WO2015084816A1 - Multi-factor authentication system and method - Google Patents

Multi-factor authentication system and method Download PDF

Info

Publication number
WO2015084816A1
WO2015084816A1 PCT/US2014/068109 US2014068109W WO2015084816A1 WO 2015084816 A1 WO2015084816 A1 WO 2015084816A1 US 2014068109 W US2014068109 W US 2014068109W WO 2015084816 A1 WO2015084816 A1 WO 2015084816A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
authentication data
subsequent authentication
subsequent
machine
Prior art date
Application number
PCT/US2014/068109
Other languages
French (fr)
Inventor
Oliver Nicholas Cockcroft
Original Assignee
Ebay Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ebay Inc. filed Critical Ebay Inc.
Priority to CN201480072546.6A priority Critical patent/CN106063187A/en
Priority to KR1020167017755A priority patent/KR101859306B1/en
Priority to CA2932107A priority patent/CA2932107C/en
Priority to EP14868471.5A priority patent/EP3078160A4/en
Priority to AU2014357362A priority patent/AU2014357362A1/en
Publication of WO2015084816A1 publication Critical patent/WO2015084816A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3272Short range or proximity payments by means of M-devices using an audio code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Definitions

  • the present application relates generally to the technical field of data processing, and, in various embodiments, to systems and methods of multi- factor authentication.
  • FIGS. 1A-1C illustrate a multi- factor authentication system, in accordance with some embodiments
  • FIGS. 2A-2C illustrate the exchange of data between a mobile device and an interface component of a point of sale (POS) terminal, in accordance with some embodiments
  • FIGS. 3A-3B illustrate generation of subsequent authentication data in a multi-factor authentication system, in accordance with some embodiments
  • FIG. 4 is a flowchart illustrating a method of multi-factor authentication, in accordance with some embodiments.
  • FIG. 5 is a flowchart illustrating a method of generating subsequent authentication data, in accordance with some embodiments.
  • FIG. 6 is a flowchart illustrating another method of generating subsequent authentication data, in accordance with some embodiments.
  • FIG. 7 shows a diagrammatic representation of a machine in the example form of a computer system within which a set of instructions may be executed to cause the machine to perform any one or more of the methodologies discussed herein, in accordance with some embodiments.
  • the present disclosure describes systems and methods of multi- factor authentication.
  • the multi-factor authentication features disclosed herein are used in mobile payment processes to enable secure authenticated authorization of a payment for a transaction.
  • a mobile device can be used as a digital wallet.
  • a mobile application on the mobile device can be used to employ the digital wallet functionality.
  • the digital wallet can manage payment account information, including, but not limited to, credit card numbers, debit card numbers, other financial institution payment account information, expiration dates, security codes, shipping addresses, and billing addresses.
  • a user can use the digital wallet on his or her device to provide authentication data to a device of the merchant, such as an interface component of a POS terminal.
  • This authentication data can then be used by the device of the merchant to initiate and verify payment using a secure payment server.
  • the device of the merchant can provide the authentication data to the device of the user, which may then use the authentication data to initiate and verify payment using a secure payment server. It is contemplated that the features of the present disclosure can be applied to other forms of mobile payment as well.
  • the features of the present disclosure add one or more subsequent layers of authentication to the mobile payment process by having a single device provide initial authentication data, and then subsequent authentication data different from the initial authentication data.
  • a first device provides an initial authentication data to a second device.
  • the second device is different from the first device.
  • the first device obtains a first response data from the second device.
  • the first device then generates a first subsequent authentication data using the first response data.
  • the first subsequent authentication data is different from the initial authentication data.
  • the first device provides the first subsequent authentication data to the second device.
  • the first subsequent authentication data is provided during an authorization process for a transaction.
  • the first device is a mobile device.
  • obtaining the first response data comprises capturing the first response data from the second device using a camera on the mobile device, the first response data being displayed on the second device.
  • the second device is an interface component of a POS terminal.
  • the first subsequent authentication data comprises image-based data.
  • the image-based data comprises a bar code.
  • the first subsequent authentication data comprises audio-based data.
  • the first subsequent authentication data is generated using at least one of facial recognition data, fingerprint recognition data, and voice recognition data.
  • the first device obtains a second response data from the second device, and generates a second subsequent authentication data using the second response data.
  • the second subsequent authentication data is different from the initial authentication data and the first subsequent authentication data.
  • the first device then provides the second subsequent authentication data to the second device.
  • the first subsequent authentication data is generated by the first device using an algorithm stored on the first device. In some embodiments, generating the first subsequent authentication data comprises transmitting an authentication data request to a third device, the third device being different from the first device and the second device, and then receiving the first subsequent authentication data from the third device.
  • the methods or embodiments disclosed herein may be implemented as a computer system having one or more modules (e.g., hardware modules or software modules). Such modules may be executed by one or more processors of the computer system.
  • the methods or embodiments disclosed herein may be embodied as instructions stored on a machine-readable medium that, when executed by one or more processors, cause the one or more processors to perform the instructions.
  • FIGS. 1A-1C illustrate a multi- factor authentication system 100, in accordance with some embodiments.
  • multi- factor authentication system 100 comprises a first device 1 10.
  • First device 1 10 is any computing device capable of receiving and providing data.
  • First device 1 10 comprises a memory and at least one processor (not shown).
  • first device 1 10 comprises a mobile device. Examples of a mobile device include, but are not limited to, smartphones and tablet computers. Other types of mobile devices are also within the scope of the present disclosure.
  • First device 1 10 is used by a user to interact with a second device
  • Second device 120 in order to complete a purchase of a product or a service.
  • Second device 120 comprises a memory and at least one processor (not shown), and may be any computing device capable of receiving and providing data. In some
  • second device 120 comprises an interface component of a POS terminal.
  • the user may be attempting to purchase a cup of coffee at a POS terminal in a coffee shop.
  • the first device 110 and the second device 120 exchange data to authenticate the transaction during an authorization process for the transaction.
  • first device 1 10 comprises a multi-factor authentication module 1 15.
  • multi-factor authentication module 1 15 is part of a mobile application installed on the first device 1 10 and is executable by a processor. As seen in FIG. 1A, multi-factor authentication module 1 15 can be configured to provide an initial authentication data to second device 120. Responsive or otherwise subsequent to obtaining the initial authentication data from first device 1 10, second device 120 provides response data to first device 1 10, as seen in FIG. IB. Responsive or otherwise subsequent to obtaining the first response data from second device 120, multi-factor authentication module 1 15 generates a subsequent authentication data using the first response data, and then provide the subsequent authentication data to second device 120, as seen in FIG. 1C. The first subsequent authentication data is different from the initial authentication data.
  • the back and forth exchange of authentication data and response data between first device 1 10 and second device 120 can be repeated multiple times so that as many layers of authentication that are desired can be added. In this fashion, different subsequent authentication data can be generated and provided multiple times before the purchase is actually authorized and completed.
  • the initial authentication data, the response data, and the subsequent authentication data can be provided in a variety of different forms.
  • the initial authentication data, the response data, and the subsequent authentication data comprises image-based data.
  • image-based data One example of image-based data that can be used is a barcode.
  • multi-factor authentication module 1 15 can be configured to generate and provide Quick Response (QR) codes as authentication data. It is contemplated that other types of image-based data are also within the scope of the present disclosure.
  • QR Quick Response
  • FIGS. 2A-2C illustrate the exchange of data between a mobile device 210 and an interface device 220 of a POS terminal, in accordance with some embodiments.
  • mobile device 210 can be first device 1 10 of FIG. 1 and comprise multi-factor authentication module 1 15, and interface device 220 can be second device 120 of FIG. 1.
  • interface device 220 can be second device 120 of FIG. 1.
  • mobile device 210 can display image-based initial authentication data 214 on a display screen 212.
  • image-based initial authentication data 214 can comprise a barcode.
  • authentication data 214 are also within the scope of the present disclosure.
  • interface device 220 can obtain image-based initial authentication data 214 by capturing it via a scanner (not shown).
  • interface device 220 in response or otherwise subsequent to interface device 220 obtaining image-based initial authentication data 214, interface device 220 can display image-based response data 224 on a display screen 222.
  • image-based response data 224 can comprise a barcode.
  • mobile device 210 can obtain image-based response data 224 by capturing it via a built-in camera component 230.
  • mobile device 210 in response or otherwise subsequent to mobile device 210 obtaining image-based response data 224, can display image-based subsequent authentication data 218 on display screen 212.
  • image-based subsequent authentication data 218 can comprise a barcode.
  • other forms of image- based subsequent authentication data 218 are also within the scope of the present disclosure.
  • audio- based initial authentication data, audio-based response data, and audio-based subsequent authentication data can be used during the authentication process.
  • mobile device 210 can provide audio-based initial authentication data and audio-based subsequent authentication data via a built-in speaker 216
  • interface device 220 can provide audio-based response data via a built-in speaker 226.
  • This audio-based data can comprise a uniquely identifiable sound that can be used by an algorithm employed by the counterpart device to provide another uniquely identifiable sound or to authenticate the transaction at issue.
  • initial authentication data, response data, and subsequent authentication data can be transmitted by one device to another device via wireless communication, such as near field communication. It is contemplated that other forms of data and transmitting data are also within the scope of the present disclosure.
  • mobile device 210 can provide the initial authentication data as a barcode displayed on display screen 212, interface device 220 can provide the response data in the form of uniquely identifiable audio via speaker 226, and then mobile device 210 can provide the subsequent authentication data as code via a near field communication transmission.
  • Other configurations are also within the scope of the present disclosure.
  • authentication data can be determined by an algorithm residing on the device directly involved in the transaction, such as first device 110 or second device 120 in FIG. 1 or mobile device 210 or interface device 220 in FIG. 2.
  • these devices can obtain the authentication data from an external independent device on which an algorithm that determines the authentication data resides, and then provide the authentication data to its counterpart device that is directly involved in the transaction.
  • the algorithm used to generate the authentication data can be unique and correspond to a key on the device (e.g., first device 1 10) that will be providing the authentication data to the other device (e.g., second device 120), or to a key registered or otherwise corresponding to an application on that device that will be providing the authentication data.
  • each device can have its own unique algorithm to generate and provide its own unique authentication data.
  • FIGS. 3A-3B illustrate the generation of subsequent
  • first device 1 10 can request authentication data from an external independent device, such as server 300.
  • Server 300 may comprise an algorithm configured to generate the subsequent authentication data discussed above.
  • the request sent from first device 1 10 to server 300 comprises the response data provided by second device 120 to first device 1 10.
  • Server 300 can then use the response data to generate the subsequent authentication data, which it can then provide to first device 1 10, as seen in FIG. 3B.
  • First device 1 10 can then provide the subsequent authentication data to second device 120, as previously discussed.
  • first device 1 10 and server 300 communicate with each other via the Internet. However, other modes and channels of communication are also within the scope of the present disclosure. [00036] FIG.
  • method 400 is a flowchart illustrating a method 400 of multi- factor authentication, in accordance with some embodiments.
  • the operations of method 400 may be performed by a system or modules of a system (e.g., system 100, first device 1 10, or multi- factor authentication module 1 15).
  • first device 110 provides initial authentication data to second device 120.
  • the initial authentication data can be provided in a variety of forms, including, but not limited to, visual data, audio data, and near field communication data.
  • first device 1 10 obtains response data from second device 120.
  • the response data can be obtained in a variety of ways, including, but not limited to capturing the response data via a built-in camera on the first device 1 10.
  • first device 1 10 generates subsequent authentication data. As previously discussed, in some embodiments, first device uses the response data to generate subsequent authentication data that is different from the initial authentication data.
  • first device 1 10 provides the subsequent authentication data to second device 120.
  • the subsequent authentication data can be provided in a variety of forms, including, but not limited to, visual data, audio data, and near field communication data.
  • the method 400 can repeat at operation 420, where first device 100 can obtain response data again from second device 420, and then generate and provide subsequent authentication data at operations 430 and 440, respectively. For each layer and cycle of authentication, unique subsequent authentication data can be generated and provided. If additional layers of authentication are not desired at operation 450, then method 400 may come to an end.
  • the authentication data discussed above can be generated by an algorithm residing on one of the devices (e.g., first device 1 10 or second device 120) directly involved in the transaction at issue, it is contemplated that, in some embodiments, another device that is external and independent of first device 1 10 and second device 120 can use an algorithm to determine the subsequent authentication data and provide it to one of the devices directly involved in the transaction at issue.
  • FIG. 5 is a flowchart illustrating a method 500 of generating subsequent authentication data, in accordance with some embodiments.
  • the operations of method 500 may be performed by a system or modules of a system (e.g., system 100, first device 110, or multi-factor authentication module 1 15).
  • first device 1 10 can transmit a request for authentication data to a third device, such as server 300 in FIGS. 3A-3B.
  • first device 1 10 can receive the subsequent authentication data generated the third device. It is contemplated that the operations of method 500 may incorporate any of the other features disclosed herein.
  • FIG. 6 is a flowchart illustrating another method 600 of generating subsequent authentication data, in accordance with some embodiments.
  • the operations of method 600 may be performed by a system or modules of a system (e.g., system 100, first device 1 10, or multi- factor authentication module 1 15).
  • response data is received.
  • additional data other than the response data is received.
  • this additional data comprises recognition- based data.
  • recognition-based data include, but are not limited to, facial recognition data, fingerprint recognition data, and voice recognition data.
  • the recognition data can be obtained using data capturing devices, including, but not limited to, cameras, touchscreens, and microphones.
  • a user attempting to purchase a product can apply his or her finger to the touchscreen of a smartphone, thereby enabling the smartphone to capture the user's fingerprint.
  • the additional data can include a key, token, or other identifier that is unique to and corresponds to the device (e.g., the user's smartphone) that is being used to pay for the product or service at issue.
  • the subsequent authentication data is generated and provided using the response data and the additional data.
  • the additional data is used by the algorithm that generates the subsequent authentication data in its generation of the subsequent authentication data.
  • the additional data is used to identify which algorithm to use to generate the subsequent authentication data, such as by determining that the additional data corresponds to a particular user or device, and then determining the algorithm that corresponds to that particular user or device.
  • multi-factor authentication module 1 15 and/or the algorithm used to generate the subsequent authentication data residing on first device 1 10
  • the multi- factor authentication module 1 15 and/or the algorithm for generating the subsequent authentication data can reside on other devices as well, such as second device 120 and server 300.
  • Modules may constitute either software modules (e.g., code embodied on a machine-readable medium or in a transmission signal) or hardware modules.
  • a hardware module is a tangible unit capable of performing certain operations and may be configured or arranged in a certain manner.
  • one or more computer systems e.g., a standalone, client, or server computer system
  • one or more hardware modules of a computer system e.g., a processor or a group of processors
  • software e.g., an application or application portion
  • a hardware module may be implemented mechanically or electronically.
  • a hardware module may comprise dedicated circuitry or logic that is permanently configured (e.g., as a special- purpose processor, such as a field programmable gate array (FPGA) or an application-specific integrated circuit (ASIC)) to perform certain operations.
  • a hardware module may also comprise programmable logic or circuitry (e.g., as encompassed within a general-purpose processor or other programmable processor) that is temporarily configured by software to perform certain operations. It will be appreciated that the decision to implement a hardware module mechanically, in dedicated and permanently configured circuitry, or in temporarily configured circuitry (e.g., configured by software) may be driven by cost and time considerations.
  • the term "hardware module” should be understood to encompass a tangible entity, be that an entity that is physically constructed, permanently configured (e.g., hardwired) or temporarily configured (e.g., programmed) to operate in a certain manner and/or to perform certain operations described herein.
  • hardware modules are temporarily configured (e.g., programmed)
  • each of the hardware modules need not be configured or instantiated at any one instance in time.
  • the hardware modules comprise a general-purpose processor configured using software
  • the general-purpose processor may be configured as respective different hardware modules at different times.
  • Software may accordingly configure a processor, for example, to constitute a particular hardware module at one instance of time and to constitute a different hardware module at a different instance of time.
  • Hardware modules can provide information to, and receive information from, other hardware modules. Accordingly, the described hardware modules may be regarded as being communicatively coupled. Where multiple of such hardware modules exist contemporaneously, communications may be achieved through signal transmission (e.g., over appropriate circuits and buses) that connect the hardware modules. In embodiments in which multiple hardware modules are configured or instantiated at different times, communications between such hardware modules may be achieved, for example, through the storage and retrieval of information in memory structures to which the multiple hardware modules have access. For example, one hardware module may perform an operation and store the output of that operation in a memory device to which it is communicatively coupled. A further hardware module may then, at a later time, access the memory device to retrieve and process the stored output. Hardware modules may also initiate communications with input or output devices and can operate on a resource (e.g., a collection of information).
  • a resource e.g., a collection of information
  • processors may be temporarily configured (e.g., by software) or permanently configured to perform the relevant operations. Whether temporarily or permanently configured, such processors may constitute processor-implemented modules that operate to perform one or more operations or functions.
  • the modules referred to herein may, in some example embodiments, comprise processor-implemented modules.
  • the methods described herein may be at least partially processor-implemented. For example, at least some of the operations of a method may be performed by one or more processors or processor- implemented modules. The performance of certain of the operations may be distributed among the one or more processors, not only residing within a single machine, but deployed across a number of machines. In some example embodiments, the processor or processors may be located in a single location (e.g., within a home environment, an office environment or as a server farm), while in other embodiments the processors may be distributed across a number of locations.
  • the one or more processors may also operate to support performance of the relevant operations in a "cloud computing" environment or as a “software as a service” (SaaS). For example, at least some of the operations may be performed by a group of computers (as examples of machines including processors), these operations being accessible via a network (e.g., the network 104 of FIG. 1) and via one or more appropriate interfaces (e.g., APIs).
  • SaaS software as a service
  • Example embodiments may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them.
  • Example embodiments may be implemented using a computer program product, e.g., a computer program tangibly embodied in an information carrier, e.g., in a machine-readable medium for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, a computer, or multiple computers.
  • a computer program can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, subroutine, or other unit suitable for use in a computing environment.
  • a computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
  • operations may be performed by one or more programmable processors executing a computer program to perform functions by operating on input data and generating output. Method operations can also be performed by, and apparatus of example embodiments may be implemented as, special purpose logic circuitry (e.g., a FPGA or an ASIC).
  • a computing system can include clients and servers.
  • a client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client- server relationship to each other.
  • both hardware and software architectures merit consideration. Specifically, it will be appreciated that the choice of whether to implement certain functionality in permanently configured hardware (e.g., an ASIC), in temporarily configured hardware (e.g., a combination of software and a programmable processor), or a combination of permanently and temporarily configured hardware may be a design choice.
  • hardware e.g., machine
  • software architectures that may be deployed, in various example embodiments.
  • FIG. 7 is a block diagram of a machine in the example form of a computer system 700 within which instructions for causing the machine to perform any one or more of the methodologies discussed herein may be executed.
  • the machine operates as a standalone device or may be connected (e.g., networked) to other machines.
  • the machine may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer- to-peer (or distributed) network environment.
  • the machine may be a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine.
  • PC personal computer
  • PDA Personal Digital Assistant
  • STB set-top box
  • WPA Personal Digital Assistant
  • a cellular telephone a web appliance
  • network router switch or bridge
  • machine any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine.
  • machine shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
  • the example computer system 700 includes a processor 702 (e.g., a central processing unit (CPU), a graphics processing unit (GPU) or both), a main memory 704 and a static memory 706, which communicate with each other via a bus 708.
  • the computer system 700 may further include a video display unit 710 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)).
  • the computer system 700 also includes an alphanumeric input device 712 (e.g., a keyboard), a user interface (UI) navigation (or cursor control) device 714 (e.g., a mouse), a disk drive unit 716, a signal generation device 718 (e.g., a speaker), and a network interface device 720.
  • an alphanumeric input device 712 e.g., a keyboard
  • UI user interface
  • cursor control device 714 e.g., a mouse
  • disk drive unit 716 e.g., a disk drive unit 716
  • signal generation device 718 e.g., a speaker
  • a network interface device 720 e.g., a network interface device
  • the disk drive unit 716 includes a machine-readable medium 722 on which is stored one or more sets of data structures and instructions 724 (e.g., software) embodying or utilized by any one or more of the methodologies or functions described herein.
  • the instructions 724 may also reside, completely or at least partially, within the main memory 704 and/or within the processor 702 during execution thereof by the computer system 700, the main memory 704 and the processor 702 also constituting machine-readable media.
  • the instructions 724 may also reside, completely or at least partially, within the static memory 706.
  • machine-readable medium 722 is shown in an example embodiment to be a single medium, the term “machine-readable medium” may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more instructions 724 or data structures.
  • the term “machine -readable medium” shall also be taken to include any tangible medium that is capable of storing, encoding or carrying instructions for execution by the machine and that cause the machine to perform any one or more of the methodologies of the present embodiments, or that is capable of storing, encoding or carrying data structures utilized by or associated with such instructions.
  • the term “machine-readable medium” shall accordingly be taken to include, but not be limited to, solid-state memories, and optical and magnetic media.
  • machine-readable media include non-volatile memory, including by way of example semiconductor memory devices (e.g., Erasable Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), and flash memory devices); magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and compact disc-read-only memory (CD-ROM) and digital versatile disc (or digital video disc) read-only memory (DVD-ROM) disks.
  • semiconductor memory devices e.g., Erasable Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), and flash memory devices
  • EPROM Erasable Programmable Read-Only Memory
  • EEPROM Electrically Erasable Programmable Read-Only Memory
  • flash memory devices e.g., Electrically Erasable Programmable Read-Only Memory (EEPROM), and flash memory devices
  • magnetic disks such as internal hard disks and removable disks
  • the instructions 724 may further be transmitted or received over a communications network 726 using a transmission medium.
  • the instructions 724 may be transmitted using the network interface device 720 and any one of a number of well-known transfer protocols (e.g., HTTP).
  • Examples of communication networks include a LAN, a WAN, the Internet, mobile telephone networks, POTS networks, and wireless data networks (e.g., WiFi and WiMax networks).
  • the term "transmission medium” shall be taken to include any intangible medium capable of storing, encoding, or carrying instructions for execution by the machine, and includes digital or analog communications signals or other intangible media to facilitate communication of such software.
  • inventive subject matter may be referred to herein, individually and/or collectively, by the term "invention" merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed.
  • inventive subject matter may be referred to herein, individually and/or collectively, by the term "invention" merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed.
  • inventive subject matter merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Collating Specific Patterns (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A system and method of multi-factor authentication are described. In some embodiments, a first device provides an initial authentication data to a second device. The second device is different from the first device. The first device obtains a first response data from the second device. The first device generates a first subsequent authentication data using the first response data. The first subsequent authentication data is different from the initial authentication data. The first device provides the first subsequent authentication data to the second device. In some embodiments, obtaining the first response data comprises capturing the first response data from the second device using a camera on the mobile device, where the first response data is displayed on the second device.

Description

MULTI-FACTOR AUTHENTICATION SYSTEM AND METHOD
CLAIM OF PRIORITY
[0001] This PCT application claims the benefit of priority to US patent application serial number 14/097, 100 filed December 4, 2013, the entire contents of which are hereby incorporated by reference herein in its entirety.
TECHNICAL FIELD
[0002] The present application relates generally to the technical field of data processing, and, in various embodiments, to systems and methods of multi- factor authentication.
BACKGROUND
[0003] Current techniques for authenticating users of devices are vulnerable to deception. As a result, the true owners of those devices and the accounts associated with them are susceptible to having transactions executed using their identity without their authorization.
BRIEF DESCRIPTION OF THE DRAWINGS
[0004] Some embodiments of the present disclosure are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like reference numbers indicate similar elements, and in which:
[0005] FIGS. 1A-1C illustrate a multi- factor authentication system, in accordance with some embodiments;
[0006] FIGS. 2A-2C illustrate the exchange of data between a mobile device and an interface component of a point of sale (POS) terminal, in accordance with some embodiments;
[0007] FIGS. 3A-3B illustrate generation of subsequent authentication data in a multi-factor authentication system, in accordance with some embodiments;
[0008] FIG. 4 is a flowchart illustrating a method of multi-factor authentication, in accordance with some embodiments;
[0009] FIG. 5 is a flowchart illustrating a method of generating subsequent authentication data, in accordance with some embodiments; [00010] FIG. 6 is a flowchart illustrating another method of generating subsequent authentication data, in accordance with some embodiments; and
[00011] FIG. 7 shows a diagrammatic representation of a machine in the example form of a computer system within which a set of instructions may be executed to cause the machine to perform any one or more of the methodologies discussed herein, in accordance with some embodiments.
DETAILED DESCRIPTION
[00012] The description that follows includes illustrative systems, methods, techniques, instruction sequences, and computing machine program products that embody illustrative embodiments. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide an understanding of various embodiments of the inventive subject matter. It will be evident, however, to those skilled in the art that embodiments of the inventive subject matter may be practiced without these specific details. In general, well-known instruction instances, protocols, structures, and techniques have not been shown in detail.
[00013] The present disclosure describes systems and methods of multi- factor authentication. In some embodiments, the multi-factor authentication features disclosed herein are used in mobile payment processes to enable secure authenticated authorization of a payment for a transaction. During a mobile payment process, a mobile device can be used as a digital wallet. A mobile application on the mobile device can be used to employ the digital wallet functionality. The digital wallet can manage payment account information, including, but not limited to, credit card numbers, debit card numbers, other financial institution payment account information, expiration dates, security codes, shipping addresses, and billing addresses. When purchasing an item from a merchant, a user can use the digital wallet on his or her device to provide authentication data to a device of the merchant, such as an interface component of a POS terminal. This authentication data can then be used by the device of the merchant to initiate and verify payment using a secure payment server. Alternatively, the device of the merchant can provide the authentication data to the device of the user, which may then use the authentication data to initiate and verify payment using a secure payment server. It is contemplated that the features of the present disclosure can be applied to other forms of mobile payment as well.
[00014] The features of the present disclosure add one or more subsequent layers of authentication to the mobile payment process by having a single device provide initial authentication data, and then subsequent authentication data different from the initial authentication data.
[00015] In some embodiments, a first device provides an initial authentication data to a second device. The second device is different from the first device. The first device obtains a first response data from the second device. The first device then generates a first subsequent authentication data using the first response data. The first subsequent authentication data is different from the initial authentication data. The first device provides the first subsequent authentication data to the second device.
[00016] In some embodiments, the first subsequent authentication data is provided during an authorization process for a transaction. In some
embodiments, the first device is a mobile device. In some embodiments, obtaining the first response data comprises capturing the first response data from the second device using a camera on the mobile device, the first response data being displayed on the second device. In some embodiments, the second device is an interface component of a POS terminal.
[00017] In some embodiments, the first subsequent authentication data comprises image-based data. In some embodiments, the image-based data comprises a bar code. In some embodiments, the first subsequent authentication data comprises audio-based data.
[00018] In some embodiments, the first subsequent authentication data is generated using at least one of facial recognition data, fingerprint recognition data, and voice recognition data.
[00019] In some embodiments, the first device obtains a second response data from the second device, and generates a second subsequent authentication data using the second response data. The second subsequent authentication data is different from the initial authentication data and the first subsequent authentication data. The first device then provides the second subsequent authentication data to the second device.
[00020] In some embodiments, the first subsequent authentication data is generated by the first device using an algorithm stored on the first device. In some embodiments, generating the first subsequent authentication data comprises transmitting an authentication data request to a third device, the third device being different from the first device and the second device, and then receiving the first subsequent authentication data from the third device.
[00021] The methods or embodiments disclosed herein may be implemented as a computer system having one or more modules (e.g., hardware modules or software modules). Such modules may be executed by one or more processors of the computer system. The methods or embodiments disclosed herein may be embodied as instructions stored on a machine-readable medium that, when executed by one or more processors, cause the one or more processors to perform the instructions.
[00022] FIGS. 1A-1C illustrate a multi- factor authentication system 100, in accordance with some embodiments. In some embodiments, multi- factor authentication system 100 comprises a first device 1 10. First device 1 10 is any computing device capable of receiving and providing data. First device 1 10 comprises a memory and at least one processor (not shown). In some embodiments, first device 1 10 comprises a mobile device. Examples of a mobile device include, but are not limited to, smartphones and tablet computers. Other types of mobile devices are also within the scope of the present disclosure.
[00023] First device 1 10 is used by a user to interact with a second device
120 in order to complete a purchase of a product or a service. Second device 120 comprises a memory and at least one processor (not shown), and may be any computing device capable of receiving and providing data. In some
embodiments, second device 120 comprises an interface component of a POS terminal. For example, the user may be attempting to purchase a cup of coffee at a POS terminal in a coffee shop. In order to complete the purchase of the cup of coffee, the first device 110 and the second device 120 exchange data to authenticate the transaction during an authorization process for the transaction.
[00024] In some embodiments, first device 1 10 comprises a multi-factor authentication module 1 15. In some embodiments, multi- factor authentication module 1 15 is part of a mobile application installed on the first device 1 10 and is executable by a processor. As seen in FIG. 1A, multi-factor authentication module 1 15 can be configured to provide an initial authentication data to second device 120. Responsive or otherwise subsequent to obtaining the initial authentication data from first device 1 10, second device 120 provides response data to first device 1 10, as seen in FIG. IB. Responsive or otherwise subsequent to obtaining the first response data from second device 120, multi-factor authentication module 1 15 generates a subsequent authentication data using the first response data, and then provide the subsequent authentication data to second device 120, as seen in FIG. 1C. The first subsequent authentication data is different from the initial authentication data.
[00025] The back and forth exchange of authentication data and response data between first device 1 10 and second device 120 can be repeated multiple times so that as many layers of authentication that are desired can be added. In this fashion, different subsequent authentication data can be generated and provided multiple times before the purchase is actually authorized and completed.
[00026] The initial authentication data, the response data, and the subsequent authentication data can be provided in a variety of different forms. In some embodiments, the initial authentication data, the response data, and the subsequent authentication data comprises image-based data. One example of image-based data that can be used is a barcode. For example, multi-factor authentication module 1 15 can be configured to generate and provide Quick Response (QR) codes as authentication data. It is contemplated that other types of image-based data are also within the scope of the present disclosure.
[00027] FIGS. 2A-2C illustrate the exchange of data between a mobile device 210 and an interface device 220 of a POS terminal, in accordance with some embodiments. In some embodiments, mobile device 210 can be first device 1 10 of FIG. 1 and comprise multi-factor authentication module 1 15, and interface device 220 can be second device 120 of FIG. 1. However, it is contemplated that other configurations are also within the scope of the present disclosure.
[00028] As seen in FIG. 2A, mobile device 210 can display image-based initial authentication data 214 on a display screen 212. As previously mentioned, image-based initial authentication data 214 can comprise a barcode. However, it is contemplated that other forms of image-based initial
authentication data 214 are also within the scope of the present disclosure. In some embodiments, interface device 220 can obtain image-based initial authentication data 214 by capturing it via a scanner (not shown).
[00029] As seen in FIG. 2B, in response or otherwise subsequent to interface device 220 obtaining image-based initial authentication data 214, interface device 220 can display image-based response data 224 on a display screen 222. As previously mentioned, image-based response data 224 can comprise a barcode. However, it is contemplated that other forms of image- based response data 224 are also within the scope of the present disclosure. In some embodiments, mobile device 210 can obtain image-based response data 224 by capturing it via a built-in camera component 230.
[00030] As seen in FIG. 2C, in response or otherwise subsequent to mobile device 210 obtaining image-based response data 224, mobile device 210 can display image-based subsequent authentication data 218 on display screen 212. As previously mentioned, image-based subsequent authentication data 218 can comprise a barcode. However, it is contemplated that other forms of image- based subsequent authentication data 218 are also within the scope of the present disclosure.
[00031] In addition or as an alternative to the image-based data discussed above, other forms of data can be used as well. In some embodiments, audio- based initial authentication data, audio-based response data, and audio-based subsequent authentication data can be used during the authentication process. For example, mobile device 210 can provide audio-based initial authentication data and audio-based subsequent authentication data via a built-in speaker 216, and interface device 220 can provide audio-based response data via a built-in speaker 226. This audio-based data can comprise a uniquely identifiable sound that can be used by an algorithm employed by the counterpart device to provide another uniquely identifiable sound or to authenticate the transaction at issue.
[00032] In some embodiments, initial authentication data, response data, and subsequent authentication data can be transmitted by one device to another device via wireless communication, such as near field communication. It is contemplated that other forms of data and transmitting data are also within the scope of the present disclosure.
[00033] Additionally, different forms or modes of data can be employed within the same authentication process. For example, in one embodiment, mobile device 210 can provide the initial authentication data as a barcode displayed on display screen 212, interface device 220 can provide the response data in the form of uniquely identifiable audio via speaker 226, and then mobile device 210 can provide the subsequent authentication data as code via a near field communication transmission. Other configurations are also within the scope of the present disclosure.
[00034] In some embodiments, authentication data can be determined by an algorithm residing on the device directly involved in the transaction, such as first device 110 or second device 120 in FIG. 1 or mobile device 210 or interface device 220 in FIG. 2. However, in some embodiments, these devices can obtain the authentication data from an external independent device on which an algorithm that determines the authentication data resides, and then provide the authentication data to its counterpart device that is directly involved in the transaction. In some embodiments, the algorithm used to generate the authentication data can be unique and correspond to a key on the device (e.g., first device 1 10) that will be providing the authentication data to the other device (e.g., second device 120), or to a key registered or otherwise corresponding to an application on that device that will be providing the authentication data. In this respect, each device can have its own unique algorithm to generate and provide its own unique authentication data.
[00035] FIGS. 3A-3B illustrate the generation of subsequent
authentication data in a multi- factor authentication system, in accordance with some embodiments. As seen in FIG. 3 A, first device 1 10 can request authentication data from an external independent device, such as server 300. Server 300 may comprise an algorithm configured to generate the subsequent authentication data discussed above. In some embodiments, the request sent from first device 1 10 to server 300 comprises the response data provided by second device 120 to first device 1 10. Server 300 can then use the response data to generate the subsequent authentication data, which it can then provide to first device 1 10, as seen in FIG. 3B. First device 1 10 can then provide the subsequent authentication data to second device 120, as previously discussed. In some embodiments, first device 1 10 and server 300 communicate with each other via the Internet. However, other modes and channels of communication are also within the scope of the present disclosure. [00036] FIG. 4 is a flowchart illustrating a method 400 of multi- factor authentication, in accordance with some embodiments. The operations of method 400 may be performed by a system or modules of a system (e.g., system 100, first device 1 10, or multi- factor authentication module 1 15).
[00037] At operation 410, first device 110 provides initial authentication data to second device 120. As previously discussed, the initial authentication data can be provided in a variety of forms, including, but not limited to, visual data, audio data, and near field communication data.
[00038] At operation 420, first device 1 10 obtains response data from second device 120. As previously discussed, the response data can be obtained in a variety of ways, including, but not limited to capturing the response data via a built-in camera on the first device 1 10.
[00039] At operation 430, first device 1 10 generates subsequent authentication data. As previously discussed, in some embodiments, first device uses the response data to generate subsequent authentication data that is different from the initial authentication data.
[00040] At operation 440, first device 1 10 provides the subsequent authentication data to second device 120. As previously discussed, the subsequent authentication data can be provided in a variety of forms, including, but not limited to, visual data, audio data, and near field communication data.
[00041] At operation 450, if additional layers of authentication are desired, then the method 400 can repeat at operation 420, where first device 100 can obtain response data again from second device 420, and then generate and provide subsequent authentication data at operations 430 and 440, respectively. For each layer and cycle of authentication, unique subsequent authentication data can be generated and provided. If additional layers of authentication are not desired at operation 450, then method 400 may come to an end.
[00042] It is contemplated that the operations of method 400 may incorporate any of the other features disclosed herein.
[00043] As previously discussed, although the authentication data discussed above can be generated by an algorithm residing on one of the devices (e.g., first device 1 10 or second device 120) directly involved in the transaction at issue, it is contemplated that, in some embodiments, another device that is external and independent of first device 1 10 and second device 120 can use an algorithm to determine the subsequent authentication data and provide it to one of the devices directly involved in the transaction at issue.
[00044] FIG. 5 is a flowchart illustrating a method 500 of generating subsequent authentication data, in accordance with some embodiments. The operations of method 500 may be performed by a system or modules of a system (e.g., system 100, first device 110, or multi-factor authentication module 1 15). At operation 510, first device 1 10 can transmit a request for authentication data to a third device, such as server 300 in FIGS. 3A-3B. At operation 520, first device 1 10 can receive the subsequent authentication data generated the third device. It is contemplated that the operations of method 500 may incorporate any of the other features disclosed herein.
[00045] In some embodiments, the algorithm used to generate the subsequent authentication data can receive and use a variety of different data to generate the subsequent authentication data. FIG. 6 is a flowchart illustrating another method 600 of generating subsequent authentication data, in accordance with some embodiments. The operations of method 600 may be performed by a system or modules of a system (e.g., system 100, first device 1 10, or multi- factor authentication module 1 15). At operation 610, response data is received.
[00046] At operation 620, additional data other than the response data is received. In some embodiments, this additional data comprises recognition- based data. Examples of recognition-based data include, but are not limited to, facial recognition data, fingerprint recognition data, and voice recognition data. The recognition data can be obtained using data capturing devices, including, but not limited to, cameras, touchscreens, and microphones. In one example, a user attempting to purchase a product can apply his or her finger to the touchscreen of a smartphone, thereby enabling the smartphone to capture the user's fingerprint. In some embodiments, the additional data can include a key, token, or other identifier that is unique to and corresponds to the device (e.g., the user's smartphone) that is being used to pay for the product or service at issue.
[00047] At operation 630, the subsequent authentication data is generated and provided using the response data and the additional data. In some embodiments, the additional data is used by the algorithm that generates the subsequent authentication data in its generation of the subsequent authentication data. In some embodiments, the additional data is used to identify which algorithm to use to generate the subsequent authentication data, such as by determining that the additional data corresponds to a particular user or device, and then determining the algorithm that corresponds to that particular user or device.
[00048] It is contemplated that the operations of method 600 may incorporate any of the other features disclosed herein.
[00049] As previously discussed, although examples disclosed herein show the multi-factor authentication module 1 15 and/or the algorithm used to generate the subsequent authentication data residing on first device 1 10, it is contemplated that the multi- factor authentication module 1 15 and/or the algorithm for generating the subsequent authentication data can reside on other devices as well, such as second device 120 and server 300.
MODULES, COMPONENTS AND LOGIC
[00050] Certain embodiments are described herein as including logic or a number of components, modules, or mechanisms. Modules may constitute either software modules (e.g., code embodied on a machine-readable medium or in a transmission signal) or hardware modules. A hardware module is a tangible unit capable of performing certain operations and may be configured or arranged in a certain manner. In example embodiments, one or more computer systems (e.g., a standalone, client, or server computer system) or one or more hardware modules of a computer system (e.g., a processor or a group of processors) may be configured by software (e.g., an application or application portion) as a hardware module that operates to perform certain operations as described herein.
[00051] In various embodiments, a hardware module may be implemented mechanically or electronically. For example, a hardware module may comprise dedicated circuitry or logic that is permanently configured (e.g., as a special- purpose processor, such as a field programmable gate array (FPGA) or an application-specific integrated circuit (ASIC)) to perform certain operations. A hardware module may also comprise programmable logic or circuitry (e.g., as encompassed within a general-purpose processor or other programmable processor) that is temporarily configured by software to perform certain operations. It will be appreciated that the decision to implement a hardware module mechanically, in dedicated and permanently configured circuitry, or in temporarily configured circuitry (e.g., configured by software) may be driven by cost and time considerations.
[00052] Accordingly, the term "hardware module" should be understood to encompass a tangible entity, be that an entity that is physically constructed, permanently configured (e.g., hardwired) or temporarily configured (e.g., programmed) to operate in a certain manner and/or to perform certain operations described herein. Considering embodiments in which hardware modules are temporarily configured (e.g., programmed), each of the hardware modules need not be configured or instantiated at any one instance in time. For example, where the hardware modules comprise a general-purpose processor configured using software, the general-purpose processor may be configured as respective different hardware modules at different times. Software may accordingly configure a processor, for example, to constitute a particular hardware module at one instance of time and to constitute a different hardware module at a different instance of time.
[00053] Hardware modules can provide information to, and receive information from, other hardware modules. Accordingly, the described hardware modules may be regarded as being communicatively coupled. Where multiple of such hardware modules exist contemporaneously, communications may be achieved through signal transmission (e.g., over appropriate circuits and buses) that connect the hardware modules. In embodiments in which multiple hardware modules are configured or instantiated at different times, communications between such hardware modules may be achieved, for example, through the storage and retrieval of information in memory structures to which the multiple hardware modules have access. For example, one hardware module may perform an operation and store the output of that operation in a memory device to which it is communicatively coupled. A further hardware module may then, at a later time, access the memory device to retrieve and process the stored output. Hardware modules may also initiate communications with input or output devices and can operate on a resource (e.g., a collection of information).
[00054] The various operations of example methods described herein may be performed, at least partially, by one or more processors that are temporarily configured (e.g., by software) or permanently configured to perform the relevant operations. Whether temporarily or permanently configured, such processors may constitute processor-implemented modules that operate to perform one or more operations or functions. The modules referred to herein may, in some example embodiments, comprise processor-implemented modules.
[00055] Similarly, the methods described herein may be at least partially processor-implemented. For example, at least some of the operations of a method may be performed by one or more processors or processor- implemented modules. The performance of certain of the operations may be distributed among the one or more processors, not only residing within a single machine, but deployed across a number of machines. In some example embodiments, the processor or processors may be located in a single location (e.g., within a home environment, an office environment or as a server farm), while in other embodiments the processors may be distributed across a number of locations.
[00056] The one or more processors may also operate to support performance of the relevant operations in a "cloud computing" environment or as a "software as a service" (SaaS). For example, at least some of the operations may be performed by a group of computers (as examples of machines including processors), these operations being accessible via a network (e.g., the network 104 of FIG. 1) and via one or more appropriate interfaces (e.g., APIs).
ELECTRONIC APPARATUS AND SYSTEM
[00057] Example embodiments may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them. Example embodiments may be implemented using a computer program product, e.g., a computer program tangibly embodied in an information carrier, e.g., in a machine-readable medium for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, a computer, or multiple computers.
[00058] A computer program can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, subroutine, or other unit suitable for use in a computing environment. A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network. [00059] In example embodiments, operations may be performed by one or more programmable processors executing a computer program to perform functions by operating on input data and generating output. Method operations can also be performed by, and apparatus of example embodiments may be implemented as, special purpose logic circuitry (e.g., a FPGA or an ASIC).
[00060] A computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client- server relationship to each other. In embodiments deploying a programmable computing system, it will be appreciated that both hardware and software architectures merit consideration. Specifically, it will be appreciated that the choice of whether to implement certain functionality in permanently configured hardware (e.g., an ASIC), in temporarily configured hardware (e.g., a combination of software and a programmable processor), or a combination of permanently and temporarily configured hardware may be a design choice. Below are set out hardware (e.g., machine) and software architectures that may be deployed, in various example embodiments.
EXAMPLE MACHINE ARCHITECTURE AND MACHINE-READABLE MEDIUM
[00061] FIG. 7 is a block diagram of a machine in the example form of a computer system 700 within which instructions for causing the machine to perform any one or more of the methodologies discussed herein may be executed. In alternative embodiments, the machine operates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machine may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer- to-peer (or distributed) network environment. The machine may be a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
[00062] The example computer system 700 includes a processor 702 (e.g., a central processing unit (CPU), a graphics processing unit (GPU) or both), a main memory 704 and a static memory 706, which communicate with each other via a bus 708. The computer system 700 may further include a video display unit 710 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)). The computer system 700 also includes an alphanumeric input device 712 (e.g., a keyboard), a user interface (UI) navigation (or cursor control) device 714 (e.g., a mouse), a disk drive unit 716, a signal generation device 718 (e.g., a speaker), and a network interface device 720.
MACHINE-READABLE MEDIUM
[00063] The disk drive unit 716 includes a machine-readable medium 722 on which is stored one or more sets of data structures and instructions 724 (e.g., software) embodying or utilized by any one or more of the methodologies or functions described herein. The instructions 724 may also reside, completely or at least partially, within the main memory 704 and/or within the processor 702 during execution thereof by the computer system 700, the main memory 704 and the processor 702 also constituting machine-readable media. The instructions 724 may also reside, completely or at least partially, within the static memory 706.
[00064] While the machine-readable medium 722 is shown in an example embodiment to be a single medium, the term "machine-readable medium" may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more instructions 724 or data structures. The term "machine -readable medium" shall also be taken to include any tangible medium that is capable of storing, encoding or carrying instructions for execution by the machine and that cause the machine to perform any one or more of the methodologies of the present embodiments, or that is capable of storing, encoding or carrying data structures utilized by or associated with such instructions. The term "machine-readable medium" shall accordingly be taken to include, but not be limited to, solid-state memories, and optical and magnetic media. Specific examples of machine-readable media include non-volatile memory, including by way of example semiconductor memory devices (e.g., Erasable Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), and flash memory devices); magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and compact disc-read-only memory (CD-ROM) and digital versatile disc (or digital video disc) read-only memory (DVD-ROM) disks.
TRANSMISSION MEDIUM
[00065] The instructions 724 may further be transmitted or received over a communications network 726 using a transmission medium. The instructions 724 may be transmitted using the network interface device 720 and any one of a number of well-known transfer protocols (e.g., HTTP). Examples of communication networks include a LAN, a WAN, the Internet, mobile telephone networks, POTS networks, and wireless data networks (e.g., WiFi and WiMax networks). The term "transmission medium" shall be taken to include any intangible medium capable of storing, encoding, or carrying instructions for execution by the machine, and includes digital or analog communications signals or other intangible media to facilitate communication of such software.
[00066] Although an embodiment has been described with reference to specific example embodiments, it will be evident that various modifications and changes may be made to these embodiments without departing from the broader scope of the present disclosure. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense. The
accompanying drawings that form a part hereof show, by way of illustration, and not of limitation, specific embodiments in which the subject matter may be practiced. The embodiments illustrated are described in sufficient detail to enable those skilled in the art to practice the teachings disclosed herein. Other embodiments may be utilized and derived therefrom, such that structural and logical substitutions and changes may be made without departing from the scope of this disclosure. This Detailed Description, therefore, is not to be taken in a limiting sense, and the scope of various embodiments is defined only by the appended claims, along with the full range of equivalents to which such claims are entitled.
[00067] Such embodiments of the inventive subject matter may be referred to herein, individually and/or collectively, by the term "invention" merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed. Thus, although specific embodiments have been illustrated and described herein, it should be appreciated that any arrangement calculated to achieve the same purpose may be substituted for the specific embodiments shown. This disclosure is intended to cover any and all adaptations or variations of various embodiments. Combinations of the above embodiments, and other embodiments not specifically described herein, will be apparent to those of skill in the art upon reviewing the above description.
[00068] The Abstract of the Disclosure is provided to allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, it can be seen that various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separate embodiment.

Claims

1. A computer-implemented method comprising:
providing, by a first device having a memory and at least one processor, an initial authentication data to a second device, the second device being different from the first device, the first device comprising a mobile device;
obtaining, by the first device, a first response data from the second device, the obtaining of the first response data comprising capturing the first response data from the second device using a camera on the mobile device, the first response data being displayed on the second device;
generating, by the first device, a first subsequent authentication data using the first response data, the first subsequent authentication data being different from the initial authentication data; and
providing, by the first device, the first subsequent authentication data to the second device.
2. The method of claim 1, wherein the first subsequent authentication data is provided during an authorization process for a transaction.
3. The method of claim 1, wherein the second device is an interface component of a point of sale terminal.
4. The method of claim 1, wherein the first subsequent authentication data comprises image-based data.
5. The method of claim 4, wherein the image-based data comprises a bar code.
6. The method of claim 1, wherein the first subsequent authentication data comprises audio-based data.
7. The method of claim 1, wherein the first subsequent authentication data is generated using at least one of facial recognition data, fingerprint recognition data, and voice recognition data.
8. The method of claim 1, further comprising:
obtaining, by the first device, a second response data from the second device;
generating, by the first device, a second subsequent authentication data using the second response data, the second subsequent
authentication data being different from the initial authentication data and the first subsequent authentication data; and
providing, by the first device, the second subsequent authentication data to the second device.
9. The method of claim 1, wherein the first subsequent authentication data is generated by the first device using an algorithm stored on the first device.
10. The method of claim 1, wherein generating the first subsequent
authentication data comprises:
transmitting an authentication data request to a third device, the third device being different from the first device and the second device; and
receiving the first subsequent authentication data from the third device.
1 1. A system comprising:
a first machine having a memory and at least one processor, the first machine comprising a mobile device; and
a multi- factor authentication module, executable by the at least one processor, configured to:
provide an initial authentication data to a second machine, the second machine being different from the first machine;
obtain a first response data from the second machine by capturing the first response data from the second machine using a camera on the mobile device, the first response data being displayed on the second machine;
generate a first subsequent authentication data using the first response data, the first subsequent authentication data being different from the initial authentication data; and
provide the first subsequent authentication data to the second machine.
12. The system of claim 1 1, wherein the first subsequent authentication data comprises image-based data.
13. The system of claim 12, wherein the image-based data comprises a bar code.
14. The system of claim 1 1, wherein the first subsequent authentication data comprises audio-based data.
15. The system of claim 1 1, wherein the multi- factor authentication module is further configured to generate the first subsequent authentication using at least one of facial recognition data, fingerprint recognition data, and voice recognition data.
16. The system of claim 1 1, wherein the multi-factor authentication module is further configured to:
obtain a second response data from the second machine;
generate a second subsequent authentication data using the second response data, the second subsequent authentication data being different from the initial authentication data and the first subsequent authentication data; and
provide the second subsequent authentication data to the second machine.
17. A non-transitory machine -readable storage device storing a set of instructions that, when executed by at least one processor, causes the at least one processor to perform a set of operations comprising:
providing, by a first device having a memory and at least one processor, an initial authentication data to a second device, the second device being different from the first device, the first device comprising a mobile device;
obtaining, by the first device, a first response data from the second device, the obtaining of the first response data comprising capturing the first response data from the second device using a camera on the mobile device, the first response data being displayed on the second device;
generating, by the first device, a first subsequent authentication data using the first response data, the first subsequent authentication data being different from the initial authentication data; and
providing, by the first device, the first subsequent authentication data to the second device.
18. The storage device of claim 17, wherein the set of operations further
comprises:
obtaining, by the first device, a second response data from the second device;
generating, by the first device, a second subsequent authentication data using the second response data, the second subsequent
authentication data being different from the initial authentication data and the first subsequent authentication data; and
providing, by the first device, the second subsequent authentication data to the second device.
19. The storage device of claim 17, wherein generating the first subsequent authentication data comprises:
transmitting an authentication data request to a third device, the third device being different from the first device and the second device; and
receiving the first subsequent authentication data from the third device.
20. A machine-readable medium carrying a set of instructions that, when executed by at least one processor, causes the at least one processor to carry out the method of any one of claims 1 to 10.
PCT/US2014/068109 2013-12-04 2014-12-02 Multi-factor authentication system and method WO2015084816A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CN201480072546.6A CN106063187A (en) 2013-12-04 2014-12-02 Multi-factor authentication system and method
KR1020167017755A KR101859306B1 (en) 2013-12-04 2014-12-02 Multi-factor authentication system and method
CA2932107A CA2932107C (en) 2013-12-04 2014-12-02 Multi-factor authentication system and method
EP14868471.5A EP3078160A4 (en) 2013-12-04 2014-12-02 Multi-factor authentication system and method
AU2014357362A AU2014357362A1 (en) 2013-12-04 2014-12-02 Multi-factor authentication system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/097,100 US9703942B2 (en) 2013-12-04 2013-12-04 Multi-factor authentication system and method
US14/097,100 2013-12-04

Publications (1)

Publication Number Publication Date
WO2015084816A1 true WO2015084816A1 (en) 2015-06-11

Family

ID=53265575

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/068109 WO2015084816A1 (en) 2013-12-04 2014-12-02 Multi-factor authentication system and method

Country Status (7)

Country Link
US (3) US9703942B2 (en)
EP (1) EP3078160A4 (en)
KR (1) KR101859306B1 (en)
CN (1) CN106063187A (en)
AU (1) AU2014357362A1 (en)
CA (1) CA2932107C (en)
WO (1) WO2015084816A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9703942B2 (en) 2013-12-04 2017-07-11 Ebay Inc. Multi-factor authentication system and method

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015112175A1 (en) * 2014-01-27 2015-07-30 Empire Technology Development Llc. User authentication using voice and image data
CN105227536B (en) * 2014-07-03 2018-12-14 阿里巴巴集团控股有限公司 A kind of two dimensional code login method and equipment
GB201613080D0 (en) * 2016-07-28 2016-09-14 Mastercard International Inc Mobile payment method and system
CN106875187A (en) * 2016-12-28 2017-06-20 北京汇通金财信息科技有限公司 A kind of multiple-factor internet payment safety method and system
KR20180082043A (en) * 2017-01-09 2018-07-18 삼성전자주식회사 Electronic device and method for connecting communication using voice
WO2019022698A1 (en) * 2017-07-24 2019-01-31 Visa International Service Association System, method, and computer program product for authenticating a transaction
CN108564359B (en) * 2018-02-24 2020-10-16 创新先进技术有限公司 Data processing method, terminal equipment and data processing system
US10218695B1 (en) * 2018-03-27 2019-02-26 Capital One Services, Llc Systems and methods for providing credentialless login using a random one-time passcode
US10484377B1 (en) 2018-10-17 2019-11-19 Capital One Services, Llc Systems and methods for multi-device multi-factor authentication
US11496503B2 (en) 2019-05-17 2022-11-08 International Business Machines Corporation Event data fencing based on vulnerability detection
US11228578B2 (en) * 2019-05-17 2022-01-18 International Business Machines Corporation Multi-factor authentication utilizing event data
KR102288445B1 (en) * 2020-09-11 2021-08-11 스티븐 상근 오 On-boarding method, apparatus and program of authentication module for organization
KR102288444B1 (en) * 2020-09-18 2021-08-11 스티븐 상근 오 Firmware updating method, apparatus and program of authentication module
US11762973B2 (en) 2021-11-16 2023-09-19 International Business Machines Corporation Auditing of multi-factor authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080307515A1 (en) * 2005-12-21 2008-12-11 Cronto Limited System and Method For Dynamic Multifactor Authentication
US20120110341A1 (en) * 2010-11-02 2012-05-03 Homayoon Beigi Mobile Device Transaction Using Multi-Factor Authentication
US20130124855A1 (en) 2011-11-14 2013-05-16 Ca, Inc. Using qr codes for authenticating users to atms and other secure machines for cardless transactions
US20130282589A1 (en) * 2012-04-20 2013-10-24 Conductiv Software, Inc. Multi-factor mobile transaction authentication
US8578454B2 (en) * 2011-10-25 2013-11-05 Toopher, Inc. Two-factor authentication systems and methods

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE426965T1 (en) * 2004-05-04 2009-04-15 Research In Motion Ltd REQUEST-RESPONSE SYSTEM AND PROCEDURES
BRPI0722174B1 (en) 2007-10-30 2020-01-14 Telecom Italia Spa method and system for authenticating users in a data processing system
US8380177B2 (en) * 2010-04-09 2013-02-19 Paydiant, Inc. Mobile phone payment processing methods and systems
US8508338B1 (en) 2010-11-07 2013-08-13 Howard Owen Fiddy Method and system for defeat of replay attacks against biometric authentication systems
US8910274B2 (en) * 2011-07-28 2014-12-09 Xerox Corporation Multi-factor authentication using digital images of barcodes
IN2014KN00998A (en) * 2011-10-12 2015-09-04 C Sam Inc
US8751794B2 (en) * 2011-12-28 2014-06-10 Pitney Bowes Inc. System and method for secure nework login
US20130232073A1 (en) 2012-03-05 2013-09-05 John F. Sheets Authentication Using Biometric Technology Through a Consumer Device
CN103020574A (en) * 2012-11-22 2013-04-03 北京握奇数据系统有限公司 OTP (One Time Password) equipment and method combining photographing and bar code indentifying technologies
US9703942B2 (en) 2013-12-04 2017-07-11 Ebay Inc. Multi-factor authentication system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080307515A1 (en) * 2005-12-21 2008-12-11 Cronto Limited System and Method For Dynamic Multifactor Authentication
US20120110341A1 (en) * 2010-11-02 2012-05-03 Homayoon Beigi Mobile Device Transaction Using Multi-Factor Authentication
US8578454B2 (en) * 2011-10-25 2013-11-05 Toopher, Inc. Two-factor authentication systems and methods
US20130124855A1 (en) 2011-11-14 2013-05-16 Ca, Inc. Using qr codes for authenticating users to atms and other secure machines for cardless transactions
US20130282589A1 (en) * 2012-04-20 2013-10-24 Conductiv Software, Inc. Multi-factor mobile transaction authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3078160A4

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9703942B2 (en) 2013-12-04 2017-07-11 Ebay Inc. Multi-factor authentication system and method
US10061912B2 (en) 2013-12-04 2018-08-28 Ebay Inc. Multi-factor authentication system and method

Also Published As

Publication number Publication date
US10061912B2 (en) 2018-08-28
AU2014357362A1 (en) 2016-06-16
CA2932107C (en) 2021-05-18
CN106063187A (en) 2016-10-26
KR20160092017A (en) 2016-08-03
EP3078160A1 (en) 2016-10-12
KR101859306B1 (en) 2018-06-28
US20190042723A1 (en) 2019-02-07
CA2932107A1 (en) 2015-06-11
US9703942B2 (en) 2017-07-11
US20170308693A1 (en) 2017-10-26
EP3078160A4 (en) 2017-04-19
US20150154387A1 (en) 2015-06-04

Similar Documents

Publication Publication Date Title
US10061912B2 (en) Multi-factor authentication system and method
US11640605B2 (en) Method, server, and storage medium for verifying transactions using a smart card
KR102693434B1 (en) Electronic apparatus providing electronic payment and operating method thereof
WO2017148258A1 (en) Payment method, device, and apparatus
AU2019253872A1 (en) Seamless transaction minimizing user input
US20150294313A1 (en) Systems, apparatus and methods for improved authentication
US20140129450A1 (en) Secure payment method and system
WO2017143924A1 (en) Payment method, apparatus and device
CA2955197A1 (en) Mobile communication device with proximity based communication circuitry
US20220108309A1 (en) Systems and methods for securely opening apis with cardholder authentication and consent
WO2015179034A1 (en) Authentication via biometric passphrase
US11216806B2 (en) Systems and methods for providing card interactions
US10395244B1 (en) Systems and methods for providing card interactions
JP2018518749A (en) Method for authentication of virtual currency means and system for authentication of virtual currency means
US20160092876A1 (en) On-device shared cardholder verification
US20160065581A1 (en) Method and system for exchanging information
JP2022501873A (en) Systems and methods for cryptographic authentication of non-contact cards
WO2019094133A1 (en) Systems and methods for performing biometric registration and authentication of a user to provide access to a secure network
US20240311799A1 (en) Systems and methods for performing payment transactions using indicia-based associations between user interfaces
WO2018118248A1 (en) Method and system for purchase precheck
US20170187726A1 (en) Cross-domain message authentication
US11233634B1 (en) Systems and methods for network authentication with a shared secret
WO2016033144A1 (en) Method and system for exchanging information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14868471

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2932107

Country of ref document: CA

REEP Request for entry into the european phase

Ref document number: 2014868471

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2014868471

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2014357362

Country of ref document: AU

Date of ref document: 20141202

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 20167017755

Country of ref document: KR

Kind code of ref document: A