Processing authorization requests
US-2015254672-A1 · Sep 10, 2015 · US
Method for secure user and transaction authentication and risk management
US10284549B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10284549-B2 |
| Application number | US-201615015592-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 4, 2016 |
| Priority date | Jan 27, 2010 |
| Publication date | May 7, 2019 |
| Grant date | May 7, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of authenticating a user on a network, comprising: receiving, by a security server, a request of a network site to have a user authenticated and first information; generating, by the security server, a one-time-password, wherein the one-time-password is independently verifiable by the network site or the security server based on the first information, wherein: the one-time-password is generated as a function of a secret shared by the security server and the network site but not known to the user or associated with any particular user; and the secret shared by the security server and the network site comprises a predetermined value agreed upon by both the security server and the network site to be used for all users utilizing the enterprise; and transmitting over a network, by the security server to a window displayed on a remotely located first network device of the user, the one-time-password being for entry by the user onto a network page associated with the network site and displayed on a second network device of the user, and for subsequent verification by the network site to thereby authenticate the user. 2. The method of claim 1 , wherein: the first user network device is of a type that is different than the second user network device. 3. The method of claim 1 , wherein: the first user network device is a mobile smart phone; and the second user network device is a computer. 4. The method of claim 1 , further comprising: storing, at the security server, a log of transactions between the user and the network site. 5. The method of claim 4 , further comprising: computing, by the security server, a risk profile of the user based on the stored transactions log. 6. The method of claim 5 , further comprising: transmitting, by the security server to a third party, the stored transactions log for risk analysis. 7. The method of claim 1 , wherein the one-time password is based on a time stamp. 8. The method of claim 1 , wherein the first information comprises the user's phone number. 9. The method of claim 1 , wherein the user is authenticated using the one-time-password entered into the network site on the second network device. 10. A method of authenticating a user on a network site, comprising: transmitting, by a network site directly to a security server, a request to have a user authenticated; receiving first information directly from the security server; receiving, by a network page associated with the network site from a network device of the user, a one-time-password for authentication, wherein: the one-time-password is generated and transmitted over a network, by the security server to the network device of the user for presentation on a window displayed by the network device of the user and entry by the user onto the network page and displayed on another user network device; the network device of the user is remotely located from the security server; the one-time-password is generated as a function of a secret shared by the security server and the network site but not known to the user or associated with any particular user; and the secret shared by the security server and the network site comprises a predetermined value agreed upon by both the security server and the network site to be used for all users utilizing the enterprise; receiving, by the network site, the one-time-password which is based on the first information shared by the security server and the network site, but not by the user; receiving second information directly from the security server; and authenticating, by the network site, the user based on the second information. 11. The method of claim 10 , wherein the shared secret is not associated with any particular user. 12. The method of claim 1 , further comprising: receiving a request from a first user network device to perform a transaction, wherein the one-time password is received from a second user network device. 13. The method of claim 12 , wherein the first user network device is of a type that is different than the second user network device. 14. The method of claim 13 , wherein: the first user network device is a mobile smart phone; and the second user network device is a computer. 15. The method of claim 10 , wherein the one-time password is based on a time stamp. 16. A method of authenticating a user on a network site, comprising: transmitting, by a network site directly to a security server, a request to have a user authenticated using a one-time password to be generated by the security server, and first information, wherein: the one-time-password is generated as a function of a secret shared by the security server and the network site but not known to the user or associated with any particular user; and the secret shared by the security server and the network site comprises a predetermined value agreed upon by both the security server and the network site to be used for all users utilizing the enterprise; receiving, by a network page associated with the network site from a network device of the user, the one-time-password generated by the security server, wherein the one-time-password is transmitted over a network, by the security server to the network device of the user for presentation on a window displayed by the network device of the user and entry by the user onto the network page and displayed on another user network device, wherein the network device of the user is remotely located from the security server; and authenticating, by the network site, the user based on the one time password. 17. The method of claim 16 , further comprising: receiving a request from a first user network device to perform a transaction, wherein the one-time password is received from a second user network device. 18. The method of claim 17 , wherein the first user network device is of a type that is different than the second user network device. 19. The method of claim 16 , wherein the one-time password is based on a time stamp. 20. The method of claim 16 , wherein the one-time-password is generated based on the first information shared by the security server and the network site, but not by the user.
Assignees
Inventors
Classifications
using a plurality of channels (network architectures or network communication protocols using different networks H04L63/18) · CPC title
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title
applying multi-factor authentication · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10284549B2 cover?
- To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not b…
- Who is the assignee on this patent?
- Early Warning Services Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0838. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 07 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).