Multi-factor authentication

US 9,509,683 B2
Filed: 03/13/2015
Issued: 11/29/2016
Est. Priority Date: 08/23/2011
Status: Active Grant

First Claim

Patent Images

1. A method in a processor operable to execute logic encoded on one or more non-transitory computer-readable media, the method comprising:

providing a designated link to an address associated with a user, the designated link operable to facilitate the user'"'"'s retrieval of a message from a forwarding system, the designated link including a unique identifier that the forwarding system uses to uniquely identify the message, wherein the designated link is formatted such that the unique identifier is not displayed to the user;

receiving a request to access the message, wherein if the request includes the unique identifier it indicates that the request was received via the designated link;

determining authentication factors that are to be verified based on whether the request includes the unique identifier, wherein it is determined that at least one of the authentication factors is to be verified only if the request fails to include the unique identifier;

authenticating the request according to the determined authentication factors; and

communicating the message if the request passes authentication.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to some embodiments, a method provides a designated link in a notification to an intended recipient of the message. The designated link includes a unique identifier associated with the message. Upon receiving a request to access the message, the method authenticates the request. Authentication includes verifying whether the request corresponds to the designated link provided in the notification. If the request passes authentication, the method communicates the message.

39 Citations

View as Search Results

20 Claims

1. A method in a processor operable to execute logic encoded on one or more non-transitory computer-readable media, the method comprising:
- providing a designated link to an address associated with a user, the designated link operable to facilitate the user'"'"'s retrieval of a message from a forwarding system, the designated link including a unique identifier that the forwarding system uses to uniquely identify the message, wherein the designated link is formatted such that the unique identifier is not displayed to the user;
  
  receiving a request to access the message, wherein if the request includes the unique identifier it indicates that the request was received via the designated link;
  
  determining authentication factors that are to be verified based on whether the request includes the unique identifier, wherein it is determined that at least one of the authentication factors is to be verified only if the request fails to include the unique identifier;
  
  authenticating the request according to the determined authentication factors; and
  
  communicating the message if the request passes authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the method provides the designated link in response to receipt of the message at a secure email account that the forwarding system maintains for the user and the address to which the designated link is provided corresponds to another email account associated with the user.
  - 3. The method of claim 2, wherein the method receives the message from a sender according to one encryption method and communicates the message to the address associated with the user according to a different encryption method.
  - 4. The method of claim 1, wherein the at least one authentication factor that is determined to be verified only if the request fails to include the unique identifier comprises verifying a cookie stored by a particular computing system.
  - 5. The method of claim 1, wherein the at least one authentication factor that is determined to be verified only if the request fails to include the unique identifier comprises sending a temporary passcode to the user and receiving the temporary passcode back from the user.
  - 6. The method of claim 1, further comprising:
    - receiving the message via a first secure connection according to one of a Secure Socket Layer (SSL) protocol, a Transport Layer Security (TLS) protocol, or other secure protocol; and
      
      wherein communicating the message if the request passes authentication comprises communicating the message via a second secure connection according to of the Secure Socket Layer (SSL) protocol, the Transport Layer Security (TLS) protocol, or other secure protocol.
  - 7. The method of claim 1, wherein the designated link includes a uniform resource locator (URL) that is displayed to the user such that if the request includes the URL but does not include the unique identifier, the request is directed to a main web page associated with the forwarding system.

8. One or more non-transitory computer-readable media comprising logic that, when executed by one or more processing units, is operable to perform operations comprising:
- providing a designated link to an address associated with a user, the designated link operable to facilitate the user'"'"'s retrieval of a message from a forwarding system, the designated link including a unique identifier that the forwarding system uses to uniquely identify the message, wherein the designated link is formatted such that the unique identifier is not displayed to the user;
  
  receiving a request to access the message, wherein if the request includes the unique identifier it indicates that the request was received via the designated link;
  
  determining authentication factors that are to be verified based on whether the request includes the unique identifier, wherein it is determined that at least one of the authentication factors is to be verified only if the request fails to include the unique identifier;
  
  authenticating the request according to the determined authentication factors; and
  
  communicating the message if the request passes authentication.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The one or more non-transitory computer-readable media of claim 8, wherein:
    - the logic is operable to provide the designated link in response to receipt of the message at a secure email account that the forwarding system maintains for the user; and
      
      the address to which the designated link is provided corresponds to another email account associated with the user.
  - 10. The one or more non-transitory computer-readable media of claim 9, wherein the logic is operable to receive the message from a sender according to one encryption method and communicate the message to the address associated with the user according to a different encryption method.
  - 11. The one or more non-transitory computer-readable media of claim 8, wherein the at least one authentication factor that is determined to be verified only if the request fails to include the unique identifier comprises verifying a cookie stored by a particular computing system.
  - 12. The one or more non-transitory computer-readable media of claim 8, wherein the at least one authentication factor that is determined to be verified only if the request fails to include the unique identifier comprises sending a temporary passcode to the user and receiving the temporary passcode back from the user.
  - 13. The one or more non-transitory computer-readable media of claim 8, further operable to perform operations comprising:
    - receiving the message via a first secure connection according to one of a Secure Socket Layer (SSL) protocol, a Transport Layer Security (TLS) protocol, or other secure protocol; and
      
      wherein communicating the message if the request passes authentication comprises communicating the message via a second secure connection according to of the Secure Socket Layer (SSL) protocol, the Transport Layer Security (TLS) protocol, or other secure protocol.
  - 14. The one or more non-transitory computer-readable media of claim 8, wherein the designated link includes a uniform resource locator (URL) that is displayed to the user such that if the request includes the URL but does not include the unique identifier, the request is directed to a main web page associated with the forwarding system.

15. A forwarding system comprising memory and one or more processors, the forwarding system operable to:
- provide a designated link to an address associated with a user, the designated link operable to facilitate the user'"'"'s retrieval of a message from the forwarding system, the designated link including a unique identifier that the forwarding system uses to uniquely identify the message, wherein the designated link is formatted such that the unique identifier is not displayed to the user;
  
  receive a request to access the message, wherein if the request includes the unique identifier it indicates that the request was received via the designated link;
  
  determine authentication factors that are to be verified based on whether the request includes the unique identifier, wherein it is determined that at least one of the authentication factors is to be verified only if the request fails to include the unique identifier;
  
  authenticate the request according to the determined authentication factors; and
  
  communicate the message if the request passes authentication.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The forwarding system of claim 15, wherein:
    - the forwarding system is operable to provide the designated link in response to receipt of the message at a secure email account that the forwarding system maintains for the user; and
      
      the address to which the designated link is provided corresponds to another email account associated with the user.
  - 17. The forwarding system of claim 16, wherein the forwarding system is operable to receive the message from a sender according to one encryption method and communicate the message to the address associated with the user according to a different encryption method.
  - 18. The forwarding system of claim 15, wherein the at least one authentication factor that is determined to be verified only if the request fails to include the unique identifier comprises verifying a cookie stored by a particular computing system.
  - 19. The forwarding system of claim 15, wherein the at least one authentication factor that is determined to be verified only if the request fails to include the unique identifier comprises sending a temporary passcode to the user and receiving the temporary passcode back from the user.
  - 20. The forwarding system of claim 15, further operable to:
    - receive the message via a first secure connection according to one of a Secure Socket Layer (SSL) protocol, a Transport Layer Security (TLS) protocol, or other secure protocol; and
      
      wherein the forwarding system communicates the message if the request passes authentication by communicating via a second secure connection according to of the Secure Socket Layer (SSL) protocol, the Transport Layer Security (TLS) protocol, or other secure protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Original Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Inventors
Bauckman, Dena Terry, Johnson, Nigel Paul, Robertson, David Joseph
Primary Examiner(s)
Poltorak, Peter

Application Number

US14/657,623
Publication Number

US 20150188905A1
Time in Patent Office

627 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 51/212   using filtering or selectiv...

H04L 51/224   providing notification on i...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

Multi-factor authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Multi-factor authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others