Online account access control by mobile device

US 9,317,672 B2
Filed: 12/14/2012
Issued: 04/19/2016
Est. Priority Date: 12/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to an online account, the method comprising:

receiving an access control message from a mobile device-that includes a request to disable login access to an online account, wherein the online account is associated with login information comprising a password and identification information associated with the online account;

establishing, in response to receiving the access control message, a short message service communication session with the mobile device;

receiving, via the short message service communication session, identifying information associated with the mobile device, the identifying information including at least one of a Mobile Subscriber Integrated Services Digital Network (MSISDN) number, an International Mobile Subscriber Identity (IMSI), and an International Mobile Station Equipment Identifier (IMEI);

identifying the online account based at least in part on the identifying information associated with the mobile device, wherein the identifying the online account includes comparing an identifier of the mobile device to a plurality of stored identifiers;

sending a user verification query message to the mobile device via the short message service communication session;

receiving a user verification response message from the mobile device via the short message service communication session, wherein the user verification response message includes verification information that is different from the login information for the online account;

verifying the user verification response message, wherein the verifying includes comparing the verification information to stored information; and

if the user verification response message is verified, disabling login access to the online account, such that the online account is prevented from being accessed even when the login information for the online account is correctly entered.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for controlling access to an online account are described. An access control message including an action to be performed on an online account can be sent from a mobile device to a server. A user verification query message can be sent to the mobile device. A user verification response message can be received from the mobile device. The user verification response message can include verification information that is different from login information for the online account. The user verification response message can be verified by comparing the verification information to stored information. If the user verification response message is successfully verified, the action indicated in the access control message can be performed on the online account.

84 Citations

View as Search Results

17 Claims

1. A method for controlling access to an online account, the method comprising:
- receiving an access control message from a mobile device-that includes a request to disable login access to an online account, wherein the online account is associated with login information comprising a password and identification information associated with the online account;
  
  establishing, in response to receiving the access control message, a short message service communication session with the mobile device;
  
  receiving, via the short message service communication session, identifying information associated with the mobile device, the identifying information including at least one of a Mobile Subscriber Integrated Services Digital Network (MSISDN) number, an International Mobile Subscriber Identity (IMSI), and an International Mobile Station Equipment Identifier (IMEI);
  
  identifying the online account based at least in part on the identifying information associated with the mobile device, wherein the identifying the online account includes comparing an identifier of the mobile device to a plurality of stored identifiers;
  
  sending a user verification query message to the mobile device via the short message service communication session;
  
  receiving a user verification response message from the mobile device via the short message service communication session, wherein the user verification response message includes verification information that is different from the login information for the online account;
  
  verifying the user verification response message, wherein the verifying includes comparing the verification information to stored information; and
  
  if the user verification response message is verified, disabling login access to the online account, such that the online account is prevented from being accessed even when the login information for the online account is correctly entered.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the access control message is a short message service (SMS) message.
  - 3. The method of claim 1, wherein the user verification response message includes a cryptographic hash value.
  - 4. The method of claim 1, wherein at least one of the access control message, the user verification query message and the user verification response message is generated by a signed application.
  - 5. The method of claim 1, further comprising:
    - enrolling the online account; and
      
      registering the mobile device in association with the online account.
  - 6. The method of claim 1, wherein disabling login access to the online account prevents access to the account even when correct login information is presented.
  - 7. The method of claim 1, further comprising:
    - receiving a second access control message from the mobile device including a request to enable login access to the online account;
      
      sending a second user verification query message to the mobile device;
      
      receiving a second user verification response message from the mobile device; and
      
      enabling the online account upon verifying the second user verification response message.

8. A mobile device, comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled to the processor, wherein the computer readable medium includes code executable by the processor, the code operative to;
  
  establish, by transmitting an access control message to a server, a short message service communication session with the server, wherein the access control message includes an action to be performed on an online account, wherein the online account in accessed using login information, wherein the action is disabling login access to the online account via the login information, wherein the login information includes a password and identification information associated with the online account, wherein the access control message includes a device identifier that may be used by the server to identify the mobile device, and wherein the identity of the mobile device may be used by the server to identify the online account, the device identifier including at least one of a Mobile Subscriber Integrated Services Digital Network (MSISDN) number, an International Mobile Subscriber Identity (IMSI), and an International Mobile Station Equipment Identifier (IMEI);
  
  receive, via the short message service communication session, a user verification query message from the server; and
  
  send, via the short message service communication session, a user verification response message to the server, wherein the user verification response message includes verification information that is different from the login information for the online account;
  
  wherein if the user verification response message is verified by the server, the login access to the online account via the login information is disabled.
- View Dependent Claims (9, 10, 11)
- - 9. The mobile device of claim 8, wherein the access control message is a short message service (SMS) message.
  - 10. The mobile device of claim 8, wherein the code is further operative to generate a cryptographic hash value to include in the user verification response message.
  - 11. The mobile device of claim 8, wherein at least one of the access control message, the user verification query message and the user verification response message is generated by a signed application.

12. A system for controlling access to an online account, the system comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled to the processor, wherein the computer readable medium includes code executable by the processor, the code operative to;
  
  receive an access control message from a mobile device, wherein the access control message includes an action to be performed on an online account, wherein the online account is accessed using login information, wherein the login information includes a password and identification information associated with the online account;
  
  establish, in response to receiving the access control message, a short message service communication session with the mobile device;
  
  receive, via the short message service communication session, identifying information associated with the mobile device, the identifying information including at least one of a Mobile Subscriber Integrated Services Digital Network (MSISDN) number, an International Mobile Subscriber Identity (IMSI), and an International Mobile Station Equipment Identifier (IMEI);
  
  determine the online account based at least in part on the identifying information associated with the mobile device, wherein determining the online account comprises comparing the identifying information associated with the mobile device to stored mobile device identifiers;
  
  send, via the short message service communication session, a user verification query message to the mobile device;
  
  receive, via the short message service communication session, a user verification response message from the mobile device, wherein the user verification response message includes verification information that is different from the login information for the online account;
  
  verify the user verification response message, wherein the verifying includes comparing the verification information to stored information; and
  
  if the user verification response message is verified, disabling login access to the online account via the login information.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12, wherein the code is further operative to verify the mobile device, wherein the verifying includes comparing an identifier of the mobile device to a plurality of stored identifiers.
  - 14. The system of claim 12, wherein at least one of the access control message, the user verification query message and the user verification response message is a short message service (SMS) message.
  - 15. The system of claim 12, wherein the action is enabling login access to the online account using the login information for the online account.
  - 16. The system of claim 12, wherein the action is disabling editing of information associated with the online account.
  - 17. The system of claim 12, wherein the action is disabling transmitting e-mail from the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Carlson, Mark
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
MOHAMMADI, FAHIMEH M

Application Number

US13/714,995
Publication Number

US 20130160104A1
Time in Patent Office

1,222 Days
Field of Search

726/7, 726 26- 30, 713172-174
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04W 12/069   using certificates or pre-s...

Online account access control by mobile device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

84 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Online account access control by mobile device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links