Methods and Systems for Thwarting Side Channel Attacks
US-2015373035-A1 · Dec 24, 2015 · US
Two factor authentication using a one-time password
US9378356B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9378356-B2 |
| Application number | US-201213447092-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 13, 2012 |
| Priority date | Apr 13, 2012 |
| Publication date | Jun 28, 2016 |
| Grant date | Jun 28, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and systems for online authentication eliminate the common username plus password combination, using instead a novel two-factor authentication that employs a mobile phone number and a one-time, limited life password. The user provides the mobile phone number to a login dialog and receives, from a service provider, the one-time password, e.g., via a text message, at the mobile device to which the phone number belongs. If the user enters the one-time password before it expires, the user is authenticated and logged in. A method for authentication or authorization to a website includes: receiving a phone number from a user via a communication network in response to a login prompt displayed to the user; transmitting a one-time password to the phone number using text messaging; and in response to receiving the one-time password back from the user, authenticating the user for transactions with the website.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a non-transitory memory storing machine-readable data; and one or more hardware processors coupled to the non-transitory memory and configured to communicate over a network with a mobile device of a user and with a plurality of websites and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: displaying a login prompt to the user at a merchant website from the plurality of websites; receiving a phone number from the user having an account with a financial service provider (FSP), via the network, in response to the login prompt; transmitting a one-time password to a mobile phone using the phone number; and in response to only receiving the one-time password from the user via the network, authenticating, by the FSP, the user with the merchant website; sharing, with the merchant website, profile information about the user from the user's account with the FSP, including a unique identifier generated by the FSP that represents the user's account with the FSP, wherein the profile information is associated with the unique identifier generated by the FSP; logging the user directly into the merchant website based on the profile information and the unique identifier; and logging the user, from the merchant website, into a second website of the plurality of websites based on the profile information and the unique identifier without further use of the one-time password or phone number. 2. The system of claim 1 , wherein the one-time password is not sent to the merchant website. 3. The system of claim 1 , wherein the login prompt is displayed on a login host website. 4. The system of claim 1 , wherein the one-time password has predefined expiration period, after which the processor does not authenticate the user in response to receiving the one-time password. 5. The system of claim 1 , wherein receiving the phone number comprises receiving the phone number via the network from a device displaying the login prompt. 6. The system of claim 1 , wherein the one-time password is transmitted using short message service (SMS) texting to a device having the phone number. 7. The system of claim 1 , wherein receiving the one-time password comprises receiving the one-time password via the network from a device displaying the login prompt. 8. The system of claim 1 , wherein receiving the one-time password comprises receiving the one-time password via the network from a phone to which the one-time password was transmitted. 9. A method comprising: displaying a login prompt to a user at a merchant website; receiving a phone number from the user having an account with a financial service provider (FSP), via a network, in response to the login prompt; transmitting a one-time password using the phone number; and in response to only receiving the one-time password from the user via the network, authenticating, by the FSP, the user with the merchant website; sharing, with the merchant website, profile information about the user from the user's account with the FSP, including a unique identifier generated by the FSP that represents the user's account with the FSP, wherein the profile information is associated with the unique identifier generated by the FSP; logging the user directly into the merchant website based on the profile information and the unique identifier; and logging the user, from the merchant website, into a second website based on the profile information and the unique identifier without further use of the one-time password or phone number. 10. The method of claim 9 , wherein the one-time password is not sent to the merchant website. 11. The method of claim 9 , further comprising displaying the login prompt on a login host website. 12. The method of claim 9 , further comprising: setting an expiration period for the one-time password, wherein: after the expiration period has passed, authentication of the user fails. 13. The method of claim 9 , wherein receiving the phone number comprises: receiving the phone number via the network from a device displaying the login prompt. 14. The method of claim 9 , wherein receiving the one-time password comprises: receiving the one-time password via the network from a device displaying the login prompt. 15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising: displaying a login prompt to a user at a merchant website; receiving a phone number from the user having an account with a financial service provider (FSP), via a network, in response to the login prompt; transmitting a one-time password using the phone number; and in response to receiving only the one-time password from the user via the network, authenticating, by the FSP, the user with the merchant website; sharing, with the merchant website, profile information about the user from the user's account with the FSP, including a unique identifier generated by the FSP that represents the user's account with the FSP, wherein the profile information is associated with the unique identifier generated by the FSP; logging the user directly into the merchant website based on the profile information and the unique identifier; and logging the user, from the merchant website, into a second website based on the profile information and the unique identifier without further use of the one-time password or phone number. 16. The non-transitory machine-readable medium of claim 15 wherein the one-time password is not sent to the merchant website. 17. The non-transitory machine-readable medium of claim 15 further comprising machine-readable instructions executable to cause the machine to perform operations comprising: displaying the login prompt on a login host website. 18. The non-transitory machine-readable medium of claim 15 further comprising machine-readable instructions executable to cause the machine to perform operations comprising: setting an expiration period for the one-time password, wherein: after the expiration period expires, the processor does not authenticate the user in response to receiving the one-time password. 19. The non-transitory machine-readable medium of claim 15 further comprising machine-readable instructions executable to cause the machine to perform operations comprising: transmitting the one-time password using short message service (SMS) texting to a device having the phone number. 20. The non-transitory machine-readable medium of claim 15 further comprising machine-readable instructions executable to cause the machine to perform operations comprising: receiving the one-time password via the network from a phone to which the one-time password was transmitted.
Assignees
Inventors
Classifications
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title
using time-dependent-passwords, e.g. periodically changing passwords · CPC title
applying multi-factor authentication · CPC title
Authentication · CPC title
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9378356B2 cover?
- Methods and systems for online authentication eliminate the common username plus password combination, using instead a novel two-factor authentication that employs a mobile phone number and a one-time, limited life password. The user provides the mobile phone number to a login dialog and receives, from a service provider, the one-time password, e.g., via a text message, at the mobile device to …
- Who is the assignee on this patent?
- Rockwell Paul, Paypal Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/43. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 28 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).