Accessing secure network areas by utilizing mobile-device authentication

US 8,151,328 B1
Filed: 07/20/2007
Issued: 04/03/2012
Est. Priority Date: 07/20/2007
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable media having computer-useable instructions embodied thereon for performing a method of verifying a user'"'"'s identity by leveraging a communications network'"'"'s network-authentication procedures upon the user attempting to access secure information, the method comprising:

receiving at the communications network a request from a subscriber that maintains a website, wherein the request is communicated by the subscriber upon the user attempting to access a secured portion of the website, the secured portion of the website potentially providing the user online access to the secure information, wherein the website is configured to accept an input of a personal identifier from the user while attempting to access the secure information, and wherein the subscriber is configured to communicate the personal identifier to the communications network along with the request to verify the user;

upon receiving the request and recognizing the user via the personal identifier, employing resources at the communication network to validate a set of security credentials associated with the user, wherein validating includes performing a set of network-authentication procedures used by the communications network to verify the user'"'"'s identity by authenticating the user'"'"'s mobile device on the communications network, wherein the network-authentication procedures comprise;

(a) accessing a dial-in number that is pre-established in a profile associated with the subscriber, wherein the dial-in number residing within the profile is assigned to the subscriber for use in verifying the user;

(b) conveying the dial-in number to the user'"'"'s mobile device for entry therein; and

(c) upon entry of the conveyed dial-in number into the mobile device and placement of a call from the mobile device to the dial-in number, receiving the call from the mobile device at the communications network; and

upon completing the call at the communications network, communicating to the subscriber that the network-authentication procedures are satisfied, thereby granting the user access to the secured portion of the website.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more media is provided for granting a user access to a secured portion of a website. Initially, a request to access is received from a user, where the request is typically composed of access information (e.g., user ID, password). Incident to receiving the request for access, a subscriber server initiates a request to validate a set of security credentials. One security credential may be a device identifier sent to a communications network in response to a user being conveyed a dial-in number. This device identifier may be extracted from a communication transmitted from the mobile device and validated by leveraging the communications network authentication procedure. Authentication is utilized to verify the identity of the user. Additional security credentials may also require satisfaction before granting a requesting user access. For instance, satisfaction may include comparing access information within a user request against the set of security credentials.

96 Citations

View as Search Results

19 Claims

1. One or more non-transitory computer-readable media having computer-useable instructions embodied thereon for performing a method of verifying a user'"'"'s identity by leveraging a communications network'"'"'s network-authentication procedures upon the user attempting to access secure information, the method comprising:
- receiving at the communications network a request from a subscriber that maintains a website, wherein the request is communicated by the subscriber upon the user attempting to access a secured portion of the website, the secured portion of the website potentially providing the user online access to the secure information, wherein the website is configured to accept an input of a personal identifier from the user while attempting to access the secure information, and wherein the subscriber is configured to communicate the personal identifier to the communications network along with the request to verify the user;
  
  upon receiving the request and recognizing the user via the personal identifier, employing resources at the communication network to validate a set of security credentials associated with the user, wherein validating includes performing a set of network-authentication procedures used by the communications network to verify the user'"'"'s identity by authenticating the user'"'"'s mobile device on the communications network, wherein the network-authentication procedures comprise;
  
  (a) accessing a dial-in number that is pre-established in a profile associated with the subscriber, wherein the dial-in number residing within the profile is assigned to the subscriber for use in verifying the user;
  
  (b) conveying the dial-in number to the user'"'"'s mobile device for entry therein; and
  
  (c) upon entry of the conveyed dial-in number into the mobile device and placement of a call from the mobile device to the dial-in number, receiving the call from the mobile device at the communications network; and
  
  upon completing the call at the communications network, communicating to the subscriber that the network-authentication procedures are satisfied, thereby granting the user access to the secured portion of the website.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The media of claim 1, wherein validating the set of security credentials comprises comparing information within the received request against known authenticated data associated with the user.
  - 3. The media of claim 1, wherein receiving a request comprises receiving data from the user.
  - 4. The media of claim 1, further comprising receiving user information that upon which at least one of the set of user credentials is based, the set of security credentials being stored in a user profile.
  - 5. The media of claim 3, wherein validating the set of security credentials includes comparing the received data against known trustworthy data.
  - 6. The media of claim 1, wherein the method further comprises:
    - presenting a user interface on the mobile device or a computing device that prompts the user to provide an input at an input-entry area; and
      
      receiving at the input-entry area a message input by the user, wherein the message is provided to the user'"'"'s mobile device by the communications network as part of the network-authentication procedures.
  - 7. The media of claim 6, wherein validating the set of security credentials comprises determining whether the received message satisfies an expected user input.
  - 8. The media of claim 1, wherein the network-authentication procedures further comprises:
    - upon entry of the conveyed dial-in number into the mobile device, receiving a call from the mobile device at the communications network;
      
      upon detecting the call from the mobile device, the communications network determining whether the mobile device is authorized to utilize the communications network, wherein determining comprises;
      
      (a) recognizing whether the mobile device is authorized to reach a destination associated with the dial-in number; and
      
      (b) when the mobile device reaches the destination associated with the dial-in number the communications network, creating a success indication that indicates that the mobile device is authorized to utilize the communications network; and
      
      communicating the success indication to the subscriber.
  - 9. The media of claim 8, wherein the dial-in number is periodically modified.
  - 10. The media of claim 1, wherein satisfaction of the set of network-authentication procedures comprises:
    - receiving at a network gateway an indicia of a device identifier carried within the call;
      
      extracting the device identifier from the call, the device identifier uniquely identifying the mobile device; and
      
      authenticating, incident to identifying the mobile device via the device identifier, the mobile device as being associated with the user.
  - 11. The media of claim 1, further comprising:
    - denying access to the secured portion of the website upon determining that any of the set of security credentials are not satisfied by access information received in the request to access a secured portion of a website; and
      
      presenting to the user on a user interface a notice of denial of access to the secured portion of the website.
  - 12. The media of claim 11, further comprising, upon denying access of the secured portion of the website, altering the set of security credentials that are associated with the user.

13. One or more non-transitory computer-readable media having computer-useable instructions embodied thereon for performing a method of providing a user access to digitally secured information by authenticating a mobile device, the method comprising:
- receiving a request from a subscriber to verify the user'"'"'s attempt to access the digitally secured information maintained by the subscriber, the digitally secured information being information that requires validation of a set of security credentials associated with the user to access, wherein the request is generated upon the subscriber detecting the user attempting to access the digitally secured information via a user interface on a computing device;
  
  upon receiving the request at a communications-network server, performing a set of network-authentication procedures at the communications-network server, wherein the network-authentication procedures comprise;
  
  (a) accessing a dial-in phone number pre-established for the subscriber;
  
  (b) conveying the dial-in phone number to the subscriber for presentation to the user via the user interface of the computing device, wherein the presentation on the user interface prompts the user to enter the dial-in phone number into the mobile device;
  
  (c) upon entry of the conveyed phone dial-in number to the mobile device and placement of a call from the mobile device to the dial-in number, receiving the call at the communications-network server, wherein the call carries a device identifier communicated from the mobile device associated with the user; and
  
  (d) identifying the mobile device upon extracting the device identifier communicated to the communications-network server and upon matching the device identifier against stored user information; and
  
  initiating a communication to the subscriber to grant access to the digitally secured information upon the validation of the device identifier.
- View Dependent Claims (14, 15, 16)
- - 14. The media of claim 13, further comprising storing an indicia of the device identifier of the mobile device in association with dial-in phone number, the dial-in phone number provided to the user for initiating the communication of the device identifier.
  - 15. The media of claim 13, further comprising establishing a user profile having the set of security credentials stored therein, the set of user credentials based on user information provided by the user or generated at a subscriber server.
  - 16. The media of claim 13, further comprising denying access to the digitally secured information upon determining that any of the set of security credentials is not satisfied by access information received in the request to access the digitally secured information.

17. One or more non-transitory computer-readable media having computer-useable instructions embodied thereon for performing a method of granting website access to a user, the method comprising:
- upon receiving an indication that the user is attempting to access the website, receiving at a communications network a request for authentication from the website maintained by a subscriber, wherein the user is attempting to access the website via a computing device over an Internet connection apart from the communications network, and wherein the request is conveyed from the subscriber;
  
  upon receiving at the communications network the request for authentication from the subscriber, transmitting from the communications network a message to a mobile device associated with the user;
  
  receiving the response at the communications network from the mobile device, wherein the response is automatically generated and conveyed upon the mobile device consuming the message; and
  
  incident to authenticating the mobile device on the communications network, providing an indication of validity from the communications network to the subscriber, wherein the indication of validity is employed by the subscriber to grant the user access to the website.
- View Dependent Claims (18)
- - 18. The media of claim 17, wherein performing one or more network-authentication procedures includes receiving a communication from a mobile device in response to a call from the mobile device to a certain dial-in number that was conveyed to the user.

19. One or more non-transitory computer-readable media having computer-useable instructions embodied thereon for performing a method of granting website access to a user, the method comprising:
- detecting that the user is attempting to access a secured portion of the website maintained by the subscriber, the secured portion of the website representing digitally secure information that requires validation of a set of security credentials associated with the user;
  
  causing a link to be presented on a user interface coupled to a computing device;
  
  recognizing a user-initiated selection of the link via the user interface;
  
  upon recognizing the user-initiated selection, sending a request to a communications network to validate the set of security credentials using a network-authentication procedure;
  
  receiving from the communications network a dial-in phone number that the user is to call using a mobile device associated with the user;
  
  presenting the dial-in phone number to the user at the user interface of the computing device,wherein entering the dial-in phone number to the mobile device starts the network-authentication procedure that determines whether the mobile device is authorized to utilize the communications network,wherein the mobile device is authenticated when the mobile device is allowed to reach a destination associated with the dial-in phone number, andwherein, upon authentication of the mobile device, the communications network creates a success indication that indicates that the mobile device was allowed to reach the destination associated with the dial-in phone number;
  
  receiving the success indication at the subscriber; and
  
  incident to receiving the success indication, granting the user access to the secured portion of the website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG), Microsoft Corporation
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Lundy, Michael T., Whitney, Jason K.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sanders, Stephen

Application Number

US11/781,040
Time in Patent Office

1,719 Days
Field of Search

726/5
US Class Current

726/5
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04L 67/02   based on web technology, e....

H04M 2203/6072   Authentication using challe...

H04M 7/003   Click to dial services

Accessing secure network areas by utilizing mobile-device authentication

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

96 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Accessing secure network areas by utilizing mobile-device authentication

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others