Comprehensive authentication and identity system and method
First Claim
1. A method in a computing system for enabling a user to create and login to an account with a website in a secure fashion, the method comprising:
- maintaining, in a storage area associated with a computing system, a telephone number associated with a mobile communication device of a user and user information associated with the user, the user information including contact information and personal information associated with the user;
following a request by the user to create a new account with a website hosted by a third-party computing system distinct from the computing system, the request including the telephone number of the user, performing a mobile communication device verification by;
utilizing the telephone number to send a verification message to the user'"'"'s mobile communication device, the verification message requesting the user to perform a verification action;
receiving a response from the user to the verification message; and
comparing the user'"'"'s response to the requested verification action in order to verify that the user is in possession of the mobile communication device;
if the possession of the mobile communication device by the user has been successfully verified, retrieving at least a portion of the user information from the storage area and providing the retrieved user information to the website to enable the creation of the new account with the website; and
subsequently performing a login process for the website by;
utilizing the telephone number to send a login verification message to the user'"'"'s mobile communication device, the login verification message requesting the user to perform a login verification action, the login verification action comprising pressing a button on the user'"'"'s mobile communication device, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to;
receiving a response from the user to the login verification message;
comparing the user'"'"'s response to the requested login verification action in order to verify that the user is in possession of the mobile communication device; and
allowing the user to access the website if the possession of the mobile communication device by the user has been verified.
1 Assignment
0 Petitions
Accused Products
Abstract
A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user'"'"'s username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process.
-
Citations
19 Claims
-
1. A method in a computing system for enabling a user to create and login to an account with a website in a secure fashion, the method comprising:
-
maintaining, in a storage area associated with a computing system, a telephone number associated with a mobile communication device of a user and user information associated with the user, the user information including contact information and personal information associated with the user; following a request by the user to create a new account with a website hosted by a third-party computing system distinct from the computing system, the request including the telephone number of the user, performing a mobile communication device verification by; utilizing the telephone number to send a verification message to the user'"'"'s mobile communication device, the verification message requesting the user to perform a verification action; receiving a response from the user to the verification message; and comparing the user'"'"'s response to the requested verification action in order to verify that the user is in possession of the mobile communication device; if the possession of the mobile communication device by the user has been successfully verified, retrieving at least a portion of the user information from the storage area and providing the retrieved user information to the website to enable the creation of the new account with the website; and subsequently performing a login process for the website by; utilizing the telephone number to send a login verification message to the user'"'"'s mobile communication device, the login verification message requesting the user to perform a login verification action, the login verification action comprising pressing a button on the user'"'"'s mobile communication device, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to; receiving a response from the user to the login verification message; comparing the user'"'"'s response to the requested login verification action in order to verify that the user is in possession of the mobile communication device; and allowing the user to access the website if the possession of the mobile communication device by the user has been verified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method performed by a computing system for facilitating secure login to a website, the method comprising:
-
receiving a telephone number that identifies a user making a login request to a website that the user has previously accessed, the telephone number being provided by the user to the website in lieu of a set of login credentials, the website maintaining a previously-created account for the user that associates the telephone number with user information including contact information and personal information; wherein the receiving is by a computing system distinct from a third-party computing system hosting the website; performing a mobile communication device verification by; sending a verification message to the user'"'"'s mobile communication device using the telephone number, the verification message requesting the user to perform a verification action, the verification action comprising pressing a button on the user'"'"'s mobile communication device, entering a previously-provided code into the website, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to; detecting an action by the user; and verifying that the user making the login request is in possession of the mobile communication device if the detected action is the requested verification action; and allowing the user to access the website if it has been verified that the mobile communication device is in the possession of the user. - View Dependent Claims (12, 13, 19)
-
-
14. A non-transitory computer readable storage medium with instructions stored thereon that, when executed by a computing system, cause the computing system to perform a method that enables a user to perform secure interactions with websites, the method comprising:
-
following a request by a user to create a new account for the user with a website, accessing a storage area associated with a computing system to retrieve a telephone number associated with a mobile communication device of the user; wherein the website is hosted by a third-party computing system distinct from the computing system; utilizing the telephone number to send a verification message to the mobile communication device of the user, the verification message requesting the user to perform a verification action; detecting an action by the user in response to the verification message; comparing the user'"'"'s action to the requested verification action and verifying that the user is in possession of the mobile communication device if the user'"'"'s action satisfies the requested verification action; if the possession of the mobile communication device by the user has been successfully verified, accessing a storage area associated with the computing system and containing user information associated with the user to retrieve at least a portion of the user information and provide the retrieved user information to the website to enable creation of the new account for the user with the website, wherein the user information that is provided to the website includes at least one of the user'"'"'s username, password, personal information, marketing preferences, or financial information; and performing a login process for the website by; utilizing the telephone number to send a login verification message to the user'"'"'s mobile communication device, the login verification message requesting the user to perform a login verification action, the login verification action comprising pressing a button on the user'"'"'s mobile communication device, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to; receiving a response from the user to the login verification message; comparing the user'"'"'s response to the requested login verification action in order to verify that the user is in possession of the mobile communication device; and allowing the user to access the website if the possession of the mobile communication device by the user has been verified. - View Dependent Claims (15, 16)
-
-
17. A non-transitory computer readable storage medium with instructions stored thereon that, when executed by a computing system, cause the computing system to perform a method to facilitate secure login to a website, the method comprising:
-
receiving, at a computing system, a telephone number that identifies a user making a login request to a website that the user has previously accessed, the telephone number being provided by the user to the website in lieu of a username and a password, the website maintaining a previously-created account for the user that associates the telephone number with user information including contact information and personal information; wherein the computing system is distinct from a third-party computing system which hosts the website; sending a verification message to the user'"'"'s mobile communication device using the telephone number, the verification message requesting the user to perform a verification action, the verification action comprising pressing a button on the user'"'"'s mobile communication device, entering a previously-provided code into the website, sending a confirmation message from the mobile communication device, or providing a response to a verification question that only the user is intended to know the answer to; detecting an action by the user; and verifying that the user making the login request is in possession of the mobile communication device if the received action is the requested verification action; and allowing the user to access the website if it has been verified that the mobile communication device is in the possession of the user. - View Dependent Claims (18)
-
Specification