System and method for transaction security responsive to a signed authentication

US 9,098,850 B2
Filed: 09/24/2012
Issued: 08/04/2015
Est. Priority Date: 05/17/2011
Status: Active Grant

First Claim

Patent Images

1. A system arranged to provide access from a user device to a service provider, the system comprising:

an authentication server, said authentication server comprising an authentication server processor and an associated authentication server non-transitory memory, said authentication server non-transitory memory having loaded thereon instructions readable by said authentication server processor, which when executed by said authentication server processor cause said authentication server to;

determine that a mobile device has accessed the authentication server;

in response to said determination, provide to said mobile device a list at least of selectable at least one service provider and at least one registered user device other than said mobile device;

receive a selection made at said mobile device of a service provider, from among said at least one selectable service provider, to which access is desired, and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired;

determine whether one or more requirements of one or more rule sets for authentication has been fulfilled; and

based on the determination that the one or more requirements has been fulfilled, send an authentication message to the selected service provider and authorize the selected service provider to allow access by the selected user device.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system arranged to authenticate a user via its mobile device to a service provider, the system comprising: an authentication server; the user mobile device, the user mobile device provided with a verification application arranged to communicate with the authentication server; and a notification server in communication with the authentication server and arranged to transmit a notification to the user mobile device responsive to the authentication server, the authentication server arranged to provide a signed authentication to the service provider responsive to present and historical information regarding one of: the user mobile device; and an additional user device in communication with said authentication server, said signed authentication provided in accordance with a rule set determined by an authorized entity stored on said authentication server memory governing the required present and historical information attribute.

90 Citations

View as Search Results

26 Claims

1. A system arranged to provide access from a user device to a service provider, the system comprising:
- an authentication server, said authentication server comprising an authentication server processor and an associated authentication server non-transitory memory, said authentication server non-transitory memory having loaded thereon instructions readable by said authentication server processor, which when executed by said authentication server processor cause said authentication server to;
  
  determine that a mobile device has accessed the authentication server;
  
  in response to said determination, provide to said mobile device a list at least of selectable at least one service provider and at least one registered user device other than said mobile device;
  
  receive a selection made at said mobile device of a service provider, from among said at least one selectable service provider, to which access is desired, and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired;
  
  determine whether one or more requirements of one or more rule sets for authentication has been fulfilled; and
  
  based on the determination that the one or more requirements has been fulfilled, send an authentication message to the selected service provider and authorize the selected service provider to allow access by the selected user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system according to claim 1, wherein said authentication server is further arranged to obtain location information for said mobile device and location information for said selected user device, and said authentication server is arranged to send said authentication message in the event that said obtained location information for said mobile device and said obtained location information for said selected user device indicate that said mobile device is within a predetermined range of said selected user device.
  - 3. The system according to claim 2, further comprising the mobile device, said mobile device comprising a peripheral providing location information, a mobile device processor and an associated mobile device non-transitory memory, said mobile device non-transitory memory having loaded thereon instructions readable by said mobile device processor, which when executed by said mobile device processor cause said mobile device to retrieve location information from the location information providing peripheral and to transmit the retrieved location information to said authentication server;
    - wherein in the event that transmitted location information for said mobile device indicates that said mobile device is no longer within said predetermined range, said authentication server is further arranged to either;
      
      notify said selected user device that location security has been breached;
      
      ornotify the selected service provider of cancellation of said sent authentication message.
  - 4. The system according to claim 1, further comprising said selected user device, said selected user device comprising a user device processor and an associated user device non-transitory memory, said user device non-transitory memory having loaded therein an operating system, said selected service provider being the operating system on the selected user device;
    - the operating system arranged to receive an authentication message and to allow access by said selected user device, said selected user device arranged to, after having been allowed access to the operating system, access at least one memory location of the user device non-transitory memory, or a resource on the selected user device.
  - 5. The system according to claim 1, wherein said authentication message is sent by injecting said authentication message to said selected user device, thereby causing said selected user device to provide an authentication message to the selected service provider.
  - 6. The system according to claim 5, wherein said injected authentication message and said provided authentication message are identical.
  - 7. The system according to claim 1, further comprising said selected user device, wherein said selected user device comprises a user device processor and an associated user device memory readable by said user device processor, said user device non-transitory memory having loaded thereon instructions, which when executed by said user device processor cause said selected user device to:
    - send a user device verification message to said authentication server, wherein receipt of said verification message by said authentication server from said selected user device is one of said one or more requirements, andwherein said user device verification message comprises present information regarding said selected user device selected from a group comprising;
      
      a hardware fingerprint, a software fingerprint, a present geographical location of the selected user device, and user recent interaction with the selected user device.
  - 8. The system according to claim 1, further comprising said mobile device, said mobile device comprising a mobile device processor and an associated mobile device non-transitory memory, said mobile device non-transitory memory having loaded thereon a verification application comprising instructions readable by said mobile device processor, which when executed by said mobile device processor cause said mobile device to send to said authentication server a mobile device verification message, wherein receipt of said mobile device verification message by said authentication server from said mobile device is one of said one or more requirements and wherein said mobile device verification message comprises an identifier of the mobile device and present information regarding said mobile device, the present information selected from a group comprising a hardware fingerprint, a software fingerprint, a present geographical location of the mobile device, and user recent interaction with the mobile device.
  - 9. The system according to claim 1, wherein the authentication server is further arranged to maintain historical information regarding said mobile device, said at least one selectable registered user device, and authentication messages sent by said authentication server, and wherein said authentication server is arranged to consider said historical information and present information when determining whether at least one of said one or more requirements has been fulfilled.
  - 10. The system according to claim 9, wherein said historical information includes information which is a factor in generating a security risk score, responsive to said present information and said historical information, for determining whether at least one of said one or more requirements has been fulfilled.
  - 11. The system according to claim 1, wherein said at least one selectable service provider comprises a plurality of selectable service providers and wherein at least one of said one or more requirements is associated with said selected service provider but not associated with at least one other of said plurality of selectable service providers.
  - 12. The system according to claim 1, further comprising said selected service provider, wherein said selected service provider is arranged to allow access by said user device after receiving an authentication message.
  - 13. The system according to claim 12, wherein said service provider is further arranged to allow access by said selected user device after receiving an authentication message and performing at least one of:
    - validating said received authentication message, receiving a password from said selected user device, or requiring any other security measure from said selected user device.
  - 14. The system according to claim 1, further comprising said mobile device, said mobile device comprising a mobile device processor and an associated mobile device non-transitory memory, said mobile device non-transitory memory having loaded thereon instructions readable by said mobile device processor, which when executed by said mobile device processor cause said mobile device to:
    - access said authentication server,display said list, andresponsive to at least one user gesture, transmit said selection.
  - 15. The system according to claim 1, wherein said list also includes said mobile device because said mobile device is alternatively selectable for accessing a service provider from among said at least one selectable service provider.

16. A method of providing access from a user device to a service provider, the method comprising:
- determining, by an authentication server, that a mobile device has accessed the authentication server;
  
  in response to said determination, providing by the authentication server to said mobile device a list at least of selectable at least one service provider and at least one registered user device other than said mobile device;
  
  receiving, by the authentication server, a selection made at said mobile device of a service provider, from among said at least one selectable service provider, to which access is desired and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired;
  
  determining, by the authentication server, whether one or more requirements of one or more rule sets for authentication has been fulfilled; and
  
  based on the determination that the one or more requirements has been fulfilled, sending, by the authentication server, an authentication message to the selected service provider and authorizing the selected service provider to allow access by the selected user device.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The method according to claim 16, further comprising:
    - the authentication server obtaining location information for said selected user device; and
      
      the authentication server obtaining location information for said mobile device,wherein said authentication message is sent in the event that the obtained location information for said mobile device and the obtained location information for said selected user device indicate that the mobile device is within a predetermined range of the selected user device.
  - 18. The method according to claim 17, further comprising:
    - the authentication server obtaining updated location information for said mobile device after the authentication message has been sent to the selected service provider; and
      
      in the event that the updated location information of said mobile device indicates that the mobile device is no longer within said predetermined range, the authentication server either;
      
      notifying the selected user device that location security has been breached;
      
      ornotifying the selected service provider of cancellation of said sent authentication message.
  - 19. The method according to claim 16, wherein the selected service provider is an operating system loaded on a non-transitory memory of the selected user device, the method further comprising:
    - the operating system receiving an authentication message and allowing access by the selected user device; and
      
      the selected user device accessing at least one memory location, or resource, on the selected user device, after having been allowed access to the operating system.
  - 20. The method of claim 16, further comprising:
    - the selected service provider allowing access by said selected user device.
  - 21. The method of claim 16, further comprising:
    - the mobile device accessing said authentication server;
      
      the mobile device displaying said list; and
      
      responsive to at least one user gesture, the mobile device transmitting said selection.
  - 22. The method according to claim 16, wherein said authentication message is sent by injecting said authentication message to said selected user device, thereby causing said selected user device to provide an authentication message to the selected service provider.
  - 23. The method according to claim 16, wherein receipt of a user device verification message by said authentication server from the selected user device is one of said one or more requirements, and wherein said selected user device verification message comprises present information regarding the selected user device selected from a group comprising:
    - a hardware fingerprint, a software fingerprint, a present geographical location of the selected user device, and user recent interaction with the selected user device.
  - 24. The method according to claim 16, wherein receipt of a mobile device verification message by said authentication server from the mobile device is one of said one or more requirements, and wherein said mobile device verification message comprises an identifier of the mobile device and present information regarding said mobile device, the present information selected from a group comprising:
    - a hardware fingerprint, a software fingerprint, a present geographical location of the mobile device, and user recent interaction with the mobile device.
  - 25. The method according to claim 16, further comprising:
    - the authentication server maintaining historical information regarding said mobile device, said at least one selectable registered user device, and authentication messages sent by said authentication server, wherein the authentication server considers said historical information and present information when determining whether at least one of said one or more requirements has been fulfilled.

26. A computer program product comprising a non-transitory computer readable medium having computer readable program code embodied therein for providing access from a user device to a service provider, the computer program product comprising:
- computer readable program code for causing an authentication server to determine whether said authentication server has been accessed by a mobile device, and in response to said determination, provide to said mobile device a list at least of selectable at least one service provider and at least one registered user device other than said mobile device;
  
  computer readable program code for causing the authentication server to receive a selection made at said mobile device of a service provider, from among said at least one selectable service provider, to which access is desired, and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired; and
  
  computer readable program code for causing the authentication server to determine whether one or more requirements of one or more rule sets for authentication has been fulfilled, and based on the determination that the one or more requirements has been fulfilled, send an authentication message to said selected service provider and authorize said selected service provider to allow access by said selected user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ping Identity Corporation
Original Assignee
Ping Identity Corporation
Inventors
Weiner, Avish Jacob, Ne'Man, Ran
Primary Examiner(s)
Qayyum, Zeshan

Application Number

US13/625,148
Publication Number

US 20130023240A1
Time in Patent Office

1,044 Days
Field of Search

705/50, 705/75
US Class Current

1/1
CPC Class Codes

G06Q 20/4015   using location information

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

System and method for transaction security responsive to a signed authentication

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for transaction security responsive to a signed authentication

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links