System and method for authentication using a mobile communication device
First Claim
1. A method comprising:
- providing, by a server, access to a data storage storing a plurality of authorized mobile phone numbers, each mobile phone number associated with a corresponding user registered security string unique to the mobile phone number, wherein both the mobile phone number and the security string are compared to a previously registered mobile phone number and a previously registered security string to generate a one-time password that is to be transmitted to a requesting mobile phone associated with the mobile phone number, and wherein the security string comprises an answer to a user-selected security question;
receiving, at the server, a request for a one-time password, the request transmitted from a mobile phone having the mobile phone number, and the request including the security string, the request further being in the form of a short message service message;
matching, by the server, the mobile phone number from the requesting mobile phone and the security string to the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;
generating, by the server, the one-time password when there is a match between the mobile phone number and the security string with one of the plurality of authorized mobile phone numbers and associated security strings stored in the data storage;
transmitting, by the server, the one-time password that can be used without modification to access the data storage by the requesting mobile phone associated with the mobile phone number, anddeactivating, by the server, the one-time password when the one-time password is not used within a prescribed time period, the prescribed time period being calculated by one of a countdown timer initiated by the server upon receiving a request for the one-time password from the mobile phone and a countdown timer initiated by the server upon transmitting the one-time password to the requesting mobile phone.
9 Assignments
0 Petitions
Accused Products
Abstract
The invention is a system and method for registering and authenticating a user using a mobile communication device, such as a mobile phone. An authentication server has access to a stored list of authorized mobile phone numbers. Each authorized mobile phone number is associated with a string of text or numeric characters. The server provides a OTP when the user calls or sends a SMS message request from the authorized mobile phone to the server. The verbal or SMS request must contain the stored string, which the server will match against the stored list in order to confirm that the mobile phone is authorized. Once a OTP is provided to the authorized mobile phone, it must be used within a predetermined time limit, or the OTP will expire. The OTP will also be discarded once the server is notified that the OTP has been used. Further, the server will ignore a request for an additional OTP if a previously-provided OTP has not expired or been discarded, or if the server is in the process of generating an OTP for the authorized mobile phone.
42 Citations
19 Claims
-
1. A method comprising:
-
providing, by a server, access to a data storage storing a plurality of authorized mobile phone numbers, each mobile phone number associated with a corresponding user registered security string unique to the mobile phone number, wherein both the mobile phone number and the security string are compared to a previously registered mobile phone number and a previously registered security string to generate a one-time password that is to be transmitted to a requesting mobile phone associated with the mobile phone number, and wherein the security string comprises an answer to a user-selected security question; receiving, at the server, a request for a one-time password, the request transmitted from a mobile phone having the mobile phone number, and the request including the security string, the request further being in the form of a short message service message; matching, by the server, the mobile phone number from the requesting mobile phone and the security string to the plurality of authorized mobile phone numbers and associated security strings stored in the data storage; generating, by the server, the one-time password when there is a match between the mobile phone number and the security string with one of the plurality of authorized mobile phone numbers and associated security strings stored in the data storage; transmitting, by the server, the one-time password that can be used without modification to access the data storage by the requesting mobile phone associated with the mobile phone number, and deactivating, by the server, the one-time password when the one-time password is not used within a prescribed time period, the prescribed time period being calculated by one of a countdown timer initiated by the server upon receiving a request for the one-time password from the mobile phone and a countdown timer initiated by the server upon transmitting the one-time password to the requesting mobile phone. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
a processor-based application, which when executed on by a computer processor, will cause the processor to; provide, by a server, access to a data storage storing a plurality of authorized mobile phone numbers, each mobile phone number associated with a corresponding user registered security string unique to the mobile phone number, wherein both the mobile phone number and the security string are compared to a previously registered mobile phone number and a previously registered security string to generate a one-time password that is to be transmitted to a requesting mobile phone associated with the mobile phone number, and wherein the security string comprises an answer to a user-selected security question; receive, at the server, a request for a one-time password, the request transmitted in the form of a short message service message from a mobile phone having the mobile phone number, and the request including the security string; match, by the server, the mobile phone number from the requesting mobile phone and the security string to the plurality of authorized mobile phone numbers and associated security strings stored in the data storage; generate, by the server, the one-time password when there is a match between the mobile phone number and the security string with one of the plurality of authorized mobile phone numbers and associated security strings stored in the data storage; transmit, by the server, the one-time password that can be used without modification to access the data storage by the requesting mobile phone associated with the mobile phone number, and deactivate, by the server, the one-time password when the one-time password is not used within a prescribed time period, the prescribed time period being calculated by one of a countdown timer initiated by the server upon receiving a request for the one-time password from the mobile phone and a countdown timer initiated by the server upon transmitting the one-time password to the requesting mobile phone. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
14. A computer program product comprising computer-readable program code to be executed by one or more processors when retrieved from a non-transitory computer-readable medium, the program code including instructions to:
-
provide, by a server, access to a data storage storing a plurality of authorized mobile phone numbers, each mobile phone number associated with a corresponding user registered security string unique to the mobile phone number, wherein both the mobile phone number and the security string are compared to a previously registered mobile phone number and a previously registered security string to generate a one-time password that is to be transmitted to a requesting mobile phone associated with the mobile phone number, and wherein the security string comprises an answer to a user-selected security question; receive, at the server, a request for a one-time password, the request transmitted in the form of a short message service message from a mobile phone having the mobile phone number, and the request including the security string; match, by the server, the mobile phone number from the requesting mobile phone and the security string to the plurality of authorized mobile phone numbers and associated security strings stored in the data storage; generate, by the server, the one-time password when there is a match between the mobile phone number and the security string with one of the plurality of authorized mobile phone numbers and associated security strings stored in the data storage; transmit, by the server, the one-time password that can be used without modification to access the data storage by the requesting mobile phone associated with the mobile phone number, and deactivate, by the server, the one-time password when the one-time password is not used within a prescribed time period, the prescribed time period being calculated by one of a countdown timer initiated by the server upon receiving a request for the one-time password from the mobile phone and a countdown timer initiated by the server upon transmitting the one-time password to the requesting mobile phone. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification