Method for secure user and transaction authentication and risk management
First Claim
Patent Images
1. A method of authenticating a user on a network, comprising:
- receiving, by a security server, a request of a network site to have a user authenticated and first information;
generating, by the security server, a one-time-password, wherein the one-time-password is independently verifiable by the network site or the security server based on the first information, wherein;
the one-time-password is generated as a function of a secret shared by the security server and the network site but not known to the user or associated with any particular user; and
the secret shared by the security server and the network site comprises a predetermined value agreed upon by both the security server and the network site to be used for all users utilizing the enterprise; and
transmitting over a network, by the security server to a window displayed on a remotely located first network device of the user, the one-time-password being for entry by the user onto a network page associated with the network site and displayed on a second network device of the user, and for subsequent verification by the network site to thereby authenticate the user.
8 Assignments
0 Petitions
Accused Products
Abstract
To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user'"'"'s signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.
110 Citations
20 Claims
-
1. A method of authenticating a user on a network, comprising:
-
receiving, by a security server, a request of a network site to have a user authenticated and first information; generating, by the security server, a one-time-password, wherein the one-time-password is independently verifiable by the network site or the security server based on the first information, wherein; the one-time-password is generated as a function of a secret shared by the security server and the network site but not known to the user or associated with any particular user; and the secret shared by the security server and the network site comprises a predetermined value agreed upon by both the security server and the network site to be used for all users utilizing the enterprise; and transmitting over a network, by the security server to a window displayed on a remotely located first network device of the user, the one-time-password being for entry by the user onto a network page associated with the network site and displayed on a second network device of the user, and for subsequent verification by the network site to thereby authenticate the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14)
-
-
10. A method of authenticating a user on a network site, comprising:
-
transmitting, by a network site directly to a security server, a request to have a user authenticated; receiving first information directly from the security server; receiving, by a network page associated with the network site from a network device of the user, a one-time-password for authentication, wherein; the one-time-password is generated and transmitted over a network, by the security server to the network device of the user for presentation on a window displayed by the network device of the user and entry by the user onto the network page and displayed on another user network device; the network device of the user is remotely located from the security server; the one-time-password is generated as a function of a secret shared by the security server and the network site but not known to the user or associated with any particular user; and the secret shared by the security server and the network site comprises a predetermined value agreed upon by both the security server and the network site to be used for all users utilizing the enterprise; receiving, by the network site, the one-time-password which is based on the first information shared by the security server and the network site, but not by the user; receiving second information directly from the security server; and authenticating, by the network site, the user based on the second information. - View Dependent Claims (11, 15)
-
-
16. A method of authenticating a user on a network site, comprising:
-
transmitting, by a network site directly to a security server, a request to have a user authenticated using a one-time password to be generated by the security server, and first information, wherein; the one-time-password is generated as a function of a secret shared by the security server and the network site but not known to the user or associated with any particular user; and the secret shared by the security server and the network site comprises a predetermined value agreed upon by both the security server and the network site to be used for all users utilizing the enterprise; receiving, by a network page associated with the network site from a network device of the user, the one-time-password generated by the security server, wherein the one-time-password is transmitted over a network, by the security server to the network device of the user for presentation on a window displayed by the network device of the user and entry by the user onto the network page and displayed on another user network device, wherein the network device of the user is remotely located from the security server; and authenticating, by the network site, the user based on the one time password. - View Dependent Claims (17, 18, 19, 20)
-
Specification