US20170257355A1 - Dual code authentication system - Google Patents

Dual code authentication system Download PDF

Info

Publication number
US20170257355A1
US20170257355A1 US15/411,710 US201715411710A US2017257355A1 US 20170257355 A1 US20170257355 A1 US 20170257355A1 US 201715411710 A US201715411710 A US 201715411710A US 2017257355 A1 US2017257355 A1 US 2017257355A1
Authority
US
United States
Prior art keywords
user
verification
verification code
website
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/411,710
Inventor
Steven H. Jillings
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telesign Corp
Original Assignee
Telesign Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US201161564531P priority Critical
Priority to US13/689,646 priority patent/US8973109B2/en
Priority to US14/634,520 priority patent/US9553864B2/en
Application filed by Telesign Corp filed Critical Telesign Corp
Priority to US15/411,710 priority patent/US20170257355A1/en
Publication of US20170257355A1 publication Critical patent/US20170257355A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels

Abstract

A verification method and system are disclosed that verify a user. The user is provided a verification code via, for example, a website, to be communicated to the system via an application on a mobile communication device. If the correct verification code is communicated by the user, the user receives via the application a verification message containing another verification code, which the user submits to a website or on-line form or to another verification system for authentication.

Description

    CROSS-REFERENCE TO RELATED APPLICATION(S)
  • This application is a continuation of U.S. patent application Ser. No. 14/634,520 entitled “DUAL CODE AUTHENTICATION SYSTEM,” filed Feb. 27, 2015, which is a continuation of U.S. patent application Ser. No. 13/689,646, now U.S. Pat. No. 8,973,109, entitled “DUAL CODE AUTHENTICATION SYSTEM,” filed Nov. 29, 2012, which claims the benefit of U.S. Provisional Patent Application No. 61/564,531 entitled “DUAL PIN CODE SMS AUTHENTICATION SYSTEM” filed Nov. 29, 2011, all of which are incorporated herein by reference in their entireties.
  • BACKGROUND
  • With the increasing popularity of the Internet, it has become more important to require users to register with the websites they use in order for them to obtain information from the website, order goods through the website, store information through the website, etc. In some instances, the owners of the website wish to use the registration information to selectively target promotions or advertisements based on registration information and thus, get a secondary gain in addition to having the registrant or user visit the website or use the services provided through the website. In other instances, the user's registration information is not used for secondary gain, but instead is kept completely confidential and is used only for the purposes of allowing the registrant or user to enter the website and obtain information or goods and services through the website.
  • User authentication is fundamental to every Internet transaction. Individuals and businesses who wish to engage in trade on-line must authenticate themselves reliably by presenting credentials to establish their identity. Despite this, when doing business on the Internet, potential registrants or users often register with untraceable or false e-mail addresses and phone numbers. This can compromise the intended purpose of the registration, create a breach of security, and constitute fraud on the website owners.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a diagram of a suitable environment in which a dual code verification system operates.
  • FIG. 2 is a block diagram of a dual code verification system.
  • FIG. 3 is a flow diagram depicting a method performed by the dual code verification system to verify a user.
  • FIG. 4 is a flow diagram depicting a method performed by the dual code verification system to verify a user registering at a website.
  • FIG. 5 is a flow diagram depicting a method performed by the dual code verification system to authenticate a user who has already registered at a website.
  • DETAILED DESCRIPTION
  • A dual code verification system and method are described that verify an identity of a user of a service. For example, the user of the service may be a registrant of a website who is accessing the website via a personal computer or a customer of an online retailer attempting to buy a product. The registrant may be verified via short message service (SMS) messages with a mobile device associated with the registrant. In some implementations, the dual code verification system authenticates a previously-registered user using information received from a prior registration by the user.
  • The dual code verification system verifies a user of a service through a process under which two verification codes are transmitted to and received from the user. The dual code verification system transmits the first verification code along with electronic contact information to the user. For example, the dual code verification system may display a telephone number and an alphanumeric code on a website visited by a user or within an application used by a user on a mobile device or computer. The dual code verification system also requests that the user communicate the verification code back to the dual code verification system using the electronic contact information. The dual code verification system receives a verification code sent by the user using the electronic contact information. The dual code verification system compares the received and transmitted verification codes. If the verification codes substantially match, the dual code verification system transmits the second verification code to the user, sending the code to an electronic address associated with a device or account from which the first verification code was received. For example, if a user has sent an SMS message containing a verification code from a mobile device, the dual code verification system may transmit the second verification code via SMS message to the mobile device using a telephone number associated with the mobile device. The dual code verification system instructs the user to submit the second received verification code in a different manner than how the user received it from the dual code verification system. For example, the dual code verification system may instruct the user to submit the second verification code via a website visited by the user or an application used by the user. This may be the same website or application used to transmit the first verification code to the user. The dual code verification system verifies the user if the second received verification code substantially matches the second verification code transmitted to the user.
  • Various embodiments of the invention will now be described. The following description provides specific details for a thorough understanding and an enabling description of these embodiments. One skilled in the art will understand, however, that the invention may be practiced without many of these details. Additionally, some well-known structures or functions may not be shown or described in detail, so as to avoid unnecessarily obscuring the relevant description of the various embodiments. The terminology used in the description presented below is intended to be interpreted in its broadest reasonable manner, even though it is being used in conjunction with a detailed description of certain specific embodiments of the invention. Although many embodiments and implementations of the system are described with respect to sending and receiving a PIN code, a verification code, and the like, in some implementations, other information may be used to verify a user. For example, the dual code verification system may transmit an image of an object to a mobile device and instruct the user to transmit back to the system the name of the object.
  • In some embodiments, a registration form is provided on a website. A user of the website, such as a registrant or a user browsing the website, is informed via the website to send an electronic message containing the verification code (e.g., a Personal Identification Number (“PIN”)) to a contact number. The verification code may be a generated Identification PIN Code (“IPC”). Additionally, the contact number can be a long code phone number or a shorter phone number (e.g., short code). Both the IPC verification code and contact number are provided to the website registrant upon the registrant's entry of his or her name, username, and password. The electronic message may comprise an SMS message sent by the registrant using the registrant's SMS-enabled handset or cellular telephone, or other SMS- or similarly enabled device. Although the registrant or user typically establishes an SMS-based connection with the dual code verification system via the registrant's or user's handset or cellular telephone, other embodiments of the present invention include providing a system telephone number for the registrant or user to call to enter this information. Once the dual code verification system receives the registrant's electronic message containing the verification code or IPC, another verification code or Authentication PIN Code (“APC”) is generated and returned via an electronic message to the registrant's same handset, cellular telephone, or other similarly enabled device that was initially used by the registrant to send the first verification code, or IPC. The registrant or user then inputs the second verification code, or APC, into the registration screen on the website. The result is either authentication for a correct entry, or potential rejection for an incorrect entry, according to the verification-requesting-website's preferences.
  • In some embodiments, after initial registration wherein a user has already successfully established a username and password for a website through the above or a similar process, and wherein that website has retained and stored that user's log-in information and previously used handset or cellular telephone number, the user attempts to later gain admittance to the website on a subsequent visit. When the user attempts to access that particular website, the user is informed by the website to send an electronic message including a verification code or generated IPC to a contact number. Both the verification code and the contact number are provided by the website once the user inputs his or her previously established username and password. The electronic message may comprise an SMS message sent by the user via his or her SMS-enabled handset or cellular telephone, or other SMS- or similarly enabled device. The electronic message sent by the user contains the verification code or IPC. Although the user may establish an SMS-based connection with the dual code verification system via the user's handset or cellular telephone, other embodiments of the present invention include providing a dual code verification system telephone number for the user to call to manually enter this information. Once the dual code verification system receives the user's electronic message, the system attempts to verify the user's handset, cellular telephone, or other similarly SMS-enabled device. And if verified, a second verification code or APC is generated and returned via electronic message to the user's same handset, cellular telephone, or other similarly SMS-enabled device. The APC verification code is then input by the user into the registration screen on the website, resulting in either authentication for a correct entry, or potential rejection for an incorrect entry, according to the verification-requesting-website's preferences.
  • Suitable Environments
  • FIG. 1 and the following discussion provide a brief, general description of a suitable computing environment 100 in which a dual code verification system is implemented. The computing environment 100 includes a mobile device 105 (e.g., a smartphone) and a computing device 110 (e.g., a personal computer), through which a user may access a server computer 115 and one or more third party server computers 125. The server computers 115 and 125 utilize data storage areas 120 and 130, respectively. As will be described in more detail herein, the dual code verification system may in part reside on the server computer 115, and verify the identity of a user who is utilizing a personal computer 110 or mobile device 105 to access websites, applications, or other services provided by the third party server computers 125. The data storage area 120 contains data utilized by the dual code verification system, and, in some implementations, software necessary to perform functions of the system. For example, the data storage area 120 may contain data associated with a user, such as a mobile communication number associated with a user's mobile device 105. As will be described in more detail herein, as part of a verification process, the system may utilize the mobile communication number for sending a verification message to the user's mobile device 105. The system may also receive a verification message from the mobile communication device.
  • The mobile communication device 105, personal computer 110, server computer 115 and third party server computers 125 communicate with each other through one or more public or private, wired or wireless networks 140, including, for example, the Internet. The mobile device 105 communicates wirelessly with a base station or access point using a wireless mobile telephone standard, such as the Global System for Mobile Communications (GSM), Long Term Evolution (LTE), IEEE 802.11, or another wireless standard, and the base station or access point communicates with the server computer 115 and third party server computers 125 via the networks 140. Computers 110 communicate through the networks 140 using, for example, TCP/IP protocols. The mobile device 105 utilizes applications or other software, which operate through the use of computer executable instructions. Some such applications may be directed toward the verification process (e.g. providing a button on the screen for a user to press as part of completing a dual code verification process). As will be described in more detail herein, the dual code verification system residing at least in part on the server computer 115 may also utilize software which operates through the use of computer-executable instructions as part of the authentication and identity process.
  • Although not required, aspects and implementations of the invention will generally be described in the general context of computer-executable instructions, such as routines executed by the mobile device 105, the computing device 110, the server computer 115, the third party server computers 125, or other computing systems. The invention can also be embodied in a special purpose computer or data processor that is specifically programmed, configured, or constructed to perform one or more of the computer-executable instructions explained in detail herein. Indeed, the terms “computer” and “computing device,” as used generally herein, refer to devices that have a processor and non-transitory memory, like any of the above devices, as well as any data processor or any device capable of communicating with a network. Data processors include programmable general-purpose or special-purpose microprocessors, programmable controllers, application-specific integrated circuits (ASICs), programmable logic devices (PLDs), or the like, or a combination of such devices. Computer-executable instructions may be stored in memory, such as random access memory (RAM), read-only memory (ROM), flash memory, or the like, or a combination of such components. Computer-executable instructions may also be stored in one or more storage devices, such as magnetic or optical-based disks, flash memory devices, or any other type of non-volatile storage medium or non-transitory medium for data. Computer-executable instructions may include one or more program modules, which include routines, programs, objects, components, data structures, and so on that perform particular tasks or implement particular abstract data types.
  • The system and method can also be practiced in distributed computing environments, where tasks or modules are performed by remote processing devices, which are linked through a communications network, such as a Local Area Network (“LAN”), Wide Area Network (“WAN”), or the Internet. In a distributed computing environment, program modules or subroutines may be located in both local and remote memory storage devices. Aspects of the invention described herein may be stored or distributed on tangible, non-transitory computer-readable media, including magnetic and optically readable and removable computer discs, stored in firmware in chips (e.g., EEPROM chips). Alternatively, aspects of the invention may be distributed electronically over the Internet or over other networks (including wireless networks). Those skilled in the relevant art will recognize that portions of the invention may reside on a server computer, while corresponding portions reside on a client computer. Data structures and transmission of data particular to aspects of the invention are also encompassed within the scope of the invention.
  • Dual Code Verification Systems
  • FIG. 2 is a block diagram of various modules of a dual code verification system 200. The dual code verification system 200 verifies an identity of a user of a service. The dual code verification system 200 includes a verification code generation component 210, a communication component 220, a verification code comparison component 230, and a user analysis component 240. The dual code verification system 200 accesses and/or stores data in user data storage area 250.
  • The dual code verification system 200 sends and receives verification messages, receives user data, and sends verification alerts. A verification message can include various types of information, including a verification code (e.g., an alphanumeric PIN), contact information (e.g., a telephone number), and instructions for transmitting a verification message, including, for example, an electronic address. In some implementations, a verification message is sent to or received from a user of a website or application. In some implementations, a verification message is an SMS message. In some implementations, a verification message is data sent to or received from a third party to facilitate the verification of a user. For example, a verification message may include web data that is sent to a website for display to the user or to otherwise facilitate the verification of the user. User data includes data associated with the user or submitted by the user. User data may include contact information for a user, such as a mobile device identifier (e.g., a phone number), a username, an email address, and so forth. User data may also include information submitted by a user, such as information submitted by a user via a form displayed on a webpage. A verification alert includes a message sent to a user or a third party indicating whether a user is verified or not.
  • The verification code generation component 210 generates or identifies a verification code to be transmitted to a user. It may generate a verification code using a random number generator or an algorithm for generating verification codes. The verification code generation component may also identify a stored verification code that is to be sent to a user.
  • The communication component 220 transmits and receives verification messages and user data. It may transmit and receive verification messages to and from third parties (e.g., websites) and users (e.g., registrants). It also is configured to receive user data, such as data submitted by a registrant (e.g., via a form displayed on a website). It may also transmit web or application data to a third party or a user.
  • The verification code comparison component 230 compares transmitted and received verification codes. For example, the verification code comparison component may compare a verification code transmitted via SMS message to a user with a verification code received from a user via a website form. It may also compare a verification code provided via an application or webpage to a user with a verification code received from a user via an SMS or other message. The verification code comparison component is configured to determine whether a transmitted verification code substantially matches a received verification code. The verification code comparison component also generates verification alerts. For example, if a first transmitted verification code substantially matches a first received verification code and a second transmitted verification code substantially matches a second received verification code, the verification code comparison component generates an alert that the user is verified. In some implementations, the verification code comparison component determines that a transmitted verification code and a received verification code substantially match when the received verification code includes a substantial amount of data that is identical to data of the transmitted verification code. For example, a transmitted verification code consisting of an alphanumeric string may be determined to substantially match a received verification code if the received verification code includes a majority of the characters of the transmitted alphanumeric string.
  • The user analysis component 240 is configured to analyze user data or a verification message received from a user or a third party or identified in data storage area 250 to identify information associated with a user. For example, the user analysis component may analyze a message to identify a phone number from which the verification message was sent. The user analysis component also gathers data from data storage area 250 related to a previously-registered user who is being authenticated by the dual code verification system.
  • Suitable Processes
  • FIG. 3 is a flow diagram of a process 300 implemented by the dual code verification system 200 for verifying a user attempting to register using an on-line registration form that is accessed through a website. In some implementations, the system performs the process without using an on-line form. In some implementations, the verification and notification processes described herein can also be achieved through other registration forms, such as a handwritten form. In some embodiments, the registrant or user is informed via the registration website to communicate an electronic contact (as defined above), such as through an SMS message using an SMS-enabled handset or similar device, to the contact number (as defined above) provided on the website. A concern that the present disclosure addresses is that in a typical system where the registrant or user is contacted via a means of communication (including but not limited to e-mail), that means of communication can easily be intercepted, stopped, filtered, trashed, or deleted by a third party. However, where the registrant or user directly sends the verification code via electronic message or SMS, as in the present invention, and the dual code verification system or website responds by generating a different verification code that is sent back to the registrant's or user's same communication device, there is increased security as a result of the dual code verification confirmation. Additional increased security is further derived where the dual code authentication system prevents “man in the middle” attacks that cannot be solved by an easily intercepted single layer of authentication.
  • In some implementations, a user is a registrant, end-user, or user filling out a registration form in order to register with a website, on-line merchant, e-commerce site, business, etc. A registrant includes, for example, a consumer, which can be an individual, but can also be a company, organization, the government, and so on. Sometimes, the registrant is registering with another business. For example, the registrant can be an individual attempting to access a website and set up an account with a financial institution. The various identities and types of user and business may vary, as may the purpose of registration and verification.
  • As illustrated in FIG. 3, at a block 301, the user is provided with a registration form. For example, the form may be provided via a website. At a block 302, the system receives a submission from the registrant/user in response to the form. At a decision block 303, the system determines whether the registrant has at least partially completed the registration form. If the user has not at least partially completed the form, at a block 307, the user is notified that he or she did not complete the verification. However, if the user does at least partially fill out the form, the process proceeds to a block 309, and the system performs a dual code verification. Through the dual code verification, the registrant is eventually allowed to log-in to the website at a block 313 after verification, or is denied access at a block 315 to the website if he or she cannot be verified. Thus, at a decision block 310, the system determines whether the registrant/user has been verified, and the process proceeds to block 313 if the system is able to verify the user and to block 315 if the system is not able to verify the user. For verification, the user is routed to or is able to access a webpage that requests dual code verification. The system performs a dual code verification as described herein.
  • FIG. 4 is a flow diagram of a process 400 implemented by the system for performing a dual code verification. The process begins at a block 402, and the user is provided an on-line registration form via a website. At a decision block 406, the system determines whether it has received a name, username, and password from the registrant/user. If the system has not received a name, username, and password from the registrant/user, the process 400 proceeds to a block 426 and the registrant is not verified. If the system does receive this information, the website requests an IPC from the system, and, at a block 408, the system generates the IPC which is passed back to the website. At a block 410, the IPC is displayed by the website. In some embodiments, the website generates the IPC, passing that information back to the system. In some embodiments, the IPC is solely alphabetic. In other embodiments, the IPC is solely numeric. The IPC may also be alphanumeric. At a block 412, the website prompts the registrant to send the IPC in an SMS message using his or her mobile device (e.g., handset or cellular telephone, or equivalent SMS-capable device), to the contact number displayed on the website. At a block 414, the system receives from the user an SMS message addressed to the contact number that includes an IPC. At a decision block 416, the system determines whether the transmitted IPC code substantially matches the received IPC code. In some implementations, the system looks up the IPC to ensure it substantially matches with the generated IPC originally presented to the user, and additionally takes note of the phone number or other identifying communication information used by the user to send the SMS message. In some implementations, the system passes the IPC SMS message sent by the user to the website to verify that the IPC code matches. If the user sent IPC matches the originally generated IPC, at a block 418, the system or website generates a second verification code or APC. At a block 420, this APC is returned back to the user's same handset or other SMS-capable device used to originally communicate the IPC by the user via return-SMS message. In some embodiments, the APC will only be returned to the same device or account associated with the submission of the IPC. In this way, the risk of third party interception is greatly reduced. At a block 422, the registrant is prompted to input the APC into the on-line registration form or website. The on-line registration form is preferably part of the website, but can be part of the verification system by some other means. The verification and authentication is completed if the user enters the correct APC verification code, as verified by the system generating the IPC and APC codes or the website. Thus, at a decision block 423, the dual code verification system determines if the transmitted and received APC codes substantially match one another. If they do match, the process 400 proceeds to a block 424, and the user is verified and allowed to log in to the website. If the user enters an incorrect APC verification code, the process 400 proceeds to a block 426, and the registration process may stop and the user may be denied further access to the website, depending on the verification-requesting-website's preferences.
  • As described above, a problem with on-line registration is that the user or registrant often registers with untraceable and/or false e-mail addresses and telephone numbers. The present invention provides a process for verifying an on-line registration using an additional layer of security by requiring a dual code confirmation process using the registrant's own handset, cellular telephone, or similar device, in addition to entry of a username and password alone. By requiring the registrant to send the first electronic message to the system, the active-status of the phone number that will be associated with the registrant, as well as the accuracy of the phone number where the second CODE will be communicated to can be further verified. In the event of registrant verification failure, it is assumed that the registrant who is not verified through the verification system or similar manual means is fraudulent. Thereafter, the website owner may elect to contact the registrant to determine why the verification failed. At that point, the contact may be completed by automated or manual means of communication between the website owner and the registrant, including, but not limited to, automatically generated e-mail, manually generated e-mail, manually or automatically generated telephone calls, or text messaging.
  • FIG. 5 is a flow diagram of a process 500 for verifying a user who has previously successfully registered with a website. In this embodiment, the user is returning to the website for a subsequent visit or transaction. At a block 506, the previously-registered user logs in to the website requiring verification with his or her username and password. The user's handset or cellular telephone number, or contact information for a similar SMS-capable device, is already on file with that website. After the user logs-in to the website, the website requests an IPC from the system, which, at a block 508, generates the IPC. At a block 510, the IPC is passed back to the website for display. In some implementations, the website generates the IPC, passing that information back to the system. The IPC may be solely alphabetic, solely numeric, or alphanumeric and is displayed on the website. At a block 512, the dual code verification system displays a message on the website that prompts the user to send an SMS message containing the IPC to a contact number that is also displayed on the website. The user is further prompted to send the SMS message using his or her same mobile device (e.g., handset or cellular telephone number, or other similar SMS-enabled device telephone number), which was already previously registered with the website upon initial registration, displaying at least part of that registered device's phone number on the website. At a decision block 514, the system determines whether the user has sent an SMS message containing the IPC to the contact number displayed on the screen using his or her registered SMS-capable device. At a decision block 516, the telephone number of the device sending the SMS message is verified against the telephone number already on file with the website by either the system or the website. At decision block 516, the system either looks up the IPC to ensure it matches with the generated IPC originally presented to the user or passes the IPC SMS message sent by the user to the website to verify that the IPC code matches. If both the telephone number and the IPC match, at a block 518, a second verification code or APC is generated either by the system or by the website. At a block 520, the APC is returned back to the user's registered handset or cellular telephone, or other SMS-capable device telephone number via return SMS message. At a block 522, the user is prompted to enter the APC into the on-line registration form. At a decision block 523, the transmitted and received APC codes are compared. The verification and authentication process is then completed when the transmitted APC code substantially matches the received APC code. If the entered APC verification code is correct, at a block 524, the user is allowed to log-in to the website. If the APC verification code is incorrect, at a block 526, the log-in process may end and the user may be denied access to the website, depending on the verification-requesting-website's preferences.
  • The described system performs a verification and authentication process. In some implementations, it comprises the steps of: providing a registration form to a registrant through the registrant's first device; at least partially completing the registration form; communicating a first verification code and system electronic contact to the registrant for verification; verifying the registrant, including a registrant-established connection inputting the first verification code through the registrant's secondary device; secondarily verifying the registrant, including generating a second verification code, and establishing a connection with the registrant via the registrant's secondary device used to communicate the first verification code; communicating the second verification code to the registrant; and inputting the second verification code into an on-line form or other verification system.
  • From the foregoing, it will be appreciated that specific embodiments of the invention have been described herein for purposes of illustration, but that various modifications may be made without deviating from the scope of the invention. For example, those skilled in the art will appreciate that the depicted flow charts may be altered in a variety of ways. More specifically, the order of the steps may be re-arranged, steps may be performed in parallel, steps may be omitted, other steps may be included, etc. Accordingly, the invention is not limited except as by the appended claims.

Claims (20)

1. A method for verifying a user who is interacting with a website, the method performed by a processor executing instructions stored in a memory, the method comprising:
receiving, from a user via a website, a request to access certain functionality of the website;
performing a first stage of a user verification, wherein the first stage of the user verification includes:
transmitting a first verification code to the user via the website;
receiving a first verification message from the user via an application on a mobile communication device, wherein the first verification message includes at least a second verification code; and
comparing the first verification code and the second verification code; and
when the first verification code matches the second verification code, performing a second stage of the user verification, wherein the second stage of the user verification includes:
deriving addressing information associated with the mobile communication device of the user from which the first verification message is received;
transmitting a second verification message via the application on the mobile communication device using the addressing information associated with the mobile communication device of the user, wherein the second verification message includes at least a third verification code;
receiving, from the user, a fourth verification code; and
comparing the third verification code and the fourth verification code; and
verifying the user when the third verification code matches the fourth verification code.
2. The method of claim 1, wherein:
the method further includes comparing the derived addressing information to stored addressing information associated with the user.
3. The method of claim 1, wherein the request to access the website is part of a purchase transaction associated with the website.
4. The method of claim 1, wherein transmitting the first verification code to the user includes transmitting an instruction to the user to submit the verification code via an application on the mobile communication device.
5. The method of claim 1, wherein receiving from the user the request to access the website includes receiving information submitted by the user via a form of the website.
6. The method of claim 1, wherein receiving from the user the fourth verification code includes receiving the fourth verification code via a field of a form of the website.
7. The method of claim 1, wherein receiving, from the user, the request to access the website includes receiving login information.
8. The method of claim 1, wherein the addressing information associated with the mobile communication device of the user is a phone number.
9. A system for verifying a user who is interacting with a website, the system comprising:
a memory storing computer-executable instructions comprising:
a communication component configured to:
receive, from a user via the website, a request to access certain functionality of the website;
transmit a first verification code to the user via the website;
receive a first verification message from the user via an application on a mobile communication device, wherein the first verification message includes at least a second verification code;
when the first verification code matches the second verification code, transmit a second verification message via the application using addressing information associated with the mobile communication device of the user, wherein the second verification messages includes at least a third verification code; and
receive, from the user, a fourth verification code;
a verification code comparison component configured to:
compare the first verification code and the second verification code;
compare the third verification code and the fourth verification code; and
verify the user when the third verification code matches the fourth verification code; and
a user analysis component configured to:
derive the addressing information associated with the mobile communication device of the user from which the first verification message is received; and
a processor for executing the computer-executable instructions stored in the memory.
10. The system of claim 9, wherein:
the verification code comparison component is further configured to compare the derived addressing information to stored addressing information associated with the user.
11. The system of claim 9, wherein the request to access the website is part of a purchase transaction associated with the website.
12. The system of claim 9, wherein the communication component is further configured to transmit an instruction to the user to submit the second verification code using an application on the mobile communication device.
13. The system of claim 9, wherein the communication component is further configured to receive information submitted by the user via a form of the website.
14. The system of claim 9, wherein the communication component is further configured to receive the fourth verification code via a field of a form of the website.
15. The system of claim 9, wherein the communication component is further configured to receive login information as at least part of the request to access the website.
16. The system of claim 9, wherein the addressing information associated with the mobile communication device of the user is a phone number.
17. A non-transitory computer-readable storage medium with instructions stored thereon that, when executed by a computing system, cause the computing system to perform a method that verifies a user interacting with a website, the method comprising:
receiving, from a user via a website, a request to access certain functionality of the website;
performing a first stage of a user verification, wherein the first stage of the user verification includes:
transmitting a first verification code to the user via the website;
receiving a first verification message from the user via an application on a mobile communication device, wherein the first verification message includes at least a second verification code; and
comparing the first verification code and the second verification code; and
when the first verification code matches the second verification code, performing a second stage of the user verification, wherein the second stage of the user verification includes:
deriving addressing information associated with the mobile communication device of the user from which the first verification message is received;
transmitting a second verification message via the application on the mobile communication device using the addressing information associated with the mobile communication device of the user, wherein the second verification message includes at least a third verification code;
receiving, from the user, a fourth verification code; and
comparing the third verification code and the fourth verification code; and
verifying the user when the third verification code matches the fourth verification code.
18. The non-transitory computer-readable storage medium of claim 17, wherein:
the method further comprises comparing the derived addressing information to a stored addressing information associated with the user.
19. The non-transitory computer-readable storage medium of claim 17, wherein the request to access the website is part of a purchase transaction associated with the website.
20-22. (canceled)
US15/411,710 2011-11-29 2017-01-20 Dual code authentication system Abandoned US20170257355A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US201161564531P true 2011-11-29 2011-11-29
US13/689,646 US8973109B2 (en) 2011-11-29 2012-11-29 Dual code authentication system
US14/634,520 US9553864B2 (en) 2011-11-29 2015-02-27 Dual code authentication system
US15/411,710 US20170257355A1 (en) 2011-11-29 2017-01-20 Dual code authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15/411,710 US20170257355A1 (en) 2011-11-29 2017-01-20 Dual code authentication system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US14/634,520 Continuation US9553864B2 (en) 2011-11-29 2015-02-27 Dual code authentication system

Publications (1)

Publication Number Publication Date
US20170257355A1 true US20170257355A1 (en) 2017-09-07

Family

ID=48468064

Family Applications (3)

Application Number Title Priority Date Filing Date
US13/689,646 Active US8973109B2 (en) 2011-11-29 2012-11-29 Dual code authentication system
US14/634,520 Active US9553864B2 (en) 2011-11-29 2015-02-27 Dual code authentication system
US15/411,710 Abandoned US20170257355A1 (en) 2011-11-29 2017-01-20 Dual code authentication system

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US13/689,646 Active US8973109B2 (en) 2011-11-29 2012-11-29 Dual code authentication system
US14/634,520 Active US9553864B2 (en) 2011-11-29 2015-02-27 Dual code authentication system

Country Status (1)

Country Link
US (3) US8973109B2 (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060153346A1 (en) 2005-01-11 2006-07-13 Metro Enterprises, Inc. On-line authentication registration system
WO2013150492A1 (en) * 2012-04-05 2013-10-10 Thakker Mitesh L Systems and methods to input or access data using remote submitting mechanism
US9166967B2 (en) * 2012-09-26 2015-10-20 Telesign Corporation Comprehensive authentication and identity system and method
US9772808B1 (en) * 2012-11-29 2017-09-26 Eric Nashbar System and method for document delivery
US9275211B2 (en) 2013-03-15 2016-03-01 Telesign Corporation System and method for utilizing behavioral characteristics in authentication and fraud prevention
US9392456B2 (en) 2013-09-24 2016-07-12 Telesign Corporation Call center SMS verification system and method
US9699161B2 (en) 2014-04-29 2017-07-04 Twitter, Inc. Authentication mechanism
CN105306409A (en) * 2014-05-30 2016-02-03 展讯通信(上海)有限公司 Call verification system and method and mobile terminal
SE539741C2 (en) 2014-09-30 2017-11-14 Tokon Security Ab Method for providing information from an electronic device to a central server
CN104468577B (en) * 2014-12-09 2017-12-05 广东美的制冷设备有限公司 The binding method and binding system of mobile terminal and household electrical appliance terminal
US9887991B2 (en) 2015-03-27 2018-02-06 Yahoo Holdings, Inc. Facilitation of service login
US10219154B1 (en) 2015-08-18 2019-02-26 Richard J. Hallock Frictionless or near-frictionless 3 factor user authentication method and system by use of triad network
CN105376215A (en) * 2015-10-09 2016-03-02 深圳市网心科技有限公司 A device binding method, a server and a device binding system
CN106856474A (en) 2015-12-09 2017-06-16 阿里巴巴集团控股有限公司 A kind of processing method and processing device of checking information
CN105933327A (en) * 2016-06-08 2016-09-07 北京奇虎科技有限公司 Application unlocking method, device and facility
US10492070B2 (en) * 2017-10-18 2019-11-26 Telesign Corporation User authentication based on SS7 call forwarding detection
CN109361703B (en) * 2018-12-12 2020-06-12 百度在线网络技术(北京)有限公司 Voice equipment binding method, device, equipment and computer readable medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020169988A1 (en) * 2000-12-22 2002-11-14 Vandergeest Ron J. Method and apparatus for providing user authentication using a back channel
US20040097217A1 (en) * 2002-08-06 2004-05-20 Mcclain Fred System and method for providing authentication and authorization utilizing a personal wireless communication device
US20100287606A1 (en) * 2009-05-11 2010-11-11 Diversinet Corp. Method and system for authenticating a user of a mobile device

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4782519A (en) 1986-05-22 1988-11-01 Network Access Corporation Method and apparatus for enhancing the operating capabilities of a telephone switching system
WO1995019593A1 (en) 1994-01-14 1995-07-20 Michael Jeremy Kew A computer security system
CA2168484C (en) 1995-03-13 2000-12-05 Mehmet Reha Civanlar Client-server architecture using internet and public switched networks
US6175626B1 (en) 1995-09-29 2001-01-16 Intel Corporation Digital certificates containing multimedia data extensions
US6088683A (en) 1996-08-21 2000-07-11 Jalili; Reza Secure purchase transaction method using telephone number
US6012144A (en) 1996-10-08 2000-01-04 Pickett; Thomas E. Transaction security method and apparatus
US5881226A (en) 1996-10-28 1999-03-09 Veneklase; Brian J. Computer security system
DE19722424C5 (en) 1997-05-28 2006-09-14 Telefonaktiebolaget Lm Ericsson (Publ) Method of securing access to a remote system
US6097791A (en) 1997-07-15 2000-08-01 Octel Communications Corporation Voice-messaging system with non-user outcalling and auto-provisioning capabilities
US6058415A (en) 1997-07-24 2000-05-02 Intervoice Limited Partnership System and method for integration of communication systems with computer-based information systems
US6563915B1 (en) 1998-01-09 2003-05-13 At&T Corp. Method and apparatus for an automatic barge-in system
US6044471A (en) 1998-06-04 2000-03-28 Z4 Technologies, Inc. Method and apparatus for securing software to reduce unauthorized use
US6167518A (en) 1998-07-28 2000-12-26 Commercial Electronics, Llc Digital signature providing non-repudiation based on biological indicia
US6256512B1 (en) 1998-12-28 2001-07-03 Nortel Networks Limited Mobile access to a PBX via a TLDN
US6574599B1 (en) 1999-03-31 2003-06-03 Microsoft Corporation Voice-recognition-based methods for establishing outbound communication through a unified messaging system including intelligent calendar interface
JP2001094670A (en) 1999-09-22 2001-04-06 Noboru Miura Telephone number revision guide system, server unit of this system, and computer-readable medium recording telephone number revision guide program
AU2086301A (en) 1999-12-10 2001-06-18 Auripay, Inc. Method and apparatus for improved financial instrument processing
US6934858B2 (en) 1999-12-15 2005-08-23 Authentify, Inc. System and method of using the public switched telephone network in providing authentication or authorization for online transactions
GB2367411C (en) 2000-07-10 2007-12-12 Garry Harold Gibson Pyment system
JP2002041783A (en) 2000-07-24 2002-02-08 Kenichi Omae Method for issuing electronic money, electronic money, electronic money issuing server, user terminal, and electronic money issuing system
US7870599B2 (en) 2000-09-05 2011-01-11 Netlabs.Com, Inc. Multichannel device utilizing a centralized out-of-band authentication system (COBAS)
US7287270B2 (en) 2000-10-31 2007-10-23 Arkray, Inc. User authentication method in network
KR100412510B1 (en) * 2002-03-30 2004-01-07 한민규 An instant log-in method for authentificating a user and settling bills by using two different communication channels and a system thereof
US7251827B1 (en) * 2002-05-01 2007-07-31 Microsoft Corporation In-line sign in
US7383572B2 (en) 2002-05-24 2008-06-03 Authentify, Inc. Use of public switched telephone network for authentication and authorization in on-line transactions
US20040254890A1 (en) 2002-05-24 2004-12-16 Sancho Enrique David System method and apparatus for preventing fraudulent transactions
US7233790B2 (en) 2002-06-28 2007-06-19 Openwave Systems, Inc. Device capability based discovery, packaging and provisioning of content for wireless mobile devices
US7127051B2 (en) 2002-09-17 2006-10-24 Bellsouth Intellectual Property Corporation System and method for providing advanced telephony services using a virtual telephone number
US7043230B1 (en) 2003-02-20 2006-05-09 Sprint Spectrum L.P. Method and system for multi-network authorization and authentication
US7054417B2 (en) 2003-08-19 2006-05-30 Qwest Communications International Inc. Advanced call screening appliance
US20060153346A1 (en) 2005-01-11 2006-07-13 Metro Enterprises, Inc. On-line authentication registration system
AT490620T (en) * 2005-04-20 2010-12-15 Docaccount Ab Method and system for the electronic re-authentication of a communication participant
US7389913B2 (en) 2006-04-28 2008-06-24 Ed Starrs Method and apparatus for online check processing
US8719912B2 (en) * 2008-06-27 2014-05-06 Microsoft Corporation Enabling private data feed
US8472590B1 (en) * 2009-09-29 2013-06-25 Now Solutions Integration Group Inc. Systems and methods for controlling the content displayed on the browser of a remote user

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020169988A1 (en) * 2000-12-22 2002-11-14 Vandergeest Ron J. Method and apparatus for providing user authentication using a back channel
US20040097217A1 (en) * 2002-08-06 2004-05-20 Mcclain Fred System and method for providing authentication and authorization utilizing a personal wireless communication device
US20100287606A1 (en) * 2009-05-11 2010-11-11 Diversinet Corp. Method and system for authenticating a user of a mobile device

Also Published As

Publication number Publication date
US8973109B2 (en) 2015-03-03
US9553864B2 (en) 2017-01-24
US20130139239A1 (en) 2013-05-30
US20150180855A1 (en) 2015-06-25

Similar Documents

Publication Publication Date Title
US20180285552A1 (en) System and method for integrating two-factor authentication in a device
US10129247B2 (en) System and method for utilizing behavioral characteristics in authentication and fraud prevention
US10455419B2 (en) System and method for mobile identity protection for online user authentication
US9942220B2 (en) Preventing unauthorized account access using compromised login credentials
US9391985B2 (en) Environment-based two-factor authentication without geo-location
CN105378790B (en) Risk assessment using social networking data
US10136315B2 (en) Password-less authentication system, method and device
US9143506B2 (en) Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US10706421B2 (en) System and method of notifying mobile devices to complete transactions after additional agent verification
US9521548B2 (en) Secure registration of a mobile device for use with a session
CN104077689B (en) A kind of method of Information Authentication, relevant apparatus and system
US9882916B2 (en) Method for verifying sensitive operations, terminal device, server, and verification system
US10554639B2 (en) Systems and methods for managing resetting of user online identities or accounts
Johnson et al. Mobile computing
US9756056B2 (en) Apparatus and method for authenticating a user via multiple user devices
US8862097B2 (en) Secure transaction authentication
US8122251B2 (en) Method and apparatus for preventing phishing attacks
US9374369B2 (en) Multi-factor authentication and comprehensive login system for client-server networks
US20140222690A1 (en) Verification of a person identifier received online
US20150332258A1 (en) Identity Verification via Short-Range Wireless Communications
US7697942B2 (en) Location based rules architecture systems and methods
US8176077B2 (en) Location based access to financial information systems and methods
US10826910B2 (en) Frictionless multi-factor authentication system and method
US8295898B2 (en) Location based authentication of mobile device transactions
US8572701B2 (en) Authenticating via mobile device

Legal Events

Date Code Title Description
STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION