US20200402046A1 - Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website - Google Patents
Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website Download PDFInfo
- Publication number
- US20200402046A1 US20200402046A1 US15/860,452 US201815860452A US2020402046A1 US 20200402046 A1 US20200402046 A1 US 20200402046A1 US 201815860452 A US201815860452 A US 201815860452A US 2020402046 A1 US2020402046 A1 US 2020402046A1
- Authority
- US
- United States
- Prior art keywords
- computing device
- unique
- user
- network website
- onetime
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
- G06Q20/108—Remote banking, e.g. home banking
- G06Q20/1085—Remote banking, e.g. home banking involving automatic teller machines [ATMs]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/308—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using the Internet of Things
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Definitions
- a unique transaction identifier which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive Identifiers from a local/mobile computing device seeking access to said first network website
- This invention relates to defeating an account access attempt by an unauthorized actor seeking to breach an online network or account by capturing identification data from a transmission stream and maliciously adopting said data in an attempt to gain unauthorized account access to a network or account.
- an electronic instruction is issued by a first network website to a local/mobile computing device seeking account access to said first network website.
- Said electronic instruction directs a companion application residing on said local/mobile computing device to collect specified distinctive identifiers from said local/mobile computing device which is seeking account access to said first network website.
- a local/mobile computing device When a local/mobile computing device is seeking account access to a protected first network website, an electronic instruction is sent from said first network website to said local/mobile computing device and specific distinctive identifiers are recollected and sent to the validation database residing on said secondary network website for comparison & match to the values previously registered by rightful account holder.
- Our concern is the ability of an unauthorized party to insert themselves into the data transmission stream between said local/mobile computing device and said secondary network website, acting as said validation database server.
- Our concern is also to protect the data transmission stream between said secondary network website acting as said validation database and said first network website. Capture by an unauthorized actor of said collected specified distinctive identifiers could lead to their unauthorized use in gaining account access to said first network website. This is often referred to as a “Man-in-The Middle Attack” or MiTM.
- an unauthorized actor inserts themselves into a data transmission stream to intercept and redirect for their own purposes, the digital information captured from said data transmission stream. In doing so, said unauthorized actor can use the captured digital data to present themselves as an authorized user, and thus gain unauthorized account access to a network website or account.
- Our invention describes a system and method to insure the authenticity of said specified distinctive identifiers collected per said electronic instruction sent by said first network website to said local/mobile computing device which has requested account access to said first network website. This is accomplished by using said unique transaction identifier to specifically alert all stations involved in this access request that said access request has been legitimately made and said unique transaction identifier represents the totally unique nature of said account access request.
- Said electronic instruction directs a companion application residing on said local/mobile computing device to process a set of electronic instructions for collecting specific hardware and/or software identifiers (referred to herein as specified distinctive identifiers) from said local/mobile computing device.
- Said specified distinctive identifiers are used to build an identification key that can be used to positively identify and authenticate the identity of said local/mobile computing device seeking account access to said first network website.
- Said companion application present on said local/mobile computing device executes the actions specified within said electronic instruction. These collected specified distinctive identifiers are then secured and sent by said companion application on said local/mobile computing device to said secondary network website, which is used to validate the identity of said local/mobile computing device.
- This disclosure describes the inclusion of a unique transaction identifier assigned to each said electronic instruction to collect specified distinctive identifiers issued by said first network website to said local/mobile computing device seeking account access to said first network website.
- This unique transaction identifier is unique and represents this, and only this electronic instruction. Said unique transaction identifier thus becomes a totally unique designation for said electronic instruction issued by said first network website to said local/mobile computing device.
- Said first network website also enters said unique transaction identifier into a database of issued unique transaction identifiers residing on said first network website. Issued unique transaction identifiers entered into said database maintained by said first network website, are considered a one-time-use entry and upon receipt of an access approval with a matching unique transaction identifier from said secondary network website, said unique transaction identifier will no longer be considered valid.
- said first network website also sends an a notice of said unique transaction identifier uniquely assigned to this particular electronic instruction, to said secondary network website.
- Said secondary network website is used to compare said specified distinctive identifiers collected as a result of each electronic instruction and performs a matching function to determine if said local/mobile computing device requesting account access to said first network website has been previously authorized for account access during a registration process.
- the purpose of said first network website sending said unique transaction identifier to said secondary network website is to provide a method of cross-checking the validity of said specified distinctive identifiers received from said local/mobile computing device and submitted to said secondary network website were legitimately collected and authorized by said first network website.
- said secondary network website receives said unique transaction identifier from said first network website, it inserts said unique transaction identifier into a database resident on and maintained by said second network website.
- said secondary network website When said secondary network website receives said specified distinctive identifiers from said local/mobile computing device, its intention is to perform a matching function of those specified distinctive identifiers to the authorized specified distinctive identifiers incorporated into, or managed by, said second network website's validation database.
- the purpose of this matching function is to insure that said local/mobile computing device represented by this collection of said specified distinctive identifiers has been previously authorized for account access to said first network website.
- said secondary network website prior to matching said specified distinctive identifiers collected from said local/mobile computing device, will match said unique transaction identifier associated with said collected specified distinctive identifiers submitted by said local/mobile computing device to said database of said unique transaction identifiers previously provided to said secondary network website by said first network website. Said secondary network website will determine, based on its database of said unique transaction identifiers, if a match exists between said unique transaction identifier assigned to said collected specified distinctive identifiers being submitted by said local/mobile computing device and said unique transaction identifiers residing in said secondary network website's database of said unique transaction identifiers.
- said secondary network website will allow said specified distinctive identifiers collected from said local/mobile computing device to be matched against said secondary network website's validation database of authorized specified distinctive identifiers. If a match is not confirmed between said unique transaction identifier being submitted from said local/mobile computing device, said specified distinctive identifiers collected from said local/mobile computing device will not be matched with said secondary network website's validation database of authorized specified distinctive identifiers.
- said unique transaction identifier sent by said first network website to said secondary network website and maintained in said secondary network website's database of unique transaction identifiers may also contain a time expiration value.
- Said time expiration value is supplied with said unique transaction identifier by said first network website to said secondary network website.
- Said elapsed time value establishes a duration for the validity of said unique control identifier.
- said unique transaction identifier submitted with specified distinctive identifiers collected from said local/mobile computing device matches a valid unique transaction identifier resident in said database of unique transaction identifiers residing on said secondary network website
- said specified distinctive identifiers will be matched against said database of specified distinctive identifiers maintained by said secondary network website. The matching of these specified distinctive identifiers will produce either a match or no match condition.
- said first network website When said first network website receives said match/no match result with said unique transmission identifier from secondary website network, said first network website first matches said unique transmission identifier against its one-time-use database of said unique transmission identifiers previously issued and maintained in its one-time-use database on said first network website. If said first network website confirms a match of the unique transmission identifier transmitted from said secondary network website to a unique transmission identifier stored in first network websites one-time-use database, the match/no match result from secondary network website will be honored. In the case of a match result for said specified distinctive identifiers and said unique transmission identifier, first network website will grant account or network access to said local/mobile computing device seeking access. In the case of a no match result for said specified distinctive identifiers and said unique transmission identifier, first network website will NOT grant account or network access to said local/mobile computing device seeking access.
- a first exemplary embodiment of this invention describes a system and method for validating the authenticity of said electronic instruction to collect said specified distinctive identifiers which sent from said first network website to said local/mobile computing device seeking network or account access to said first network website.
- Said first network website attaches a unique onetime identification token to an electronic instruction being sent to a local/mobile computing device.
- Said first network website also enters said unique onetime identification token into a one-time-use database of said unique onetime identification tokens issued by said first network website and said database is resident on said first network website.
- Said first network website also sends said unique onetime identification token to said secondary network website, which also maintains a one-time-use database of said unique onetime identification tokens received from said first network website.
- Said secondary network website will match said unique onetime identification token resident in said one-time-database of unique transaction identifiers resident on said secondary network website to a unique onetime identification token sent to a secondary network website by said local/mobile computing devices seeking access to said first network website.
- a positive match in said one-time-use database between said unique onetime identification token received from said local/mobile computing device and said unique onetime identification token sent from said first network website will result in said secondary network website allowing said specified distinctive identifiers sent from said local/mobile computing device to be matched against said specified distinctive identifiers resident in said validation database resident on said secondary network website.
- said secondary network website will not allow said specified distinctive identifiers sent from said local/mobile computing device to be matched against said database of authorized specified distinctive identifiers resident on said secondary network website.
- a second exemplary embodiment of this invention discloses a system and method for limiting the time-period during which said unique onetime identification token received by said secondary network website from said first network website shall remain valid and available for matching.
- Said first network website assigns to said unique onetime identification token sent to said secondary network website a time expiration value which defines a segment of time for which said unique onetime identification token received from said first network website shall remain valid.
- said unique onetime identification token received from said first network website will be considered void and cannot be considered for a match against said unique transaction identifiers received from said local/mobile computing devices.
- FIG. 1 shows a depiction of an embodiment showing processing between local/mobile computing device, first network website, and secondary network website;
- FIG. 2 shows an embodiment where the unique transaction ID is only valid for a period of time
- FIG. 3 shows the major components of local/mobile computing device
- FIG. 4 shows the major components of first network website
- FIG. 5 shows the major components of secondary network website.
- FIG. 1 where 10 is a depiction of the invention illustrating local/mobile computing device 12 , first network website 14 , and secondary network website 16 .
- processing begins with process block 18 , send signal 20 , account access request, to process block 33 , generate unique onetime identification token, associate with user and save in UT database.
- This process block generates a unique onetime identification token identifying this single transaction, associates the unique onetime identification token with the user (local/mobile computing device) and saves the information in local UT database 306 ( FIG. 3 ).
- This database is resident on first network website 14 . After the unique onetime identification token and the associated user is saved in local UT database 306 , control falls through to processing block 25 , generate electronic instruction.
- This process block sends signal 26 , unique onetime identification token and electronic instruction, to processing block 56 , generate set of specified distinctive IDs, and sends signal 102 , unique onetime identification token to processing block 34 , save unique onetime identification token in transaction ID database ( FIG. 5 ).
- Processing block 56 receives electronic instruction which specifies which distinctive IDs to gather.
- IDs may consist of serial numbers or other IDs such as MAC addresses of hardware components/modules and/or serial numbers of software modules residing in local/mobile computing device 12 . These IDs are then hashed into hexadecimal numbers that resemble random numbers. After the specified distinctive IDs have been gathered, they are appended with the unique onetime identification token and sent as signal 60 , specified distinctive IDs and unique onetime identification token, to decision processing block 62 , unique onetime identification token in unique transaction ID database?.
- Decision processing block 62 unique onetime identification token in transaction ID database?, attempts to match the received unique onetime identification token in the unique transaction ID local database 408 ( FIG. 5 ). If the match is not made, control falls through to determination processing block 64 , NO, else control is transferred to determination processing block 66 , YES.
- control will fall through to decision processing block 68 , validate received set of specific distinctive IDs.
- Processing block 68 attempts to match the received specified distinct IDs received in signal 60 , to a set of specified distinct IDs resident in local validation database 406 . If the match is not made, control falls through to determination processing block 72 , NO, else control is transferred to determination processing block 74 , YES.
- signal 78 access denied, unique onetime identification token
- processing block 48 mark unique onetime identification token not valid in UT database
- process block 48 marks the unique onetime identification token invalid in UT database 306 ( FIG. 4 ) after which processing block 48 sends signal 78 , access denied, to processing block 80 , stop session, residing in local/mobile computing device, 12 .
- Process block 80 denies the user's local/mobile computing device from gaining access to first network website 14 .
- Processing block 82 attempts to match the received unique onetime identification token to one in the local UT database.
- control is transferred to determination processing block 88 , YES. If a match is not made, control falls through to determination processing block 84 , NO.
- Process block 80 denies the user's local/mobile computing device from gaining access to first network website 14 .
- processing block 92 will permit the logon process in user's local/mobile computing device 12 to continue.
- FIG. 2 20 is a depiction of the invention illustrating local/mobile computing device 12 , first network website 14 , and secondary network website 16 .
- This depiction shows the invention where the unique transaction ID is only valid for a period of time. This time period is used to prevent a man in the middle attack from succeeding dur to the additional time a MiTM attack requires to capture an original request, alter the request and to send the modified request on to the secondary network website 12 .
- secondary network website 16 contains a timing loop consisting of process blocks 36 through 44 which, if the time expiration value expires, the unique transaction ID is marked as invalid in the transaction ID database 408 resident in secondary network website thus preventing any validation of the set of specified distinctive IDs from being validated.
- processing begins with process block 18 , send account access request, as signal 20 , account access request, to process block 33 , generate unique onetime identification token, associate with user and save in UT database.
- This process block generates the unique onetime identification token which identifies this single transaction, associates the unique onetime identification token with the user (local/mobile computing device) and saves the information in a local database, UT database, 306 , of unique onetime identification tokens and users.
- This database is resident on first network website 14 . After the unique onetime identification token and the associated user is saved in UT database, control falls through to processing block 24 , assign time expiration vale.
- This processing block assigns a time expiration value to the unique onetime identification token.
- This time expiration value is the amount of time the unique transaction ID is valid, after which, the unique transaction ID and the time expiration value is sent as signal 102 , unique onetime identification token, time expiration value to processing block 34 save unique transaction ID in transaction ID database, after which control falls through to processing block 36 start timer for unique transaction ID.
- Process blocks 38 through 44 form a timing loop which determines when the time expiration value has expired.
- Decision processing block 38 timer expired?, determines if the timer value assigned to timer in process block 38 , start timer for unique onetime identification token, has expired. After process block 38 makes the decision, control will fall through to determination processing block 40 , NO. If the timer has not expired, control will be transferred to decision processing block 38 , timer expired?. If the timer has expired, control will fall through to determination processing block 42 , YES, after which control will fall through to process block 44 , mark unique transaction ID in transaction ID database as invalid.
- This process block will mark the unique onetime identification token contained in the unique transaction ID local database ( 408 FIG. 5 ) in secondary network website 16 as invalid then sends signal 78 , access denied, unique transaction ID, to process block 48 in first network website 14 .
- Process block, 48 mark unique transaction ID not valid in UT database.
- This process block marks the unique onetime identification token in UT database ( 306 FIG. 4 ) residing in first network website, as not valid after which control will fall through to process block 50 , send access denied to user.
- Process block 50 sends signal 52 , access denied, to process block 80 , stop session, residing in local/mobile computing device 12 .
- Process block 80 denies the user's local/mobile computing device from gaining access to first network website 14 .
- process block 24 assign timer expiration value, sends signal 102 , unique onetime identification token, time expiration value, control will fall through to process block 25 , generate electronic instruction.
- This process block sends signal 26 , unique onetime identification token and electronic instruction, to processing block 56 , generate set of specified distinctive IDs.
- Processing block 56 receives electronic instruction specifying which distinctive IDs to gather. These IDs may consist of serial numbers or other IDs such as MAC addresses of hardware components/modules and/or serial numbers of software modules residing in said local/mobile computing device 12 . These IDs are then each hashed into a hexadecimal number that appears to be a random number. After the specified distinctive IDs have been gathered, they are appended with the unique onetime identification token and sent as signal 60 , specified distinctive IDs and unique onetime identification token to decision processing block 62 , unique onetime identification token in unique transaction ID database?.
- Decision processing block 62 unique onetime identification token in database? attempts to match the received unique onetime identification token in signal 60 to one of unique onetime identification tokens contained in the transaction ID database ( 408 FIG. 5 ) residing in secondary network website 16 . If the match is made, control transfers through to determination processing block 66 , YES, else control is falls through to determination processing block 64 , NO.
- This process block marks the current unique onetime identification token contained in UT database as not valid after which control falls through to process block 50 , send access denied to user.
- This process block sends signal 52 , access denied, to process block 80 , stop session, residing in local/mobile computing device 12 .
- Process block 80 denies the user's local/mobile computing device from gaining access to first network website 14 .
- control will fall through to decision processing block 68 , validate received set of specific distinctive IDs.
- Processing block 68 attempts to match the received specified distinct IDs received in signal 60 , to a set of specified distinct IDs resident in local validation database 406 . If the match is not made, control falls through to determination processing block 72 , NO, else control is transferred to determination processing block 74 , YES.
- control is transferred to determination processing block 88 , YES. If a match is not made, control falls through to determination processing block 84 , NO.
- Process block 80 denies the user's local/mobile computing device from gaining access to first network website 14 .
- Processing block 92 will permit the logon process in user's local/mobile computing device 12 to continue.
- Local/mobile computing device 12 is a cellular phone, tablet computer, laptop computer, or desktop computer. These types of computing devices are well known in the art. These devices generally have hardware modules such as Bluetooth chip sets, Wifi chip sets, USB hubs and ports, processors, audio chip sets, and other hardware modules. Each of these hardware modules have unique serial numbers as well as MAC addresses for any of the modules with radio interfaces or serial interfaces. Software modules executing on these devices also have serial numbers.
- Local/mobile computing device receives signal 26 unique onetime identification token and an electronic instruction from first network website 14 .
- Electronic instruction contains a coded instruction that defines which hardware and/or software identifiers are to be gathered and hashed.
- Unique onetime identification token is appended or joined to the hashed specified distinctive identifiers and sent, as signal 60 , to secondary network website.
- Local/mobile computing device 12 then waits at processing block 80 , stop session, and processing block 92 , continue session, for either access denied signal 78 received by process block 80 , stop session, or signal 90 , access granted, received by processing block 92 , continue session, after which local/mobile computing device will be granted access to first network website.
- First network website consists of a computer processor 302 , a memory storage device 304 , UT database 306 , and first software program 308 .
- Memory storage device 304 may consist of a combination of random access memory and larger storage devices such as hard disk drives and/or solid state drives.
- First software program 308 resides in said memory storage device 304 .
- First software program 308 is executed by computer processor 302 and controls the logon process when local/mobile computing device 12 attempts to logon to first network website 14 .
- first network website 14 receives a logon account access request 20 from local/mobile computing device 12
- first network website 14 generates a unique onetime identification token and saves it in UT database along with an optional time expiration value.
- First network website then generates an electronic instruction that, along with unique onetime identification token, is sent to local/mobile computing device 12 .
- First network website then sends signal 102 , unique onetime identification token, to secondary network website 16 .
- Optional time expiration value may also be sent to secondary network website at the same time as an optional value in signal 102 .
- first network website 14 receives an access denied signal 78 from secondary network website 16 , it will mark the associated unique onetime identification token residing in UT database as not valid. If first network website 14 receives an access granted, signal 94 , from secondary network website 16 , first network website 14 will check to see if the associated unique transaction ID is in UT database and if it is and is marked not valid, first network website 14 will send signal 52 access denied to local/mobile computing device 12 . This check ensures that a second request to said secondary website 16 by a man-in-the-middle will be denied.
- first network website 14 receives an access granted from said secondary network website 16 , said first network website 14 will check to see if the associated unique onetime identification token is currently marked as valid in UT database 306 and if it is not marked invalid, first network website 14 will send signal 90 access granted to local/mobile computing device 12 .
- Secondary network website 16 consists of a computer processor 402 , a memory storage device 404 , validation database 406 and transaction ID database 408 .
- Memory storage device 404 may consist of a combination of random access memory and larger storage devices such as hard disk drives and/or solid state drives.
- a timing loop ranging from process block 36 to processing block 44 ( FIG. 1 ) will monitor the timer for expiration. If the timer expires before secondary network website 16 receives signal 60 specified distinct IDs and unique onetime identification token, secondary network website 16 will mark unique onetime identification token received in signal 60 , in transaction ID database 408 and will send signal 78 access denied, associated unique transaction ID, to first network website 14 .
- secondary network website 16 will first check to verify that unique onetime identification token, received in signal 102 , is in transaction ID database 408 and if it is not or has been marked as invalid, secondary network website 16 will send signal 78 access denied, unique onetime identification token to first network website 14 . If unique onetime identification token is found in transaction ID database, control falls through to process block 68 , validate set of specified distinct IDs received in signal 60 . This process block will attempt to match the set of specified distinct IDs in signal 60 , specified distinct IDs, unique onetime identification token, against validation database 406 .
- secondary network website If received set of specified distinct IDs is not matched against any sets of specified distinct IDs in validation database 406 , secondary network website sends signal 78 , access denied, unique onetime identification token, to first network website 14 . If received set of specified distinct IDs is matched against any sets of specified distinct IDs in validation database 406 , secondary network website sends signal 94 , access granted, unique onetime identification token, to first network website 14 after which control falls through to process block 75 , mark unique onetime identification token in transaction ID database as invalid.
Abstract
Description
- This application is a continuation in part from U.S. patent application Ser. No. 15/082,727, filed Mar. 28, 2016, which is a continuation of Ser. No. 14/717,352, filed May 20, 2015, which claims priority from provisional No. 62/134,980, filed Mar. 18, 2015.
- This application is related to U.S. patent application Ser. No. 13/297,322 now U.S. Pat. No. 9,715,598, the entire contents of both which are herewith incorporated by reference.
- A unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive Identifiers from a local/mobile computing device seeking access to said first network website
- This invention relates to defeating an account access attempt by an unauthorized actor seeking to breach an online network or account by capturing identification data from a transmission stream and maliciously adopting said data in an attempt to gain unauthorized account access to a network or account.
- As taught in U.S. Pat. No. 9,691,067 & 9,715,598 and referenced herein, an electronic instruction is issued by a first network website to a local/mobile computing device seeking account access to said first network website. Said electronic instruction directs a companion application residing on said local/mobile computing device to collect specified distinctive identifiers from said local/mobile computing device which is seeking account access to said first network website.
- During a registration process of a said local/mobile computing device, specific distinctive identifiers from local/mobile computing devices authorized by the rightful account owners, are collected and stored in a validation database residing on a secondary network website.
- When a local/mobile computing device is seeking account access to a protected first network website, an electronic instruction is sent from said first network website to said local/mobile computing device and specific distinctive identifiers are recollected and sent to the validation database residing on said secondary network website for comparison & match to the values previously registered by rightful account holder. Our concern is the ability of an unauthorized party to insert themselves into the data transmission stream between said local/mobile computing device and said secondary network website, acting as said validation database server. Our concern is also to protect the data transmission stream between said secondary network website acting as said validation database and said first network website. Capture by an unauthorized actor of said collected specified distinctive identifiers could lead to their unauthorized use in gaining account access to said first network website. This is often referred to as a “Man-in-The Middle Attack” or MiTM.
- In a MiTM attack, an unauthorized actor inserts themselves into a data transmission stream to intercept and redirect for their own purposes, the digital information captured from said data transmission stream. In doing so, said unauthorized actor can use the captured digital data to present themselves as an authorized user, and thus gain unauthorized account access to a network website or account.
- Our invention describes a system and method to insure the authenticity of said specified distinctive identifiers collected per said electronic instruction sent by said first network website to said local/mobile computing device which has requested account access to said first network website. This is accomplished by using said unique transaction identifier to specifically alert all stations involved in this access request that said access request has been legitimately made and said unique transaction identifier represents the totally unique nature of said account access request.
- Said electronic instruction directs a companion application residing on said local/mobile computing device to process a set of electronic instructions for collecting specific hardware and/or software identifiers (referred to herein as specified distinctive identifiers) from said local/mobile computing device. Said specified distinctive identifiers are used to build an identification key that can be used to positively identify and authenticate the identity of said local/mobile computing device seeking account access to said first network website. Said companion application present on said local/mobile computing device executes the actions specified within said electronic instruction. These collected specified distinctive identifiers are then secured and sent by said companion application on said local/mobile computing device to said secondary network website, which is used to validate the identity of said local/mobile computing device.
- This disclosure describes the inclusion of a unique transaction identifier assigned to each said electronic instruction to collect specified distinctive identifiers issued by said first network website to said local/mobile computing device seeking account access to said first network website. This unique transaction identifier is unique and represents this, and only this electronic instruction. Said unique transaction identifier thus becomes a totally unique designation for said electronic instruction issued by said first network website to said local/mobile computing device.
- Said first network website also enters said unique transaction identifier into a database of issued unique transaction identifiers residing on said first network website. Issued unique transaction identifiers entered into said database maintained by said first network website, are considered a one-time-use entry and upon receipt of an access approval with a matching unique transaction identifier from said secondary network website, said unique transaction identifier will no longer be considered valid.
- To protect against an instance where a MiTM attack might compromise the contents of a data transmission of specified distinctive identifiers between said local/mobile computing device and said secondary network website, said first network website also sends an a notice of said unique transaction identifier uniquely assigned to this particular electronic instruction, to said secondary network website. Said secondary network website is used to compare said specified distinctive identifiers collected as a result of each electronic instruction and performs a matching function to determine if said local/mobile computing device requesting account access to said first network website has been previously authorized for account access during a registration process.
- The purpose of said first network website sending said unique transaction identifier to said secondary network website is to provide a method of cross-checking the validity of said specified distinctive identifiers received from said local/mobile computing device and submitted to said secondary network website were legitimately collected and authorized by said first network website. When said secondary network website receives said unique transaction identifier from said first network website, it inserts said unique transaction identifier into a database resident on and maintained by said second network website.
- The presence of a said unique transaction identifier in both the data transmission of said specified distinctive identifiers from said local/mobile computing device and said database of unique transaction identifiers residing on said secondary network, allows a cross-check of the authenticity of said specified distinctive identifiers received from said local/mobile computing devices. This assures that the specified distinctive identifiers collected per said transaction were not submitted as a result of a MiTM attack that previously had intercepted a transmission of said specified distinctive identifiers.
- When said secondary network website receives said specified distinctive identifiers from said local/mobile computing device, its intention is to perform a matching function of those specified distinctive identifiers to the authorized specified distinctive identifiers incorporated into, or managed by, said second network website's validation database. The purpose of this matching function is to insure that said local/mobile computing device represented by this collection of said specified distinctive identifiers has been previously authorized for account access to said first network website.
- However, said secondary network website, prior to matching said specified distinctive identifiers collected from said local/mobile computing device, will match said unique transaction identifier associated with said collected specified distinctive identifiers submitted by said local/mobile computing device to said database of said unique transaction identifiers previously provided to said secondary network website by said first network website. Said secondary network website will determine, based on its database of said unique transaction identifiers, if a match exists between said unique transaction identifier assigned to said collected specified distinctive identifiers being submitted by said local/mobile computing device and said unique transaction identifiers residing in said secondary network website's database of said unique transaction identifiers. If a match of said unique transaction identifiers occurs, said secondary network website will allow said specified distinctive identifiers collected from said local/mobile computing device to be matched against said secondary network website's validation database of authorized specified distinctive identifiers. If a match is not confirmed between said unique transaction identifier being submitted from said local/mobile computing device, said specified distinctive identifiers collected from said local/mobile computing device will not be matched with said secondary network website's validation database of authorized specified distinctive identifiers.
- Thus, in the event an unauthorized actor were able to compromise said transmission stream between said local/mobile computing device seeking account access and said secondary network, the distinctive identifiers would be rendered useless, as said secondary network website would have no record or notification of the unique transaction identifier presented from said local/mobile computing device.
- In a further attempt to defeat MiTM attacks, said unique transaction identifier sent by said first network website to said secondary network website and maintained in said secondary network website's database of unique transaction identifiers may also contain a time expiration value.
- It is important to note that while the unique transaction identifier sent to said local/mobile computing device and to said secondary network website are identical, said time expiration value assigned by said first network website to said unique transaction identifiers is only transmitted to said secondary network website and is not included within the unique transaction identifier sent by said first network website to said local/mobile computing device.
- Said time expiration value is supplied with said unique transaction identifier by said first network website to said secondary network website. Said elapsed time value establishes a duration for the validity of said unique control identifier.
- In the event said time expiration value expires, even a valid match of said unique transaction identifier received from said local/mobile computing device to the same unique transaction identifier present in said database of unique transaction identifiers residing on said secondary network website, will be deemed expired and not valid, and said specified distinctive identifiers received from said local/mobile computing device will not be matched to said second network web site's database of authorized specified distinctive identifiers.
- In the event that said unique transaction identifier submitted with specified distinctive identifiers collected from said local/mobile computing device matches a valid unique transaction identifier resident in said database of unique transaction identifiers residing on said secondary network website, said specified distinctive identifiers will be matched against said database of specified distinctive identifiers maintained by said secondary network website. The matching of these specified distinctive identifiers will produce either a match or no match condition.
- Once said secondary network website has determined a match/no match condition, that match/no match result is packaged with said unique transmission identifier and sent to said first network website.
- When said first network website receives said match/no match result with said unique transmission identifier from secondary website network, said first network website first matches said unique transmission identifier against its one-time-use database of said unique transmission identifiers previously issued and maintained in its one-time-use database on said first network website. If said first network website confirms a match of the unique transmission identifier transmitted from said secondary network website to a unique transmission identifier stored in first network websites one-time-use database, the match/no match result from secondary network website will be honored. In the case of a match result for said specified distinctive identifiers and said unique transmission identifier, first network website will grant account or network access to said local/mobile computing device seeking access. In the case of a no match result for said specified distinctive identifiers and said unique transmission identifier, first network website will NOT grant account or network access to said local/mobile computing device seeking access.
-
-
- Companion Application: A software application executing on said local/mobile computing device that receives said electronic instruction from said first network website, and said electronic instruction defines the collection of said specified distinctive identifiers from said local/mobile computing device on which said companion application is resident.
- Data Transmission Stream: A digital communication between said local/remote computing device and a secondary network website and between said secondary network website and said first network website
- Electronic Instruction: A notification which includes parameters to be used to collect specified distinctive Identifiers that is sent from a first software program executing on a first network website to a companion application executing on a local/mobile computing device where said local/mobile computing device is seeking account access to said first network website.
- First Network Website: An intelligent network website to which said local/mobile computing device is seeking network or account access and said first network website issues said unique control identifier and said electronic instruction to collect specified distinctive identifiers to said local/mobile computing device seeking access to said first network website and said first network website also issues said unique control identifier to said secondary network website.
- Local/Mobile Computing Device: Personal computer, Laptop, Smartphone, PDA, Tablet etc or similar mobile or desktop devices containing a processor, memory and storage, and also capable of addressing a network or account via an Internet connection and is seeking access to said first network website.
- One-Time-Use: Refers to unique control identifiers maintained in a database on said first and secondary network websites, and whereby said unique control identifiers present in said databases are only allowed to be matched with incoming said unique control identifiers a single time.
- Regeneration: The process whereby said companion application resident on said local/mobile computing device extracts anew said specified distinctive identifiers from said local/mobile computing device that is initiating a an access request to said first network website.
- Secondary Network Website: An intelligent network website which hosts said validation database used for matching said specified distinctive identifiers drawn from said local/mobile computing device to a database of said specified distinctive identifiers drawn from previously authorized local/mobile computing devices and maintained on said secondary network website.
- Specified Distinctive Identifiers: One or more defined device identifiers and/or other digital characteristics, which may be considered unique and collected by a companion application resident on said local/mobile computing device from certain hardware and software modules resident on said local/mobile computing device and for purposes of this disclosure, may also include a unique string of data inputted by the account owner, such as a password, biometric marker, and/or a unique transaction identifier.
- Time Expiration Value: A segment of time that defines the period for which said unique transaction identifier is considered valid and available for matching.
- Unique Transaction Identifier/Unique Transaction ID: A word, number, letter, symbol, or any combination of those that is used to uniquely identify a transaction that applies to an electronic instruction to collect specified distinctive identifiers that is issued by a first network website to said local/mobile computing device.
- Unique One Time Identification Token: A data object whose contents consists of a Unique Transaction Identifier or Unique Transaction ID.
- Unique Transaction Identifier Database: A database composed of said unique transaction identifiers that have been issued by said first network website to a local/mobile computing device seeking access to said first network website and said database of unique transaction identifiers is maintained on either or both of said secondary network website and/or said first network website.
- Validation Database: A remote database of registered specified distinctive identifiers drawn from previously authorized local/mobile computing devices and said validation database is maintained on said secondary network website.
- A first exemplary embodiment of this invention describes a system and method for validating the authenticity of said electronic instruction to collect said specified distinctive identifiers which sent from said first network website to said local/mobile computing device seeking network or account access to said first network website. Said first network website attaches a unique onetime identification token to an electronic instruction being sent to a local/mobile computing device. Said first network website also enters said unique onetime identification token into a one-time-use database of said unique onetime identification tokens issued by said first network website and said database is resident on said first network website. Said first network website also sends said unique onetime identification token to said secondary network website, which also maintains a one-time-use database of said unique onetime identification tokens received from said first network website. Said secondary network website will match said unique onetime identification token resident in said one-time-database of unique transaction identifiers resident on said secondary network website to a unique onetime identification token sent to a secondary network website by said local/mobile computing devices seeking access to said first network website. A positive match in said one-time-use database between said unique onetime identification token received from said local/mobile computing device and said unique onetime identification token sent from said first network website will result in said secondary network website allowing said specified distinctive identifiers sent from said local/mobile computing device to be matched against said specified distinctive identifiers resident in said validation database resident on said secondary network website. In the event of a non-match of said unique onetime identification token received from said local/mobile computing device against said one-time-use database of unique onetime identification tokens received from said first network website, said secondary network website will not allow said specified distinctive identifiers sent from said local/mobile computing device to be matched against said database of authorized specified distinctive identifiers resident on said secondary network website.
- A second exemplary embodiment of this invention discloses a system and method for limiting the time-period during which said unique onetime identification token received by said secondary network website from said first network website shall remain valid and available for matching. Said first network website assigns to said unique onetime identification token sent to said secondary network website a time expiration value which defines a segment of time for which said unique onetime identification token received from said first network website shall remain valid. Upon expiration of said time expiration value, said unique onetime identification token received from said first network website will be considered void and cannot be considered for a match against said unique transaction identifiers received from said local/mobile computing devices.
-
FIG. 1 shows a depiction of an embodiment showing processing between local/mobile computing device, first network website, and secondary network website; -
FIG. 2 shows an embodiment where the unique transaction ID is only valid for a period of time; -
FIG. 3 shows the major components of local/mobile computing device; -
FIG. 4 shows the major components of first network website; and -
FIG. 5 shows the major components of secondary network website. - Now referencing
FIG. 1 where 10 is a depiction of the invention illustrating local/mobile computing device 12,first network website 14, andsecondary network website 16. - In this depiction, processing begins with
process block 18, sendsignal 20, account access request, to processblock 33, generate unique onetime identification token, associate with user and save in UT database. This process block generates a unique onetime identification token identifying this single transaction, associates the unique onetime identification token with the user (local/mobile computing device) and saves the information in local UT database 306 (FIG. 3 ). This database is resident onfirst network website 14. After the unique onetime identification token and the associated user is saved inlocal UT database 306, control falls through to processingblock 25, generate electronic instruction. This process block sendssignal 26, unique onetime identification token and electronic instruction, to processingblock 56, generate set of specified distinctive IDs, and sends signal 102, unique onetime identification token to processingblock 34, save unique onetime identification token in transaction ID database (FIG. 5 ). Processingblock 56 receives electronic instruction which specifies which distinctive IDs to gather. - These IDs may consist of serial numbers or other IDs such as MAC addresses of hardware components/modules and/or serial numbers of software modules residing in local/
mobile computing device 12. These IDs are then hashed into hexadecimal numbers that resemble random numbers. After the specified distinctive IDs have been gathered, they are appended with the unique onetime identification token and sent assignal 60, specified distinctive IDs and unique onetime identification token, todecision processing block 62, unique onetime identification token in unique transaction ID database?. -
Decision processing block 62, unique onetime identification token in transaction ID database?, attempts to match the received unique onetime identification token in the unique transaction ID local database 408 (FIG. 5 ). If the match is not made, control falls through todetermination processing block 64, NO, else control is transferred todetermination processing block 66, YES. - If control fell through to
determination processing block 64, NO, signal 78, access denied, unique onetime identification token, is send toprocessing block 48, mark unique onetime identification token not valid in UT Database. Afterprocess block 48 marks the unique onetime identification token invalid in UT database 306 (FIG. 4 ) after whichprocessing block 48 sendssignal 78, access denied, to processingblock 80, stop session, residing in local/mobile computing device, 12.Process block 80, denies the user's local/mobile computing device from gaining access tofirst network website 14. - If control was transferred to
determination processing block 66, YES, control will fall through todecision processing block 68, validate received set of specific distinctive IDs. Processingblock 68 attempts to match the received specified distinct IDs received insignal 60, to a set of specified distinct IDs resident inlocal validation database 406. If the match is not made, control falls through todetermination processing block 72, NO, else control is transferred todetermination processing block 74, YES. - If control fell through to
determination processing block 72, signal 78, access denied, unique onetime identification token, is sent toprocessing block 48, mark unique onetime identification token not valid in UT database, Afterprocess block 48 marks the unique onetime identification token invalid in UT database 306 (FIG. 4 ) after whichprocessing block 48 sendssignal 78, access denied, to processingblock 80, stop session, residing in local/mobile computing device, 12.Process block 80, denies the user's local/mobile computing device from gaining access tofirst network website 14. - If control fell through to
determination processing block 74, YES, signal 94, access granted and unique onetime identification token, is sent todecision processing block 82, unique onetime identification token in UT database?. Processingblock 82 attempts to match the received unique onetime identification token to one in the local UT database. - If a match is made, control is transferred to
determination processing block 88, YES. If a match is not made, control falls through todetermination processing block 84, NO. - If control fell through to
determination processing block 84, signal 86, access denied, is send toprocessing block 80, stop session, residing in local/mobile computing device 12.Process block 80, denies the user's local/mobile computing device from gaining access tofirst network website 14. - If control was transferred to
determination processing block 88, YES, access granted, is send toprocessing block 92, continue session. Processingblock 92 will permit the logon process in user's local/mobile computing device 12 to continue. - Now referencing
FIG. 2 where 20 is a depiction of the invention illustrating local/mobile computing device 12,first network website 14, andsecondary network website 16. This depiction shows the invention where the unique transaction ID is only valid for a period of time. This time period is used to prevent a man in the middle attack from succeeding dur to the additional time a MiTM attack requires to capture an original request, alter the request and to send the modified request on to thesecondary network website 12. Note that in this depiction,secondary network website 16 contains a timing loop consisting of process blocks 36 through 44 which, if the time expiration value expires, the unique transaction ID is marked as invalid in thetransaction ID database 408 resident in secondary network website thus preventing any validation of the set of specified distinctive IDs from being validated. - In this depiction, processing begins with
process block 18, send account access request, assignal 20, account access request, to processblock 33, generate unique onetime identification token, associate with user and save in UT database. This process block generates the unique onetime identification token which identifies this single transaction, associates the unique onetime identification token with the user (local/mobile computing device) and saves the information in a local database, UT database, 306, of unique onetime identification tokens and users. This database is resident onfirst network website 14. After the unique onetime identification token and the associated user is saved in UT database, control falls through to processing block 24, assign time expiration vale. - This processing block assigns a time expiration value to the unique onetime identification token. This time expiration value is the amount of time the unique transaction ID is valid, after which, the unique transaction ID and the time expiration value is sent as
signal 102, unique onetime identification token, time expiration value to processingblock 34 save unique transaction ID in transaction ID database, after which control falls through to processingblock 36 start timer for unique transaction ID. - Process blocks 38 through 44 form a timing loop which determines when the time expiration value has expired.
Decision processing block 38, timer expired?, determines if the timer value assigned to timer inprocess block 38, start timer for unique onetime identification token, has expired. Afterprocess block 38 makes the decision, control will fall through todetermination processing block 40, NO. If the timer has not expired, control will be transferred todecision processing block 38, timer expired?. If the timer has expired, control will fall through todetermination processing block 42, YES, after which control will fall through to processblock 44, mark unique transaction ID in transaction ID database as invalid. - This process block will mark the unique onetime identification token contained in the unique transaction ID local database (408
FIG. 5 ) insecondary network website 16 as invalid then sendssignal 78, access denied, unique transaction ID, to processblock 48 infirst network website 14. Process block, 48, mark unique transaction ID not valid in UT database. This process block marks the unique onetime identification token in UT database (306FIG. 4 ) residing in first network website, as not valid after which control will fall through to processblock 50, send access denied to user.Process block 50 sendssignal 52, access denied, to processblock 80, stop session, residing in local/mobile computing device 12.Process block 80, denies the user's local/mobile computing device from gaining access tofirst network website 14. - After process block 24, assign timer expiration value, sends
signal 102, unique onetime identification token, time expiration value, control will fall through to processblock 25, generate electronic instruction. This process block sendssignal 26, unique onetime identification token and electronic instruction, to processingblock 56, generate set of specified distinctive IDs. Processingblock 56 receives electronic instruction specifying which distinctive IDs to gather. These IDs may consist of serial numbers or other IDs such as MAC addresses of hardware components/modules and/or serial numbers of software modules residing in said local/mobile computing device 12. These IDs are then each hashed into a hexadecimal number that appears to be a random number. After the specified distinctive IDs have been gathered, they are appended with the unique onetime identification token and sent assignal 60, specified distinctive IDs and unique onetime identification token todecision processing block 62, unique onetime identification token in unique transaction ID database?. -
Decision processing block 62, unique onetime identification token in database? attempts to match the received unique onetime identification token insignal 60 to one of unique onetime identification tokens contained in the transaction ID database (408FIG. 5 ) residing insecondary network website 16. If the match is made, control transfers through todetermination processing block 66, YES, else control is falls through todetermination processing block 64, NO. - If control fell through to
determination processing block 64, NO, signal 78, access denied, unique onetime identification token, is send toprocessing block 48, mark unique onetime identification token not valid in UT database (306FIG. 4 ). This process block marks the current unique onetime identification token contained in UT database as not valid after which control falls through to processblock 50, send access denied to user. This process block sendssignal 52, access denied, to processblock 80, stop session, residing in local/mobile computing device 12.Process block 80, denies the user's local/mobile computing device from gaining access tofirst network website 14. - If control was transferred to
determination processing block 66, YES, control will fall through todecision processing block 68, validate received set of specific distinctive IDs. Processingblock 68 attempts to match the received specified distinct IDs received insignal 60, to a set of specified distinct IDs resident inlocal validation database 406. If the match is not made, control falls through todetermination processing block 72, NO, else control is transferred todetermination processing block 74, YES. - If control fell through to
determination processing block 72, signal 78, access denied unique transaction ID, is sent toprocessing block 48, mark unique onetime identification token not valid in UT database (306FIG. 4 ). If control fell through todetermination processing block 74, YES, signal 94, access granted, unique onetime identification token, is sent todecision processing block 82, unique onetime identification token in UT database?. Processingblock 82 attempts to match the received unique onetime identification token to one in the local UT database. - If a match is made, control is transferred to
determination processing block 88, YES. If a match is not made, control falls through todetermination processing block 84, NO. - If control fell through to
determination processing block 84, NO, signal 86, access denied, is send toprocessing block 80, stop session, residing in local/mobile computing device 12 after which control is transferred to processblock 89, mark unique onetime identification token not valid in UT database.Process block 80, denies the user's local/mobile computing device from gaining access tofirst network website 14. - If control was transferred to
determination processing block 88, YES, access granted, is send toprocessing block 92, continue session after which control falls through to processblock 89, mark unique onetime identification token not valid in UT database. Processingblock 92 will permit the logon process in user's local/mobile computing device 12 to continue. - Now referencing
FIG. 3 where 200 is a depiction of the major components of local/mobile computing device 12. Local/mobile computing device 12 is a cellular phone, tablet computer, laptop computer, or desktop computer. These types of computing devices are well known in the art. These devices generally have hardware modules such as Bluetooth chip sets, Wifi chip sets, USB hubs and ports, processors, audio chip sets, and other hardware modules. Each of these hardware modules have unique serial numbers as well as MAC addresses for any of the modules with radio interfaces or serial interfaces. Software modules executing on these devices also have serial numbers. - Local/mobile computing device receives
signal 26 unique onetime identification token and an electronic instruction fromfirst network website 14. Electronic instruction contains a coded instruction that defines which hardware and/or software identifiers are to be gathered and hashed. Unique onetime identification token is appended or joined to the hashed specified distinctive identifiers and sent, assignal 60, to secondary network website. Local/mobile computing device 12 then waits at processingblock 80, stop session, andprocessing block 92, continue session, for either access deniedsignal 78 received byprocess block 80, stop session, or signal 90, access granted, received by processingblock 92, continue session, after which local/mobile computing device will be granted access to first network website. - Now referencing
FIG. 4 where 300 is a depiction of the major components offirst network website 14. In this depiction, 14 is a network connected server computer. This type of computing devices is well known in the art. First network website consists of acomputer processor 302, amemory storage device 304,UT database 306, andfirst software program 308.Memory storage device 304 may consist of a combination of random access memory and larger storage devices such as hard disk drives and/or solid state drives. -
First software program 308 resides in saidmemory storage device 304.First software program 308 is executed bycomputer processor 302 and controls the logon process when local/mobile computing device 12 attempts to logon tofirst network website 14. Whenfirst network website 14 receives a logonaccount access request 20 from local/mobile computing device 12,first network website 14 generates a unique onetime identification token and saves it in UT database along with an optional time expiration value. First network website then generates an electronic instruction that, along with unique onetime identification token, is sent to local/mobile computing device 12. First network website then sends signal 102, unique onetime identification token, tosecondary network website 16. Optional time expiration value may also be sent to secondary network website at the same time as an optional value insignal 102. If saidfirst network website 14 receives an access deniedsignal 78 fromsecondary network website 16, it will mark the associated unique onetime identification token residing in UT database as not valid. Iffirst network website 14 receives an access granted, signal 94, fromsecondary network website 16,first network website 14 will check to see if the associated unique transaction ID is in UT database and if it is and is marked not valid,first network website 14 will send signal 52 access denied to local/mobile computing device 12. This check ensures that a second request to saidsecondary website 16 by a man-in-the-middle will be denied. If saidfirst network website 14 receives an access granted from saidsecondary network website 16, saidfirst network website 14 will check to see if the associated unique onetime identification token is currently marked as valid inUT database 306 and if it is not marked invalid,first network website 14 will send signal 90 access granted to local/mobile computing device 12. - Now referencing
FIG. 5 where 400 is a depiction of the major components ofsecondary network website 16.Secondary network website 16 consists of acomputer processor 402, amemory storage device 404,validation database 406 andtransaction ID database 408.Memory storage device 404 may consist of a combination of random access memory and larger storage devices such as hard disk drives and/or solid state drives. Whensecondary network website 16 receives signal 102 unique onetime identification token, saidsecondary website 16 will save unique transaction ID intransaction ID database 408. Ifsecondary network website 16 also receives optional time expiration value with unique onetime identification token, it will start a timer with the time expiration value after unique onetime identification token has been saved intransaction ID database 408. Once the timer associated with unique onetime identification token has been started, a timing loop ranging fromprocess block 36 to processing block 44 (FIG. 1 ) will monitor the timer for expiration. If the timer expires beforesecondary network website 16 receivessignal 60 specified distinct IDs and unique onetime identification token,secondary network website 16 will mark unique onetime identification token received insignal 60, intransaction ID database 408 and will send signal 78 access denied, associated unique transaction ID, tofirst network website 14. - Once
secondary website 16 receivessignal 60 specified distinct IDs and unique onetime identification token,secondary network website 16 will first check to verify that unique onetime identification token, received insignal 102, is intransaction ID database 408 and if it is not or has been marked as invalid,secondary network website 16 will send signal 78 access denied, unique onetime identification token tofirst network website 14. If unique onetime identification token is found in transaction ID database, control falls through to processblock 68, validate set of specified distinct IDs received insignal 60. This process block will attempt to match the set of specified distinct IDs insignal 60, specified distinct IDs, unique onetime identification token, againstvalidation database 406. If received set of specified distinct IDs is not matched against any sets of specified distinct IDs invalidation database 406, secondary network website sendssignal 78, access denied, unique onetime identification token, tofirst network website 14. If received set of specified distinct IDs is matched against any sets of specified distinct IDs invalidation database 406, secondary network website sendssignal 94, access granted, unique onetime identification token, tofirst network website 14 after which control falls through to processblock 75, mark unique onetime identification token in transaction ID database as invalid.
Claims (7)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/860,452 US20200402046A1 (en) | 2010-11-17 | 2018-01-02 | Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website |
US17/303,929 US20210295327A1 (en) | 2010-11-17 | 2021-06-10 | Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US41467910P | 2010-11-17 | 2010-11-17 | |
US201562134980P | 2015-03-18 | 2015-03-18 | |
US14/693,707 US20160277412A1 (en) | 2010-11-17 | 2015-04-22 | Methodology for identifying local/mobile client computing devices using a network based database containing records of hashed distinctive hardware, software, and user provided biometric makers for authorization of electronic transactions and right of entry to secure locations |
US15/860,452 US20200402046A1 (en) | 2010-11-17 | 2018-01-02 | Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/693,707 Continuation US20160277412A1 (en) | 2010-11-17 | 2015-04-22 | Methodology for identifying local/mobile client computing devices using a network based database containing records of hashed distinctive hardware, software, and user provided biometric makers for authorization of electronic transactions and right of entry to secure locations |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/303,929 Continuation US20210295327A1 (en) | 2010-11-17 | 2021-06-10 | Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website |
Publications (1)
Publication Number | Publication Date |
---|---|
US20200402046A1 true US20200402046A1 (en) | 2020-12-24 |
Family
ID=56924021
Family Applications (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/693,707 Abandoned US20160277412A1 (en) | 2010-11-17 | 2015-04-22 | Methodology for identifying local/mobile client computing devices using a network based database containing records of hashed distinctive hardware, software, and user provided biometric makers for authorization of electronic transactions and right of entry to secure locations |
US14/717,352 Active US9691067B2 (en) | 2010-11-17 | 2015-05-20 | Validation database resident on a network server and containing specified distinctive identifiers of local/mobile computing devices may be used as a digital hardware key in the process of gaining authorized access to a users online website account such as, but not limited to, e-commerce website account, online financial accounts and online email accounts |
US15/082,689 Abandoned US20160283938A1 (en) | 2010-11-17 | 2016-03-28 | Validating card not present financial transactions made over the Internet with e-Commerce websites using specified distinctive identifiers of local/mobile computing devices involved in the transactions |
US15/082,727 Abandoned US20160283940A1 (en) | 2010-11-17 | 2016-03-28 | Validating card present financial transactions made via a point of sale terminal (POS) or an Automated Teller Machine (ATM) using specified distinctive identifiers of local/mobile computing devices involved in the transaction |
US15/860,452 Abandoned US20200402046A1 (en) | 2010-11-17 | 2018-01-02 | Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website |
US17/303,929 Pending US20210295327A1 (en) | 2010-11-17 | 2021-06-10 | Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website |
Family Applications Before (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/693,707 Abandoned US20160277412A1 (en) | 2010-11-17 | 2015-04-22 | Methodology for identifying local/mobile client computing devices using a network based database containing records of hashed distinctive hardware, software, and user provided biometric makers for authorization of electronic transactions and right of entry to secure locations |
US14/717,352 Active US9691067B2 (en) | 2010-11-17 | 2015-05-20 | Validation database resident on a network server and containing specified distinctive identifiers of local/mobile computing devices may be used as a digital hardware key in the process of gaining authorized access to a users online website account such as, but not limited to, e-commerce website account, online financial accounts and online email accounts |
US15/082,689 Abandoned US20160283938A1 (en) | 2010-11-17 | 2016-03-28 | Validating card not present financial transactions made over the Internet with e-Commerce websites using specified distinctive identifiers of local/mobile computing devices involved in the transactions |
US15/082,727 Abandoned US20160283940A1 (en) | 2010-11-17 | 2016-03-28 | Validating card present financial transactions made via a point of sale terminal (POS) or an Automated Teller Machine (ATM) using specified distinctive identifiers of local/mobile computing devices involved in the transaction |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/303,929 Pending US20210295327A1 (en) | 2010-11-17 | 2021-06-10 | Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website |
Country Status (1)
Country | Link |
---|---|
US (6) | US20160277412A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4123534A1 (en) * | 2021-07-21 | 2023-01-25 | eBay, Inc. | Transaction security techniques |
US20230138839A1 (en) * | 2021-11-02 | 2023-05-04 | Shanghai Zhaoxin Semiconductor Co., Ltd. | Bridging module, data transmission system, and data transmission method |
US11960427B2 (en) * | 2021-11-02 | 2024-04-16 | Shanghai Zhaoxin Semiconductor Co., Ltd. | Bridging module, data transmission system, and data transmission method |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10354082B2 (en) | 2014-09-06 | 2019-07-16 | Airwatch Llc | Document state interface |
US20160070431A1 (en) * | 2014-09-06 | 2016-03-10 | Airwatch Llc | Sync based on navigation history |
WO2016117354A1 (en) * | 2015-01-19 | 2016-07-28 | ソニー株式会社 | Information processing device, method and program |
KR101792862B1 (en) * | 2015-12-23 | 2017-11-20 | 주식회사 케이티 | Authentication apparatus based on biometric information, control server, and login method based on biometric information thereof |
US11341502B1 (en) | 2016-04-04 | 2022-05-24 | Wells Fargo Bank, N.A. | Systems and methods for completing transactions via lockboxes |
US11348076B1 (en) | 2016-04-04 | 2022-05-31 | Wells Fargo Bank, N.A. | Systems and methods for completing transactions via lockable boxes |
CN108122108A (en) * | 2016-11-30 | 2018-06-05 | 株式会社日立制作所 | Mobile device authentication system and mobile equipment authentication method |
US10936565B2 (en) | 2016-12-21 | 2021-03-02 | Mastercard International Incorporated | Systems and methods for accessing a subscriber-based source |
CN107333151B (en) * | 2017-06-30 | 2019-07-09 | 武汉斗鱼网络科技有限公司 | A kind of video flowing address method for authenticating and device |
TWI650723B (en) * | 2017-10-30 | 2019-02-11 | 天逸財金科技服務股份有限公司 | Asset certificate authorization query method and system |
CN107944250B (en) * | 2017-11-28 | 2021-04-13 | 艾体威尔电子技术(北京)有限公司 | Key acquisition method applied to POS machine |
CN108460167A (en) * | 2018-05-10 | 2018-08-28 | 东莞市波动赢机器人科技有限公司 | Transaction machine people's finance data preparation method and device |
US20200184475A1 (en) * | 2018-12-07 | 2020-06-11 | Mastercard International Incorporated | Data aggregation services for payment cards |
US11410194B1 (en) | 2019-10-18 | 2022-08-09 | Wells Fargo Bank, N.A. | Systems and methods for linking ATM to retailer transaction to preserve anonymity |
US11853933B1 (en) | 2020-07-29 | 2023-12-26 | Wells Fargo Bank, N.A. | Systems and methods for an interactive customer interface utilizing customer device context |
TR202015804A2 (en) * | 2020-10-05 | 2021-01-21 | Tuerkiye Garanti Bankasi Anonim Sirketi | A VIRTUAL POS MANAGEMENT SYSTEM |
CN116669888A (en) | 2020-11-09 | 2023-08-29 | 里德尔代码有限公司 | Method for suspending protection of an object by a protection device |
CN112787994B (en) * | 2020-12-25 | 2021-11-05 | 北京深思数盾科技股份有限公司 | Method, device and equipment for processing equipment ID of electronic equipment and storage medium |
US11861004B2 (en) * | 2021-07-30 | 2024-01-02 | Charter Communications Operating, Llc | Software distribution compromise detection |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110296509A1 (en) * | 2010-05-27 | 2011-12-01 | Alexander Todorov | Securing passwords with captcha based hash when used over the web |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6735694B1 (en) * | 1997-11-21 | 2004-05-11 | International Business Machines Corporation | Method and system for certifying authenticity of a web page copy |
US20030088512A1 (en) * | 1999-12-28 | 2003-05-08 | On Hoter-Ishay | Computer methods and systems for payment applications |
EP1154609A1 (en) * | 2000-05-08 | 2001-11-14 | TELEFONAKTIEBOLAGET LM ERICSSON (publ) | Method for the authorization of transactions |
US7395428B2 (en) * | 2003-07-01 | 2008-07-01 | Microsoft Corporation | Delegating certificate validation |
US20130227286A1 (en) * | 2006-04-25 | 2013-08-29 | Andre Jacques Brisson | Dynamic Identity Verification and Authentication, Dynamic Distributed Key Infrastructures, Dynamic Distributed Key Systems and Method for Identity Management, Authentication Servers, Data Security and Preventing Man-in-the-Middle Attacks, Side Channel Attacks, Botnet Attacks, and Credit Card and Financial Transaction Fraud, Mitigating Biometric False Positives and False Negatives, and Controlling Life of Accessible Data in the Cloud |
US8893967B2 (en) * | 2009-05-15 | 2014-11-25 | Visa International Service Association | Secure Communication of payment information to merchants using a verification token |
WO2011112752A1 (en) * | 2010-03-09 | 2011-09-15 | Alejandro Diaz Arceo | Electronic transaction techniques implemented over a computer network |
US9342832B2 (en) * | 2010-08-12 | 2016-05-17 | Visa International Service Association | Securing external systems with account token substitution |
US20120054491A1 (en) * | 2010-08-31 | 2012-03-01 | Peter John Tippett | Re-authentication in client-server communications |
US20120284195A1 (en) * | 2011-05-04 | 2012-11-08 | Mcmillen Glenn Curtiss | Method and system for secure user registration |
US9080890B2 (en) * | 2010-11-05 | 2015-07-14 | Modena Enterprises, Llc | Method and system for obtaining destination information from proximate devices based on time and heading information |
WO2013055952A2 (en) * | 2011-10-11 | 2013-04-18 | Huster Phyllis A | An electronic commerce system |
US20140297533A1 (en) * | 2011-11-13 | 2014-10-02 | Millind Mittal | System and method of electronic payment using payee provided transaction identification codes |
US9613352B1 (en) * | 2011-12-20 | 2017-04-04 | Nicolas LEOUTSARAKOS | Card-less payments and financial transactions |
US20140006781A1 (en) * | 2012-06-23 | 2014-01-02 | Pomian & Corella, Llc | Encapsulating the complexity of cryptographic authentication in black-boxes |
US10346838B2 (en) * | 2012-07-31 | 2019-07-09 | Worldpay, Llc | Systems and methods for distributed enhanced payment processing |
US20140068744A1 (en) * | 2012-09-06 | 2014-03-06 | Plantronics, Inc. | Surrogate Secure Pairing of Devices |
US10158491B2 (en) * | 2013-04-08 | 2018-12-18 | Antonio Salvatore Piero Vittorio Bonsignore | Qualified electronic signature system, method and mobile processing terminal for qualified electronic signature |
US20140337235A1 (en) * | 2013-05-08 | 2014-11-13 | The Toronto-Dominion Bank | Person-to-person electronic payment processing |
US10878422B2 (en) * | 2013-06-17 | 2020-12-29 | Visa International Service Association | System and method using merchant token |
GB2520489A (en) * | 2013-11-20 | 2015-05-27 | Ibm | Deletion of content in digital storage systems |
US20150269559A1 (en) * | 2014-03-24 | 2015-09-24 | Cellum Innovacios es Szolgaltato Zrt. | Systems and methods for a quick card |
US10091287B2 (en) * | 2014-04-08 | 2018-10-02 | Dropbox, Inc. | Determining presence in an application accessing shared and synchronized content |
US9769167B2 (en) * | 2014-06-18 | 2017-09-19 | Ca, Inc. | Authentication and authorization using device-based validation |
-
2015
- 2015-04-22 US US14/693,707 patent/US20160277412A1/en not_active Abandoned
- 2015-05-20 US US14/717,352 patent/US9691067B2/en active Active
-
2016
- 2016-03-28 US US15/082,689 patent/US20160283938A1/en not_active Abandoned
- 2016-03-28 US US15/082,727 patent/US20160283940A1/en not_active Abandoned
-
2018
- 2018-01-02 US US15/860,452 patent/US20200402046A1/en not_active Abandoned
-
2021
- 2021-06-10 US US17/303,929 patent/US20210295327A1/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110296509A1 (en) * | 2010-05-27 | 2011-12-01 | Alexander Todorov | Securing passwords with captcha based hash when used over the web |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4123534A1 (en) * | 2021-07-21 | 2023-01-25 | eBay, Inc. | Transaction security techniques |
US20230138839A1 (en) * | 2021-11-02 | 2023-05-04 | Shanghai Zhaoxin Semiconductor Co., Ltd. | Bridging module, data transmission system, and data transmission method |
US11960427B2 (en) * | 2021-11-02 | 2024-04-16 | Shanghai Zhaoxin Semiconductor Co., Ltd. | Bridging module, data transmission system, and data transmission method |
Also Published As
Publication number | Publication date |
---|---|
US20160283938A1 (en) | 2016-09-29 |
US9691067B2 (en) | 2017-06-27 |
US20210295327A1 (en) | 2021-09-23 |
US20160283940A1 (en) | 2016-09-29 |
US20160277382A1 (en) | 2016-09-22 |
US20160277412A1 (en) | 2016-09-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210295327A1 (en) | Unique transaction identifier, which may also include a time expiration value, is assigned by a first network website to an electronic instruction to collect specified distinctive identifiers from a local/mobile computing device seeking access to said first network website | |
US9166966B2 (en) | Apparatus and method for handling transaction tokens | |
US8572689B2 (en) | Apparatus and method for making access decision using exceptions | |
US8572686B2 (en) | Method and apparatus for object transaction session validation | |
US10476895B2 (en) | Intrusion detection and response system | |
US8726339B2 (en) | Method and apparatus for emergency session validation | |
US8572714B2 (en) | Apparatus and method for determining subject assurance level | |
US8752123B2 (en) | Apparatus and method for performing data tokenization | |
US8752124B2 (en) | Apparatus and method for performing real-time authentication using subject token combinations | |
US8806602B2 (en) | Apparatus and method for performing end-to-end encryption | |
US20080134314A1 (en) | Automated security privilege setting for remote system users | |
KR101451359B1 (en) | User account recovery | |
US11477190B2 (en) | Dynamic user ID | |
US8572690B2 (en) | Apparatus and method for performing session validation to access confidential resources | |
CN104202338A (en) | Secure access method applicable to enterprise-level mobile applications | |
US8752157B2 (en) | Method and apparatus for third party session validation | |
US8572724B2 (en) | Method and apparatus for network session validation | |
KR20240023589A (en) | Cross authentication method and system between online service server and client | |
WO2018036221A1 (en) | Wireless network security verification device, method thereof, and router | |
US8584202B2 (en) | Apparatus and method for determining environment integrity levels | |
US11177958B2 (en) | Protection of authentication tokens | |
US8572688B2 (en) | Method and apparatus for session validation to access third party resources | |
US8584201B2 (en) | Method and apparatus for session validation to access from uncontrolled devices | |
US8726340B2 (en) | Apparatus and method for expert decisioning | |
US8601541B2 (en) | Method and apparatus for session validation to access mainframe resources |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |