US20120233682A1 - Secure access to restricted resource - Google Patents
Secure access to restricted resource Download PDFInfo
- Publication number
- US20120233682A1 US20120233682A1 US13/474,966 US201213474966A US2012233682A1 US 20120233682 A1 US20120233682 A1 US 20120233682A1 US 201213474966 A US201213474966 A US 201213474966A US 2012233682 A1 US2012233682 A1 US 2012233682A1
- Authority
- US
- United States
- Prior art keywords
- user
- information
- company
- access data
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
- H04L12/2869—Operational details of access network equipments
- H04L12/287—Remote access server, e.g. BRAS
- H04L12/2876—Handling of subscriber policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/38—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
- H04M3/382—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/0024—Services and arrangements where telephone services are combined with data services
Definitions
- token devices like token devices
- a company issues token devices to its employees and/or customers.
- the token devices generate numbers that change over time (e.g., every 1 minute).
- the company's server also generates numbers that track the numbers generated by the token devices.
- the numbers generated by the company's server are synchronized in time with the numbers generated by the token devices.
- the user When a user attempts to gain access to a restricted resource of the company, the user provides the number currently shown on his token device to the company's server and a personal identification number (PIN).
- PIN personal identification number
- the company's server regulates access to the restricted resource based on the user-provided number matching the number it generated, and the user's PIN.
- Token devices are expensive. While each token device alone may not be that expensive, it becomes expensive when purchasing token devices for all of a company's employees and/or customers. Also, token devices need to be periodically replaced (e.g., every 3 years). Therefore, token devices become a continuing expense. Further, it becomes impossible for an employee/customer to access the company's restricted resource if the employee/customer loses or forgets his token device.
- FIG. 1 is an exemplary diagram illustrating a concept described herein
- FIG. 2 is an exemplary diagram of a network in which systems and methods described herein may be implemented
- FIG. 3 is an exemplary diagram of a device that may correspond to one or more of the telephone device, service provider server, computer device, and/or authentication server of FIG. 2 ;
- FIG. 4 is a flowchart of an exemplary process for selectively providing access to a restricted resource
- FIGS. 5A-5B are exemplary diagrams of a telephone device that illustrate portions of the process of FIG. 4 ;
- FIG. 6 is an exemplary diagram of a computer device that illustrates portions of the process of FIG. 4 ;
- FIG. 7 is an exemplary diagram of another network in which systems and methods described herein may be implemented.
- FIG. 8 is an exemplary diagram of yet another network in which systems and methods described herein may be implemented.
- FIG. 1 is an exemplary diagram illustrating a concept described herein.
- a user might use a cellular telephone to contact a service provider.
- the user may authenticate herself to the service provider using, for example, information identifying the user's cellular telephone (e.g., caller identification (ID)) and possibly a password (e.g., any combination of letters, numbers, and/or symbols).
- ID information identifying the user's cellular telephone
- a password e.g., any combination of letters, numbers, and/or symbols.
- the service provider may provide an access number that might be shown on a display of the cellular telephone.
- the user might enter the access number into a user interface on a computer device that provides access to a restricted resource.
- the access number may be used to authenticate the user and provide selective access to the restricted resource.
- FIG. 2 is an exemplary diagram of a network 200 in which systems and methods described herein may be implemented.
- Network 200 may include a telephone device 210 connected to a service provider server 220 via network 230 , and a computer device 240 connected to authentication server 250 and restricted resource 260 via network 270 .
- a single telephone device 210 , service provider server 220 , computer device 240 , authentication server 250 , and restricted resource 260 have been illustrated as connected to networks 230 and 270 for simplicity. In practice, there may be more or fewer telephone devices, service provider servers, computer devices, authentication servers, and/or restricted resources.
- telephone device 210 may be implemented as single device
- authentication server 250 and restricted resource 260 may be implemented as a single device
- computer device 240 and restricted resource 260 may be implemented as a single device.
- Telephone device 210 may include any type or form of communication device, such as a cellular telephone, a cordless telephone, a wired telephone, a satellite telephone, a radiotelephone, a smart phone, etc. A user might use telephone device 210 to contact service provider server 220 .
- Service provider server 220 may include a device, such as a computer system, that is capable of communicating via network 230 and network 270 .
- service provider server 220 may be implemented as a single device.
- service provider server 220 may be implemented as multiple devices that are either co-located or remotely located.
- Computer device 240 may include any type or form of computation or communication device, such as a personal computer, a laptop, a personal digital assistant (PDA), etc.
- a user of computer device 240 may attempt to gain access to restricted resource 260 via authentication server 250 .
- Authentication server 250 may include a device, such as a computer system, that is capable of authenticating a user for selective access to restricted resource 260 .
- authentication server 250 may permit access to restricted resource 260 based on the access number from service provider server 220 .
- Restricted resource 260 may include any type or form of resource to which access may be controlled, such as a private network (e.g., a company intranet), a device (e.g., a computer, a memory device, or a peripheral), data (e.g., data associated with a user's account or profile), or software (e.g., an email application, a word processing program, or an operating system).
- a private network e.g., a company intranet
- a device e.g., a computer, a memory device, or a peripheral
- data e.g., data associated with a user's account or profile
- software e.g., an email application, a word processing program, or an operating system
- Network 230 may include a telephone network, such as a cellular network, the Public Switched Telephone Network (PSTN), or a combination of networks.
- Network 270 may include a local area network (LAN), a wide area network (WAN), a telephone network, such as the PSTN or a cellular network, an intranet, the Internet, or a combination of networks. It may be possible for network 230 and network 270 to be implemented as the same network.
- FIG. 3 is an exemplary diagram of a device that may correspond to one or more of telephone device 210 , service provider server 220 , computer device 240 , and/or authentication server 250 .
- the device may include a bus 310 , a processor 320 , a main memory 330 , a read only memory (ROM) 340 , a storage device 350 , an input device 360 , an output device 370 , and a communication interface 380 .
- Bus 310 may include a path that permits communication among the elements of the device.
- Processor 320 may include a processor, microprocessor, or processing logic that may interpret and execute instructions.
- Main memory 330 may include a random access memory (RAM) or another type of dynamic storage device that may store information and instructions for execution by processor 320 .
- ROM 340 may include a ROM device or another type of static storage device that may store static information and instructions for use by processor 320 .
- Storage device 350 may include a magnetic and/or optical recording medium and its corresponding drive.
- Input device 360 may include a mechanism that permits an operator to input information to the device, such as a keyboard, a mouse, a pen, voice recognition and/or biometric mechanisms, etc.
- Output device 370 may include a mechanism that outputs information to the operator, including a display, a printer, a speaker, etc.
- Communication interface 380 may include any transceiver-like mechanism that enables the device to communicate with other devices and/or systems. For example, communication interface 380 may include mechanisms for communicating with another device or system via a network, such as network 230 or 270 .
- the device shown in FIG. 3 may perform certain operations relating to the obtainment of selective access to restricted resource 260 .
- the device may perform these operations in response to processor 320 executing software instructions contained in a computer-readable medium, such as memory 330 .
- a computer-readable medium may be defined as a physical or logical memory device and/or carrier wave.
- the software instructions may be read into memory 330 from another computer-readable medium, such as data storage device 350 , or from another device via communication interface 380 .
- the software instructions contained in memory 330 may cause processor 320 to perform processes that will be described later.
- hardwired circuitry may be used in place of or in combination with software instructions to implement processes described herein.
- implementations described herein are not limited to any specific combination of hardware circuitry and software.
- FIG. 4 is a flowchart of an exemplary process for selectively providing access to a restricted resource.
- the processing of FIG. 4 may be performed by one or more software and/or hardware components within telephone device 210 , service provider server 220 , computer device 240 , authentication server 250 , or a combination of telephone device 210 , service provider server 220 , computer device 240 , and authentication server 250 .
- FIGS. 5A-5B are exemplary diagrams of a telephone device that illustrate portions of the process of FIG. 4 .
- FIG. 6 is an exemplary diagram of a computer device that illustrates portions of the process of FIG. 4 .
- Processing may begin with a telephone call being placed to a predetermined telephone number (block 410 ). For example, a user may enter a telephone number associated with service provider server 220 into telephone device 210 , as shown in FIG. 5A . When instructed by the user, telephone device 210 may place a call to service provider server 220 .
- the telephone call may be received and the user may be authenticated (blocks 420 and 430 ).
- service provider server 220 may identify the user based on unique telephone identifying information associated with telephone device 210 , such as caller ID information, International Mobile Subscriber Identity (IMSI) information, or other information unique to telephone device 210 .
- Service provider server 220 may identify the user of telephone device 210 based on user identifying information particular to the user, such as a password or biometric data (e.g., a voice signal).
- service provider server 220 may request that the user provide the user identifying information and may compare the user identifying information to identifying information previously associated with telephone device 210 . It may be possible for multiple users to be associated with the same telephone device 210 . In this case, service provider server 220 may use the user identifying information provided by the user to determine whether the user is one of these users and if so, which one.
- service provider server 220 may include a hardware or software access number generator that is configured to generate a random string of characters (e.g., any combination of numbers, letters, and/or symbols) of a predetermined length to be used as an access number.
- the access number may include the user identifying information (or possibly the telephone identifying information) embedded therein. In this case, a random string of characters may be generated and then this string of characters may be modified to embed the user identifying information.
- the user identifying information may be embedded in a manner known to authentication server 250 , such that authentication server 250 is capable of determining the user identifying information from the access number.
- the access number may be generated in a non-predictable manner that is not reproducible (e.g., by hacking)
- the access number may have a certain expiration time (e.g., 1 minute, 5 minutes, 30 minutes, etc.) that indicates when the access number expires. For security purposes, shorter expiration times may be favored over longer expiration times.
- the access number may be designed for a one-time use, such that the access number may be immediately expired upon use.
- Service provider server 220 may send the access number to telephone device 210 .
- service provider server 220 may send the access number in a message for presentation on a display of telephone device 210 , as shown in FIG. 5B .
- Service provider server 220 may also send the same access number to authentication server 250 .
- service provider server 220 may send the access number in a message along with information regarding the user to authentication server 250 .
- Authentication server 250 may use the user information to match a subsequent access attempt by the user to the message (and, thus, the access number) received from service provider server 220 .
- authentication server 250 may be contacted (block 450 ).
- the user may access a user interface associated with computer device 240 or authentication server 250 , as shown in FIG. 6 .
- the user may access the user interface using, for example, a web browser provided on computer device 240 .
- the user may be presented with the user interface automatically after powering up of computer device 240 .
- the access number may be presented to authentication server 250 (block 460 ).
- authentication server 250 may request various pieces of information to properly authenticate the user.
- authentication server 250 may authenticate the user based on the user's user name (e.g., Billy West) and the access number (e.g., 46A9B39P), as shown in FIG. 6 . If the access number includes the user identifying information (or telephone identifying information) embedded therein, authentication server 250 may authenticate the user based on the user name, the access number, and the user identifying information.
- authentication server 250 may authenticate the user based on the user name, the access number, and one or more additional pieces of information, such as a password that is unique to the user, biometric data that is unique to the user, a password that is unique to a group of users (e.g., employees of the same company), an address that is unique to computer device 240 used by the user, or some other information that can uniquely or semi-uniquely identify the user.
- additional pieces of information such as a password that is unique to the user, biometric data that is unique to the user, a password that is unique to a group of users (e.g., employees of the same company), an address that is unique to computer device 240 used by the user, or some other information that can uniquely or semi-uniquely identify the user.
- the access number may be provided to authentication server 250 in a number of ways. For example, the user might enter the access number using an input device, such as a keyboard. Alternatively, the access number may be transmitted from telephone device 210 to computer device 240 directly or indirectly via a wired or wireless connection.
- the user may be authenticated based on the access number (block 470 ).
- authentication server 250 may collect information from the user, as described above, and authenticate the user.
- authentication server 250 may properly authenticate the user based on the user name and a valid access number.
- the access number may be considered valid when it matches the access number received from service provider server 220 and the access number is received before it expires.
- authentication server 250 may use additional information to properly authenticate the user, as described above.
- Authentication server 250 may immediately expire the access number after use. In this case, if the user were to subsequently attempt to authenticate to authentication server 250 using the same access number, authentication server 250 would not properly authenticate the user because the access number would be identified as invalid.
- Selective access to restricted resource 260 may be provided (block 480 ). For example, if authentication server 250 cannot properly authenticate the user, then authentication server 250 may deny the user access to restricted resource 260 . In this case, the user may need to place another call to service provider server 220 to obtain a new access number (e.g., block 410 ). If authentication server 250 properly authenticates the user, then authentication server 250 may grant the user access to restricted resource 260 . In this case, authentication server 250 may send a message to restricted resource 260 , or another device that regulates access to restricted resource 260 (e.g., a firewall, a gateway, or the like), to permit access to the user.
- a firewall e.g., a firewall, a gateway, or the like
- the user's access to restricted resource 260 may be unlimited (e.g., permit unrestricted access to any part of restricted resource 260 ) or limited (e.g., permit access to only certain part(s) of restricted resource 260 ) based on policies associated with restricted resource 260 .
- the access number provided by service provider server 220 may not include the user identifying information (or telephone identifying information) embedded therein.
- authentication server 220 may authenticate the user based on the user name, the access number, and other information unique to the user, such as a password or biometric data.
- service provider server 220 may authenticate the user based solely on the telephone identifying information.
- authentication server 220 may authenticate the user based on the user name, the access number, and other information unique to the user, such as a password or biometric data.
- FIG. 7 is an exemplary diagram of another network 700 in which systems and methods described herein may be implemented.
- Network 700 may include telephone device 210 connected to service provider server 220 via network 230 , and computer device 240 connected to restricted resources 710 - 730 via network 270 .
- Telephone device 210 , service provider server 220 , network 230 , computer device 240 , and network 270 may be configured similar to like elements described with regard to FIG. 2 .
- authentication server 250 While no authentication server 250 is shown in FIG. 7 , it can be assumed that there is an authentication server for each company or each restricted resource (not shown). Alternatively, the authentication server functionality may be embedded within restricted resources 710 - 730 .
- Each of restricted resources 710 - 730 may be configured similar to restricted resource 260 , as described with regard to FIG. 2 . While three restricted resources 710 - 730 are shown in FIG. 7 , in practice, there may be more or fewer restricted resources. Assume in network 700 , however, that restricted resources 710 - 730 are associated with different legal entities (e.g., companies). As shown in FIG. 7 , restricted resource 710 may be associated with company A, restricted resource 720 may be associated with company B, and restricted resource 730 may be associated with company C. Each of companies A-C may subscribe to authentication services provided by service provider server 220 .
- service provider server 220 may be able to cross-authenticate users of one company's restricted resource to another company. This may create a community of companies that trust the same source of authentication (e.g., service provider server 220 ). This may also permit cross promotion such that company A can promote to company C so that company C's customers can gain quick and secure access to company A's restricted resource(s) using the same authentication procedures that they currently use with company C.
- service provider server 220 may determine with which company, or companies, the user is associated. For example, the user may be a customer of both company A and company B. In this case, when service provider server 220 sends the access number to the user, service provider server 220 may also provide the access number to both companies in anticipation of the user attempting to gain access to a restricted resource associated with one of the companies. Alternatively, service provider server 220 may recognize that the user is associated with multiple companies and ask the user to select one of the companies for which the user is going to subsequently attempt to access a restricted resource.
- FIG. 8 is an exemplary diagram of yet another network 800 in which systems and methods described herein may be implemented.
- Network 800 may include user device 810 connected to service provider server 220 via network 230 , and connected to authentication server 250 and restricted resource 260 via network 270 .
- Service provider server 220 , network 230 , authentication server 250 , restricted resource 260 , and network 270 may be configured similar to like elements described with regard to FIG. 2 .
- User device 810 may include any type of communication or computation device, such as a telephone device similar to telephone device 210 , a computer device similar to computer device 240 , or a device that combines aspects of a telephone device and a computer device.
- user device 810 may be used to not only receive the access number from service provider server 220 , but also to use that access number to access restricted resource 260 .
- user device 810 may contact service provider server 220 to obtain an access number.
- User device 810 may subsequently contact authentication server 250 and use the access number to gain access to restricted resource 260 . In these implementations, no separate telephone device and computer device may be necessary.
- Implementations described herein may provide a secure technique for providing a user with access to a restricted resource.
- a user receives the access number from service provider server 220 via a telephone call, this need not be the case.
- the user may receive the access number via a text message, such as an instant message or another form of reliable, quick communication.
- access to a restricted resource is obtained via an authentication server.
- the service provider server may operate as a proxy server for the restricted resource, such that the user can gain access to the restricted resource through the service provider server.
Abstract
A system may generate an access number, provide the access number to a user via a telephone call, and provide the access number to an authentication server. The system may regulate access by the user to a restricted resource based on the access number provided to the user and the access number provided to the authentication server.
Description
- Many companies use secure devices, like token devices, to regulate access to their restricted resources. A company issues token devices to its employees and/or customers. The token devices generate numbers that change over time (e.g., every 1 minute). The company's server also generates numbers that track the numbers generated by the token devices. The numbers generated by the company's server are synchronized in time with the numbers generated by the token devices.
- When a user attempts to gain access to a restricted resource of the company, the user provides the number currently shown on his token device to the company's server and a personal identification number (PIN). The company's server regulates access to the restricted resource based on the user-provided number matching the number it generated, and the user's PIN.
- Token devices are expensive. While each token device alone may not be that expensive, it becomes expensive when purchasing token devices for all of a company's employees and/or customers. Also, token devices need to be periodically replaced (e.g., every 3 years). Therefore, token devices become a continuing expense. Further, it becomes impossible for an employee/customer to access the company's restricted resource if the employee/customer loses or forgets his token device.
-
FIG. 1 is an exemplary diagram illustrating a concept described herein; -
FIG. 2 is an exemplary diagram of a network in which systems and methods described herein may be implemented; -
FIG. 3 is an exemplary diagram of a device that may correspond to one or more of the telephone device, service provider server, computer device, and/or authentication server ofFIG. 2 ; -
FIG. 4 is a flowchart of an exemplary process for selectively providing access to a restricted resource; -
FIGS. 5A-5B are exemplary diagrams of a telephone device that illustrate portions of the process ofFIG. 4 ; -
FIG. 6 is an exemplary diagram of a computer device that illustrates portions of the process ofFIG. 4 ; -
FIG. 7 is an exemplary diagram of another network in which systems and methods described herein may be implemented; and -
FIG. 8 is an exemplary diagram of yet another network in which systems and methods described herein may be implemented. - The following detailed description refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements. Also, the following detailed description does not limit the invention.
- Implementations described herein may facilitate selective access to a restricted resource.
FIG. 1 is an exemplary diagram illustrating a concept described herein. As shown inFIG. 1 , a user might use a cellular telephone to contact a service provider. The user may authenticate herself to the service provider using, for example, information identifying the user's cellular telephone (e.g., caller identification (ID)) and possibly a password (e.g., any combination of letters, numbers, and/or symbols). If the user is properly authenticated, the service provider may provide an access number that might be shown on a display of the cellular telephone. The user might enter the access number into a user interface on a computer device that provides access to a restricted resource. The access number may be used to authenticate the user and provide selective access to the restricted resource. -
FIG. 2 is an exemplary diagram of anetwork 200 in which systems and methods described herein may be implemented. Network 200 may include atelephone device 210 connected to aservice provider server 220 vianetwork 230, and acomputer device 240 connected toauthentication server 250 and restrictedresource 260 vianetwork 270. Asingle telephone device 210,service provider server 220,computer device 240,authentication server 250, and restrictedresource 260 have been illustrated as connected tonetworks - Also, it may be possible for some combination of
telephone device 210,service provider server 220,computer device 240,authentication server 250, and/or restrictedresource 260 to be implemented within a single device. For example,telephone device 210 andcomputer device 240 may be implemented as single device,authentication server 250 and restrictedresource 260 may be implemented as a single device, and/orcomputer device 240 and restrictedresource 260 may be implemented as a single device. -
Telephone device 210 may include any type or form of communication device, such as a cellular telephone, a cordless telephone, a wired telephone, a satellite telephone, a radiotelephone, a smart phone, etc. A user might usetelephone device 210 to contactservice provider server 220. -
Service provider server 220 may include a device, such as a computer system, that is capable of communicating vianetwork 230 andnetwork 270. In one embodiment,service provider server 220 may be implemented as a single device. In another embodiment,service provider server 220 may be implemented as multiple devices that are either co-located or remotely located. -
Computer device 240 may include any type or form of computation or communication device, such as a personal computer, a laptop, a personal digital assistant (PDA), etc. A user ofcomputer device 240 may attempt to gain access to restrictedresource 260 viaauthentication server 250.Authentication server 250 may include a device, such as a computer system, that is capable of authenticating a user for selective access to restrictedresource 260. In one embodiment,authentication server 250 may permit access to restrictedresource 260 based on the access number fromservice provider server 220. Restrictedresource 260 may include any type or form of resource to which access may be controlled, such as a private network (e.g., a company intranet), a device (e.g., a computer, a memory device, or a peripheral), data (e.g., data associated with a user's account or profile), or software (e.g., an email application, a word processing program, or an operating system). - Network 230 may include a telephone network, such as a cellular network, the Public Switched Telephone Network (PSTN), or a combination of networks.
Network 270 may include a local area network (LAN), a wide area network (WAN), a telephone network, such as the PSTN or a cellular network, an intranet, the Internet, or a combination of networks. It may be possible fornetwork 230 andnetwork 270 to be implemented as the same network. -
FIG. 3 is an exemplary diagram of a device that may correspond to one or more oftelephone device 210,service provider server 220,computer device 240, and/orauthentication server 250. The device may include abus 310, aprocessor 320, amain memory 330, a read only memory (ROM) 340, astorage device 350, aninput device 360, anoutput device 370, and acommunication interface 380.Bus 310 may include a path that permits communication among the elements of the device. -
Processor 320 may include a processor, microprocessor, or processing logic that may interpret and execute instructions.Main memory 330 may include a random access memory (RAM) or another type of dynamic storage device that may store information and instructions for execution byprocessor 320.ROM 340 may include a ROM device or another type of static storage device that may store static information and instructions for use byprocessor 320.Storage device 350 may include a magnetic and/or optical recording medium and its corresponding drive. -
Input device 360 may include a mechanism that permits an operator to input information to the device, such as a keyboard, a mouse, a pen, voice recognition and/or biometric mechanisms, etc.Output device 370 may include a mechanism that outputs information to the operator, including a display, a printer, a speaker, etc.Communication interface 380 may include any transceiver-like mechanism that enables the device to communicate with other devices and/or systems. For example,communication interface 380 may include mechanisms for communicating with another device or system via a network, such asnetwork - As will be described in detail below, the device shown in
FIG. 3 , as described herein, may perform certain operations relating to the obtainment of selective access to restrictedresource 260. The device may perform these operations in response toprocessor 320 executing software instructions contained in a computer-readable medium, such asmemory 330. A computer-readable medium may be defined as a physical or logical memory device and/or carrier wave. - The software instructions may be read into
memory 330 from another computer-readable medium, such asdata storage device 350, or from another device viacommunication interface 380. The software instructions contained inmemory 330 may causeprocessor 320 to perform processes that will be described later. Alternatively, hardwired circuitry may be used in place of or in combination with software instructions to implement processes described herein. Thus, implementations described herein are not limited to any specific combination of hardware circuitry and software. -
FIG. 4 is a flowchart of an exemplary process for selectively providing access to a restricted resource. In one implementation, the processing ofFIG. 4 may be performed by one or more software and/or hardware components withintelephone device 210,service provider server 220,computer device 240,authentication server 250, or a combination oftelephone device 210,service provider server 220,computer device 240, andauthentication server 250.FIGS. 5A-5B are exemplary diagrams of a telephone device that illustrate portions of the process ofFIG. 4 .FIG. 6 is an exemplary diagram of a computer device that illustrates portions of the process ofFIG. 4 . - Processing may begin with a telephone call being placed to a predetermined telephone number (block 410). For example, a user may enter a telephone number associated with
service provider server 220 intotelephone device 210, as shown inFIG. 5A . When instructed by the user,telephone device 210 may place a call toservice provider server 220. - The telephone call may be received and the user may be authenticated (
blocks 420 and 430). For example,service provider server 220 may identify the user based on unique telephone identifying information associated withtelephone device 210, such as caller ID information, International Mobile Subscriber Identity (IMSI) information, or other information unique totelephone device 210.Service provider server 220 may identify the user oftelephone device 210 based on user identifying information particular to the user, such as a password or biometric data (e.g., a voice signal). For example,service provider server 220 may request that the user provide the user identifying information and may compare the user identifying information to identifying information previously associated withtelephone device 210. It may be possible for multiple users to be associated with thesame telephone device 210. In this case,service provider server 220 may use the user identifying information provided by the user to determine whether the user is one of these users and if so, which one. - If the user is not properly authenticated, then the call may be disconnected. If the user is properly authenticated, however, an access number may be provided to
telephone device 210 and authentication server 250 (block 440). For example,service provider server 220 may include a hardware or software access number generator that is configured to generate a random string of characters (e.g., any combination of numbers, letters, and/or symbols) of a predetermined length to be used as an access number. In one implementation, the access number may include the user identifying information (or possibly the telephone identifying information) embedded therein. In this case, a random string of characters may be generated and then this string of characters may be modified to embed the user identifying information. The user identifying information may be embedded in a manner known toauthentication server 250, such thatauthentication server 250 is capable of determining the user identifying information from the access number. - It is beneficial that the access number be generated in a non-predictable manner that is not reproducible (e.g., by hacking) The access number may have a certain expiration time (e.g., 1 minute, 5 minutes, 30 minutes, etc.) that indicates when the access number expires. For security purposes, shorter expiration times may be favored over longer expiration times. Also, the access number may be designed for a one-time use, such that the access number may be immediately expired upon use.
-
Service provider server 220 may send the access number totelephone device 210. In one implementation,service provider server 220 may send the access number in a message for presentation on a display oftelephone device 210, as shown inFIG. 5B .Service provider server 220 may also send the same access number toauthentication server 250. In one implementation,service provider server 220 may send the access number in a message along with information regarding the user toauthentication server 250.Authentication server 250 may use the user information to match a subsequent access attempt by the user to the message (and, thus, the access number) received fromservice provider server 220. - At some point,
authentication server 250 may be contacted (block 450). For example, the user may access a user interface associated withcomputer device 240 orauthentication server 250, as shown inFIG. 6 . In one implementation, the user may access the user interface using, for example, a web browser provided oncomputer device 240. In another implementation, the user may be presented with the user interface automatically after powering up ofcomputer device 240. - The access number may be presented to authentication server 250 (block 460). For example,
authentication server 250 may request various pieces of information to properly authenticate the user. In one implementation,authentication server 250 may authenticate the user based on the user's user name (e.g., Billy West) and the access number (e.g., 46A9B39P), as shown inFIG. 6 . If the access number includes the user identifying information (or telephone identifying information) embedded therein,authentication server 250 may authenticate the user based on the user name, the access number, and the user identifying information. - To provide further security,
authentication server 250 may authenticate the user based on the user name, the access number, and one or more additional pieces of information, such as a password that is unique to the user, biometric data that is unique to the user, a password that is unique to a group of users (e.g., employees of the same company), an address that is unique tocomputer device 240 used by the user, or some other information that can uniquely or semi-uniquely identify the user. - The access number may be provided to
authentication server 250 in a number of ways. For example, the user might enter the access number using an input device, such as a keyboard. Alternatively, the access number may be transmitted fromtelephone device 210 tocomputer device 240 directly or indirectly via a wired or wireless connection. - The user may be authenticated based on the access number (block 470). For example,
authentication server 250 may collect information from the user, as described above, and authenticate the user. In one implementation, as described above,authentication server 250 may properly authenticate the user based on the user name and a valid access number. The access number may be considered valid when it matches the access number received fromservice provider server 220 and the access number is received before it expires. In another implementation,authentication server 250 may use additional information to properly authenticate the user, as described above.Authentication server 250 may immediately expire the access number after use. In this case, if the user were to subsequently attempt to authenticate toauthentication server 250 using the same access number,authentication server 250 would not properly authenticate the user because the access number would be identified as invalid. - Selective access to restricted
resource 260 may be provided (block 480). For example, ifauthentication server 250 cannot properly authenticate the user, thenauthentication server 250 may deny the user access to restrictedresource 260. In this case, the user may need to place another call toservice provider server 220 to obtain a new access number (e.g., block 410). Ifauthentication server 250 properly authenticates the user, thenauthentication server 250 may grant the user access to restrictedresource 260. In this case,authentication server 250 may send a message to restrictedresource 260, or another device that regulates access to restricted resource 260 (e.g., a firewall, a gateway, or the like), to permit access to the user. The user's access to restrictedresource 260 may be unlimited (e.g., permit unrestricted access to any part of restricted resource 260) or limited (e.g., permit access to only certain part(s) of restricted resource 260) based on policies associated with restrictedresource 260. - In an alternate implementation, the access number provided by
service provider server 220 may not include the user identifying information (or telephone identifying information) embedded therein. In this case,authentication server 220 may authenticate the user based on the user name, the access number, and other information unique to the user, such as a password or biometric data. - In yet another implementation,
service provider server 220 may authenticate the user based solely on the telephone identifying information. In this case,authentication server 220 may authenticate the user based on the user name, the access number, and other information unique to the user, such as a password or biometric data. -
FIG. 7 is an exemplary diagram of anothernetwork 700 in which systems and methods described herein may be implemented.Network 700 may includetelephone device 210 connected toservice provider server 220 vianetwork 230, andcomputer device 240 connected to restricted resources 710-730 vianetwork 270.Telephone device 210,service provider server 220,network 230,computer device 240, andnetwork 270 may be configured similar to like elements described with regard toFIG. 2 . - While no
authentication server 250 is shown inFIG. 7 , it can be assumed that there is an authentication server for each company or each restricted resource (not shown). Alternatively, the authentication server functionality may be embedded within restricted resources 710-730. - Each of restricted resources 710-730 may be configured similar to restricted
resource 260, as described with regard toFIG. 2 . While three restricted resources 710-730 are shown inFIG. 7 , in practice, there may be more or fewer restricted resources. Assume innetwork 700, however, that restricted resources 710-730 are associated with different legal entities (e.g., companies). As shown inFIG. 7 , restrictedresource 710 may be associated with company A, restrictedresource 720 may be associated with company B, and restrictedresource 730 may be associated with company C. Each of companies A-C may subscribe to authentication services provided byservice provider server 220. - In this situation, a user may be selectively provided access to any of restricted resources 710-730 using a process similar to that described above with regard to
FIG. 4 . As a result,service provider server 220 may be able to cross-authenticate users of one company's restricted resource to another company. This may create a community of companies that trust the same source of authentication (e.g., service provider server 220). This may also permit cross promotion such that company A can promote to company C so that company C's customers can gain quick and secure access to company A's restricted resource(s) using the same authentication procedures that they currently use with company C. - When a user accesses
service provider server 220 to obtain an access number,service provider server 220 may determine with which company, or companies, the user is associated. For example, the user may be a customer of both company A and company B. In this case, whenservice provider server 220 sends the access number to the user,service provider server 220 may also provide the access number to both companies in anticipation of the user attempting to gain access to a restricted resource associated with one of the companies. Alternatively,service provider server 220 may recognize that the user is associated with multiple companies and ask the user to select one of the companies for which the user is going to subsequently attempt to access a restricted resource. -
FIG. 8 is an exemplary diagram of yet anothernetwork 800 in which systems and methods described herein may be implemented.Network 800 may includeuser device 810 connected toservice provider server 220 vianetwork 230, and connected toauthentication server 250 and restrictedresource 260 vianetwork 270.Service provider server 220,network 230,authentication server 250, restrictedresource 260, andnetwork 270 may be configured similar to like elements described with regard toFIG. 2 . -
User device 810 may include any type of communication or computation device, such as a telephone device similar totelephone device 210, a computer device similar tocomputer device 240, or a device that combines aspects of a telephone device and a computer device. Innetwork 800,user device 810 may be used to not only receive the access number fromservice provider server 220, but also to use that access number to access restrictedresource 260. In other words,user device 810 may contactservice provider server 220 to obtain an access number.User device 810 may subsequently contactauthentication server 250 and use the access number to gain access to restrictedresource 260. In these implementations, no separate telephone device and computer device may be necessary. - Implementations described herein may provide a secure technique for providing a user with access to a restricted resource.
- The foregoing description provides illustration and description, but is not intended to be exhaustive or to limit the invention to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practice of the invention.
- For example, while a series of acts has been described with regard to
FIG. 4 , the order of the acts may be modified in other implementations. Further, non-dependent acts may be performed in parallel. - Also, while it has been described that a user receives the access number from
service provider server 220 via a telephone call, this need not be the case. In another implementation, the user may receive the access number via a text message, such as an instant message or another form of reliable, quick communication. - Further, it has been described that access to a restricted resource is obtained via an authentication server. In another implementation, the service provider server may operate as a proxy server for the restricted resource, such that the user can gain access to the restricted resource through the service provider server.
- It will be apparent that systems and methods, as described above, may be implemented in many different forms of software, firmware, and hardware in the implementations illustrated in the figures. The actual software code or specialized control hardware used to implement these systems and methods is not limiting of the invention. Thus, the operation and behavior of the systems and methods were described without reference to the specific software code—it being understood that software and control hardware can be designed to implement the systems and methods based on the description herein.
- No element, act, or instruction used in the present application should be construed as critical or essential to the invention unless explicitly described as such. Also, as used herein, the article “a” is intended to include one or more items. Where only one item is intended, the term “one” or similar language is used. Further, the phrase “based on” is intended to mean “based, at least in part, on” unless explicitly stated otherwise.
Claims (21)
1-23. (canceled)
24. A method comprising:
authenticating, by a first device, a user of a second device;
determining, by the first device, that the user is associated with a plurality of entities based on authenticating the user;
generating, by the first device, access data for providing access to one or more restricted resources associated with one or more of the plurality of entities; and
sending, by the first device, the access data to the second device and to a third device that is associated with the one or more of the plurality of entities to regulate access to a restricted resource, of the one or more restricted resources.
25. The method of claim 24 , further comprising:
determining first identifying information associated with the second device;
determining second identifying information associated with the user based on the first identifying information; and
authenticating the user based on the first identifying information and the second identifying information.
26. The method of claim 25 , where generating the access data includes:
generating a random string of characters; and
embedding the second identifying information in the random string of characters.
27. The method of claim 24 , where information identifying the user is embedded in the access data.
28. The method of claim 24 , further comprising:
receiving, by the first device and from the second device, a selection identifying the one or more of the plurality of legal entities after determining that the user is associated with the plurality of entities, the access data being generated based on receiving the selection.
29. The method of claim 24 , where the plurality of entities includes a first entity and a second entity,
where generating the access data includes:
generating the access data for providing access to:
a first restricted resource of the first entity, and
a second restricted resource of the second entity; and
where sending the access data includes:
sending the access data to the second device, the third device, and a fourth device, the third device being associated with the first entity and the fourth device being associated with the second entity.
30. The method of claim 24 , where the plurality of entities includes a first entity and a second entity, and
where generating the access data includes:
generating the access data for providing access to:
a first restricted resource of the first entity, and
a second restricted resource of the second entity, the third device being associated with the first entity and the second entity.
31. A device comprising:
a processor to:
receive first information from a user device,
determine, based on the first information, that the user device is associated with:
a first company associated with a first resource, and
a second company that is associated with a second resource,
generate access data for providing access to the first resource and the second resource based on determining that the user device is associated with the first company and the second company, and
transmit the access data to the user device and to one or more third devices that regulate access to the first resource and the second resource.
32. The device of claim 31 , where the processor is further to:
determine, based on the first information, second information that identifies a user associated with the user device, and
generate the access data based on the first information and the second information.
33. The device of claim 32 , where, when generating the access data, the processor is further to:
generate a random string of data, and
include at least one of the first information or the second information into the random string of data to generate the access data.
34. The device of claim 31 , where, when generating the access data, the processor is further to:
include at least one of information identifying the user device or information identifying the user into randomized data to generate the access data.
35. The device of claim 31 , where the processor is further to:
determine that the user device is associated with a third company,
provide information identifying the first company, the second company, and the third company to the user device,
receive a selection of the first company and the second company from the user device, and
generate the access data based on receiving the selection.
36. The device of claim 31 , where the one or more third devices comprise a network device associated with the first company and the second company.
37. The device of claim 31 , where the processor is further to:
determine, based on the first information, information identifying the user device and information identifying a user of the user device, the access data including one or more of the information identifying the user device or the information identifying the user.
38. A non-transitory computer-readable medium comprising:
one or more instructions which, when executed by one or more processors, cause the one or more processors to:
receive a request for access data from a user device associated with a user,
authenticate the user based on receiving the request,
determine that the user is associated with a first resource of a first company and a second resource of a second company based on authenticating the user,
generate the access data to enable the user to access the first resource and the second resource, and
transmit the access data to:
the user device,
a first device associated with accessing the first resource, and
a second device that regulates access to the second resource.
39. The non-transitory computer-readable medium of claim 38 , further comprising:
one or more instructions which, when executed by the processor, cause the processor to:
determine first information that identifies the user device based on the request,
determine second information that identifies the user based on the first identifying information,
authenticate the user based on the first information and the second information, and
generate the access data based on authenticating the user.
40. The non-transitory computer-readable medium of claim 38 , where the one or more instructions to generate the access data include:
one or more instructions to:
embed information identifying the user into a random string of characters, the access data including the information identifying the user embedded into the random string of characters.
41. The non-transitory computer-readable medium of claim 38 , where the one or more instructions to generate the access data include:
one or more instructions to generate random data, and
one or more instructions to embed information identifying the user and information identifying the user device into the generated random data.
42. The non-transitory computer-readable medium of claim 38 , further comprising:
one or more instructions which, when executed by the processor, cause the processor to:
determine that the user is associated with a third company,
provide information identifying the first company, information identifying the second company, and information identifying the third company to the user device,
receive, from the user device, a selection of the first company and a selection of the second company, and
generate the access data based on receiving the selection of the first company and the selection of the second company.
43. The non-transitory computer-readable medium of claim 38 , where the first device and the second device are included in an authentication server associated with the first resource and the second resource.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/474,966 US20120233682A1 (en) | 2006-11-22 | 2012-05-18 | Secure access to restricted resource |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/562,607 US8213583B2 (en) | 2006-11-22 | 2006-11-22 | Secure access to restricted resource |
US13/474,966 US20120233682A1 (en) | 2006-11-22 | 2012-05-18 | Secure access to restricted resource |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/562,607 Continuation US8213583B2 (en) | 2006-11-22 | 2006-11-22 | Secure access to restricted resource |
Publications (1)
Publication Number | Publication Date |
---|---|
US20120233682A1 true US20120233682A1 (en) | 2012-09-13 |
Family
ID=39416945
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/562,607 Active 2030-10-18 US8213583B2 (en) | 2006-11-22 | 2006-11-22 | Secure access to restricted resource |
US13/474,966 Abandoned US20120233682A1 (en) | 2006-11-22 | 2012-05-18 | Secure access to restricted resource |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/562,607 Active 2030-10-18 US8213583B2 (en) | 2006-11-22 | 2006-11-22 | Secure access to restricted resource |
Country Status (4)
Country | Link |
---|---|
US (2) | US8213583B2 (en) |
EP (1) | EP2084849A4 (en) |
CN (1) | CN101611588A (en) |
WO (1) | WO2008127430A2 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130318581A1 (en) * | 2012-05-22 | 2013-11-28 | Verizon Patent And Licensing Inc. | Multi-factor authentication using a unique identification header (uidh) |
US20140164571A1 (en) * | 2012-12-12 | 2014-06-12 | Microsoft Corporation | Copy offload for disparate offload providers |
US9092149B2 (en) | 2010-11-03 | 2015-07-28 | Microsoft Technology Licensing, Llc | Virtualization and offload reads and writes |
US9146765B2 (en) | 2011-03-11 | 2015-09-29 | Microsoft Technology Licensing, Llc | Virtual disk storage techniques |
US9251201B2 (en) | 2012-12-14 | 2016-02-02 | Microsoft Technology Licensing, Llc | Compatibly extending offload token size |
US9817582B2 (en) | 2012-01-09 | 2017-11-14 | Microsoft Technology Licensing, Llc | Offload read and write offload provider |
US11620672B2 (en) | 2016-03-28 | 2023-04-04 | Codebroker, Llc | Validating digital content presented on a mobile device |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8582734B2 (en) * | 2007-03-20 | 2013-11-12 | Shooter Digital Co., Ltd. | Account administration system and method with security function |
US8300634B2 (en) * | 2008-11-24 | 2012-10-30 | 8X8, Inc. | Mobile device communications routing |
TW201038038A (en) * | 2009-04-13 | 2010-10-16 | Gamania Digital Entertainment Co Ltd | Bi-directional communication authentication mechanism |
GB201213277D0 (en) * | 2012-07-26 | 2012-09-05 | Highgate Labs Ltd | Two device authentication mechanism |
US9949000B1 (en) | 2015-03-17 | 2018-04-17 | 8X8, Inc. | IPBX control interface for distributed networks |
US10855849B1 (en) | 2015-05-29 | 2020-12-01 | 8X8, Inc. | Analysis of data metrics in IPBX networks |
US11240370B1 (en) | 2015-05-29 | 2022-02-01 | 8X8, Inc. | Modeling and analysis of calls in IPBX |
US9432519B1 (en) | 2015-08-17 | 2016-08-30 | 8X8, Inc. | Identifying and processing of unreturned calls in IPBX |
US9955021B1 (en) | 2015-09-18 | 2018-04-24 | 8X8, Inc. | Analysis of call metrics for call direction |
US9826096B1 (en) | 2015-12-01 | 2017-11-21 | 8X8, Inc. | Visual interfaces for telephone calls |
US9699226B1 (en) | 2015-12-17 | 2017-07-04 | 8X8, Inc. | Display dependent analytics |
US9924404B1 (en) | 2016-03-17 | 2018-03-20 | 8X8, Inc. | Privacy protection for evaluating call quality |
US11716331B2 (en) * | 2017-07-14 | 2023-08-01 | Offpad As | Authentication method, an authentication device and a system comprising the authentication device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5636280A (en) * | 1994-10-31 | 1997-06-03 | Kelly; Tadhg | Dual key reflexive encryption security system |
US7043685B2 (en) * | 2001-03-12 | 2006-05-09 | Nec Corporation | Web-content providing method and web-content providing system |
US20070016796A1 (en) * | 2002-08-12 | 2007-01-18 | Singhal Tara C | Systems and methods for remote user authentication |
US7644088B2 (en) * | 2003-11-13 | 2010-01-05 | Tamale Software | Systems and methods for retrieving data |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6993658B1 (en) * | 2000-03-06 | 2006-01-31 | April System Design Ab | Use of personal communication devices for user authentication |
US7133971B2 (en) * | 2003-11-21 | 2006-11-07 | International Business Machines Corporation | Cache with selective least frequently used or most frequently used cache line replacement |
US20030163739A1 (en) * | 2002-02-28 | 2003-08-28 | Armington John Phillip | Robust multi-factor authentication for secure application environments |
US7797434B2 (en) * | 2002-12-31 | 2010-09-14 | International Business Machines Corporation | Method and system for user-determind attribute storage in a federated environment |
US7519986B2 (en) * | 2003-10-01 | 2009-04-14 | Tara Chand Singhal | Method and apparatus for network security using a router based authentication system |
-
2006
- 2006-11-22 US US11/562,607 patent/US8213583B2/en active Active
-
2007
- 2007-11-20 WO PCT/US2007/085206 patent/WO2008127430A2/en active Application Filing
- 2007-11-20 EP EP07873623.8A patent/EP2084849A4/en not_active Withdrawn
- 2007-11-20 CN CNA200780043423XA patent/CN101611588A/en active Pending
-
2012
- 2012-05-18 US US13/474,966 patent/US20120233682A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5636280A (en) * | 1994-10-31 | 1997-06-03 | Kelly; Tadhg | Dual key reflexive encryption security system |
US7043685B2 (en) * | 2001-03-12 | 2006-05-09 | Nec Corporation | Web-content providing method and web-content providing system |
US20070016796A1 (en) * | 2002-08-12 | 2007-01-18 | Singhal Tara C | Systems and methods for remote user authentication |
US7644088B2 (en) * | 2003-11-13 | 2010-01-05 | Tamale Software | Systems and methods for retrieving data |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9092149B2 (en) | 2010-11-03 | 2015-07-28 | Microsoft Technology Licensing, Llc | Virtualization and offload reads and writes |
US9146765B2 (en) | 2011-03-11 | 2015-09-29 | Microsoft Technology Licensing, Llc | Virtual disk storage techniques |
US11614873B2 (en) | 2011-03-11 | 2023-03-28 | Microsoft Technology Licensing, Llc | Virtual disk storage techniques |
US9817582B2 (en) | 2012-01-09 | 2017-11-14 | Microsoft Technology Licensing, Llc | Offload read and write offload provider |
US20130318581A1 (en) * | 2012-05-22 | 2013-11-28 | Verizon Patent And Licensing Inc. | Multi-factor authentication using a unique identification header (uidh) |
US8763101B2 (en) * | 2012-05-22 | 2014-06-24 | Verizon Patent And Licensing Inc. | Multi-factor authentication using a unique identification header (UIDH) |
US20140164571A1 (en) * | 2012-12-12 | 2014-06-12 | Microsoft Corporation | Copy offload for disparate offload providers |
US9071585B2 (en) * | 2012-12-12 | 2015-06-30 | Microsoft Technology Licensing, Llc | Copy offload for disparate offload providers |
CN104937904A (en) * | 2012-12-12 | 2015-09-23 | 微软技术许可有限责任公司 | Copy offload for disparate offload providers |
US9251201B2 (en) | 2012-12-14 | 2016-02-02 | Microsoft Technology Licensing, Llc | Compatibly extending offload token size |
US11620672B2 (en) | 2016-03-28 | 2023-04-04 | Codebroker, Llc | Validating digital content presented on a mobile device |
Also Published As
Publication number | Publication date |
---|---|
WO2008127430A3 (en) | 2008-12-31 |
EP2084849A2 (en) | 2009-08-05 |
CN101611588A (en) | 2009-12-23 |
WO2008127430A2 (en) | 2008-10-23 |
US20080118041A1 (en) | 2008-05-22 |
US8213583B2 (en) | 2012-07-03 |
EP2084849A4 (en) | 2014-08-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8213583B2 (en) | Secure access to restricted resource | |
US11165581B2 (en) | System for improved identification and authentication | |
US10122715B2 (en) | Enhanced multi factor authentication | |
US20180285552A1 (en) | System and method for integrating two-factor authentication in a device | |
US8606234B2 (en) | Methods and apparatus for provisioning devices with secrets | |
US20160112437A1 (en) | Apparatus and Method for Authenticating a User via Multiple User Devices | |
US9992198B2 (en) | Network-based frictionless two-factor authentication service | |
US9344896B2 (en) | Method and system for delivering a command to a mobile device | |
JP2007102778A (en) | User authentication system and method therefor | |
JP2007102777A (en) | User authentication system and method therefor | |
WO2014183526A1 (en) | Identity recognition method, device and system | |
US11032275B2 (en) | System for improved identification and authentication | |
RU2670031C2 (en) | System and method of identification and / or authentication | |
KR20130072790A (en) | User authentication system and method thereof | |
JP2014531070A (en) | Method and system for authorizing actions at a site | |
US10230721B2 (en) | Authentication server, authentication system and method | |
US20200145418A1 (en) | Authentication method, an authentication device and a system comprising the authentication device | |
KR20210003529A (en) | Authentication method and telecommunication server using IP address and SMS | |
KR20070076576A (en) | Processing method for approving payment | |
KR20070076575A (en) | Method for processing user authentication | |
JP2006189945A (en) | Network file system and authentication method | |
KR20060112167A (en) | System and method for relaying user authentication, server and recording medium | |
KR20090006815A (en) | Method for processing user authentication | |
KR20070077481A (en) | Process server for relaying user authentication | |
KR20070077484A (en) | Method for processing information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: MCI LLC, VIRGINIA Free format text: MERGER;ASSIGNOR:MCI INC.;REEL/FRAME:032635/0179 Effective date: 20060106 Owner name: VERIZON BUSINESS GLOBAL LLC, VIRGINIA Free format text: CHANGE OF NAME;ASSIGNOR:MCI LLC;REEL/FRAME:032635/0201 Effective date: 20061120 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |