Security systems for protecting an asset

US 9,959,694 B2
Filed: 06/22/2009
Issued: 05/01/2018
Est. Priority Date: 04/24/2006
Status: Active Grant

First Claim

Patent Images

1. A security management system providing controlled access to a secure electronic account accessible via an electronic account access interface in communication with an account server, the security management system comprising:

a computerized administrative interface having security rules for governing account access via the electronic account access interface, the security rules being stored in a memory in communication with a processor operably associated with the account server,wherein the computerized administrative interface is programmed to receive commands from an authorized user to customize the security rules to provide different levels of account access responsive to entry via the electronic account access interface of user credentials, the user credentials comprising a user ID and either a primary password or a secondary password selected from one or more secondary passwords, wherein the computerized administrative interface provides selections in the security rules for both a primary password and one or more secondary passwords,and wherein the computerized administrative interface provides a selection for a covert cue method to serve as a component of a primary password.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security systems for protecting assets are described, including password-based security systems that can provide different levels of access responsive to entry of a primary or secondary password. In some versions, user-configurable security rules can provide customized responses to entry of primary or secondary passwords, including feigned or limited access, security alerts, etc. Passwords comprising overt and covert components can be used to provide enhanced security and improved user control over system response. Improved security systems involving transactions between multiple parties are also considered, with options for user-customized security rules including primary and secondary passwords, and reverse challenge and response methods. Systems for Limited Use Credentials are also disclosed to reduce the risk of identity theft.

156 Citations

21 Claims

1. A security management system providing controlled access to a secure electronic account accessible via an electronic account access interface in communication with an account server, the security management system comprising:
- a computerized administrative interface having security rules for governing account access via the electronic account access interface, the security rules being stored in a memory in communication with a processor operably associated with the account server,wherein the computerized administrative interface is programmed to receive commands from an authorized user to customize the security rules to provide different levels of account access responsive to entry via the electronic account access interface of user credentials, the user credentials comprising a user ID and either a primary password or a secondary password selected from one or more secondary passwords, wherein the computerized administrative interface provides selections in the security rules for both a primary password and one or more secondary passwords,and wherein the computerized administrative interface provides a selection for a covert cue method to serve as a component of a primary password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The security management system of claim 1, wherein the covert cue method includes entry of a predetermined covert cue in a challenge and response system.
  - 3. The security management system of claim 2, wherein the computerized administrative interface is programmed such that the selection of a covert cue to serve as a component of a primary password also includes a selection to modify the security rules to specify that the entry of a predetermined response other than the predetermined covert cue in the challenge and response system will be treated as a component of a secondary password providing one of limited or feigned access to the secure electronic account.
  - 4. The security management system of claim 1, wherein the covert cue method includes entry of an alphanumeric string differing in a predetermined manner from a printed code requested by the account access interface.
  - 5. The security management system of claim 4, wherein the printed code is on a portable object associated with the secure electronic account.
  - 6. The security management system of claim 4, wherein the printed code is on a card selected from a credit card, a bank card and an identification card.
  - 7. The security management system of claim 1, wherein the covert cue method includes entering a modified version of a visibly displayed one-time password from a security device.
  - 8. The security management system of claim 1, wherein the computerized administrative interface provides a selection for specifying an algorithm to recognize a covert cue that qualifies as a component of a primary password.
  - 9. The security management system of claim 8, wherein the covert cue that qualifies as a component of a primary password varies with at least one of time or date.
  - 10. The security management system of claim 8, wherein the covert cue is entered in a CAPTCHA system.
  - 11. The security management system of claim 8, wherein the algorithm involves transformation of no more than two alphanumeric characters in the user credentials to create a covert cue that qualifies as a component of a primary password.
  - 12. The security management system of claim 1, wherein the computerized administrative interface is programmed to provide the authorized user with a Limited Use Credential from an authorizing agency to use in accessing the secure electronic account or associated services, the Limited Use Credential taking the place of a permanent unique credential from the authorizing agency.
  - 13. The security management system of claim 1, wherein the covert cue method involves altering at least one alphanumerical character of a printed verification code.
  - 14. The security management system of claim 1, wherein the computerized administrative interface provides for selection of a covert cue according to an algorithm that varies with at least one of time and geographical location.
  - 15. The security management system of claim 1, wherein the secure electronic account comprises a payment system associated with a wireless phone.
  - 16. The security management system of claim 1, wherein the different levels of account access comprise providing degraded electronic performance of the electronic account access interface in response to a secondary password, wherein the degraded electronic performance simulates a slowdown in the account server to hinder activity by a user with respect to the electronic account.
  - 17. The security management system of claim 1, wherein at least one of the primary password and the secondary password comprises an overt component and a covert component.
  - 18. The security management system of claim 1, further comprising:
    - a reverse challenge and response system to allow the user to verify that the security management system is a trusted security system,wherein the challenge and response system in response to an incorrect password entered by the user provides an error message and a customized confirmation clue according to previously configured security rules, whereby the user can verify through the confirmation clue that the security management system is a trusted security system.
  - 19. The security management system of claim 1, wherein the security rules specify criteria for a primary password that vary with time according to a predetermined algorithm.
  - 20. The security management system of claim 1, wherein the computerized administrative interface is provided by a first party and the secure electronic account is provided by a second party, the first party and the second party each having an independent relationship with an external authorizing agency, wherein the security management system is configured to accept a Limited Use Credential as part of the user credentials, the Limited Use Credential being accepted in place of a permanent credential from the external authorizing agency.
  - 21. The security management system of claim 1, wherein the electronic account access interface comprises a challenge and response system in which a challenge is presented requesting an alphanumeric input having one or more characters, wherein the security rules specify that entry of the requested alphanumeric input will be recognized as a component of a secondary password, and that a modified form of the requested alphanumeric input will be recognized as at least part of the covert cue method, in which at least one character of the requested alphanumeric input has been changed according to predetermined instructions specified by the security rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jeffrey Dean Lindsay
Original Assignee
Jeffrey Dean Lindsay
Inventors
Lindsay, Jeffrey Dean
Primary Examiner(s)
CHEUNG, CALVIN K

Application Number

US12/489,416
Publication Number

US 20090259588A1
Time in Patent Office

3,235 Days
Field of Search

705 58, 705 64, 705 76, 705 43, 726 1- 15
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2133   Verifying human interaction...

G06F 2221/2149   Restricted operating enviro...

G06Q 20/102   Bill distribution or payments

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

Security systems for protecting an asset

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Security systems for protecting an asset

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links