Direct authentication system and method via trusted authenticators

US 9,870,453 B2
Filed: 06/05/2017
Issued: 01/16/2018
Est. Priority Date: 08/29/2001
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. An authentication method for enhancing computer network security, the method comprising:

engaging in an electronic communication with a user via a computer network;

receiving, after engaging in the electronic communication, user-authentication information from the user via the computer network, the user-authentication information including SecureCode, wherein;

the SecureCode is generated by an authentication system and provided to the user after the user engages in the electronic communication,the SecureCode generated by the authentication system is configured to be valid for a predetermined time and to become invalid after the predetermined time, andthe SecureCode is configured to become invalid after a first use to authenticate the user;

providing, via the computer network, a request for authenticating the user to the authentication system, wherein the request includes the SecureCode and user-identification information;

receiving, prior to completion of the electronic communication, a response to the request for authenticating the user via the computer network, wherein the response to the request for authenticating the user indicates that whether the authentication system authenticated the user based on a determination of whether the SecureCode included in the authentication request is valid and whether the user-identification information included in the authentication request is correct; and

proceeding with the electronic communication based on the response to the request for authenticating the user,wherein the electronic communication comprises accessing an online system that requires user authentication.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Systems and methods are provided for enabling online entities to determine whether a user is truly the person who he says using a “two-factor” authentication technique and authenticating customer'"'"'s identity utilizing a trusted authenticator.

Citations

26 Claims

1. An authentication method for enhancing computer network security, the method comprising:
- engaging in an electronic communication with a user via a computer network;
  
  receiving, after engaging in the electronic communication, user-authentication information from the user via the computer network, the user-authentication information including SecureCode, wherein;
  
  the SecureCode is generated by an authentication system and provided to the user after the user engages in the electronic communication,the SecureCode generated by the authentication system is configured to be valid for a predetermined time and to become invalid after the predetermined time, andthe SecureCode is configured to become invalid after a first use to authenticate the user;
  
  providing, via the computer network, a request for authenticating the user to the authentication system, wherein the request includes the SecureCode and user-identification information;
  
  receiving, prior to completion of the electronic communication, a response to the request for authenticating the user via the computer network, wherein the response to the request for authenticating the user indicates that whether the authentication system authenticated the user based on a determination of whether the SecureCode included in the authentication request is valid and whether the user-identification information included in the authentication request is correct; and
  
  proceeding with the electronic communication based on the response to the request for authenticating the user,wherein the electronic communication comprises accessing an online system that requires user authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the electronic communication comprises accessing restricted information via the computer network.
  - 3. The method of claim 1, wherein the electronic communication comprises accessing a restricted-access website of an online entity via the computer network.
  - 4. The method of claim 1, wherein the electronic communication comprises accessing an online account of the user via the computer network.
  - 5. The method of claim 1, wherein the authentication code SecureCode is invalid for all subsequent requests for authenticating the user.
  - 6. The method of claim 1, wherein the electronic communication comprises a real-time interaction between the user and an online entity.
  - 7. The method of claim of 6, wherein the receiving the user-authentication information, the providing the authentication request, and the receiving the response to the authentication request all occur during the real-time interaction.
  - 8. The method of claim 1, wherein the SecureCode is valid for authenticating the user at the time the user receives the SecureCode.
  - 9. The method of claim 8, wherein the SecureCode becomes invalid immediately after being used to authenticate the user.
  - 10. The method of claim 1, wherein the electronic communication comprises:
    - accessing online information via the computer network,accessing a website of an online entity via the computer network, oraccessing an online account of the user via the computer network.

11. A system for enhancing computer network security comprising one or more computing devices configured to perform operations, the operations comprising:
- engaging in an electronic communication with a user via a computer network;
  
  receiving, after engaging in the electronic communication, user-authentication information from the user via the computer network, the user-authentication information including an authentication code a SecureCode, wherein;
  
  the SecureCode is generated by an authentication system and provided to the user after the user engages in the electronic communication,the SecureCode generated by the authentication system is configured to be valid for a predetermined time and to become invalid after the predetermined time andthe SecureCode is configured to become invalid after a first use to authenticate the user;
  
  providing, via the computer network, a request for authenticating the user to the authentication system, wherein the request including the SecureCode and user-identification information;
  
  receiving, prior to completion of the electronic communication, a response to the request for authenticating the user via the computer network, wherein the response to the request for authenticating the user indicates that whether the authentication system authenticated the user based on a determination of whether the SecureCode included in the authentication request is valid and whether the user-identification information included in the authentication request is correct; and
  
  proceeding with the electronic communication based on the response to the authentication request,wherein the electronic communication comprises accessing an online system that requires user authentication.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the electronic communication comprises accessing restricted information via the computer network.
  - 13. The system of claim 11, wherein the electronic communication comprises accessing a restricted-access website of an online entity via the computer network.
  - 14. The system of claim 11, wherein the electronic communication comprises accessing an online account of the user via the computer network.
  - 15. The system of claim 11, wherein, after receiving the response to the authentication request, the SecureCode is invalid for all subsequent requests for authenticating the user.
  - 16. The system of claim 11, wherein the electronic communication comprises a real-time interaction between the user and an online entity.
  - 17. The system of claim of 16, wherein the receiving the user-authentication information, the providing the authentication request, and the receiving the response to the authentication request all occur during the real-time interaction.

18. A system for enhancing computer network security by authenticating a user in an electronic communication between the user and an online entity, the system comprising one or more computing devices configured to perform operations, the operations comprising:
- receiving, after initiation of the electronic communication, a request for a SecureCode via a computer network;
  
  generating the SecureCode in response to the request for the SecureCode, wherein;
  
  the SecureCode is an alphanumeric value,the SecureCode is configured to be valid for a predetermined time and to become invalid after a predetermined time, andthe SecureCode is configured to become invalid after a first use to authenticate the user;
  
  providing, via the computer network, the SecureCode in response to the request for the SecureCode;
  
  receiving, via the computer network, an authentication request for authenticating the user comprising user-authentication information including the SecureCode and user-identification information;
  
  determining a validity of the SecureCode included in the authentication request;
  
  determining a correctness of the user-identification information included in the authentication request;
  
  authenticating the user based on at least the validity of the SecureCode included in the authentication request and the user-identification information included in the authentication request; and
  
  providing, via the computer network, prior to completion of the electronic communication, a result of authenticating the user to the online entity in response to the authentication request,wherein the electronic communication comprises accessing an online system that requires user authentication.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The system of claim 18, wherein the determining the validity of the SecureCode received in the authentication request comprises:
    - determining that the authentication request is the first use of the SecureCode to authenticate the user; and
      
      determining that a time of the first use is within the predetermined time.
  - 20. The system of claim 18, wherein:
    - the receiving the authentication request comprises receiving the authentication request from a computer system of the online entity; and
      
      the providing the result of authenticating comprises providing a message to the computer system of the online entity.
  - 21. The system of claim 18, wherein the authenticating the user in the electronic communication comprises authenticating the user to access restricted information via the computer network.
  - 22. The system of claim 18, wherein the confirming that the SecureCode received in the authentication request is valid comprises determining that the SecureCode is valid using a current time.
  - 23. The system of claim 18, wherein after the authenticating the user, the SecureCode is invalid for all subsequent requests for authenticating the user.
  - 24. The system of claim 18, wherein the electronic communication comprises a real-time interaction between the user and the online entity.

25. The system of claim of 28, wherein the receiving the request, the generating the SecureCode, the providing the SecureCode of the user, the receiving the authentication request, the authenticating the user, and the providing the result of authenticating occur during the real-time interaction.

26. A method for enhancing computer network security by authenticating a user in an electronic communication between the user and an online entity, the method comprising:
- receiving, after initiation of the electronic communication, a request for a SecureCode via a computer network;
  
  generating the SecureCode in response to the request for the SecureCode, wherein;
  
  the SecureCode is configured to be valid for a predetermined time and to become invalid after a predetermined time, andthe SecureCode is configured to become invalid after a first use to authenticate the user;
  
  providing, via the computer network, the SecureCode in response to the request for the SecureCode;
  
  receiving, via the computer network, an authentication request for authenticating the user, comprising user authentication information including the SecureCode and user-identification information;
  
  determining a validity of the SecureCode included in the authentication request;
  
  determining a correctness of the user-identification information included in the authentication request;
  
  authenticating the user based on at least the validity of the SecureCode included in the authentication request and the user-identification information included in the authentication request; and
  
  providing, via the computer network, prior to completion of the electronic communication, a result of authenticating the user to the online entity in response to the authentication request,wherein the electronic communication comprises accessing an online system that requires user authentication.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Factor2 Multimedia Systems, LLC
Original Assignee
Kamran Asghari-Kamrani, Nader Asghari-Kamrani
Inventors
Asghari-Kamrani, Nader, Asghari-Kamrani, Kamran
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US15/614,164
Publication Number

US 20170270286A1
Time in Patent Office

225 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6245   Protecting personal data, e...

G06F 2221/2115   Third party

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

H04L 2463/082   applying multi-factor authe...

H04L 63/0421   Anonymous communication, i....

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0838   using one-time-passwords

H04L 63/0892   by using authentication-aut...

Direct authentication system and method via trusted authenticators

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Direct authentication system and method via trusted authenticators

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links