System and method for second factor authentication

US 9,306,747 B2
Filed: 02/05/2013
Issued: 04/05/2016
Est. Priority Date: 12/31/2008
Status: Active Grant

First Claim

Patent Images

1. A method of communication, comprising:

receiving a request for second factor authentication (SFA) from a third party wherein the request for SFA contains information regarding a user and a desired characteristic of the SFA;

generating an SFA token based on the received information regarding the user and the desired characteristic of the SFA;

associating the SFA token with an identifier for the user in a repository;

sending the generated SFA token to a device associated with the user and to the third party, wherein the third party preserves the SFA token within its environment; and

communicating with the user using the SFA token,wherein at least one of the receiving, generating, associating, and communicating is performed using one or more computers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate through a Second Factor Authentication facility. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.

84 Citations

21 Claims

1. A method of communication, comprising:
- receiving a request for second factor authentication (SFA) from a third party wherein the request for SFA contains information regarding a user and a desired characteristic of the SFA;
  
  generating an SFA token based on the received information regarding the user and the desired characteristic of the SFA;
  
  associating the SFA token with an identifier for the user in a repository;
  
  sending the generated SFA token to a device associated with the user and to the third party, wherein the third party preserves the SFA token within its environment; and
  
  communicating with the user using the SFA token,wherein at least one of the receiving, generating, associating, and communicating is performed using one or more computers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the request contains information that identifies desired characteristics of the SFA.
  - 3. The method of claim 2, wherein the desired characteristic of the SFA comprises dynamically updateable configuration information.
  - 4. The method of claim 2, wherein the desired characteristics include a desired strength of the SFA.
  - 5. The method of claim 1, further comprising obtaining an address for a device associated with the user from the repository using the information regarding the user contained in the request.
  - 6. The method of claim 5, wherein the communicating includes sending a notification message to the address obtained for the device associated with the user.
  - 7. The method of claim 6, wherein the notification message is sent to an additional address associated with the user.
  - 8. The method of claim 1, wherein generating the SFA token comprises deriving at least a portion of the token from information regarding the user.
  - 9. The method of claim 1, further comprising sending a notification to a third party that the SFA token has been generated.
  - 10. The method of claim 1, wherein the desired characteristic of the SFA comprises a strength of the SFA.
  - 11. The method of claim 1, wherein the desired characteristic of the SFA comprises an indication of whether the SFA is single-use or multi-use.

12. A system, comprising:
- one or more gateways configured to receive a request for second factor authentication (SFA) from a third party, wherein the request for SFA contains information regarding a user and a desired characteristic of the SFA;
  
  a workflow component configured to generate an SFA token based on the information regarding the user and the desired characteristic of the SFA;
  
  a repository configured to associate the SFA token with an identifier for the user; and
  
  wherein at least one of the one or more gateways is configured to;
  
  send the SFA token to a device associated with the user and to the third party, wherein the SFA token is configured to be preserved by the third party within its environment, andcommunicate with the user using the SFA token.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein the request contains information that identifies desired characteristics of the SFA.
  - 14. The system of claim 13, wherein the workflow component is the desired characteristic of the SFA comprises dynamically updateable configuration information.
  - 15. The system of claim 13, wherein the desired characteristics include a desired strength of the SFA.
  - 16. The system of claim 12, wherein the repository is configured to store an address for a device associated with the user such that the address is retrievable using the information regarding the user contained in the request.
  - 17. The system of claim 16, wherein the at least one of the one or more gateways is further configured to send a notification message to the address stored in the repository.
  - 18. The system of claim 17, wherein the at least one of the one or more gateways is further configured to send the notification message to an additional address associated with the user.
  - 19. The system of claim 12, wherein the work flow component is configured to generate the SFA token by deriving at least a portion of the token from information regarding the user.
  - 20. The system of claim 12, wherein the at least one of the one or more gateways is further configured to send a notification to a third party that the SFA token has been generated.

21. A non-transitory computer readable medium containing computer instructions that, when executed by one or more processors, cause the one or more processors to take actions, comprising:
- receiving a request for second factor authentication (SFA) from a third party, wherein the request for SFA contains information regarding a user and a desired characteristic of the SFA;
  
  generating an SFA token based on the received information regarding the user and desired characteristic of the SFA;
  
  sending the generated SFA token to a device associated with the user and to the third party, wherein the third party preserves the SFA token within its environment;
  
  associating the SFA token with an identifier for the user in a repository; and
  
  communicating with the user using the SFA token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sybase Incorporated (SAP SE)
Original Assignee
Sybase Incorporated (SAP SE)
Inventors
Sarmah, Dilip, Gadagkar, Rajat Mounendrababu, Erickson, Kyle Warner
Primary Examiner(s)
Su, Sarah

Application Number

US13/759,243
Publication Number

US 20130148806A1
Time in Patent Office

1,155 Days
Field of Search

380/255, 713/168, 713/172, 713/182, 713/185, 726/2, 726/16, 726/17, 726/20, 726/26, 726/27, 726/28
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/083   using passwords cryptograph...

H04L 9/3213   using tickets or tokens, e....

H04W 12/06   Authentication

H04W 4/14   Short messaging services, e...

System and method for second factor authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

84 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for second factor authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links