
  
  receive, via an external terminal, an arrangement of the plurality of images; and
  
  provide, over a communication network, the plurality of codes based on the arrangement of the plurality of images.

20. A system for generating a challenge-response authentication interface, the system comprising:
- a processor, coupled to a memory, configured to;
  
  generate a plurality of images;
  
  generate a plurality of codes, each of the plurality of codes corresponding to an image of the plurality of images and to an alphanumeric character of a plurality of alphanumeric characters, the plurality of codes being distinct from the plurality of alphanumeric characters, wherein each of the plurality of codes is generated, by a pseudorandom number generator, independently from the plurality of alphanumeric characters;
  
  generate a one-time use table that associates each image of the plurality of images with a corresponding code of the plurality of codes and with a corresponding alphanumeric character of the plurality of alphanumeric characters; and
  
  generate an interactive graphical presentation of the plurality of images, wherein the interactive graphical presentation is configured to;
  
  receive, via an external terminal, an arrangement of the plurality of images; and
  
  provide, over a communication network, the plurality of codes based on the arrangement of the plurality of images.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Bailey, JR., Samuel A.
Primary Examiner(s)
Hailu, Teshome
Assistant Examiner(s)
Getachew, Abiy

Application Number

US12/820,193
Publication Number

US 20110314529A1
Time in Patent Office

1,561 Days
Field of Search

726/7
US Class Current

726/7
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 2221/2103   Challenge-response

G06Q 20/322   Aspects of commerce using m...

G06Q 20/325   using wireless networks

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G09C 1/04   with sign carriers or indic...

H04L 2463/102   applying security measure f...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 9/3271   using challenge-response

Adaptive policies and protections for securing financial transaction data at rest

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive policies and protections for securing financial transaction data at rest

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links