System and method for authentication using a mobile communication device

US 9,119,076 B1
Filed: 12/11/2009
Issued: 08/25/2015
Est. Priority Date: 12/11/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing, by a server, access to a data storage storing a plurality of authorized mobile phone numbers, each mobile phone number associated with a corresponding user registered security string unique to the mobile phone number, wherein both the mobile phone number and the security string are compared to a previously registered mobile phone number and a previously registered security string to generate a one-time password that is to be transmitted to a requesting mobile phone associated with the mobile phone number, and wherein the security string comprises an answer to a user-selected security question;

receiving, at the server, a request for a one-time password, the request transmitted from a mobile phone having the mobile phone number, and the request including the security string, the request further being in the form of a short message service message;

matching, by the server, the mobile phone number from the requesting mobile phone and the security string to the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;

generating, by the server, the one-time password when there is a match between the mobile phone number and the security string with one of the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;

transmitting, by the server, the one-time password that can be used without modification to access the data storage by the requesting mobile phone associated with the mobile phone number, anddeactivating, by the server, the one-time password when the one-time password is not used within a prescribed time period, the prescribed time period being calculated by one of a countdown timer initiated by the server upon receiving a request for the one-time password from the mobile phone and a countdown timer initiated by the server upon transmitting the one-time password to the requesting mobile phone.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is a system and method for registering and authenticating a user using a mobile communication device, such as a mobile phone. An authentication server has access to a stored list of authorized mobile phone numbers. Each authorized mobile phone number is associated with a string of text or numeric characters. The server provides a OTP when the user calls or sends a SMS message request from the authorized mobile phone to the server. The verbal or SMS request must contain the stored string, which the server will match against the stored list in order to confirm that the mobile phone is authorized. Once a OTP is provided to the authorized mobile phone, it must be used within a predetermined time limit, or the OTP will expire. The OTP will also be discarded once the server is notified that the OTP has been used. Further, the server will ignore a request for an additional OTP if a previously-provided OTP has not expired or been discarded, or if the server is in the process of generating an OTP for the authorized mobile phone.

42 Citations

View as Search Results

19 Claims

1. A method comprising:
- providing, by a server, access to a data storage storing a plurality of authorized mobile phone numbers, each mobile phone number associated with a corresponding user registered security string unique to the mobile phone number, wherein both the mobile phone number and the security string are compared to a previously registered mobile phone number and a previously registered security string to generate a one-time password that is to be transmitted to a requesting mobile phone associated with the mobile phone number, and wherein the security string comprises an answer to a user-selected security question;
  
  receiving, at the server, a request for a one-time password, the request transmitted from a mobile phone having the mobile phone number, and the request including the security string, the request further being in the form of a short message service message;
  
  matching, by the server, the mobile phone number from the requesting mobile phone and the security string to the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;
  
  generating, by the server, the one-time password when there is a match between the mobile phone number and the security string with one of the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;
  
  transmitting, by the server, the one-time password that can be used without modification to access the data storage by the requesting mobile phone associated with the mobile phone number, anddeactivating, by the server, the one-time password when the one-time password is not used within a prescribed time period, the prescribed time period being calculated by one of a countdown timer initiated by the server upon receiving a request for the one-time password from the mobile phone and a countdown timer initiated by the server upon transmitting the one-time password to the requesting mobile phone.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the one-time password transmitted by the server is in the form of a short message service message.
  - 3. The method of claim 1, further comprising:
    - deactivating the one-time password as soon as the server receives a notification that the one-time password has been used.
  - 4. The method of claim 3, wherein the prescribed time period is one (1) minute.
  - 5. The method of claim 1, further comprising:
    - deactivating the one-time password when the server receives a second request for a one-time password from the mobile phone within a prescribed time period, wherein the prescribed time period beginning when the one-time password request is received at the server.
  - 6. The method of claim 5, wherein the prescribed time period is one (1) minute.

7. A system comprising:
- a processor-based application, which when executed on by a computer processor, will cause the processor to;
  
  provide, by a server, access to a data storage storing a plurality of authorized mobile phone numbers, each mobile phone number associated with a corresponding user registered security string unique to the mobile phone number, wherein both the mobile phone number and the security string are compared to a previously registered mobile phone number and a previously registered security string to generate a one-time password that is to be transmitted to a requesting mobile phone associated with the mobile phone number, and wherein the security string comprises an answer to a user-selected security question;
  
  receive, at the server, a request for a one-time password, the request transmitted in the form of a short message service message from a mobile phone having the mobile phone number, and the request including the security string;
  
  match, by the server, the mobile phone number from the requesting mobile phone and the security string to the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;
  
  generate, by the server, the one-time password when there is a match between the mobile phone number and the security string with one of the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;
  
  transmit, by the server, the one-time password that can be used without modification to access the data storage by the requesting mobile phone associated with the mobile phone number, anddeactivate, by the server, the one-time password when the one-time password is not used within a prescribed time period, the prescribed time period being calculated by one of a countdown timer initiated by the server upon receiving a request for the one-time password from the mobile phone and a countdown timer initiated by the server upon transmitting the one-time password to the requesting mobile phone.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the server transmits the one-time password during a voice call with the mobile phone in the form of a verbalized one-time password.
  - 9. The system of claim 7, wherein the server transmits the one-time password in the form of a short message service message to the mobile phone.
  - 10. The system of claim 7, wherein the application, when executed by the processor further causes the processor to:
    - deactivate the one-time password as soon as the server receives a notification that the one-time password has been used.
  - 11. The system of claim 10, wherein the prescribed time period is one (1) minute.
  - 12. The system of claim 7, further comprising:
    - when the server receives a second request for a one-time password from the mobile phone within a prescribed time period, the application, when executed by the processor, further causes the processor to deactivate the one-time password, wherein the prescribed time period beginning when the one-time password request is received at the server.
  - 13. The system of claim 12, wherein the prescribed time period is one (1) minute.

14. A computer program product comprising computer-readable program code to be executed by one or more processors when retrieved from a non-transitory computer-readable medium, the program code including instructions to:
- provide, by a server, access to a data storage storing a plurality of authorized mobile phone numbers, each mobile phone number associated with a corresponding user registered security string unique to the mobile phone number, wherein both the mobile phone number and the security string are compared to a previously registered mobile phone number and a previously registered security string to generate a one-time password that is to be transmitted to a requesting mobile phone associated with the mobile phone number, and wherein the security string comprises an answer to a user-selected security question;
  
  receive, at the server, a request for a one-time password, the request transmitted in the form of a short message service message from a mobile phone having the mobile phone number, and the request including the security string;
  
  match, by the server, the mobile phone number from the requesting mobile phone and the security string to the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;
  
  generate, by the server, the one-time password when there is a match between the mobile phone number and the security string with one of the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;
  
  transmit, by the server, the one-time password that can be used without modification to access the data storage by the requesting mobile phone associated with the mobile phone number, anddeactivate, by the server, the one-time password when the one-time password is not used within a prescribed time period, the prescribed time period being calculated by one of a countdown timer initiated by the server upon receiving a request for the one-time password from the mobile phone and a countdown timer initiated by the server upon transmitting the one-time password to the requesting mobile phone.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer program product of claim 14, wherein the server transmits the one-time password in the form of a short message service message to the mobile phone.
  - 16. The computer program product of claim 14, wherein the program code includes further instructions to:
    - deactivate the one-time password as soon as the server receives a notification that the one-time password has been used.
  - 17. The computer program product of claim 16, wherein the prescribed time period is one (1) minute.
  - 18. The computer program product of claim 14, wherein the program code includes further instructions to deactivate the one-time password when the server receives a second request for a one-time password from the mobile phone within a prescribed time period, wherein the prescribed time period beginning when the one-time password request is received at the server.
  - 19. The computer program product of claim 18, wherein the prescribed time period is one (1) minute.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Gubbi, Rajath
Primary Examiner(s)
Agosta, Steve D

Application Number

US12/636,612
Time in Patent Office

2,083 Days
Field of Search

455/409, 455/410, 455/411, 455/418, 455/435.1, 455/466, 455/558, 370/310.2, 370/328, 726/5, 726/6, 726/9, 726/23, 713/150, 713/168, 713/170, 713/172, 713/201, 380/270
US Class Current

1/1
CPC Class Codes

G06F 21/43   wireless channels

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04M 1/72445   for supporting Internet bro...

H04M 2215/32   Involving wireless systems

H04W 12/12   Detection or prevention of ...

System and method for authentication using a mobile communication device

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication using a mobile communication device

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links