Enhanced 2CHK authentication security with query transactions

US 9,716,691 B2
Filed: 06/07/2012
Issued: 07/25/2017
Est. Priority Date: 06/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method of operating a security server to perform query transactions via a network, comprising:

receiving, at the security server from a user network device via the network, a request of a user to activate a secure communications channel over the network between the user network device and the security server, the request including an identifying number for the user network device;

transmitting, by the security server in response to the received activation request, an activation code for delivery to the user via another network;

receiving, at the security server from the user network device via the network, an activation code;

comparing, at the security server, the received activation code with the transmitted activation code to validate the received activation code;

activating the secure communications channel based on the validation of the received activation code, wherein the activated secure communications channel is a channel in which data is encrypted based on the validated received activation code, wherein activating the secure communications channel is staggered, with the user network device notified that it is quasi-activated prior to transmission of the activation code by the security server, with the transmission of the activation code by the security server for delivery to the user network device delayed after the request of a user to activate a secure communications channel until a transaction with an enterprise is desired, by the enterprise sending the identifying number for the user network device to the security server, with the security server then transmitting an activation code for delivery to the user network device;

receiving, at the security server from an enterprise network, which is also represented on the network, a query including a question for the user, wherein the correct answer to the question has been previously agreed to by the user and the enterprise;

transmitting, from the security server to the user network device via the secure communications channel, the received enterprise query;

receiving, at the security server from the user network device via the secure communications channel, a user answer to the transmitted enterprise query; and

transmitting the received user answer, from the security server to the enterprise to further authenticate the user to the enterprise.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security server receives a request of a user to activate a secure communications channel over the network and, in response, transmits an activation code for delivery to the user via another network. The security server receives an activation code from the user network device via the network, compares the received activation code with the transmitted activation code to validate the received activation code, and activates the secure communications channel based on the validation. The security server next receives a query including a question for the user from an enterprise represented on the network, transmits the received enterprise query to the user network device via the secure communications channel, and receives, from the user network device via the secure communications channel, a user answer to the transmitted enterprise query. The security server then transmits the received user answer to the enterprise to further authenticate the user to the enterprise.

85 Citations

View as Search Results

13 Claims

1. A method of operating a security server to perform query transactions via a network, comprising:
- receiving, at the security server from a user network device via the network, a request of a user to activate a secure communications channel over the network between the user network device and the security server, the request including an identifying number for the user network device;
  
  transmitting, by the security server in response to the received activation request, an activation code for delivery to the user via another network;
  
  receiving, at the security server from the user network device via the network, an activation code;
  
  comparing, at the security server, the received activation code with the transmitted activation code to validate the received activation code;
  
  activating the secure communications channel based on the validation of the received activation code, wherein the activated secure communications channel is a channel in which data is encrypted based on the validated received activation code, wherein activating the secure communications channel is staggered, with the user network device notified that it is quasi-activated prior to transmission of the activation code by the security server, with the transmission of the activation code by the security server for delivery to the user network device delayed after the request of a user to activate a secure communications channel until a transaction with an enterprise is desired, by the enterprise sending the identifying number for the user network device to the security server, with the security server then transmitting an activation code for delivery to the user network device;
  
  receiving, at the security server from an enterprise network, which is also represented on the network, a query including a question for the user, wherein the correct answer to the question has been previously agreed to by the user and the enterprise;
  
  transmitting, from the security server to the user network device via the secure communications channel, the received enterprise query;
  
  receiving, at the security server from the user network device via the secure communications channel, a user answer to the transmitted enterprise query; and
  
  transmitting the received user answer, from the security server to the enterprise to further authenticate the user to the enterprise.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the other network is an out-of-band authentication network.
  - 3. The method of claim 2, wherein the out-of-band authentication network is a phone network.
  - 4. The method of claim 1, wherein the enterprise question asks for one of a secret shared by the user and the enterprise and information that is personal to the user.
  - 5. The method of claim 1, further comprising:
    - incorporating, at the security server, the received enterprise query into at least one of a voice stream and an image;
      
      wherein the transmitted enterprise query is the enterprise query incorporated into the at least one of the voice stream and the image.
  - 6. The method of claim 5, wherein the voice stream is a voice stream having a voice recognizable by the user and the image is an image having a background known to the user.

7. A method of operating a security server to securely transact business between a user and an enterprise via a network, comprising:
- receiving, at the security server from a user network device via the network, a request of the user to activate a secure communications channel over the network between the user network device and the security server, the request including an identifying number for a user network device;
  
  transmitting, by the security server in response to the received activation request, an activation code for delivery to the user via another network;
  
  receiving, at a security server from the user network device via the network, an activation code;
  
  comparing, at the security server, the received activation code with the transmitted activation code to validate the received activation code;
  
  activating the secure communications channel based on the validation of the received activation code, wherein the activated secure communications channel is a channel in which data is encrypted based on the validated received activation code, wherein activating the secure communications channel is staggered, with the transmission of the activation code by the security server for delivery to the user network device delayed after the request of a user to activate a secure communications channel until a transaction with an enterprise is desired, by the enterprise sending the identifying number for the user network device to the security server, with the security server then transmitting an activation code for delivery to the user network device;
  
  receiving, at the security server from the user network device via the secure communications channel, transaction information including an identifier of the enterprise with which the user desires to enter into the transaction via the network, and details of the desired transaction;
  
  transmitting the transaction information, from the security server to the enterprise via another secure communications channel;
  
  receiving, at the security server from the enterprise via the other secure communications channel, notification that either (i) the transaction has been accepted or (ii) the transaction has been rejected or (iii) additional authentication of the user is required by the enterprise; and
  
  if the received notification is a notification that the transaction has been accepted or rejected, transmitting the received notification from the security server to the user network device via the secure communications channel.

8. An article of manufacture for performing query transactions via a network, comprising:
- non-transitory storage medium; and
  
  logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to;
  
  receive, from a user network device via the network, a request of a user to activate a secure communications channel over the network for communications with the user network device, the request including an identifying number for the user network device;
  
  direct transmission, in response to the received activation request, of an activation code for delivery to the user via another network;
  
  receive, from the user network device via the network, an activation code;
  
  compare the received activation code with the transmitted activation code to validate the received activation code;
  
  activate the secure communications channel based on the validation of the received activation code, wherein the activated secure communications channel is a channel in which data is encrypted based on the validated received activation code, wherein activating the secure communications channel is staggered, with the transmission of the activation code for delivery to the user network device delayed after the request of a user to activate a secure communications channel until a transaction is desired, by an enterprise sending the identifying number for the user network device, with the processor then transmitting an activation code for delivery to the user;
  
  receive, from an enterprise network, which is also represented on the network, a query including a question for the user, wherein the correct answer to the question has been previously agreed to by the user and the enterprise;
  
  direct transmission of the received enterprise query to the user network device via the secure communications channel;
  
  receive, from the user network device via the secure communications channel, a user answer to the transmitted enterprise query; and
  
  direct transmission of the received user answer to the enterprise to further authenticate the user to the enterprise.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The article of manufacture of claim 8, wherein the other network is an out-of-band authentication network.
  - 10. The article of manufacture of claim 9, wherein the out-of-band authentication network is a phone network.
  - 11. The article of manufacture of claim 8, wherein the enterprise question asks for one of a secret shared by the user and the enterprise and information that is personal to the user.
  - 12. The article of manufacture of claim 8, wherein:
    - the stored logic is further configured to cause the processor to operate so as to incorporate the received enterprise query into at least one of a voice stream and an image; and
      
      the enterprise query that is directed to be transmitted is the enterprise query incorporated into the at least one of the voice stream and the image.
  - 13. The method of claim 12, wherein the voice stream is a voice stream having a voice recognizable by the user and the image is an image having a background known to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Payfone Incorporated
Original Assignee
Early Warning Services, LLC
Inventors
Ganesan, Ravi, Sheward, Sally, Tapling, Peter George, Rolfe, Andrew Robert
Primary Examiner(s)
Su, Sarah

Application Number

US13/490,715
Publication Number

US 20130333008A1
Time in Patent Office

1,874 Days
Field of Search

726 2, 726 3, 726 4, 726 5, 726 7, 713182, 713183, 705 64, 709223, 709225, 709227, 709229
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04L 9/3228   One-time or temporary data,...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Enhanced 2CHK authentication security with query transactions

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced 2CHK authentication security with query transactions

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links