Authentication tokens managed for use with multiple sites
First Claim
1. At an aggregator service within a distributed computing system that includes the aggregator service and a plurality of different account providers, wherein an account holder is an owner of a plurality of accounts, at least one account of the plurality with each of the different account providers, a method for authenticating the account holder using multi-factor authentication, the method comprising:
- associating, by the aggregator service, the account holder with a single token device, the token device configured to supply the account holder with a single dynamic password linking the account holder with the token device and with the plurality of accounts, at least one account of the plurality with each of the different account providers, the dynamic password having a current value that is synchronously stored at the aggregator service and at the token device, wherein the current value of the dynamic password stored at the token device is updated using a first clocking device, wherein the current value of the dynamic password stored at the aggregator service is updated using a second clocking device, and wherein the first clocking device at the token device and the second clocking device at the aggregator service synchronously update the dynamic password independent of each other;
periodically changing, using a plurality of processor-based computing devices programmed to perform the periodic changing, the current value of the dynamic password by synchronously generating and storing a single, different dynamic password at the aggregator service and at the token device, wherein the periodic changing is programmed to pull the current value of the dynamic password from a table of password values;
associating the account holder with a different client identifier for each of the account providers, each client identifier linking the account holder to the at least one account with one of the account providers, the account providers each being a separate entity from the aggregator service;
receiving a request for authorization to login to a selected account of the plurality of accounts with one of the account providers, the request including the client identifier linking the account holder to the selected account and a proffered password generated by the token device, wherein the dynamic password and the proffered password submitted by a user are associated with a timestamp for indicating a time at which the dynamic password and the proffered password were previously updated; and
performing an authorization operation by determining the dynamic password associated with the account holder using the client identifier and by determining a match between the proffered password received with the request for authorization to login to the selected account and the current value of the dynamic password stored at the aggregator service and associated with the account holder.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for authenticating an account holder using multi-factor authentication. An account holder is associated with a token device configured to supply the account holder with a dynamic password. The dynamic password has a current value that is synchronously stored at an aggregator service and at the token device. The dynamic password is changed periodically. The aggregator service also associates the account holder with at least one account maintained by the account providers. The aggregator service receives an authorization request from either the user or from one of the account providers. The aggregator service performs an authorization operation for determining if a proffered dynamic password submitted by the user during an attempt to login matches the current value of the dynamic password stored at the aggregator service.
-
Citations
15 Claims
-
1. At an aggregator service within a distributed computing system that includes the aggregator service and a plurality of different account providers, wherein an account holder is an owner of a plurality of accounts, at least one account of the plurality with each of the different account providers, a method for authenticating the account holder using multi-factor authentication, the method comprising:
-
associating, by the aggregator service, the account holder with a single token device, the token device configured to supply the account holder with a single dynamic password linking the account holder with the token device and with the plurality of accounts, at least one account of the plurality with each of the different account providers, the dynamic password having a current value that is synchronously stored at the aggregator service and at the token device, wherein the current value of the dynamic password stored at the token device is updated using a first clocking device, wherein the current value of the dynamic password stored at the aggregator service is updated using a second clocking device, and wherein the first clocking device at the token device and the second clocking device at the aggregator service synchronously update the dynamic password independent of each other; periodically changing, using a plurality of processor-based computing devices programmed to perform the periodic changing, the current value of the dynamic password by synchronously generating and storing a single, different dynamic password at the aggregator service and at the token device, wherein the periodic changing is programmed to pull the current value of the dynamic password from a table of password values; associating the account holder with a different client identifier for each of the account providers, each client identifier linking the account holder to the at least one account with one of the account providers, the account providers each being a separate entity from the aggregator service; receiving a request for authorization to login to a selected account of the plurality of accounts with one of the account providers, the request including the client identifier linking the account holder to the selected account and a proffered password generated by the token device, wherein the dynamic password and the proffered password submitted by a user are associated with a timestamp for indicating a time at which the dynamic password and the proffered password were previously updated; and performing an authorization operation by determining the dynamic password associated with the account holder using the client identifier and by determining a match between the proffered password received with the request for authorization to login to the selected account and the current value of the dynamic password stored at the aggregator service and associated with the account holder. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. At an account provider within a distributed computing system that includes an aggregator service and the account provider, a method for authenticating an account holder using multi-factor authentication, the method comprising:
-
generating a single dynamic password that is synchronously stored at the aggregator service and at a token device provided to the account holder, the dynamic password that links the account holder with the token device and with a plurality of accounts held by the account holder with different account providers, wherein the current value of the dynamic password stored at the token device is controlled by a clock device; storing, at the aggregator service, a unique client identifier that links the account holder with a single account of the plurality of accounts held by the account holder with different account providers; receiving a login request including a proffered password and a first form of authentication for identifying the account holder; associating, at the aggregator service, the first form of authentication with the account holder to determine the unique client identifier that links the account holder with the single account of the plurality of accounts held by the account holder with different account providers; communicating with the aggregator service to authenticate the login request by identifying the dynamic password associated with the stored unique client identifier and determining a match between the proffered password and a current value of the dynamic password stored at the aggregator service, wherein determining the match between the proffered password and the current value of the dynamic password stored at the aggregator service comprises comparing a timestamp indicating the time at which the dynamic password was updated with a time at which the login request including the proffered password was submitted by the user to ensure that the proffered password is compared to the dynamic password stored at the aggregator service at the time the login request was received; periodically changing, using a plurality of processor-based computing device programmed to perform the periodic changing, the current value of the dynamic password by synchronously generating and storing another dynamic password different from the dynamic password at the token device and the aggregator service wherein the periodic changing is programmed to pull the current value of the dynamic password and from a table of password values, wherein a first clocking device controlled by the token device, and a second clocking device controlled by the aggregator device, synchronously update the dynamic password independent of each other; and granting the login request in the event the proffered password matches the current value of the dynamic password. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification