System and method for transaction security responsive to a signed authentication
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06Q-020/00
G06Q-020/40
H04W-012/06
H04L-029/06
H04W-012/12
출원번호
US-0625148
(2012-09-24)
등록번호
US-9098850
(2015-08-04)
발명자
/ 주소
Weiner, Avish Jacob
Ne'Man, Ran
출원인 / 주소
Ping Identity Corporation
인용정보
피인용 횟수 :
6인용 특허 :
19
초록▼
A system arranged to authenticate a user via its mobile device to a service provider, the system comprising: an authentication server; the user mobile device, the user mobile device provided with a verification application arranged to communicate with the authentication server; and a notification se
A system arranged to authenticate a user via its mobile device to a service provider, the system comprising: an authentication server; the user mobile device, the user mobile device provided with a verification application arranged to communicate with the authentication server; and a notification server in communication with the authentication server and arranged to transmit a notification to the user mobile device responsive to the authentication server, the authentication server arranged to provide a signed authentication to the service provider responsive to present and historical information regarding one of: the user mobile device; and an additional user device in communication with said authentication server, said signed authentication provided in accordance with a rule set determined by an authorized entity stored on said authentication server memory governing the required present and historical information attribute.
대표청구항▼
1. A system arranged to provide access from a user device to a service provider, the system comprising: an authentication server, said authentication server comprising an authentication server processor and an associated authentication server non-transitory memory, said authentication server non-tra
1. A system arranged to provide access from a user device to a service provider, the system comprising: an authentication server, said authentication server comprising an authentication server processor and an associated authentication server non-transitory memory, said authentication server non-transitory memory having loaded thereon instructions readable by said authentication server processor, which when executed by said authentication server processor cause said authentication server to:determine that a mobile device has accessed the authentication server;in response to said determination, provide to said mobile device a list at least of selectable at least one service provider and at least one registered user device other than said mobile device;receive a selection made at said mobile device of a service provider, from among said at least one selectable service provider, to which access is desired, and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired;determine whether one or more requirements of one or more rule sets for authentication has been fulfilled; andbased on the determination that the one or more requirements has been fulfilled, send an authentication message to the selected service provider and authorize the selected service provider to allow access by the selected user device. 2. The system according to claim 1, wherein said authentication server is further arranged to obtain location information for said mobile device and location information for said selected user device, and said authentication server is arranged to send said authentication message in the event that said obtained location information for said mobile device and said obtained location information for said selected user device indicate that said mobile device is within a predetermined range of said selected user device. 3. The system according to claim 2, further comprising the mobile device, said mobile device comprising a peripheral providing location information, a mobile device processor and an associated mobile device non-transitory memory, said mobile device non-transitory memory having loaded thereon instructions readable by said mobile device processor, which when executed by said mobile device processor cause said mobile device to retrieve location information from the location information providing peripheral and to transmit the retrieved location information to said authentication server; wherein in the event that transmitted location information for said mobile device indicates that said mobile device is no longer within said predetermined range, said authentication server is further arranged to either: notify said selected user device that location security has been breached; ornotify the selected service provider of cancellation of said sent authentication message. 4. The system according to claim 1, further comprising said selected user device, said selected user device comprising a user device processor and an associated user device non-transitory memory, said user device non-transitory memory having loaded therein an operating system, said selected service provider being the operating system on the selected user device; the operating system arranged to receive an authentication message and to allow access by said selected user device, said selected user device arranged to, after having been allowed access to the operating system, access at least one memory location of the user device non-transitory memory, or a resource on the selected user device. 5. The system according to claim 1, wherein said authentication message is sent by injecting said authentication message to said selected user device, thereby causing said selected user device to provide an authentication message to the selected service provider. 6. The system according to claim 5, wherein said injected authentication message and said provided authentication message are identical. 7. The system according to claim 1, further comprising said selected user device, wherein said selected user device comprises a user device processor and an associated user device memory readable by said user device processor, said user device non-transitory memory having loaded thereon instructions, which when executed by said user device processor cause said selected user device to: send a user device verification message to said authentication server, wherein receipt of said verification message by said authentication server from said selected user device is one of said one or more requirements, andwherein said user device verification message comprises present information regarding said selected user device selected from a group comprising: a hardware fingerprint, a software fingerprint, a present geographical location of the selected user device, and user recent interaction with the selected user device. 8. The system according to claim 1, further comprising said mobile device, said mobile device comprising a mobile device processor and an associated mobile device non-transitory memory, said mobile device non-transitory memory having loaded thereon a verification application comprising instructions readable by said mobile device processor, which when executed by said mobile device processor cause said mobile device to send to said authentication server a mobile device verification message, wherein receipt of said mobile device verification message by said authentication server from said mobile device is one of said one or more requirements and wherein said mobile device verification message comprises an identifier of the mobile device and present information regarding said mobile device, the present information selected from a group comprising a hardware fingerprint, a software fingerprint, a present geographical location of the mobile device, and user recent interaction with the mobile device. 9. The system according to claim 1, wherein the authentication server is further arranged to maintain historical information regarding said mobile device, said at least one selectable registered user device, and authentication messages sent by said authentication server, and wherein said authentication server is arranged to consider said historical information and present information when determining whether at least one of said one or more requirements has been fulfilled. 10. The system according to claim 9, wherein said historical information includes information which is a factor in generating a security risk score, responsive to said present information and said historical information, for determining whether at least one of said one or more requirements has been fulfilled. 11. The system according to claim 1, wherein said at least one selectable service provider comprises a plurality of selectable service providers and wherein at least one of said one or more requirements is associated with said selected service provider but not associated with at least one other of said plurality of selectable service providers. 12. The system according to claim 1, further comprising said selected service provider, wherein said selected service provider is arranged to allow access by said user device after receiving an authentication message. 13. The system according to claim 12, wherein said service provider is further arranged to allow access by said selected user device after receiving an authentication message and performing at least one of: validating said received authentication message, receiving a password from said selected user device, or requiring any other security measure from said selected user device. 14. The system according to claim 1, further comprising said mobile device, said mobile device comprising a mobile device processor and an associated mobile device non-transitory memory, said mobile device non-transitory memory having loaded thereon instructions readable by said mobile device processor, which when executed by said mobile device processor cause said mobile device to: access said authentication server,display said list, andresponsive to at least one user gesture, transmit said selection. 15. The system according to claim 1, wherein said list also includes said mobile device because said mobile device is alternatively selectable for accessing a service provider from among said at least one selectable service provider. 16. A method of providing access from a user device to a service provider, the method comprising: determining, by an authentication server, that a mobile device has accessed the authentication server;in response to said determination, providing by the authentication server to said mobile device a list at least of selectable at least one service provider and at least one registered user device other than said mobile device;receiving, by the authentication server, a selection made at said mobile device of a service provider, from among said at least one selectable service provider, to which access is desired and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired;determining, by the authentication server, whether one or more requirements of one or more rule sets for authentication has been fulfilled; andbased on the determination that the one or more requirements has been fulfilled, sending, by the authentication server, an authentication message to the selected service provider and authorizing the selected service provider to allow access by the selected user device. 17. The method according to claim 16, further comprising: the authentication server obtaining location information for said selected user device; andthe authentication server obtaining location information for said mobile device,wherein said authentication message is sent in the event that the obtained location information for said mobile device and the obtained location information for said selected user device indicate that the mobile device is within a predetermined range of the selected user device. 18. The method according to claim 17, further comprising: the authentication server obtaining updated location information for said mobile device after the authentication message has been sent to the selected service provider; andin the event that the updated location information of said mobile device indicates that the mobile device is no longer within said predetermined range, the authentication server either:notifying the selected user device that location security has been breached; ornotifying the selected service provider of cancellation of said sent authentication message. 19. The method according to claim 16, wherein the selected service provider is an operating system loaded on a non-transitory memory of the selected user device, the method further comprising: the operating system receiving an authentication message and allowing access by the selected user device; andthe selected user device accessing at least one memory location, or resource, on the selected user device, after having been allowed access to the operating system. 20. The method of claim 16, further comprising: the selected service provider allowing access by said selected user device. 21. The method of claim 16, further comprising: the mobile device accessing said authentication server;the mobile device displaying said list; andresponsive to at least one user gesture, the mobile device transmitting said selection. 22. The method according to claim 16, wherein said authentication message is sent by injecting said authentication message to said selected user device, thereby causing said selected user device to provide an authentication message to the selected service provider. 23. The method according to claim 16, wherein receipt of a user device verification message by said authentication server from the selected user device is one of said one or more requirements, and wherein said selected user device verification message comprises present information regarding the selected user device selected from a group comprising: a hardware fingerprint, a software fingerprint, a present geographical location of the selected user device, and user recent interaction with the selected user device. 24. The method according to claim 16, wherein receipt of a mobile device verification message by said authentication server from the mobile device is one of said one or more requirements, and wherein said mobile device verification message comprises an identifier of the mobile device and present information regarding said mobile device, the present information selected from a group comprising: a hardware fingerprint, a software fingerprint, a present geographical location of the mobile device, and user recent interaction with the mobile device. 25. The method according to claim 16, further comprising: the authentication server maintaining historical information regarding said mobile device, said at least one selectable registered user device, and authentication messages sent by said authentication server, wherein the authentication server considers said historical information and present information when determining whether at least one of said one or more requirements has been fulfilled. 26. A computer program product comprising a non-transitory computer readable medium having computer readable program code embodied therein for providing access from a user device to a service provider, the computer program product comprising: computer readable program code for causing an authentication server to determine whether said authentication server has been accessed by a mobile device, and in response to said determination, provide to said mobile device a list at least of selectable at least one service provider and at least one registered user device other than said mobile device;computer readable program code for causing the authentication server to receive a selection made at said mobile device of a service provider, from among said at least one selectable service provider, to which access is desired, and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired; andcomputer readable program code for causing the authentication server to determine whether one or more requirements of one or more rule sets for authentication has been fulfilled, and based on the determination that the one or more requirements has been fulfilled, send an authentication message to said selected service provider and authorize said selected service provider to allow access by said selected user device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (19)
Eonnet,Yves, Authentication method and device in a telecommunication network using a portable device.
Swartz, Jerome; Goldman, Ron; Roslak, Thomas; Serbin, Gary; Barkume, Anthony R.; Stern, Miklos; White, Jay P., Cellular telephone for acquiring data encoded in bar code indicia.
Begum Paul G. (2608 Nottingham Way Salt Lake City UT 84108) Geiger Mark A. (871 Canyon Ridge Way #31 Midvale UT 84047), Instant electronic coupon verification system.
Leslie D. Owens ; Mark S. Plecity ; Alvah B. Davis ; David T. Kiswani ; I-Hsiang Yu, Method and system for validating subscriber identities in a communications network.
Challa,Nagesh; Gobburu,Venkata T., System, method, and apparatus for communicating information between a mobile communications device and a bar code scanner.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Zhang, Xianhong; Keys, Andrew T.; Pruthi, Kapil; Carpenter, Daniel Lynn; Pender, Mark A.; Yezo, Spencer; Dave, Apeksh M., Service channel authentication token.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.