Dynamic secure login authentication

US 9,104,855 B2
Filed: 09/07/2012
Issued: 08/11/2015
Est. Priority Date: 09/07/2012
Status: Active Grant

First Claim

Patent Images

1. A system for performing transactions using a network, the system comprising:

a server in communication with the network, the server comprising a processor circuit and a memory circuit;

wherein;

the memory circuit stores private account information from registered users; and

the memory circuit stores commands that when executed by the processor circuit cause the server to perform a method comprising;

requesting login information for a private account from a user using a login identifier for the private account;

when the login information is not received from the user;

determining whether a transaction is below a risk threshold determined by a risk assessment algorithm, the risk assessment algorithm using a purchase history associated with the private account;

terminating the transaction when the transaction is not determined to be below the risk threshold;

completing the transaction with the private account using a guest login when the transaction is determined to be below the risk threshold upon later confirming the login information, later confirming the login information by confirming, after completing the transaction with the guest login, the login information using a login configuration;

wherein;

the login configuration comprises a matrix of dynamic symbols; and

confirming the login information comprises;

determining an expected password for the user based on a stored trace pattern provided by the user and the symbols in the matrix;

receiving a password from the user; and

determining whether the password matches the expected password.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for performing a secured transaction using a network including a server in communication with the network is provided. The server has a processor and a memory to store private account information from registered users and store commands that when executed by the processor cause the server to perform a method including: providing a login configuration to a user, including a matrix of dynamic symbols; determining an expected password for the user based on a trace pattern from the user and the symbols in the matrix; receiving a password from the user; and determining whether the password matches the expected password. A non-transitory machine-readable medium including a plurality of machine-readable instructions which when executed by one or more processors of a server controlled by a service provider are adapted to cause the server to perform a method as above is also provided.

42 Citations

View as Search Results

18 Claims

1. A system for performing transactions using a network, the system comprising:
- a server in communication with the network, the server comprising a processor circuit and a memory circuit;
  
  wherein;
  
  the memory circuit stores private account information from registered users; and
  
  the memory circuit stores commands that when executed by the processor circuit cause the server to perform a method comprising;
  
  requesting login information for a private account from a user using a login identifier for the private account;
  
  when the login information is not received from the user;
  
  determining whether a transaction is below a risk threshold determined by a risk assessment algorithm, the risk assessment algorithm using a purchase history associated with the private account;
  
  terminating the transaction when the transaction is not determined to be below the risk threshold;
  
  completing the transaction with the private account using a guest login when the transaction is determined to be below the risk threshold upon later confirming the login information, later confirming the login information by confirming, after completing the transaction with the guest login, the login information using a login configuration;
  
  wherein;
  
  the login configuration comprises a matrix of dynamic symbols; and
  
  confirming the login information comprises;
  
  determining an expected password for the user based on a stored trace pattern provided by the user and the symbols in the matrix;
  
  receiving a password from the user; and
  
  determining whether the password matches the expected password.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1 wherein the login configuration further comprises a password request.
  - 3. The system of claim 1 wherein the login information includes a sequence of matrix elements pre-selected by the user.
  - 4. The system of claim 1 wherein the method performed by the server further comprises:
    - storing a sequence of matrix elements pre-selected by the user in the memory circuit.
  - 5. The system of claim 4 wherein the expected password comprises a sequence of symbols selected from the sequence of matrix elements pre-selected by the user in the memory circuit.
  - 6. The system of claim 4 wherein each of the matrix elements comprises at least a symbol and a background fill is different for each of the matrix elements.

7. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions which when executed by one or more processors of a server controlled by a service provider cause the server to perform a method comprising:
- requesting, electronically by a first processor in the server, login information from a user for a private account, the login information comprising an account password and a login identifier;
  
  when the account password is not received from the user, determining whether a transaction is below a risk threshold determined by a risk assessment algorithm, the risk assessment algorithm using a purchase history associated with the private account;
  
  terminating the transaction when the transaction is not determined to be below the risk threshold;
  
  completing the transaction with the private account using a guest login when the transaction is determined to be below the risk threshold and later confirmation of the login information, the later confirmation of the login information comprising;
  
  providing, electronically by the first processor in the server, a matrix pattern option;
  
  generating a matrix of dynamic symbols;
  
  generating an alternate password based on a stored trace pattern for the user and the dynamic symbols in the matrix; and
  
  completing the transaction when a password received from the user matches the alternate password.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory machine-readable medium of claim 7 wherein the matrix of cells includes a background fill to visually blur the dynamic symbols.
  - 9. The non-transitory machine-readable medium of claim 7 wherein receiving the alternate password from the user comprises receiving information from a selected sequence of adjacent matrix elements.
  - 10. The non-transitory machine-readable medium of claim 9 wherein the stored trace pattern is selected by the user.
  - 11. The non-transitory machine-readable medium of claim 9 further comprising placing matrix elements in the matrix of cells in the selected sequence of matrix elements to generate the alternate password, wherein a background fill is different for each of the matrix elements.
  - 12. The non-transitory machine-readable medium of claim 11 further comprising storing the selected sequence of matrix elements in a memory circuit in the server.

13. A method to login into a user account of a service provider linked to a network to complete a transaction through the network, the method comprising:
- requesting, electronically by a processor in a server, login information from a user for a private account, the login information comprising an account password and a login identifier;
  
  when the account password is not received from the user, determining, electronically by the processor in the server, whether a transaction is below a risk threshold determined by a risk assessment algorithm, the risk assessment algorithm using a purchase history associated with the private account;
  
  terminating the transaction when the transaction is not determined to be below the risk threshold;
  
  completing the transaction with the private account using a guest login when the transaction is determined to be below the risk threshold and later confirmation of the login information, the later confirmation of the login information comprising;
  
  providing, electronically by the processor in the server, a matrix pattern option;
  
  generating a matrix of dynamic symbols, wherein the matrix of dynamic symbols includes a background fill that visually blurs the dynamic symbols;
  
  generating an alternate password based on a stored trace pattern for the user and the dynamic symbols in the matrix; and
  
  completing the transaction when a password received from the user matches the alternate password.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13 further comprising completing the transaction when the account password is received from the user.
  - 15. The method of claim 13 further comprising when the account password is not received from the user requesting, electronically by the processor in the server, the password from the user;
    - andterminating the transaction when the password received from the user does not match the alternate password.
  - 16. The method of claim 13 wherein the generating an alternate password comprises selecting symbols from the matrix of dynamic symbols according to a pre-selected sequence.
  - 17. The method of claim 16 wherein selecting symbols from the matrix of dynamic symbols includes retrieving the pre-selected sequence from a memory circuit.
  - 18. The method of claim 17 further comprising receiving the pre-selected sequence from the user upon user registration;
    - andstoring the pre-selected sequence in a memory circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Vargas, Luis, Aggarwal, Vishal, Kandlur, Yogesh
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
MURPHY, JOSEPH B

Application Number

US13/607,380
Publication Number

US 20140075512A1
Time in Patent Office

1,068 Days
Field of Search

726/4, 726 1- 36, 713150-194
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/36   by graphic or iconic repres...

G06F 21/46   by designing passwords or c...

G06F 21/606   by securing the transmissio...

H04L 63/083   using passwords cryptograph...

Dynamic secure login authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic secure login authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links