WO2006052601A3 - Authenticating a login - Google Patents

Authenticating a login Download PDF

Info

Publication number
WO2006052601A3
WO2006052601A3 PCT/US2005/039656 US2005039656W WO2006052601A3 WO 2006052601 A3 WO2006052601 A3 WO 2006052601A3 US 2005039656 W US2005039656 W US 2005039656W WO 2006052601 A3 WO2006052601 A3 WO 2006052601A3
Authority
WO
WIPO (PCT)
Prior art keywords
login
authenticating
private
user
memorization
Prior art date
Application number
PCT/US2005/039656
Other languages
French (fr)
Other versions
WO2006052601A2 (en
Inventor
Alexandre Bronstein
Alon Waksman
Original Assignee
Astav Inc
Alexandre Bronstein
Alon Waksman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Astav Inc, Alexandre Bronstein, Alon Waksman filed Critical Astav Inc
Priority to EP05815985A priority Critical patent/EP1813048A4/en
Publication of WO2006052601A2 publication Critical patent/WO2006052601A2/en
Publication of WO2006052601A3 publication Critical patent/WO2006052601A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

Techniques for authenticating a login that avoid the imposition of memorization burdens on users of a computer system. The present techniques include determining whether an appropriate token is stored on a client system that originates the login, authenticating a login by communicating with a user via a secondary communication channel, and authenticating a login by engaging in a private question/private answer dialogue with a user.
PCT/US2005/039656 2004-11-03 2005-11-02 Authenticating a login WO2006052601A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05815985A EP1813048A4 (en) 2004-11-03 2005-11-02 Authenticating a login

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/980,910 2004-11-03
US10/980,910 US8171303B2 (en) 2004-11-03 2004-11-03 Authenticating a login

Publications (2)

Publication Number Publication Date
WO2006052601A2 WO2006052601A2 (en) 2006-05-18
WO2006052601A3 true WO2006052601A3 (en) 2007-06-21

Family

ID=36263557

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/039656 WO2006052601A2 (en) 2004-11-03 2005-11-02 Authenticating a login

Country Status (3)

Country Link
US (1) US8171303B2 (en)
EP (1) EP1813048A4 (en)
WO (1) WO2006052601A2 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8365258B2 (en) * 2006-11-16 2013-01-29 Phonefactor, Inc. Multi factor authentication
US9762576B2 (en) 2006-11-16 2017-09-12 Phonefactor, Inc. Enhanced multi factor authentication
DE102007004957A1 (en) * 2007-01-26 2008-07-31 Vodafone Holding Gmbh Authenticate two transaction partners involved in a transaction
US8020195B2 (en) * 2007-03-30 2011-09-13 Citrix Systems, Inc. Systems and methods for user login
US10778417B2 (en) * 2007-09-27 2020-09-15 Clevx, Llc Self-encrypting module with embedded wireless user authentication
US11190936B2 (en) 2007-09-27 2021-11-30 Clevx, Llc Wireless authentication system
US10181055B2 (en) * 2007-09-27 2019-01-15 Clevx, Llc Data security system with encryption
US8756660B2 (en) * 2008-04-17 2014-06-17 Microsoft Corporation Enabling two-factor authentication for terminal services
CN103581120B (en) 2012-07-24 2018-04-20 阿里巴巴集团控股有限公司 A kind of method and apparatus for identifying consumer's risk
US20190056828A1 (en) * 2012-09-06 2019-02-21 Google Inc. User interface transitions
US8914645B2 (en) 2013-02-13 2014-12-16 Daniel Duncan Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US8572398B1 (en) 2013-02-13 2013-10-29 Daniel Duncan Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US9143506B2 (en) 2013-02-13 2015-09-22 Daniel Duncan Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US10250590B2 (en) 2015-08-31 2019-04-02 Samsung Electronics Co., Ltd. Multi-factor device registration for establishing secure communication
CN105245541B (en) 2015-10-28 2020-02-18 腾讯科技(深圳)有限公司 Authentication method, equipment and system
US10129210B2 (en) 2015-12-30 2018-11-13 Go Daddy Operating Company, LLC Registrant defined limitations on a control panel for a registered tertiary domain
US10387854B2 (en) 2015-12-30 2019-08-20 Go Daddy Operating Company, LLC Registering a tertiary domain with revenue sharing
US10009288B2 (en) * 2015-12-30 2018-06-26 Go Daddy Operating Company, LLC Registrant defined prerequisites for registering a tertiary domain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010037469A1 (en) * 1999-05-11 2001-11-01 Sun Microsystems, Inc. Method and apparatus for authenticating users
US20030204610A1 (en) * 1999-07-08 2003-10-30 Howard John Hal User authentication
US20050108551A1 (en) * 2003-11-18 2005-05-19 Toomey Christopher N. Method and apparatus for trust-based, fine-grained rate limiting of network requests
US20060095779A9 (en) * 2001-08-06 2006-05-04 Shivaram Bhat Uniform resource locator access management and control system and method

Family Cites Families (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2674710B1 (en) * 1991-03-27 1994-11-04 France Telecom METHOD AND SYSTEM FOR PROCESSING PREECHOS OF AN AUDIO-DIGITAL SIGNAL ENCODED BY FREQUENTIAL TRANSFORM.
US5311594A (en) 1993-03-26 1994-05-10 At&T Bell Laboratories Fraud protection for card transactions
US5907597A (en) * 1994-08-05 1999-05-25 Smart Tone Authentication, Inc. Method and system for the secure communication of data
US5774869A (en) * 1995-06-06 1998-06-30 Interactive Media Works, Llc Method for providing sponsor paid internet access and simultaneous sponsor promotion
US5991617A (en) * 1996-03-29 1999-11-23 Authentix Network, Inc. Method for preventing cellular telephone fraud
GB9811446D0 (en) * 1998-05-29 1998-07-22 Int Computers Ltd Authentication device
US6671672B1 (en) * 1999-03-30 2003-12-30 Nuance Communications Voice authentication system having cognitive recall mechanism for password verification
US7194437B1 (en) 1999-05-14 2007-03-20 Amazon.Com, Inc. Computer-based funds transfer system
US7058817B1 (en) * 1999-07-02 2006-06-06 The Chase Manhattan Bank System and method for single sign on process for websites with multiple applications and services
US6934858B2 (en) * 1999-12-15 2005-08-23 Authentify, Inc. System and method of using the public switched telephone network in providing authentication or authorization for online transactions
AU2000251485A1 (en) * 2000-05-19 2001-12-03 Netscape Communications Corporation Adaptive multi-tier authentication system
FI115355B (en) * 2000-06-22 2005-04-15 Icl Invia Oyj Arrangement for the authentication and authentication of a secure system user
WO2002001376A1 (en) * 2000-06-28 2002-01-03 Yozan Inc. Host computer, mobile communication device, program, and recording medium
US6871063B1 (en) * 2000-06-30 2005-03-22 Intel Corporation Method and apparatus for controlling access to a computer system
US20020099648A1 (en) 2000-09-19 2002-07-25 Devoe Dana L. Method of reducing fraud in credit card and other E-business
JP2002215582A (en) * 2000-12-28 2002-08-02 Morgan Stanley Dean Witter Japan Ltd Method and device for authentication
US7100054B2 (en) * 2001-08-09 2006-08-29 American Power Conversion Computer network security system
US7373515B2 (en) * 2001-10-09 2008-05-13 Wireless Key Identification Systems, Inc. Multi-factor authentication system
US6693530B1 (en) 2001-10-16 2004-02-17 At&T Corp. Home security administration platform
US7149296B2 (en) 2001-12-17 2006-12-12 International Business Machines Corporation Providing account usage fraud protection
US7707108B2 (en) 2002-01-31 2010-04-27 International Business Machines Corporation Detection of unauthorized account transactions
US7318234B1 (en) * 2002-02-19 2008-01-08 Microsoft Corporation Request persistence during session authentication
US7308579B2 (en) 2002-03-15 2007-12-11 Noel Abela Method and system for internationally providing trusted universal identification over a global communications network
US20030182214A1 (en) 2002-03-20 2003-09-25 Taylor Michael K. Fraud detection and security system for financial institutions
US7292680B1 (en) * 2002-03-21 2007-11-06 At&T Bls Intellectual Property, Inc. Automated passcode recovery in an interactive voice response system
US7225464B2 (en) * 2002-04-03 2007-05-29 Yodlee.Com, Inc. Method for verifying the identity of a user for session authentication purposes during Web navigation
US7149899B2 (en) * 2002-04-25 2006-12-12 Intertrust Technologies Corp. Establishing a secure channel with a human user
US7100049B2 (en) 2002-05-10 2006-08-29 Rsa Security Inc. Method and apparatus for authentication of users and web sites
US7383572B2 (en) * 2002-05-24 2008-06-03 Authentify, Inc. Use of public switched telephone network for authentication and authorization in on-line transactions
US7237118B2 (en) * 2002-12-05 2007-06-26 Microsoft Corporation Methods and systems for authentication of a user for sub-locations of a network location
US7853984B2 (en) * 2002-12-11 2010-12-14 Authorize.Net Llc Methods and systems for authentication
US7360694B2 (en) * 2003-01-23 2008-04-22 Mastercard International Incorporated System and method for secure telephone and computer transactions using voice authentication
US6871288B2 (en) 2003-02-21 2005-03-22 Ronald K. Russikoff Computerized password verification system and method for ATM transactions
US8751801B2 (en) 2003-05-09 2014-06-10 Emc Corporation System and method for authenticating users using two or more factors
WO2005002130A1 (en) * 2003-06-11 2005-01-06 Verisign, Inc. Hybrid authentication
US7841940B2 (en) * 2003-07-14 2010-11-30 Astav, Inc Human test based on human conceptual capabilities
US7430758B2 (en) * 2004-02-05 2008-09-30 Microsoft Corporation Prompt authentication
US20050228782A1 (en) * 2004-04-07 2005-10-13 Alexandre Bronstein Authenticating a web site with user-provided indicators
US20050273626A1 (en) * 2004-06-02 2005-12-08 Steven Pearson System and method for portable authentication
US7779457B2 (en) 2004-06-09 2010-08-17 Identifid, Inc Identity verification system
US7676834B2 (en) * 2004-07-15 2010-03-09 Anakam L.L.C. System and method for blocking unauthorized network log in using stolen password
US7467401B2 (en) * 2004-08-12 2008-12-16 Avatier Corporation User authentication without prior user enrollment
US7467411B2 (en) * 2004-08-27 2008-12-16 Astav, Inc. Protecting a service provider from abuse
US20060131385A1 (en) 2004-12-16 2006-06-22 Kim Mike I Conditional transaction notification and implied approval system
US20060271457A1 (en) 2005-05-26 2006-11-30 Romain Martin R Identity theft monitoring and prevention

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010037469A1 (en) * 1999-05-11 2001-11-01 Sun Microsystems, Inc. Method and apparatus for authenticating users
US20030204610A1 (en) * 1999-07-08 2003-10-30 Howard John Hal User authentication
US20060095779A9 (en) * 2001-08-06 2006-05-04 Shivaram Bhat Uniform resource locator access management and control system and method
US20050108551A1 (en) * 2003-11-18 2005-05-19 Toomey Christopher N. Method and apparatus for trust-based, fine-grained rate limiting of network requests

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1813048A4 *

Also Published As

Publication number Publication date
WO2006052601A2 (en) 2006-05-18
US8171303B2 (en) 2012-05-01
EP1813048A4 (en) 2010-12-29
EP1813048A2 (en) 2007-08-01
US20060095788A1 (en) 2006-05-04

Similar Documents

Publication Publication Date Title
WO2006052601A3 (en) Authenticating a login
PT2011301E (en) Arrangement of and method for secure data transmission.
WO2005078548A3 (en) Password prompt authentication
WO2006130616A3 (en) Augmented single factor split key asymmetric cryptography-key generation and distributor
WO2005107137A3 (en) Method and apparatus for authenticating users using two or more factors
WO2006002068A3 (en) Method and apparatus for making accessible a set of services to users
WO2008016800A3 (en) Method and apparatus for selecting an appropriate authentication method on a client
WO2007117315A3 (en) Methods and apparatus for power source authentication
EP1847941A3 (en) Method and system afor resetting passwords
WO2009031056A3 (en) Providing services to a guest device in a personal network
WO2007047479A3 (en) Control plane to data plane binding
WO2005104686A3 (en) Dynamic executable
WO2008042871A3 (en) Methods and apparatus for securely signing on to a website via a security website
WO2005074442A3 (en) Method and system associating a signature with a mobile device
WO2013049414A3 (en) Host agnostic integration and interoperation system
WO2007131003A3 (en) Location-specific content communication system
WO2006034290A3 (en) Method and system for providing content to users based on frequency of interaction
GB2433811A (en) System and method for event detection and re-direction over a network using a presentation level protocol
WO2005038649A3 (en) Methods and apparatus for providing access to persistent application sessions
WO2003100544A3 (en) Method for authenticating a user to a service of a service provider
WO2009017875A3 (en) System and method for authenticating content
WO2006076664A3 (en) System and method for permission-based access using a shared account
WO2007112216A3 (en) Method and system for evaluating and matching educational content to a user
EP1691523B8 (en) System and method for user access control to content in a network
ATE476045T1 (en) CUSTOMER AUTHENTICATION USING A CHALLENGE PROVIDER

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2005815985

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005815985

Country of ref document: EP