MULTICHANNEL DEVICE UTILIZING A CENTRALIZED OUT-OF-BAND AUTHENTICATION SYSTEM (COBAS)

US 20130096916A1
Filed: 12/01/2010
Published: 04/18/2013
Est. Priority Date: 09/05/2000
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multichannel security system is disclosed, which system is for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker has a peripheral device operative within an authentication channel to communicate with the security system. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker. A biometric analyzer—a voice or fingerprint recognition device—operates upon instructions from the authentication program to analyze the monitored parameter of the individual. In the security computer, a comparator matches the biometric sample with stored data, and, upon obtaining a match, provides authentication. The security computer instructs the host computer to grant access and communicates the same to the access-seeker, whereupon access is initiated over the access channel.

29 Citations

View as Search Results

75 Claims

1-20. -20. (canceled)

21. A software method for employing a multichannel security system to control access to a computer, comprising the steps of:
- receiving at an interception device in a first channel a login identification demand to access a host computer also in the first channel;
  
  verifying the login identification;
  
  receiving at a security computer in a second channel the demand for access and the login identification;
  
  outputting from the security computer a prompt requesting transmission of data;
  
  receiving the transmitted data at the security computer;
  
  comparing the transmitted data to predetermined data; and
  
  depending on the comparison of the transmitted and the predetermined data, outputting an instruction from the security computer to the host computer to grant access to the host computer or deny access thereto.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 22. The method according to claim 21, wherein the security computer receives the demand and login identification from the interception device.
  - 23. The method according to claim 21, wherein the demand is received from a client computer, and wherein the host computer is a web server.
  - 24. The method according to claim 21, wherein the step of verifying comprises retrieving from a database having at least one address record a record corresponding to the login identification.
  - 25. The method according to claim 21, wherein the transmitted data is received from a peripheral device.
  - 26. The method according to claim 25, wherein the peripheral device is one of a wired telephone, a wireless telephone, and a PDA.
  - 27. The method according to claim 21, wherein the step of outputting the prompt comprises outputting an audible message.
  - 28. The method according to claim 21, wherein the step of outputting the prompt comprises requesting a biometric signal.
  - 29. The method according to claim 28, wherein the audible message comprises an audible instruction to speak a statement using a peripheral device, and wherein the biometric signal is the spoken statement transmitted by the peripheral device.
  - 30. The method according to claim 28, further comprising receiving in a biometric analyzer the biometric signal.
  - 31. The method according to claim 30, wherein the biometric analyzer comprises one of a voice recognition program, a fingerprint verification program, or both.
  - 32. The method according to claim 28, further comprising retrieving a previously registered sample corresponding to the login identification and comparing the same to the biometric signal.
  - 33. The method according to claim 32, wherein the previously registered sample is stored in a biometric parameter database.
  - 34. The method according to claim 32, wherein the previously registered sample comprises one of a speech sample and a fingerprint sample.
  - 35. The method according to claim 21, wherein the step of outputting the prompt comprises transmitting a message.
  - 36. The method according to claim 21, further comprising connecting or disconnecting the security computer to and from a peripheral device.
  - 37. The method according to claim 21, wherein the step of outputting the prompt comprises retrieving from an announcement database a prerecorded audible message that requests entry of the transmitted data and playing the message using a peripheral device.
  - 38. The method according to claim 21, wherein the step of outputting an instruction from the security computer comprises selecting and transmitting an access-granted message selected from an announcement database.
  - 39. The method according to claim 21, further comprising the step of synthesizing an audible message from a stored message and playing the synthesized message over a telephone.
  - 40. The method according to claim 21, wherein the security computer comprises an authentication program for authenticating access to the host computer.
  - 41. The method according to claim 21, wherein the interception device is a router.
  - 42. The method according to claim 21, wherein the first channel comprises one of a wide area network and a local area network.
  - 43. The method according to claim 21, wherein the transmitted data is a dual tone multi frequency (DTMF personal identification number.
  - 44. The method according to claim 43, wherein the dual tone multi frequency (DTMF) personal identification number is a password.

45. A software method for controlling access to a host computer, comprising the steps of:
- receiving a request from a client computer for access to the host computer;
  
  outputting an instruction to present a login screen at the client computer;
  
  receiving an identification and first password from the client computer;
  
  retrieving a predetermined password from a subscriber database associated with the identification;
  
  verifying the first password matches the predetermined password;
  
  outputting a call-back request to a peripheral device comprising initiating a communication to the peripheral device and receiving a signal indicating a connection with the peripheral device;
  
  outputting an instruction to retrieve a predetermined second password;
  
  outputting to the peripheral device a prompt to enter a user-entered password;
  
  receiving from the peripheral device the user-entered password;
  
  verifying the received user-entered password;
  
  outputting to the peripheral device a second prompt to speak a password;
  
  receiving from the peripheral device the spoken password;
  
  verifying the received spoken password; and
  
  outputting an announcement that access to the host computer is granted.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 57, 58, 59)
- - 46. The method according to claim 45, wherein the step of receiving the identification and the first password from the client computer comprises receiving the identification and the first password from the client computer in a client module.
  - 47. The method according to claim 45, further comprising the steps of transmitting the identification and first password to a server module or transmitting the identification and first password to a control module.
  - 48. The method according to claim 45, further comprising the steps of outputting a verification signal from a server module to a client module;
    - or outputting the verification signal from the client module to the host computer;
      
      or outputting the verification signal from the host computer to the client computer.
  - 49. The method according to claim 45, wherein the step of outputting a call-back request comprises outputting the call-back request from a control module.
  - 50. The method according to claim 45, wherein the step of outputting an instruction to retrieve a predetermined second password comprises outputting an instruction from a control module an instruction to a speech module to retrieve the predetermined second password.
  - 51. The method according to claim 45, wherein the step of outputting a prompt to enter a user-entered password comprises outputting from a speech module to the peripheral device a prompt to enter the user-entered password.
  - 52. The method according to claim 45, further comprising transmitting the received user-entered password to a control module.
  - 53. The method according to claim 45, wherein the step of outputting a second prompt to speak a password comprises outputting from a speech module to the peripheral device a second prompt to speak the password.
  - 54. The method according to claim 45, wherein the step of outputting an announcement that access to the host computer is granted comprises outputting from a control module an instruction to a speech module to output the announcement that access to the host computer is granted.
  - 55. The method according to claim 45, further comprising the step of disconnecting from the peripheral device.
  - 57. The method according to claim 45, further comprising the step of outputting from a control module to a server module an authentication message.
  - 58. The method according to claim 45, further comprising the step of outputting from a server module to a client module an authentication message.
  - 59. The method according to claim 45, further comprising the step of outputting from a client module to the host computer an authentication message.

56. (canceled)

60. A multichannel security system for granting and denying access to a host computer in a network environment comprising:
- a security computer for communicating data via an authentication channel and an access channel;
  
  a line module program for intercepting a login identification accompanying a demand from an accessor in the access channel to access the host computer also in the access channel, verifying the login identification, and transmitting the login identification to an authentication channel;
  
  an authentication program in the authentication channel for authenticating the login identification received from the line module program;
  
  a prompt module program for selecting an announcement, outputting to a peripheral device or computer the announcement, verifying a speech or dual tone multi frequency (DTMF) password received, and optionally converting the speech to text; and
  
  a granting module program for granting and denying access to the host computer based on the received speech or password.
- View Dependent Claims (61, 62, 63, 64, 65, 66)
- - 61. The software according to claim 60, further comprising a client/server module program for enabling the host computer or web server to interface with hardware of the security system.
  - 62. The software according to claim 60, further comprising an announcement module program for selecting and storing predetermined data.
  - 63. The software according to claim 60, further comprising an alarm module program for terminating processing of the demand for access.
  - 64. The software according to claim 60, further comprising a management module program for remotely accessing the security system.
  - 65. The software according to claim 60, further comprising a database module program for retrieving and storing in a subscriber database one or more addresses corresponding to the login identification.
  - 66. The software according to claim 60, further comprising a control module program for controlling the functions and interconnects between the line module and the authentication programs.

67. A software method for employing a multichannel security system to control access to a computer, comprising the steps of:
- receiving at a security computer predetermined data sent via an authentication channel from a peripheral device;
  
  identifying the peripheral device from a subscriber database and verifying the predetermined data by comparing it to stored data associated with the peripheral device;
  
  receiving a demand to access a host computer via an access channel comprising a login identification of an accessor;
  
  receiving the login identification at an interception device and routing the login identification to the security computer; and
  
  at the security computer, verifying that the login identification matches the predetermined data, and if it does, outputting an instruction to either grant or deny access to the access channel.
- View Dependent Claims (68)
- - 68. The software method according to claim 67, further comprising outputting to the peripheral device over the authentication channel a prompt to enter the predetermined data, and receiving the predetermined data via the authentication channel from the peripheral device.

69. A software method for employing a multichannel security system to control access to a host computer in an access channel using a mobile device in an authentication channel, comprising the steps of:
- providing a first software module on an Internet-connected web server in an access channel, the server being associated with a commercial institution, wherein the first software module receives a user ID associated with a subscriber account, and outputs information about the user ID; and
  
  providing a second software module on a security computer different than the web server, wherein the security computer is in an authentication channel, and wherein the second software module receives the user ID from the access channel, retrieves predetermined data from a subscriber database associated with the user ID, including at least a telephone number or IP address of a mobile device, and outputs in the authentication channel an instruction to the mobile device,wherein when a subscriber attempts to logon to a host computer in the access channel at the commercial institution, the second software module compares an input from the mobile device to the predetermined data and outputs an instruction to the first software module to grant access to the host computer or deny access thereto.
- View Dependent Claims (70, 71, 72, 73)
- - 70. The software method according to claim 69, wherein the instruction to the mobile device comprises an instruction to press a key on the mobile device as a dual tone multi frequency (DTFM) password.
  - 71. The software method according to claim 69, further comprising the step of:
    - providing a third software module for installing on the mobile device in the authentication channel, wherein the third software module receives the instruction outputted to the mobile device from the second software module, displays a message to the subscriber, and receives the input from the mobile device.
  - 72. The software method according to claim 71, wherein the displayed message is a message containing a password and instruction for the subscriber to reply to the message by entering the password using the mobile device.
  - 73. The software method according to claim 71, wherein the displayed message is a notification containing an instruction for the subscriber to reply to the notification using the mobile device'"'"'s input device.

74. A software method for employing a multichannel security system to control access to a computer, comprising the steps of:
- receiving in a first channel a login identification demand to access a host computer also in the first channel;
  
  verifying the login identification;
  
  receiving at a security computer in a second channel the demand for access and the login identification;
  
  outputting from the security computer a prompt requesting a transmission of data;
  
  receiving the transmitted data at the security computer;
  
  comparing the transmitted data to predetermined data; and
  
  depending on the comparison of the transmitted and the predetermined data, outputting an instruction from the security computer to the host computer to grant access to the host computer or deny access thereto.

75. Apparatus for implementing a multichannel security system to control access to a computer, comprising:
- a device for receiving a login identification and demand to access a host computer, wherein the device and the host computer are in a first channel; and
  
  a security computer in a second channel for receiving the login identification and the access demand and outputting a prompt requesting a transmission of data once said login identification is verified by said security computer,wherein said security computer comprises a component for receiving the transmitted data and comparing said transmitted data to predetermined data, such that, depending on the comparison of the transmitted and the predetermined data, said security computer outputs an instruction to the host computer to grant access to the host computer or deny access thereto.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Strikeforce Technologies Incorporated
Original Assignee
Netlabs.com, Inc.
Inventors
Pemmaraju, Ram

Granted Patent

US 8,484,698 B2
Time in Patent Office

Days
Field of Search
US Class Current

704/235
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/42   using separate channels for...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 63/18   using different networks or...

H04L 9/3215   using a plurality of channe...

H04L 9/3231   Biological data, e.g. finge...

MULTICHANNEL DEVICE UTILIZING A CENTRALIZED OUT-OF-BAND AUTHENTICATION SYSTEM (COBAS)

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

MULTICHANNEL DEVICE UTILIZING A CENTRALIZED OUT-OF-BAND AUTHENTICATION SYSTEM (COBAS)

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links