Verification of user communication addresses

US 9,270,666 B2
Filed: 11/14/2014
Issued: 02/23/2016
Est. Priority Date: 06/07/2012
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program configured to perform a stateless verification by the at least one computing device that a user of a client has access to a communication address, wherein when executed the program causes the at least one computing device to at least:

generate encrypted verification data for a user account, the encrypted verification data including a first verification code and the communication address associated with the user of the client;

send the encrypted verification data to the client using a first network and a first communication protocol;

transmit a second verification code to the communication address using a second network and a second communication protocol; and

in response to receiving from the client via the first communication protocol the encrypted verification data and the transmitted second verification code received by the communication address, verify that the second verification code was received by the communication address by decrypting the received verification data, retrieving the sent first verification code from the decrypted verification data, and observing that the retrieved first verification code matches the second verification code received by the at least one computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for performing stateless verification of communication addresses. Encrypted verification data is generated for a user account, including a communication address and a first verification code, and a timestamp. The encrypted verification data is sent to a client, and the verification code is transmitted to the communication address. The encrypted verification data and a second verification code are received from the client. The communication address is verified in response to observing that the first verification code from the encrypted verification data matches the second verification code.

Citations

20 Claims

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, the program configured to perform a stateless verification by the at least one computing device that a user of a client has access to a communication address, wherein when executed the program causes the at least one computing device to at least:
- generate encrypted verification data for a user account, the encrypted verification data including a first verification code and the communication address associated with the user of the client;
  
  send the encrypted verification data to the client using a first network and a first communication protocol;
  
  transmit a second verification code to the communication address using a second network and a second communication protocol; and
  
  in response to receiving from the client via the first communication protocol the encrypted verification data and the transmitted second verification code received by the communication address, verify that the second verification code was received by the communication address by decrypting the received verification data, retrieving the sent first verification code from the decrypted verification data, and observing that the retrieved first verification code matches the second verification code received by the at least one computing device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the first verification code is unavailable in encrypted form to the client.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the at least one computing device is configured not to persist the first verification code or the second verification code in data storage.
  - 4. The non-transitory computer-readable medium of claim 1, wherein when executed the program further causes the at least one computing device to authenticate the client for access to the user account before sending the encrypted verification data to the client.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the encrypted verification data further comprises a timestamp, and wherein when executed the program further causes the at least one computing device to, in response to retrieving the timestamp from the decrypted verification data, determine that an age of the retrieved timestamp is less than a maximum threshold age.
  - 6. The non-transitory computer-readable medium of claim 1, wherein when executed the program further causes the at least one computing device to determine that the client has not performed a maximum number of communication address verifications.

7. A system for performing a stateless verification that a user of a client has access to a communication address, the system comprising:
- at least one computing device; and
  
  at least one application executed in the at least one computing device, wherein when executed the at least one application causes the at least one computing device to at least;
  
  generate encrypted verification data for a user account, the encrypted verification data including a first verification code and the communication address associated with the user of the client;
  
  send the encrypted verification data to the client via a network page using a first network and a first communication protocol;
  
  transmit a second verification code to the communication address using a second network and a second communication protocol; and
  
  in response to receiving from the client via the first communication protocol the encrypted verification data and the transmitted second verification code received by the communication address, verify that the transmitted second verification code was received by the communication address by decrypting the received verification data, retrieving the sent first verification code from the decrypted verification data, and observing that the retrieved first verification code matches the second verification code received by the at least one computing device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the encrypted verification data is sent to the client via hypertext transfer protocol (HTTP), and the encrypted verification data and the second verification code are received from the client via an HTTP form submission.
  - 9. The system of claim 7, wherein the client is unable to decrypt the encrypted verification data.
  - 10. The system of claim 7, wherein the at least one computing device is configured not to persist the first verification code or the second verification code in data storage.
  - 11. The system of claim 7, wherein the encrypted verification data further includes an identifier of the user account.
  - 12. The system of claim 7, wherein when executed the at least one application further causes the at least one computing device to at least return an error to the client in response to determining that the retrieved first verification code does not match the second verification code.

13. A method for performing a stateless verification that a user of a client has access to a communication address, the method comprising:
- generating, via at least one of one or more computing devices, encrypted verification data for a user account, the encrypted verification data including a first verification code and the communication address associated with the user of the client;
  
  sending, using a first network and via at least one of the one or more computing devices, the encrypted verification data to the client via a first communication protocol;
  
  transmitting, using a second network and via the at least one of the one or more computing devices, a second verification code to the communication address via a second communication protocol;
  
  receiving from the client via the first communication protocol, by the one or more computing devices, the encrypted verification data and the transmitted second verification code received by the communication address; and
  
  verifying, by the one or more computing devices, that the transmitted second verification code was received by the communication address by decrypting the received verification data, retrieving the sent first verification code from the decrypted verification data, and observing that the retrieved first verification code matches the second verification code received by the one or more computing devices.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, further comprising generating, by the one or more computing devices, a network page including the encrypted verification data in a hidden form field.
  - 15. The method of claim 13, further comprising authenticating, by the one or more computing devices, the client before sending the encrypted verification data to the client.
  - 16. The method of claim 13, wherein generating the encrypted verification data further comprises encrypting, by the one or more computing devices, the encrypted verification data using a symmetric key.
  - 17. The method of claim 13, wherein the encrypted verification data further includes an identifier of the user account, and the method further comprises identifying, by the one or more computing devices, the user account by retrieving the identifier of the user account from the decrypted verification data.
  - 18. The method of claim 13, wherein the encrypted verification data further includes a timestamp, and the method further comprises determining, by the one or more computing devices, that the encrypted verification data is within a maximum threshold age by retrieving the timestamp from the decrypted verification data and comparing an age of the retrieved timestamp to the maximum threshold age.
  - 19. The method of claim 13, wherein the encrypted verification data is sent to the client via hypertext transfer protocol (HTTP), and the encrypted verification data and the second verification code are received from the client via an HTTP form submission.
  - 20. The method of claim 13, wherein the one or more computing devices are configured not to persist the first verification code or the second verification code in data storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Souza, Artur Barbalho de Oliveira, Vippagunta, Rajendra K., White, Justin Tolmar, Shprecher, Tal Elisha, Farrington, Brendan J., Rogers, Jon T.
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
MCCOY, RICHARD ANTHONY

Application Number

US14/542,459
Publication Number

US 20150074391A1
Time in Patent Office

466 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/42   using separate channels for...

H04L 2463/121   Timestamp

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 9/3215   using a plurality of channe...

H04L 9/3226   using a predetermined code,...

H04L 9/3297   involving time stamps, e.g....

Verification of user communication addresses

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of user communication addresses

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links