Direct authentication system and method via trusted authenticators

US 9,703,938 B2
Filed: 10/02/2012
Issued: 07/11/2017
Est. Priority Date: 08/29/2001
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for enhancing network security by authenticating a user during an electronic transaction between the user and a computer system, the method comprising:

receiving, at a computer of a trusted authentication system, during said electronic transaction between the user and the computer system, an electronic request for a dynamic code for the user;

generating, during said electronic transaction, by a dynamic code generator of the trusted authentication system, a dynamic code for the user in response to the request, wherein the dynamic code is valid for a predetermined time, and becomes invalid after being used;

providing by the computer of the trusted authentication system said generated valid dynamic code to the user during said electronic transaction;

receiving electronically by the trusted authentication system a request for authenticating the user from the computer system based on a digital identity including user specific information and the dynamic code, wherein the user is remote from the computer system as well as from the trusted authentication system during the transaction;

the trusted authentication system authenticating the user during the transaction based on the digital identity including the user specific information and the dynamic code, wherein the dynamic code is used for authenticating the user for a first time within the predetermined time after a generation of the dynamic code; and

the trusted authentication system providing a result of the authenticating to the computer system during said electronic transaction,wherein the authenticating is based on the user specific information, the received dynamic code, and a current time, andwherein the electronic request for the dynamic code is digitally triggered during the transaction and the triggered request is received by the trusted authentication system during the transaction.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Fraud and identity theft are enabled by two faulty assumptions about the way that the identity of a person is verified in our society. The first is that someone who demonstrates knowledge of certain items of personal or financial information about a particular person is presumed to be that person. The second assumption, which gives rise to the first assumption, is that these items of information can be kept confidential. Because fraudsters and identity thieves often seek to use their victim'"'"'s personal and financial information, this invention proposes a direct authentication system and method that does not depend on these assumptions. The proposed method enables businesses to determine whether the customer is truly the person who he says he is by adopting a new “two-factor” authentication technique and authenticating customer'"'"'s identity utilizing customer'"'"'s trusted authenticator. A customer'"'"'s trusted authenticator can be found within the financial services community; in particular, a bank or other financial institution with whom the customer has a trusted relationship, such as a bank account.

98 Citations

26 Claims

1. A method for enhancing network security by authenticating a user during an electronic transaction between the user and a computer system, the method comprising:
- receiving, at a computer of a trusted authentication system, during said electronic transaction between the user and the computer system, an electronic request for a dynamic code for the user;
  
  generating, during said electronic transaction, by a dynamic code generator of the trusted authentication system, a dynamic code for the user in response to the request, wherein the dynamic code is valid for a predetermined time, and becomes invalid after being used;
  
  providing by the computer of the trusted authentication system said generated valid dynamic code to the user during said electronic transaction;
  
  receiving electronically by the trusted authentication system a request for authenticating the user from the computer system based on a digital identity including user specific information and the dynamic code, wherein the user is remote from the computer system as well as from the trusted authentication system during the transaction;
  
  the trusted authentication system authenticating the user during the transaction based on the digital identity including the user specific information and the dynamic code, wherein the dynamic code is used for authenticating the user for a first time within the predetermined time after a generation of the dynamic code; and
  
  the trusted authentication system providing a result of the authenticating to the computer system during said electronic transaction,wherein the authenticating is based on the user specific information, the received dynamic code, and a current time, andwherein the electronic request for the dynamic code is digitally triggered during the transaction and the triggered request is received by the trusted authentication system during the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 which further includes:
    - storing the dynamic code at the computer of the trusted authentication system along with an indication of the time at which the dynamic code was generated.
  - 3. The method of claim 1, wherein the trusted authentication system receives authentication requests from multiple computer systems.
  - 4. The method of claim 1, wherein the authenticating rejects authentication in the event the authentication request is received more than a predetermined time after the dynamic code was generated.
  - 5. The method of claim 4, wherein the trusted authentication system receives authentication requests from multiple computer systems.
  - 6. The method of claim 1, wherein the dynamic code is numeric.
  - 7. The method of claim 1, wherein the dynamic code is alphanumeric.
  - 8. The method of claim 1 which further includes forwarding the dynamic code by the user to the computer system.
  - 9. The method of claim 8, wherein the dynamic code is numeric.
  - 10. The method of claim 8, wherein the dynamic code is alphanumeric.
  - 11. The method of claim 1, wherein the computer system and the trusted authentication system are separate systems.
  - 12. The method of claim 1, wherein the trusted authentication system has at least one computer server.
  - 13. The method of claim 1, wherein the digital identity is the dynamic code and the user specific information taken together.
  - 14. The method of claim 1, wherein the user, the computer system and the trusted authentication system are in electronic communication with each other during the transaction for authenticating the user.
  - 15. The method of claim 1, wherein the dynamic code is a non-predictable digital code.

16. A method for enhancing network security by authenticating a user during an electronic transaction between the user and one of plural computer systems available to the user with which the user can engage in the electronic transaction over a communication network, the method comprising:
- receiving, at a computer of a trusted authentication system, during said electronic transaction between the user and that one of the computer systems engaged in the electronic transaction with the user, an electronic request for a dynamic code for the user;
  
  generating, by a dynamic code generator of the trusted authentication system, a dynamic code for the user in response to the electronic request for the dynamic code, wherein the dynamic code is valid for a predetermined time, and becomes invalid after being used;
  
  providing by the computer of the trusted authentication system said valid dynamic code to the user during the electronic transaction;
  
  the trusted authentication system receiving electronically, during the electronic transaction, a request for authenticating the user from that one of the plural computer systems engaged in the electronic transaction with the user, the request including a digital identity comprising user specific information and the dynamic code, wherein the user is remote from the trusted authentication system as well as from that one of the plural computer systems during the transaction;
  
  the trusted authentication system authenticating, during the electronic transaction, the user based on the digital identity including the user specific information and the dynamic code, wherein the dynamic code is used for authenticating the user for a first time within the predetermined time after a generation of the dynamic code; and
  
  the trusted authentication system providing, during the electronic transaction, a result of the authenticating to that one of the computer systems engaged in the electronic transaction with the user,wherein the authenticating is based on the user specific information, the received dynamic code and a current time, andwherein the electronic request for the dynamic code is digitally triggered during the transaction and the triggered request is received by the trusted authentication system during the transaction.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The method of claim 16 which further includes:
    - storing the dynamic code at the computer of the trusted authentication system along with an indication of the time at which the dynamic code was generated.
  - 18. The method of claim 16 which further includes forwarding the dynamic code by the user to the computer systems engaged in the electronic transaction with the user.
  - 19. The method of claim 16, wherein the authenticating rejects authentication in the event the authentication request is received more than a predetermined time after the dynamic code was generated.
  - 20. The method of claim 16, wherein the dynamic code is numeric.
  - 21. The method of claim 16, wherein the dynamic code is alphanumeric.
  - 22. The method of claim 16, wherein the computer systems and the trusted authentication system are separate systems.
  - 23. The method of claim 16, wherein the trusted authentication system has at least one computer server.
  - 24. The method of claim 16, wherein the digital identity is the dynamic code and the user specific information taken together.
  - 25. The method of claim 16, wherein the user, that one of the plural computer systems and the trusted authentication system are in electronic communication with each other during the transaction for authenticating the user.
  - 26. The method of claim 16, wherein the dynamic code is a non-predictable digital code.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Factor2 Multimedia Systems, LLC
Original Assignee
Kamran Asghari-Kamrani, Nader Asghari-Kamrani
Inventors
Asghari-Kamrani, Nader, Asghari-Kamrani, Kamran
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US13/633,680
Publication Number

US 20130191889A1
Time in Patent Office

1,743 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6245   Protecting personal data, e...

G06F 2221/2115   Third party

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

H04L 2463/082   applying multi-factor authe...

H04L 63/0421   Anonymous communication, i....

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0838   using one-time-passwords

H04L 63/0892   by using authentication-aut...

Direct authentication system and method via trusted authenticators

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

98 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Direct authentication system and method via trusted authenticators

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links