Multi-factor authentication

US 8,984,605 B2
Filed: 08/23/2011
Issued: 03/17/2015
Est. Priority Date: 08/23/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

providing, by a processor operable to execute logic encoded on one or more non-transitory computer-readable media, a notification to an intended recipient of a message, the notification including a designated link operable to facilitate access to the message, the designated link including a unique identifier associated with the message, the unique identifier generated for the message and distinct from login credentials, wherein the unique identifier is not displayed to a user;

receiving a request to access the message;

authenticating the request according to an authentication procedure, the authentication procedure including selecting which authentication factors are to be verified based on whether the request corresponds to the designated link, wherein;

the request corresponds to the designated link if the request includes the unique identifier from the notification provided to the intended recipient;

the selected authentication factors correspond to login credentials if the request includes the unique identifier such that authentication is successful once valid login credentials associated with the intended recipient have been received; and

the selected authentication factors correspond to login credentials and at least one additional authentication factor only if the request fails to include the unique identifier; and

communicating the message if the request passes authentication.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to some embodiments, a method provides a designated link in a notification to an intended recipient of the message. The designated link includes a unique identifier associated with the message. Upon receiving a request to access the message, the method authenticates the request. Authentication includes verifying whether the request corresponds to the designated link provided in the notification. If the request passes authentication, the method communicates the message.

29 Citations

View as Search Results

19 Claims

1. A method, comprising:
- providing, by a processor operable to execute logic encoded on one or more non-transitory computer-readable media, a notification to an intended recipient of a message, the notification including a designated link operable to facilitate access to the message, the designated link including a unique identifier associated with the message, the unique identifier generated for the message and distinct from login credentials, wherein the unique identifier is not displayed to a user;
  
  receiving a request to access the message;
  
  authenticating the request according to an authentication procedure, the authentication procedure including selecting which authentication factors are to be verified based on whether the request corresponds to the designated link, wherein;
  
  the request corresponds to the designated link if the request includes the unique identifier from the notification provided to the intended recipient;
  
  the selected authentication factors correspond to login credentials if the request includes the unique identifier such that authentication is successful once valid login credentials associated with the intended recipient have been received; and
  
  the selected authentication factors correspond to login credentials and at least one additional authentication factor only if the request fails to include the unique identifier; and
  
  communicating the message if the request passes authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - sending a request for the login credentials associated with a user, the request for login credentials sent in response to the request to access the message.
  - 3. The method of claim 1, wherein the recipient corresponds to an email account.
  - 4. The method of claim 1, wherein:
    - the designated link comprises a user-readable portion and a machine-readable portion, the machine-readable portion including the unique identifier; and
      
      the notification configured to display the user-readable portion to a user and to hide the machine-readable portion from the user.
  - 5. The method of claim 1, wherein:
    - the message comprises an encrypted message; and
      
      communicating the message comprises;
      
      decrypting the message; and
      
      communicating the message over a secure connection.
  - 6. The method of claim 1, further comprising:
    - determining that the request fails to correspond to the designated link provided to the intended recipient; and
      
      initiating a fallback authentication procedure.
  - 7. The method of claim 1, wherein the unique identifier portion of the designated link is hidden from the user such that if the request only includes a portion of the designated link that is visible to the user, the method determines that the request fails to include the unique identifier and therefore fails to correspond to the designated link.

8. One or more non-transitory computer-readable media comprising logic, the logic when executed by one or more processing units operable to perform operations comprising:
- providing a notification to an intended recipient of a message, the notification including a designated link operable to facilitate access to the message, the designated link including a unique identifier associated with the message, the unique identifier generated for the message and distinct from login credentials, wherein the unique identifier is not displayed to a user;
  
  receiving a request to access the message;
  
  authenticating the request according to an authentication procedure, the authentication procedure including selecting which authentication factors are to be verified based on whether the request corresponds to the designated link, wherein;
  
  the request corresponds to the designated link if the request includes the unique identifier from the notification provided to the intended recipient;
  
  the selected authentication factors correspond to login credentials if the request includes the unique identifier such that authentication is successful once valid login credentials associated with the intended recipient have been received; and
  
  the selected authentication factors correspond to login credentials and at least one additional authentication factor only if the request fails to include the unique identifier; and
  
  communicating the message if the request passes authentication.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The media of claim 8, the logic further operable to perform the operations comprising:
    - sending a request for the login credentials associated with a user, the request for login credentials sent in response to the request to access the message.
  - 10. The media of claim 8, wherein the intended recipient corresponds to an email account.
  - 11. The media of claim 8, wherein:
    - the designated link comprises a user-readable portion and a machine-readable portion, the machine-readable portion including the unique identifier; and
      
      the notification configured to display the user-readable portion to a user and to hide the machine-readable portion from the user.
  - 12. The media of claim 8, wherein:
    - the message comprises an encrypted message; and
      
      communicating the message comprises;
      
      decrypting the message; and
      
      communicating the message over a secure connection.
  - 13. The media of claim 8, the logic further operable to perform the operations comprising:
    - determining that the request fails to correspond to the designated link provided to the intended recipient; and
      
      initiating a fallback authentication procedure.

14. A system, comprising:
- one or more processors operable to execute logic encoded on one or more non-transitory computer-readable media in order to;
  
  provide a notification to an intended recipient of a message, the notification including a designated link operable to facilitate access to the message, the designated link including a unique identifier associated with the message, the unique identifier generated for the message and distinct from login credentials, wherein the unique identifier is not displayed to a user;
  
  receive a request to access the message;
  
  authenticate the request according to an authentication procedure, the authentication procedure including selecting which authentication factors are to be verified based on whether the request corresponds to the designated link, wherein;
  
  the request corresponds to the designated link if the request includes the unique identifier from the notification provided to the intended recipient;
  
  the selected authentication factors correspond to login credentials if the request includes the unique identifier such that authentication is successful once valid login credentials associated with the intended recipient have been received; and
  
  the selected authentication factors correspond to login credentials and at least one additional authentication factor only if the request fails to include the unique identifier; and
  
  communicate the message if the request passes authentication.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, the one or more processors further operable to:
    - send a request for the login credentials associated with a user, the request for login credentials sent in response to the request to access the message.
  - 16. The system of claim 14, wherein:
    - the designated link comprises a user-readable portion and a machine-readable portion, the machine-readable portion including the unique identifier; and
      
      the notification configured to display the user-readable portion to a user and to hide the machine-readable portion from the user.
  - 17. The system of claim 14, the authentication procedure further including verifying authentication information corresponding to at least one of a username, a passcode, personal information, device information, or biometric data.
  - 18. The system of claim 14, wherein:
    - the message comprises an encrypted message; and
      
      the one or more processors further operable to;
      
      decrypt the message; and
      
      establish a secure connection for communicating the message.
  - 19. The system of claim 14, the one or more processors further operable to:
    - determine that the request fails to correspond to the designated link provided to the intended recipient; and
      
      initiate a fallback authentication procedure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Original Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Inventors
Bauckman, Dena Terry, Johnson, Nigel Paul, Robertson, David Joseph
Primary Examiner(s)
Poltorak, Peter

Application Number

US13/215,757
Publication Number

US 20130055368A1
Time in Patent Office

1,302 Days
Field of Search

None
US Class Current

726/7
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 51/212   using filtering or selectiv...

H04L 51/224   providing notification on i...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

Multi-factor authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Multi-factor authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others