Comprehensive authentication and identity system and method

US 9,166,967 B2
Filed: 09/26/2012
Issued: 10/20/2015
Est. Priority Date: 09/26/2012
Status: Active Grant

First Claim

Patent Images

1. A method in a computing system for enabling a user to create and login to an account with a website in a secure fashion, the method comprising:

maintaining, in a storage area associated with a computing system, a telephone number associated with a mobile communication device of a user and user information associated with the user, the user information including contact information and personal information associated with the user;

following a request by the user to create a new account with a website hosted by a third-party computing system distinct from the computing system, the request including the telephone number of the user, performing a mobile communication device verification by;

utilizing the telephone number to send a verification message to the user'"'"'s mobile communication device, the verification message requesting the user to perform a verification action;

receiving a response from the user to the verification message; and

comparing the user'"'"'s response to the requested verification action in order to verify that the user is in possession of the mobile communication device;

if the possession of the mobile communication device by the user has been successfully verified, retrieving at least a portion of the user information from the storage area and providing the retrieved user information to the website to enable the creation of the new account with the website; and

subsequently performing a login process for the website by;

utilizing the telephone number to send a login verification message to the user'"'"'s mobile communication device, the login verification message requesting the user to perform a login verification action, the login verification action comprising pressing a button on the user'"'"'s mobile communication device, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to;

receiving a response from the user to the login verification message;

comparing the user'"'"'s response to the requested login verification action in order to verify that the user is in possession of the mobile communication device; and

allowing the user to access the website if the possession of the mobile communication device by the user has been verified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user'"'"'s username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process.

Citations

19 Claims

1. A method in a computing system for enabling a user to create and login to an account with a website in a secure fashion, the method comprising:
- maintaining, in a storage area associated with a computing system, a telephone number associated with a mobile communication device of a user and user information associated with the user, the user information including contact information and personal information associated with the user;
  
  following a request by the user to create a new account with a website hosted by a third-party computing system distinct from the computing system, the request including the telephone number of the user, performing a mobile communication device verification by;
  
  utilizing the telephone number to send a verification message to the user'"'"'s mobile communication device, the verification message requesting the user to perform a verification action;
  
  receiving a response from the user to the verification message; and
  
  comparing the user'"'"'s response to the requested verification action in order to verify that the user is in possession of the mobile communication device;
  
  if the possession of the mobile communication device by the user has been successfully verified, retrieving at least a portion of the user information from the storage area and providing the retrieved user information to the website to enable the creation of the new account with the website; and
  
  subsequently performing a login process for the website by;
  
  utilizing the telephone number to send a login verification message to the user'"'"'s mobile communication device, the login verification message requesting the user to perform a login verification action, the login verification action comprising pressing a button on the user'"'"'s mobile communication device, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to;
  
  receiving a response from the user to the login verification message;
  
  comparing the user'"'"'s response to the requested login verification action in order to verify that the user is in possession of the mobile communication device; and
  
  allowing the user to access the website if the possession of the mobile communication device by the user has been verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the account creation is associated with a purchase transaction via the website, and the provided user information is utilized for the purchase transaction.
  - 3. The method of claim 2, wherein after the purchase transaction is completed by the website, the website does not keep a record of the provided user information.
  - 4. The method of claim 1, wherein after the account creation for the website has been successfully completed, the user is allowed to access the website.
  - 5. The method of claim 1, wherein the request to create the new account is made by the submission of the telephone number associated with the mobile communication device on a user interface of the website.
  - 6. The method of claim 1, wherein the user information associated with the user further comprises at least one of the user'"'"'s username, password, marketing preferences, or financial information.
  - 7. The method of claim 1, wherein the user information that is to be utilized for the account creation with the website comprises information that the user has pre-authorized to be provided to the website.
  - 8. The method of claim 1, wherein the method is repeated for secure interactions with a plurality of different websites.
  - 9. The method of claim 8, wherein the portion of the user information provided to each of the plurality of different websites varies on a website-by-website basis.
  - 10. The method of claim 1, wherein the verification message includes a verification code and the verification action is entering the verification code into the website by the user.

11. A method performed by a computing system for facilitating secure login to a website, the method comprising:
- receiving a telephone number that identifies a user making a login request to a website that the user has previously accessed, the telephone number being provided by the user to the website in lieu of a set of login credentials, the website maintaining a previously-created account for the user that associates the telephone number with user information including contact information and personal information;
  
  wherein the receiving is by a computing system distinct from a third-party computing system hosting the website;
  
  performing a mobile communication device verification by;
  
  sending a verification message to the user'"'"'s mobile communication device using the telephone number, the verification message requesting the user to perform a verification action, the verification action comprising pressing a button on the user'"'"'s mobile communication device, entering a previously-provided code into the website, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to;
  
  detecting an action by the user; and
  
  verifying that the user making the login request is in possession of the mobile communication device if the detected action is the requested verification action; and
  
  allowing the user to access the website if it has been verified that the mobile communication device is in the possession of the user.
- View Dependent Claims (12, 13, 19)
- - 12. The method of claim 11, further comprising, if the detected action is not the requested verification action:
    - sending a second verification message to the user'"'"'s mobile communication device using the telephone number, the second verification message requesting the user to perform a second verification action;
      
      detecting a second action by the user; and
      
      verifying that the user making the login request is in possession of the mobile communication device if the second detected action is the requested second verification action.
  - 13. The method of claim 12, further comprising denying the user access to the website for a period of time if the second detected action is not the requested second verification action.
  - 19. The method of claim 11, wherein allowing the user to access the website if it has been verified that the mobile communication device is in the possession of the user further comprises transmitting a confirmation to the website to indicate that the user should be granted access to the website.

14. A non-transitory computer readable storage medium with instructions stored thereon that, when executed by a computing system, cause the computing system to perform a method that enables a user to perform secure interactions with websites, the method comprising:
- following a request by a user to create a new account for the user with a website, accessing a storage area associated with a computing system to retrieve a telephone number associated with a mobile communication device of the user;
  
  wherein the website is hosted by a third-party computing system distinct from the computing system;
  
  utilizing the telephone number to send a verification message to the mobile communication device of the user, the verification message requesting the user to perform a verification action;
  
  detecting an action by the user in response to the verification message;
  
  comparing the user'"'"'s action to the requested verification action and verifying that the user is in possession of the mobile communication device if the user'"'"'s action satisfies the requested verification action;
  
  if the possession of the mobile communication device by the user has been successfully verified, accessing a storage area associated with the computing system and containing user information associated with the user to retrieve at least a portion of the user information and provide the retrieved user information to the website to enable creation of the new account for the user with the website, wherein the user information that is provided to the website includes at least one of the user'"'"'s username, password, personal information, marketing preferences, or financial information; and
  
  performing a login process for the website by;
  
  utilizing the telephone number to send a login verification message to the user'"'"'s mobile communication device, the login verification message requesting the user to perform a login verification action, the login verification action comprising pressing a button on the user'"'"'s mobile communication device, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to;
  
  receiving a response from the user to the login verification message;
  
  comparing the user'"'"'s response to the requested login verification action in order to verify that the user is in possession of the mobile communication device; and
  
  allowing the user to access the website if the possession of the mobile communication device by the user has been verified.
- View Dependent Claims (15, 16)
- - 15. The computer readable storage medium of claim 14, wherein the verification message includes a verification code and the verification action comprises entering the verification code into the website.
  - 16. The computer readable storage medium of claim 14, wherein the user information that is provided to the website is determined by one or more rules that are defined by the user.

17. A non-transitory computer readable storage medium with instructions stored thereon that, when executed by a computing system, cause the computing system to perform a method to facilitate secure login to a website, the method comprising:
- receiving, at a computing system, a telephone number that identifies a user making a login request to a website that the user has previously accessed, the telephone number being provided by the user to the website in lieu of a username and a password, the website maintaining a previously-created account for the user that associates the telephone number with user information including contact information and personal information;
  
  wherein the computing system is distinct from a third-party computing system which hosts the website;
  
  sending a verification message to the user'"'"'s mobile communication device using the telephone number, the verification message requesting the user to perform a verification action, the verification action comprising pressing a button on the user'"'"'s mobile communication device, entering a previously-provided code into the website, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to;
  
  detecting an action by the user; and
  
  verifying that the user making the login request is in possession of the mobile communication device if the received action is the requested verification action; and
  
  allowing the user to access the website if it has been verified that the mobile communication device is in the possession of the user.
- View Dependent Claims (18)
- - 18. The computer readable storage medium of claim 17, wherein allowing the user to access the website further comprises transmitting a confirmation to the website to indicate that the user should be granted access to the website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TeleSign Corporation (Government of Belgium)
Original Assignee
TeleSign Corporation (Government of Belgium)
Inventors
Berkovitz, Darren, Disraeli, Ryan Parker, Stubblefield, Stacy Lyn
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US13/627,612
Publication Number

US 20140090021A1
Time in Patent Office

1,119 Days
Field of Search

726 1- 5
US Class Current

1/1
CPC Class Codes

G05B 2219/24159   Several levels of security,...

G06F 21/41   where a single sign-on prov...

G06F 21/43   wireless channels

G06F 21/45   Structures or tools for the...

G06F 2221/2117   User registration

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

Comprehensive authentication and identity system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Comprehensive authentication and identity system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links