US2015304850A1PendingUtilityA1

System and method for transaction security responsive to a signed authentication

Assignee: PING IDENTITY CORPPriority: May 17, 2011Filed: Jun 30, 2015Published: Oct 22, 2015
Est. expiryMay 17, 2031(~4.8 yrs left)· nominal 20-yr term from priority
H04W 12/08H04L 63/083H04L 63/0861H04W 12/06G06Q 20/4015H04L 63/107H04W 12/126H04W 12/12
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system arranged to authenticate a user via its mobile device to a service provider, the system comprising: an authentication server; the user mobile device, the user mobile device provided with a verification application arranged to communicate with the authentication server; and a notification server in communication with the authentication server and arranged to transmit a notification to the user mobile device responsive to the authentication server, the authentication server arranged to provide a signed authentication to the service provider responsive to present and historical information regarding one of: the user mobile device; and an additional user device in communication with said authentication server, said signed authentication provided in accordance with a rule set determined by an authorized entity stored on said authentication server memory governing the required present and historical information attribute.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system comprising a server arranged to authorize access of a user device to a server device;
 the server comprising, at least one processor operatively connected to a non-transitory memory, said memory having loaded thereon instructions executable by said at least one processor to:   determine that a user device is attempting to access the server;   provide to said user device, data including human verification test for collecting human verification data from the user device; wherein the data further includes instruction to a user to activate the human verification test on the user device, and wherein following activation, the human verification test is responsive for receiving user input for a predefined time period;   verify whether or not an input, including human verification data, received from the user device has been provided by a human based on whether or not at least the human verification data has been provided to the user device within the predefined time period; and   based at least partly on the verification, determine whether to authorize access of the user device to a service provider.   
     
     
         2 . The system according to  claim 1 , wherein the human verification data includes a voice input recorded during a time equal or shorter to the time period. 
     
     
         3 . The system according to  claim 2 , wherein said voice input includes voice response of a user to at least one word displayed on a display device of the user device. 
     
     
         4 . The system according to  claim 3 , wherein the voice input includes a representation of said recorded voice response, said server is arranged to determine whether said representation of said recorded voice response matches a pre-registered recorded voice responsive, and authorize access of the user device to the service provider if it does. 
     
     
         5 . The system according to  claim 1 , wherein the server is arranged to:
 transmit a keypad image to said user device for display on a touch screen input device of said user device;   receive from said user device verification data comprising touch screen coordinates for each passcode segment entered; and   authorize access of the user device to the service provider if said received touch screen coordinates are consonant with a pre-registered passcode.   
     
     
         6 . The system according to  claim 5 , wherein said keypad image is a special purpose keyboard configured to be responsive to the passcode. 
     
     
         7 . The system according to  claim 1 , further comprising said user device, said user device comprising a user device processor and an associated user device non-transitory memory, said user device non-transitory memory having instructions loaded thereon which when executed by said user device processor cause said device to send to said server the human verification data. 
     
     
         8 . The system according to  claim 1 , wherein the instructions are executable by said at least one processor to:
 provide to said user device a list of at least one selectable service provider and at least one selectable registered user device other than said user device;   receive a selection made at said user device of a service provider, from among said at least one selectable service provider, to which access is desired, and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired; and   based on the verification, determine whether to send authentication message to the selected service provider to authorize access of the user device to the selected service provider.   
     
     
         9 . A method of authorizing access of user device to a server device, comprising:
 at the server device using at least one processor for:   determining that a user device is attempting to access the server;   providing to said user device, data including human verification test for collecting human verification data from the user device; wherein the data further includes instruction to a user to activate the human verification test on the user device, and wherein following activation, the human verification test is responsive for receiving user input for a predefined time period;   verifying whether or not an input, including human verification data, received from the user device has been provided by a human based on whether or not at least the human verification data has been provided to the user device within the predefined time period; and   based at least partly on the verification, determining whether to authorize access of the user device to a service provider.   
     
     
         10 . The method according to  claim 9 , wherein the human verification data includes a voice input recorded during a time equal or shorter to the time period. 
     
     
         11 . The method according to  claim 10 , wherein said voice input includes voice response of a user to at least one word displayed on a display device of the user device. 
     
     
         12 . The method according to  claim 11 , wherein the voice input includes a representation of said recorded voice response, the method further comprising:
 determining whether said representation of said recorded voice response matches a pre-registered recorded voice responsive, and authorize access of the user device to the service provider if it does.   
     
     
         13 . The method according to  claim 9 , further comprising:
 transmitting a keypad image to said user device for display on a touch screen input device of said user device;   receiving from said user device verification data comprising touch screen coordinates for each passcode segment entered; and   authorizing access of the user device to the service provider if said received touch screen coordinates are consonant with a pre-registered passcode.   
     
     
         14 . The method according to  claim 9 , further comprising:
 providing to said user device a list of at least one selectable service provider and at least one selectable registered user device other than said user device;   receiving a selection made at said user device of a service provider, from among said at least one selectable service provider, to which access is desired, and of a user device, from among said at least one selectable registered user device, by which access to said selected service provider is desired; and   based on the verification, determining whether to send authentication message to the selected service provider to authorize access of the user device to the selected service provider.   
     
     
         15 . A user device comprising at least one processor operatively connected to a non-transitory memory, said non-transitory memory having instructions loaded thereon which when executed by said at least one processor cause said user device to:
 receive from a server data related to a human verification test for collecting human verification data from the user device; wherein the data includes instruction to a user to activate displaying of the human verification test on the user device;   responsive to activation by a user, display the human verification test for a predefined time period;   transmit the human verification data to the server for enabling the server to:   verify whether or not an input, including human verification data, received from the user device has been provided by a human based on whether or not at least the human verification data has been provided to the user device within the predefined time period; and based on the verification, determine whether to authorize access of the user device to a service provider.

Join the waitlist — get patent alerts

Track US2015304850A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.