Authentication method and system

US 9,406,062 B2
Filed: 03/29/2011
Issued: 08/02/2016
Est. Priority Date: 08/21/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising performing the following acts by a network server in a telecommunications network:

receiving a request from an entity to authorize a transaction involving a user having a mobile device;

accessing the mobile device'"'"'s address;

generating a communication to be sent based on information about the transaction to be authorized;

causing the generated communication to be sent to the mobile device'"'"'s address from a first reply address, wherein the first reply address is selected from a plurality of possible reply addresses prior to sending the generated message;

receiving a response from the mobile device'"'"'s address;

determining if the response from the mobile device'"'"'s address was received at the first reply address, which was selected from the plurality of possible reply addresses, and if the response was received at the first reply address, determining if the response received at the first reply address authorizes the transaction; and

if the response received at the first reply address authorizes the transaction, sending a communication to the entity indicating that the transaction is authorized;

wherein the mobile device'"'"'s address and each of the reply addresses are addresses in a telecommunication network.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provide herein is a method and system capable of authenticating transactions involving at least one service provider and one or more users who are each in electronic communication. This electronic communication can be, for example, SMS, MMS, e-mail, or online account messaging. It is an aspect of certain embodiments where the transaction is an authentication and/or verification of an entity. Examples of such entities are products, actions and users.

72 Citations

30 Claims

1. A method comprising performing the following acts by a network server in a telecommunications network:
- receiving a request from an entity to authorize a transaction involving a user having a mobile device;
  
  accessing the mobile device'"'"'s address;
  
  generating a communication to be sent based on information about the transaction to be authorized;
  
  causing the generated communication to be sent to the mobile device'"'"'s address from a first reply address, wherein the first reply address is selected from a plurality of possible reply addresses prior to sending the generated message;
  
  receiving a response from the mobile device'"'"'s address;
  
  determining if the response from the mobile device'"'"'s address was received at the first reply address, which was selected from the plurality of possible reply addresses, and if the response was received at the first reply address, determining if the response received at the first reply address authorizes the transaction; and
  
  if the response received at the first reply address authorizes the transaction, sending a communication to the entity indicating that the transaction is authorized;
  
  wherein the mobile device'"'"'s address and each of the reply addresses are addresses in a telecommunication network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, further comprising:
    - causing one or more additional generated communications to be sent to the mobile device'"'"'s address from a second reply address, the second reply address being selected from the same plurality of possible reply addresses as the first reply address,receiving one or more additional responses from the mobile device'"'"'s address,determining if the one or more additional responses from the mobile device'"'"'s address were received at the second reply address.
  - 3. The method of claim 2, further comprising determining if the response to the second reply address authorizes the transaction.
  - 4. The method of claim 3, further comprising determining an assurance level for the authorization based on the responses to the generated communications.
  - 5. The method of claim 4, wherein the request to authorize the transaction includes a desired assurance level of authorization and the communication to the entity includes the determined assurance level.
  - 6. The method of claim 2, wherein the second reply address is different from the first reply address.
  - 7. The method of claim 2, wherein contents of the communication to the entity is chosen based on the response, or lack of response, from the mobile device'"'"'s address to the generated communications.
  - 8. The method of claim 1,wherein determining if the response received at the first reply address authorizes the transaction includes analyzing semantics of the response.
  - 9. The method of claim 8, wherein the analyzing of the semantics of the response includes comparing content of the response with stored criteria indicating acceptable responses.
  - 10. The method of claim 9, wherein if the content of the response does not meet the stored criteria, the response is rejected as not being an authentic response.
  - 11. The method of claim 9, wherein, if the content of the response does not meet the stored criteria, the client is not authenticated.
  - 12. The method of claim 1, wherein determining if the response to the first reply address authorizes the transaction includes determining if the communication response is a suitable response for the generated communication.
  - 13. The method of claim 1, wherein accessing the mobile device'"'"'s address includes sending a request to a third-party to retrieve the mobile device'"'"'s address.
  - 14. The method of claim 1, wherein accessing the mobile device'"'"'s address includes retrieving the mobile device address from the request from the entity.
  - 15. The method of claim 1, wherein the message is an SMS, MMS or e-mail message.
  - 16. The method of claim 1, wherein the mobile device'"'"'s address is an e-mail address, mobile phone address or an online account name having a messaging function.
  - 17. The method of claim 1, wherein the communication is an SMS message.
  - 18. The method of claim 1, wherein the response is a SMS message.
  - 19. The method of claim 1, wherein the response is an e-mail message.
  - 20. The method of claim 1, wherein the response is a text message.

21. A network server comprising:
- a reception logic for receiving a request from an entity to authorize a transaction involving a user having a mobile devicea processor comprising an application which;
  
  accesses the mobile device'"'"'s address, wherein accessing the mobile device'"'"'s address includes retrieving the mobile device address from a database accessible by the network server;
  
  generates a communication to be sent based on information about the transaction to be authorized;
  
  causes the generated communication to be sent from a first reply address to the mobile device address retrieved from the database, wherein the first reply address is selected from a plurality of possible reply addresses prior to sending the generated message; and
  
  receives a response from the mobile device'"'"'s address;
  
  determines if the response from the mobile device'"'"'s address was received at the first reply address, which was selected from the plurality of possible reply addresses, and if the response was received at the first reply address, determines if the response received at the first reply address authorizes the transaction; and
  
  if the response received at the first reply address authorizes the transaction, sends a communication to the entity indicating that the transaction is authorized.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The network server of claim 21wherein the determination if the communication response to the first reply address authorizes the transaction includes an analysis of semantics of the communication response.
  - 23. The mediator of claim 22, wherein the analysis of the semantics of the response includes comparing content of the response with stored criteria indicating acceptable responses.
  - 24. The mediator of claim 23, wherein if the content of the response does not meet the stored criteria, the response is rejected as not being an authentic response.
  - 25. The mediator of claim 23, wherein, if the content of the response does not meet the stored criteria, the client is not authenticated.
  - 26. The network server of claim 21, wherein the receiving the request from the entity and the sending the communication to the entity are performed over a telecommunications network.
  - 27. The network server of claim 21, wherein the communication is an SMS message.
  - 28. The network server of claim 21, wherein the response is a SMS message.
  - 29. The network server of claim 21, wherein the response is an email message.
  - 30. The network server of claim 21, wherein the response is a text message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Smartcom Labs OY
Original Assignee
Bookit Oy Ajanvarauspalvelu
Inventors
Salonen, Jukka
Primary Examiner(s)
Chen, George

Application Number

US13/074,037
Publication Number

US 20110173017A1
Time in Patent Office

1,953 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 10/02   Reservations, e.g. for tick...

G06Q 10/109   Time management, e.g. calen...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 30/06   Buying, selling or leasing ...

G08G 1/207   with respect to certain are...

H04L 63/08   for authentication of entit...

H04W 12/062   Pre-authentication

Authentication method and system

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method and system

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links