Enhanced multi factor authentication

US 9,762,576 B2
Filed: 02/26/2009
Issued: 09/12/2017
Est. Priority Date: 11/16/2006
Status: Active Grant

First Claim

Patent Images

1. A method for confirming events initiated by a user, the method comprising:

receiving an indication of the user initiating an event via a first device;

based at least on receiving the indication of the user initiating the event via the first device, initiating a telephone call or sending a text message over a communications network to a pre-registered number associated with a second device of the user, the pre-registered number having been registered before the user initiated event;

sending, over the communications network, an outgoing message to the user'"'"'s second device, the outgoing message comprising replayed event data information specific to the user initiated event, the replayed event data information comprising

1) information describing the user initiated event and

2) information identifying the user initiated event;

receiving, over the communications network, a response to the outgoing message, the response being generated from the user'"'"'s second device;

determining whether the response from the user'"'"'s second device matches pre-selected authentication information, the pre-selected authentication information having been pre-selected before the user initiated event is initiated; and

based at least on determining that the response from the user'"'"'s second device matches the pre-selected authentication information, confirming the user initiated event, otherwise not confirming the user initiated event, wherein, upon a condition in which the user initiated event is not confirmed, a first error message is transmitted to the first device and a second error message is transmitted to the second device, whereby the first device, which was used to initiate the event, receives the first error message and the second device, which was used to respond to the outgoing message, receives the second error message, and wherein at least one of the first error message or the second error message provides the user with an opportunity to reinitiate the event.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.

118 Citations

22 Claims

1. A method for confirming events initiated by a user, the method comprising:
- receiving an indication of the user initiating an event via a first device;
  
  based at least on receiving the indication of the user initiating the event via the first device, initiating a telephone call or sending a text message over a communications network to a pre-registered number associated with a second device of the user, the pre-registered number having been registered before the user initiated event;
  
  sending, over the communications network, an outgoing message to the user'"'"'s second device, the outgoing message comprising replayed event data information specific to the user initiated event, the replayed event data information comprising
  
  1) information describing the user initiated event and
  
  2) information identifying the user initiated event;
  
  receiving, over the communications network, a response to the outgoing message, the response being generated from the user'"'"'s second device;
  
  determining whether the response from the user'"'"'s second device matches pre-selected authentication information, the pre-selected authentication information having been pre-selected before the user initiated event is initiated; and
  
  based at least on determining that the response from the user'"'"'s second device matches the pre-selected authentication information, confirming the user initiated event, otherwise not confirming the user initiated event, wherein, upon a condition in which the user initiated event is not confirmed, a first error message is transmitted to the first device and a second error message is transmitted to the second device, whereby the first device, which was used to initiate the event, receives the first error message and the second device, which was used to respond to the outgoing message, receives the second error message, and wherein at least one of the first error message or the second error message provides the user with an opportunity to reinitiate the event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the outgoing message includes information specific to a geographic location from where the user initiated event was initiated.
  - 3. The method of claim 1, wherein the user initiated event is associated with a financial transaction.
  - 4. The method of claim 3, wherein the outgoing message includes a monetary amount of the financial transaction.
  - 5. The method of claim 3, wherein the outgoing message includes an account information of one or more accounts involved in the financial transaction.
  - 6. The method of claim 1, wherein the response from the user'"'"'s second device includes a sequence of one or more keystrokes of digits or symbols entered on the user'"'"'s second device.
  - 7. The method of claim 1, wherein the outgoing message is selected from one or more event templates, wherein the event templates include at least one of the following:
    - (a) one or more pre-recorded spoken language messages;
      
      (b) one or more digit strings rendered in spoken language; and
      
      (c) one or more text strings rendered in spoken language.
  - 8. The method of claim 1, wherein the outgoing message includes a pre-recorded static message.
  - 9. The method of claim 1, wherein the replayed event data information included within the outgoing message is a prerecorded, customized voice message in the user'"'"'s own voice.
  - 10. The method of claim 1, wherein the pre-selected authentication information, which was pre-selected before the user initiated event, requires the user to initiate a call back to authenticate the user, whereby, to be considered authenticated, the user is required to call a determined number.

11. A computer-readable hardware storage medium with an executable program stored thereon for confirming events initiated by a user, wherein the program instructs at least one computer to:
- receive an indication of the user initiating an event via a client device;
  
  based at least on receiving the indication of the user initiating the event via the client device, initiating a telephone call or sending a text message over a communications network to a pre-registered number associated with a telecommunications device of the user, the pre-registered number having been registered before the user initiated event;
  
  send, over the communications network, an outgoing message to the user'"'"'s telecommunications device, the outgoing message comprising replayed event data information specific to the event, the replayed event data information comprising
  
  1) information describing the event and
  
  2) information identifying the event;
  
  receive, over the communications network, a response to the outgoing message, the response being generated from the user'"'"'s telecommunications device;
  
  determine whether the response from the user'"'"'s telecommunications device matches pre-selected authentication information, the pre-selected authentication information having been pre-selected before the event is initiated; and
  
  based at least on determining that the response from the user'"'"'s telecommunications device matches the pre-selected authentication information, confirming the event, otherwise not confirming the event, wherein, upon a condition in which the event is not confirmed, a first error message is transmitted to the client device and a second error message is transmitted to the telecommunications device, whereby the client device, which was used to initiate the event, receives the first error message and the telecommunications device, which was used to respond to the outgoing message, receives the second error message, and wherein at least one of the first error message or the second error message provides the user with an opportunity to reinitiate the event.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The computer-readable hardware storage medium of claim 11, wherein the outgoing message includes information specific to a geographic location from where the event was initiated.
  - 13. The computer-readable hardware storage medium of claim 11, wherein the event is associated with a financial transaction.
  - 14. The computer-readable hardware storage medium of claim 13, wherein the outgoing message includes a monetary amount of the financial transaction.
  - 15. The computer-readable hardware storage medium of claim 13, wherein the outgoing message includes an account information of one or more accounts involved in the financial transaction.
  - 16. The computer-readable hardware storage medium of claim 11, wherein the response from the user'"'"'s telecommunications device includes a sequence of one or more keystrokes of digits or symbols entered on the user'"'"'s telecommunications device.
  - 17. The computer-readable hardware storage medium of claim 11, wherein the outgoing message is selected from one or more event templates, wherein the event templates include at least one of the following:
    - (a) one or more pre-recorded spoken language messages;
      
      (b) one or more digit strings rendered in spoken language; and
      
      (c) one or more text strings rendered in spoken language.
  - 18. The computer-readable hardware storage medium of claim 11, wherein the outgoing message includes a pre-recorded static message.

19. A method comprising:
- receiving an indication associated with a user-initiated event, the indication being transmitted via a first device of a user that initiated the user-initiated event;
  
  based at least on receiving the indication from the first device, sending a communication over a communication network to a telecommunications device that is known, prior to receiving the indication, to be associated with the user, the communication comprising first information, the first information being associated with the user-initiated event, the first information also describing at least a portion of the user-initiated event;
  
  receiving, over the communications network and from the telecommunications device, a response to the communication, the response including second information;
  
  determining whether the second information matches pre-selected authentication information, the pre-selected authentication information having been selected prior to receiving the indication; and
  
  based at least on determining that the second information matches the pre-selected authentication information, confirming the user-initiated event, otherwise, not confirming the user-initiated event, wherein, upon a condition in which the user-initiated event is not confirmed, a first error message is transmitted to the first device and a second error message is transmitted to the telecommunications device, whereby the first device, which was used to initiate the user-initiated event, receives the first error message and the telecommunications device, which was used to respond to the communication, receives the second error message, and wherein at least one of the first error message or the second error message provides the user with an opportunity to reinitiate the user-initiated event.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the telecommunications device is a device associated with a single user, the single user being authorized to approve the user-initiated event.

21. A system for providing enhanced secondary authentication, the system comprising:
- an authentication server having at least one processor and at least one memory device, the authentication server configured to;
  
  receive a user initiated event from a device of a user;
  
  identify first information that is associated with the user initiated event, the first information also describing at least a portion of the user initiated event;
  
  identify a telecommunications device that is also associated with the user, wherein the user is authorized to approve the user initiated event via the telecommunications device;
  
  send, over a communications network, a first communication to the telecommunications device, the first communication including the first information;
  
  receive, from the telecommunications device, a second communication, the second communication including second information, the second information having pre-selected authentication information therein, wherein the pre-selected authentication information is information selected prior to receiving the user initiated event;
  
  determine whether the second information matches the pre-selected authentication information; and
  
  confirm the user initiated event when the second information matches the pre-selected authentication information, otherwise, deny the user initiated event, wherein, upon a condition in which the user initiated event is denied, a first error message is transmitted to the device and a second error message is transmitted to the telecommunications device, whereby the device, which was used to initiate the event, receives the first error message and the telecommunications device, which was used to respond to the first communication, receives the second error message, and wherein at least one of the first error message or the second error message provides the user with an opportunity to reinitiate the event.
- View Dependent Claims (22)
- - 22. The system of claim 21, wherein, when the user initiated event is confirmed, the first information and the second information are stored in a memory cached for a predetermined period of time, and wherein the authentication server is further configured to:
    - detect a second user initiated event by the user;
      
      detect that the predetermined period of time has not yet elapsed; and
      
      confirm the second user initiated event without requiring the user to present additional authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Phonefactor Incorporated (Microsoft Corporation)
Inventors
Dispensa, Steve
Primary Examiner(s)
Su, Sarah

Application Number

US12/394,016
Publication Number

US 20090300745A1
Time in Patent Office

3,120 Days
Field of Search

726 2, 726 3, 726 4, 726 5, 726 7, 709225, 709226, 713155, 713182, 713183, 705 64, 705 72, 705 76
US Class Current
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 63/18   using different networks or...

Enhanced multi factor authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced multi factor authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links