System and method for second factor authentication services

US 9,047,473 B2
Filed: 08/30/2013
Issued: 06/02/2015
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for selectively granting access to data by a user, the method comprising:

providing a plurality of second-factor authentication options for selection by a first user and a second user, the plurality of second-factor authentication comprising a one-time passcode option and a security question option;

receiving, by a processing device, a first request for access to first data from a first user computer via a first type of communication channel and a second request for access to second data from a second user computer via the first type of communication channel;

providing first factor authentication of the first user and the second user, wherein the first factor authentication for the first user comprises determining that a first user name and a first password received from the first user computer via the first type of communication channel are valid and the first factor authentication for the second user comprises determining that a second user name and a second password received from the second user computer via the first type of communication channel are valid;

performing, by the processing device, second factor authentication of the first user responsive to determining that the first user name and the first password are valid, the second factor authentication of the first user comprising;

determining that the first user has selected the one-time passcode option, andbased on determining that the first user has selected the one-time passcode option, identifying a second type of communication channel for providing a one-time passcode in a human-readable language to the first user, determining that the second type of communication channel is unavailable, providing the one-time passcode over a third type of communication channel in response to determining that the second type of communication channel is unavailable, and granting access to the data to the first user computer in response to receiving the one-time passcode over the first type of communication channel; and

performing, by the processing device, second factor authentication of the second user responsive to determining that the second user name and the second password are valid, the second factor authentication of the second user comprising;

determining that the second user has selected the security question option, andbased on determining that the second user has selected the security question option, providing a plurality of security questions to the second user and granting access to the data to the second user computer in response to receiving correct answers to the plurality of security questions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A customer server receives a client request to access protected resources over the Internet. First factor authentication is performed and if it is successful a vendor authentication engine is invoked to undertake second factor authentication. The results of the second factor authentication are returned to the customer server, which grants access only if both first and second factor authentication succeeds.

201 Citations

16 Claims

1. A method for selectively granting access to data by a user, the method comprising:
- providing a plurality of second-factor authentication options for selection by a first user and a second user, the plurality of second-factor authentication comprising a one-time passcode option and a security question option;
  
  receiving, by a processing device, a first request for access to first data from a first user computer via a first type of communication channel and a second request for access to second data from a second user computer via the first type of communication channel;
  
  providing first factor authentication of the first user and the second user, wherein the first factor authentication for the first user comprises determining that a first user name and a first password received from the first user computer via the first type of communication channel are valid and the first factor authentication for the second user comprises determining that a second user name and a second password received from the second user computer via the first type of communication channel are valid;
  
  performing, by the processing device, second factor authentication of the first user responsive to determining that the first user name and the first password are valid, the second factor authentication of the first user comprising;
  
  determining that the first user has selected the one-time passcode option, andbased on determining that the first user has selected the one-time passcode option, identifying a second type of communication channel for providing a one-time passcode in a human-readable language to the first user, determining that the second type of communication channel is unavailable, providing the one-time passcode over a third type of communication channel in response to determining that the second type of communication channel is unavailable, and granting access to the data to the first user computer in response to receiving the one-time passcode over the first type of communication channel; and
  
  performing, by the processing device, second factor authentication of the second user responsive to determining that the second user name and the second password are valid, the second factor authentication of the second user comprising;
  
  determining that the second user has selected the security question option, andbased on determining that the second user has selected the security question option, providing a plurality of security questions to the second user and granting access to the data to the second user computer in response to receiving correct answers to the plurality of security questions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the plurality of second-factor authentication options further comprises a biometric verification option, wherein the second factor authentication for the first user further comprises:
    - determining that the first user has also selected the biometric verification option from the plurality of second-factor authentication options;
      
      receiving an audible phrase from the first user over the third type of communication channel; and
      
      granting access to the data to the first user computer in response to determining that the audible phrase matches a stored biometric.
  - 3. The method of claim 1, wherein providing the plurality of second-factor authentication options for selection by the first user comprises providing a graphical interface to a computer associated with the first user, wherein at least one second-factor authentication option comprising the one-time passcode option selected by the first user is identified from input received to the graphical interface.
  - 4. The method of claim 1, wherein providing the one-time passcode in a human-readable language to the first user over the third type of communication channel comprises providing the one-time passcode over a telephone communication channel.
  - 5. The method of claim 4, further comprising verifying a voice biometric over the telephone communication channel.
  - 6. The method of claim 1, wherein the second factor authentication for the first user further comprises verifying a voice biometric for the first user.
  - 7. The method of claim 1, further comprising:
    - identifying at least one additional second-factor authentication option from the plurality of second-factor authentication options; and
      
      performing the at least one additional second-factor authentication option in combination with at least one of (i) performing the second factor authentication for the first user that comprises providing the one-time passcode and (ii) performing the second factor authentication for the second user that comprises providing the plurality of security questions.
  - 8. The method of claim 1, wherein one of the second type of communication channel or the third type of communication channel is a short message system channel or an e-mail channel for providing the one-time passcode as textual content, wherein another of the second type of communication channel or the third type of communication channel is a voice communication channel for providing the one-time passcode as audio content.

9. A system for selectively granting access to data by a user, the method comprising:
- a processing device; and
  
  a non-transitory computer-readable medium accessible by the processing device;
  
  wherein the processing device is configured to execute logic embodied in the non-transitory computer-readable medium and thereby perform operations comprising;
  
  providing a plurality of second-factor authentication options for selection by a first user and a second user, the plurality of second-factor authentication comprising a one-time passcode option and a security question option,receiving, by a processing device, a first request for access to first data from a first user computer via a first type of communication channel and a second request for access to second data from a second user computer via the first type of communication channel,providing first factor authentication of the first user and the second user, wherein the first factor authentication for the first user comprises determining that a first user name and a first password received from the first user computer via the first type of communication channel are valid and the first factor authentication for the second user comprises determining that a second user name and a second password received from the second user computer via the first type of communication channel are valid,performing second factor authentication of the first user responsive to determining that the first user name and the first password are valid, the second factor authentication for the first user comprising (i) determining that the first user has selected the one-time passcode option and (ii) based on determining that the first user has selected the one-time passcode option, identifying a second type of communication channel for providing a one-time passcode in a human-readable language to the first user, determining that the second type of communication channel is unavailable, providing the one-time passcode over a third type of communication channel in response to determining that the second type of communication channel is unavailable, and granting access to the data to the first user computer in response to receiving the one-time passcode over the first type of communication channel, andperforming second factor authentication of the second user responsive to determining that the second user name and the second password are valid, the second factor authentication of the second user comprising (i) determining that the second user has selected the security question option, and (ii) based on determining that the second user has selected the security question option, providing a plurality of security questions to the second user and granting access to the data to the second user computer in response to receiving correct answers to the plurality of security questions.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the plurality of second-factor authentication options further comprises a biometric verification option, wherein the second factor authentication for the first user further comprises:
    - determining that the first user has also selected the biometric verification option from the plurality of second-factor authentication options;
      
      receiving an audible phrase from the first user over the third type of communication channel; and
      
      granting access to the data to the first user computer in response to determining that the audible phrase matches a stored biometric.
  - 11. The system of claim 9, wherein providing the plurality of second-factor authentication options for selection by the first user comprises providing a graphical interface to a computer associated with the first user, wherein at least one second-factor authentication option comprising the one-time passcode option selected by the first user is identified from input received to the graphical interface.
  - 12. The system of claim 9, wherein providing the one-time passcode in a human-readable language to the first user over the third type of communication channel comprises providing the one-time passcode over a telephone communication channel.
  - 13. The system of claim 12, wherein the processing device is further configured by executing the logic to perform additional operations for performing the second factor authentication of the first user, the additional operations comprising:
    - verifying a voice biometric over the telephone communication channel.
  - 14. The system of claim 9, wherein the processing device is further configured by executing the logic to perform additional operations for the second factor authentication of the first user, the additional operations comprising:
    - verifying a voice biometric over the third type of communication channel.
  - 15. The system of claim 9, wherein the processing device is further configured by executing the logic to perform additional operations comprising:
    - identifying at least one additional second-factor authentication option from the plurality of second-factor authentication options selected by at least one of the first user and the second user; and
      
      performing the at least one additional second-factor authentication option in combination with at least one of (i) the second factor authentication of the first user that comprises providing the one-time passcode and (ii) the second factor authentication of the second user that comprises providing the plurality of security questions.
  - 16. The system of claim 9, wherein one of the second type of communication channel or the third type of communication channel is a short message system channel or an e-mail channel for providing the one-time passcode as textual content, wherein another of the second type of communication channel or the third type of communication channel is a voice communication channel for providing the one-time passcode as audio content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anakam, Inc. (Equifax, Inc.)
Original Assignee
Anakam, Inc. (Equifax, Inc.)
Inventors
Samuelsson, Jonas, Camaisa, Allan
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
KANAAN, SIMON P

Application Number

US14/015,161
Publication Number

US 20130347129A1
Time in Patent Office

641 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/60   Protecting data

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/18   using different networks or...

H04L 9/321   involving a third party or ...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3273   for mutual authentication n...

System and method for second factor authentication services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

201 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for second factor authentication services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links