111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US008781975B2
`
`c12) United States Patent
`Bennett et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,781,975 B2
`Jul. 15, 2014
`
`(54) SYSTEM AND METHOD OF FRAUD
`REDUCTION
`
`(75)
`
`Inventors: Naftali Bennett, New York, NY (US);
`Lior Golan, Tel Aviv (IL); Nira Rivner,
`Ramat Gan (IL)
`
`(73) Assignee: EMC Corporation, Hopkinton, MA
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 1436 days.
`
`5,819,226 A
`5,903,721 A
`6,049,787 A
`6,064,972 A
`6,105,010 A
`6,233,565 B1
`6,330,546 B1
`6,496,936 B1
`6,668,323 B1
`6,853,988 B1
`6,880,088 B1
`7,051,003 B1
`7,107,295 B2
`7,249,112 B2
`
`10/1998 Gopinathan et a!.
`511999 Sixtus
`4/2000 Takahashi et al.
`5/2000 Jankowitz eta!.
`8/2000 Musgrave
`5/2001 Lewis et a!.
`12/2001 Gopinathan eta!.
`12/2002 French eta!.
`12/2003 Challener eta!.
`2/2005 Dickinson eta!.
`4/2005 Gazier eta!.
`5/2006 Kobata eta!.
`9/2006 Shimizu eta!.
`7/2007 Berardi eta!.
`(Continued)
`
`(21) Appl. No.: 11/134,479
`
`(22) Filed:
`
`May23, 2005
`
`(65)
`
`Prior Publication Data
`
`US 2005/0273442 AI
`
`Dec. 8, 2005
`
`Related U.S. Application Data
`
`(60) Provisional application No. 60/572,776, filed on May
`21,2004.
`
`(51)
`
`(2012.01)
`
`Int. Cl.
`G06Q 20100
`(52) U.S. Cl.
`USPC . ... ... ... .. ... ... ... ... ... .. ... ... ... ... ... .. ... ... ... ... .. 705/67
`(58) Field of Classification Search
`USPC .............. 705/67, 16, 21, 59, 71; 380/44, 262,
`380/278, 279
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,858,117 A
`5,708,422 A
`
`8/1989 DiChiara et al.
`111998 Blonder et a!.
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`
`3/1993
`0 534 673
`1/2002
`1 176 489
`(Continued)
`
`OTHER PUBLICATIONS
`
`International Search Report for International Application No. PCT/
`US04/29690 mailed Mar. 9, 2007.
`
`(Continued)
`
`Primary Examiner- Calvin L Hewitt, II
`(74) Attorney, Agent, or Firm- BainwoodHuang
`
`(57)
`
`ABSTRACT
`
`A system and method may allow for extending authentication
`to a two factor, out of band form, requiring an additional data
`element or code via a channel different from the channel used
`for the primary transaction, where the different channel has
`the attribute that it is difficult or costly to achieve many access
`points to it, and it is possible to limit the number of users
`associated with a particular access point to it.
`
`19 Claims, 4 Drawing Sheets
`
`18
`
`/ 12
`
`13
`
`ONLINE SYSTEM
`
`I AUTHENTICATION
`
`LOCAL MODULE
`(PLUG IN)
`
`~17
`
`/11
`
`HOSTED SYSTEM
`
`14
`
`END
`USER
`
`15
`
`(
`
`10
`
`TWILIO INC. Ex. 1005 Page 1
`
`

`
`US 8, 781,975 B2
`Page 2
`
`(56)
`
`References Cited
`
`FOREIGN PATENT DOCUMENTS
`
`U.S. PATENT DOCUMENTS
`
`7,631,193 B1
`12/2009 Hoffman
`2003/0101348 A1 * 5/2003 Russo eta!. .................. 713/185
`2003/0163739 A1 * 8/2003 Armington et al . ........... 713/202
`2003/0172272 A1 * 9/2003 Ehlers et al . .................. 713/170
`2003/0174823 A1 * 9/2003 Justice et a!.
`................. 379/145
`2003/0177246 A1
`9/2003 Goodman et a!.
`2004/0044621 A1
`3/2004 Huang eta!.
`2004/0199462 A1 * 10/2004 Starrs .............................. 705/39
`2004/0215574 A1 * 10/2004 Michelsen et a!. .............. 705/64
`2004/0230527 A1 * 1112004 Hansen eta!. .................. 705/40
`2004/0243832 A1 * 12/2004 Wilfetal. ..................... 713/200
`2004/0260651 A1 * 12/2004 Chan eta!. ...................... 705/50
`2005/0097320 A1 * 5/2005 Golan eta!. .................. 713/166
`2005/0144279 A1 * 6/2005 Wexelblat ..................... 709/225
`2009/0089869 A1 * 4/2009 Varghese .......................... 726/7
`2012/0109824 A1 * 5/2012 Takatori et a!. ................. 705/44
`
`EP
`JP
`JP
`JP
`JP
`JP
`JP
`wo
`wo
`wo
`
`8/2003
`8/1999
`10/2002
`112003
`3/2003
`3/2003
`7/2003
`1111999
`3/2001
`1112001
`
`1 339 199
`11-212922
`2002-304522
`2003-006161
`2003-091509
`2003-091650
`2003-196566
`wo 99/60482
`wo 01122651
`wo 01190861
`OTHER PUBLICATIONS
`Supplementary European Search Report for Application No. EP 04
`80 9730 dated Dec. 11, 2008.
`International Search Report for International Application No. PCT/
`US05/18102 mailed May 23, 2007.
`* cited by examiner
`
`TWILIO INC. Ex. 1005 Page 2
`
`

`
`U.S. Patent
`
`Jul. 15, 2014
`
`Sheet 1 of 4
`
`US 8,781,975 B2
`
`/14
`
`END
`USER
`
`~
`
`15
`
`( 18
`
`/12
`
`ONLINE SYSTEM
`
`AUTHENTICATION
`LOCAL MODULE ~13
`(PLUG IN)
`
`-
`
`·17
`
`(11
`
`HOSTED SYSTEM
`
`/ 10
`
`FIG.l
`
`TWILIO INC. Ex. 1005 Page 3
`
`

`
`U.S. Patent
`
`Jul. 15, 2014
`
`Sheet 2 of 4
`
`US 8,781,975 B2
`
`12
`(
`
`\3
`AUTHENTICATION
`LOCAL MODULE
`1 ?1
`
`HS
`VALIDATION
`
`1?2
`
`PROXY
`MAPPING
`
`ONLINE SYSTEM
`1(2
`
`1 ?3
`ADMIN.
`APP.
`
`f - -
`
`-
`
`115
`
`\
`
`11
`(
`
`1?4
`
`CONF.
`RULES
`DB
`1?7
`
`1?5
`
`USER
`DEVICE
`MAPPING
`
`1?6
`
`RISK
`ASS.
`
`1 1 ?s
`
`ALERT
`LEVEL
`MONITOR
`
`~
`
`L-
`
`-
`
`I
`
`DECISION ENGINE
`
`DECISION MAKING
`
`1 ~ 0
`
`CHANNEL
`- USER MAPPING
`DB
`
`HSM
`
`1 ~ 2
`
`1l3
`
`EXTERNAL
`COMMUNICATION
`ENGINES
`
`1?9
`
`HISTORY
`DB
`
`1 ( 1
`
`--
`
`-
`
`AUTHENTI-
`CATION
`APPLICATION
`
`11~
`
`END USER
`
`FIG.2
`
`AUTHENTICATION
`
`HOSTED SYSTEM
`
`1(4
`
`\
`
`10
`
`TWILIO INC. Ex. 1005 Page 4
`
`

`
`U.S. Patent
`
`Jul. 15, 2014
`
`Sheet 3 of 4
`
`US 8,781,975 B2
`
`REGULAR
`AUTHENTICATION
`
`EVALUATE
`AUTHENTICATION
`
`·200
`
`·200
`
`200
`
`PROCEED TO
`ONLINE APP.
`
`USER PROVIDES
`ADDITIONAL CHANNEL
`
`200
`
`200
`
`END
`SESSION
`
`SEND A COMPLETION CODE
`VIA ADDITIONAL CHANNEL
`
`200
`
`200
`
`USER ENTERS
`COMPLETION CODE
`
`-200
`
`200
`
`NO
`
`FIG.3
`
`TWILIO INC. Ex. 1005 Page 5
`
`

`
`U.S. Patent
`
`Jul. 15, 2014
`
`Sheet 4 of 4
`
`US 8,781,975 B2
`
`LOW LEVEL
`
`__,- 300
`
`ALERT
`
`~330
`lr
`
`RELEASE
`
`~360
`
`MEDIUM LEVEL
`
`__,- 310
`
`ALERT
`
`~340
`lr
`
`RELEASE
`
`~350
`
`HIGH LEVEL
`
`_____.-- 320
`
`FIG.4
`
`TWILIO INC. Ex. 1005 Page 6
`
`

`
`US 8,781,975 B2
`
`1
`SYSTEM AND METHOD OF FRAUD
`REDUCTION
`
`RELATED APPLICATION DATA
`
`The present application claims benefit from prior provi(cid:173)
`sional application Ser. No. 60/572,776 entitled "System and
`Method of Fraud Reduction", filed on May 21,2004, incor(cid:173)
`porated by reference herein in its entirety.
`
`FIELD OF THE INVENTION
`
`The present invention relates to authentication; more spe(cid:173)
`cifically the present invention may be used, for example, in
`authenticating parties in a transaction.
`
`BACKGROUND
`
`10
`
`2
`When faced with a major theft of user credentials, the
`service provider may execute one or more of the following
`options:
`Provider may operate its business at a much higher risk
`level, for example, may check and analyze transactions to
`make sure no fraudulent activity takes place.
`Provider may perform a costly operation of changing the
`user credentials or deploying a new authentication mecha(cid:173)
`msm.
`Provider may shut down parts of the business in case the
`other two options may not be acceptable.
`Provider may perform other sets of actions.
`The service provider may not have any external alert as to
`the occurrence of a massive credential theft. For example, it
`15 may not know when a large set of credentials is stolen by an
`insider job, or from a third party service provider. In addition,
`even when a large theft may be known, like in the case of a
`large phishing attempt, the service provider may not know
`when the stolen credentials will actually be used.
`Service providers may be therefore looking for alternative
`authentication options. Some of the alternative solutions
`offered today are:
`1. Provider may ask for shared secret information that
`changes over time and may be therefore more difficult to
`25 obtain or that may lose its value after some time, as it becomes
`irrelevant, for example, details about recent transactions, or
`invoicing.
`2. Provider may ask for random parts of shared secret
`information, for example, random digits of the password, or
`random data elements out of a set of known data elements
`3. Mobile or telephone authentication, for example, mobile
`telephone may be pre-registered to the service and may be
`used to authenticate the user
`4. Token based authentication
`The current solutions may not be satisfactory, since none of
`them may strike a good balance between security and usabil(cid:173)
`ity. Either they may not be secure enough, for example, asking
`for random pieces of a shared secret, information which may
`easily be obtained during the initial user credentials theft,
`may not be usable enough or may be too expensive to actually
`deploy, for example, token authentication which may be
`expensive to implement, may require customer education,
`and deployment ahead of time to all users.
`
`In parallel to the growth in use of online channels for
`accessing a variety of services, and performing a variety of 20
`transactions, identity theft has reached epidemic levels, and
`online account takeover and transaction fraud is growing at an
`enormous rate. Parties committing fraud ("fraudsters") have
`new technologies at their disposal: for example "Trojan
`horses" and key loggers may be installed in unsuspecting
`customers' computers, transmitting personal information
`back to the fraudster; and phishing attacks may trick consum-
`ers into giving up personal and financial information (for
`example without limitation: social security number ("SSN"),
`account numbers, banking information, user names and pass- 30
`words for various services, personal identification numbers
`("PINs"), credit card numbers, which may be referred to as
`for example "user Credentials" or "Credentials").
`Recent scams show a sophisticated, determined, innova(cid:173)
`tive and well organized online crime wave. Fraudsters are 35
`more adaptive than ever, modifying their modus operandi and
`techniques quickly to exploit new vulnerabilities. While the
`fraudsters do not limit themselves to a specific sector, their
`main focus is on the banking and financial accounts sectors
`(other sectors prone to fraud are government services, ISPs, 40
`telecom companies and healthcare and many others).
`One issue is authentication-how does a service or trans(cid:173)
`action provider know whether a certain user accessing a ser(cid:173)
`vice and performing actions at a certain site is who he or she
`claims to be. Using the combination of a login and password 45
`alone (which still are the most prevalent method of authenti(cid:173)
`cation) may not be satisfactory.
`Many solutions have been proposed for the problem of
`authentication, however many of them encounter an imbal(cid:173)
`ance between usability vs. security: they are either not secure 50
`enough, or, when security is enhanced to satisfactory levels,
`they are cumbersome and expensive to deploy and operate.
`Various service providers may use Credentials in order to
`authenticate users in remote applications. Authentication
`may be required whenever a sensitive operation takes place, 55
`for example, viewing personal information, performing
`financial transactions, updating the user's profile and more.
`During authentication the user may usually be required to
`supply a pre-established password and optionally an addi(cid:173)
`tional shared secret between the user and the service provider. 60
`Users' credentials may enable access to sensitive information
`as well as funds, and therefore getting hold of them has
`become a popular criminal activity Stealing users' credentials
`may be done in various ways. For example, theft of a file
`containing credentials from the bank or a third party (includ- 65
`ing an "inside job"), a large and successful "Phishing" attack,
`keyboard sniffing and more.
`
`SUMMARY
`
`Embodiments of the present invention may relate to a
`method and system for addressing massive theft (or suspected
`theft) of identification information used in order to access
`services that contain, for example, confidential information
`of the users of those services, services where the user can
`perform sensitive operations or other services. Such identifY(cid:173)
`ing information may include but is not limited to, for
`example, user-names, codes, passwords of any form, or any
`other personal identifYing data that can be used in order to
`access services that contain confidential information (re(cid:173)
`ferred herein as "Credentials" or "User Credentials").
`Embodiments of the present invention may relate to a
`method and/or system for authenticating a user participating
`in a transaction, for example, a financial transaction, opening
`an account, etc. A user may communicate with an institution
`via a first communication channel such as for example the
`Internet and a web site. The system may transmit a data
`element, for example a code, to the user via a second com(cid:173)
`munication channel, (the identification of which may be pro(cid:173)
`vided by the user, or may be generated in another manner), for
`example, a telephone connection, e-mail connection etc. The
`
`TWILIO INC. Ex. 1005 Page 7
`
`

`
`US 8,781,975 B2
`
`4
`embodiment may conduct transactions with a number of
`users, ensuring that for each one of the communication chan(cid:173)
`nels, only a certain number of users can use each access point
`to such communication channel. One of the communication
`channels may be the communication channel by which the
`transaction is conducted; but in alternate embodiments need
`not be. In some embodiments the code may be transmitted
`only on the suspicion as to the existence of a certain risk level.
`The risk level may be related to the transaction in some
`10 embodiments; but in alternate embodiments the risk level
`may be related to an event outside of the transaction. In some
`embodiments it may be possible to limit the number of users
`who may use an access point to one of the communication
`channels, for example, no more than N users may be permit-
`15 ted to use an access point to one of the communication chan(cid:173)
`nels. In some embodiments the access point to one of the
`communication channels may be invalid if, for example, it has
`existed for fewer than N days. The identity of the access point
`to one of the communication channels may be collected
`20 before a transaction or during a transaction.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`3
`authentication system may receive the data element from the
`user via the first communication channel and may determine,
`based on the data element, if the user is allowed to perform a
`transaction. In some embodiments, the transmitting of the
`data element to a user and receiving the data element from the
`user may be done only if an alert level is not sufficient, or is a
`certain level. The authentication system may allow the user to
`proceed with the transaction only if the data element received
`via the second communication channel is supplied correctly
`via a first communication channel, for example, the received
`code matches the sent code. In some embodiments the first
`communication channel may be a telephone connection while
`the second communication channel may be the Internet; other
`suitable channels may be used. The second communication
`channel may or may not be the communication channel by
`which the transaction is conducted.
`A system and method according to one embodiment may,
`during a transaction with a user, transmit to the user, via a first
`communication channel, a code; and receive from the user,
`via a second communication channel, the code. The transac(cid:173)
`tion may proceed, or the user may be authenticated, if the
`code matches. A system and method according to one
`embodiment may conduct transactions with a number of
`users, ensuring that for each of a set of first communications
`channels, only a certain number of users can use a particular 25
`access point to that first communication channel. The second
`communication channel may be the communication channel
`by which the transaction is conducted; but in alternate
`embodiments need not be.
`Some embodiments of the present invention may relate to
`a method and/or system for authenticating a user participating
`in a transaction, for example, a financial transaction, opening
`an account, a password recovery, etc. A user may communi(cid:173)
`cate with an institution via a communication channel such as
`for example the Internet and a web site. The system may 35
`transmit a data element, for example a code, to the user via a
`different communication channel (the identification of which
`may be provided by e.g. the user, or may be generated in
`another manner), for example, a telephone connection, e-mail
`connection etc.
`The authentication system may receive the data element
`from the user via a communication channel and may deter(cid:173)
`mine, based on the data element, if the user is allowed to
`perform a transaction. In some embodiments one of the com(cid:173)
`munication channels may have characteristics that it may be 45
`difficult and/or expensive to obtain many access points to it.
`In some embodiments, the transmitting of the data element to
`a user and receiving the data element from the user may be
`done when there is a greater probability of transaction risk.
`The authentication system may allow the user to proceed with 50
`the transaction only if the data element received via one
`communication channel is supplied correctly via a different
`communication channel, for example, the received code
`matches the sent code. In some embodiments one communi(cid:173)
`cation channel may be a telephone connection while the other 55
`communication channel may be the Internet; other suitable
`channels may be used The other communication channel may
`or may not be the communication channel by which the
`transaction is conducted. Some embodiment of the present
`invention may include initiating contacting with a user via 60
`one of the communication channels.
`A system and method according to one embodiment may,
`during a transaction with a user, transmit to the user, via one
`communication channel, a code; and receive from the user,
`via a different communication channel, the code. The trans- 65
`action may proceed, or the user may be authenticated, if the
`code matches. A system and method according to one
`
`The subject matter regarded as the invention is particularly
`pointed out and distinctly claimed in the concluding portion
`of the specification. The invention, however, both as to orga(cid:173)
`nization and method of operation, together with objects, fea(cid:173)
`tures and advantages thereof, may best be understood by
`reference to the following detailed description when read
`30 with the accompanied drawings in which:
`FIG. 1 depicts an authentication system according to one
`embodiment of the present invention;
`FIG. 2 depicts an authentication system according to one
`embodiment of the present invention;
`FIG. 3 is a flowchart depicting a process according to an
`embodiment of the present invention; and
`FIG. 4 is a flowchart depicting a process for moving
`between alert levels according to an embodiment of the
`present invention.
`Reference numerals may be repeated among the figures to
`indicate corresponding or analogous elements.
`
`40
`
`DETAILED DESCRIPTION
`
`In the following detailed description, numerous specific
`details are set forth in order to provide a thorough understand(cid:173)
`ing of the invention. However it will be understood by those
`of ordinary skill in the art that the present invention may be
`practiced without these specific details. In other instances,
`well-known methods, procedures, components and circuits
`have not been described in detail so as not to obscure the
`present invention. Various modifications to the described
`embodiments will be apparent to those with skill in the art,
`and the general principles defined herein may be applied to
`other embodiments. The present invention is not intended to
`be limited to the particular embodiments shown and
`described.
`Unless specifically stated otherwise, as apparent from the
`following discussions, it is appreciated that throughout the
`specification, discussions utilizing terms such as "process(cid:173)
`ing," "computing," "calculating," "determining," or the like,
`may refer in whole or in part to the action and/or processes of
`a processor, computer or computing system, or similar elec(cid:173)
`tronic computing device, that manipulate and/or transform
`data represented as physical, such as electronic, quantities
`within the system's registers and/or memories into other data
`similarly represented as physical quantities within the sys-
`
`TWILIO INC. Ex. 1005 Page 8
`
`

`
`US 8,781,975 B2
`
`5
`tern's memories, registers or other such information storage,
`transmission or display devices.
`The processes presented herein are not inherently related to
`any particular computer, processing device, article or other
`apparatus. An example of a structure for a variety of these
`systems will appear from the description below. In addition,
`embodiments of the present invention are not described with
`reference to any particular processor, prograrmning language,
`machine code, etc. It will be appreciated that a variety of
`programming languages, machine codes, etc. may be used to
`implement the teachings of the invention as described herein.
`Embodiments of the invention may be used so Service
`Providers that may provide services containing confidential
`information, will be able to continue providing access to such
`services to their users, for example, in the face of massive
`theft, or suspected theft of credentials of the users of their
`services. It will be appreciated, however that the present
`invention may not be limited to usage by service providers,
`but rather may also be used by the government, and any other
`authority or entity that offers access to information of confi(cid:173)
`dential or private nature.
`A system and method may allow for extending authentica(cid:173)
`tion to a two factor, out ofband form, requiring for example an
`additional data element or code via a channel different from
`the channel used for the primary transaction. The system may
`contact a user who may wish to conduct a transaction via a
`communication channel, which may be the communication
`channel of conducting the transaction or an additional com(cid:173)
`munication channel, and provide the user with a secret, for
`example, a code or a data element. The user may provide the
`system with the secret via a communication channel which is
`different from the channel the secret may be received by. For
`example, a user may log in to a web via the Internet and the
`system may contact the user by sending a SMS with a code to
`the user's mobile telephone. The user may enter the code 35
`received via the second channel ( e g., the mobile phone) via
`the first channel (e.g., the Internet) in order to access the
`system. In another embodiment the user may receive the code
`via the first channel (e.g., the Internet) and the system may
`contact the user via the second channel, for example a land- 40
`line telephone and may request the user to supply the code via
`the second channel. In other embodiments the user may con(cid:173)
`tact the system via a second channel and may supply the
`secret via a first or a second channel.
`An embodiment of the invention and system may be used, 45
`for example, by financial institutions (Fis), or non-financial
`institutions to address massive credentials theft or suspected
`theft of their users and members. The present invention may
`be relevant to anyone that operates a service requiring remote
`customer access using some form of credentials and that may 50
`be subjected to any kind of credential exposure. An FI that
`may be using an embodiment of the invention may not be
`required to distribute any hardware ahead of time, nor may it
`be required to educate its users. The FI may deploy a method
`according to one embodiment exactly when needed and 55
`where needed. An embodiment of the invention may therefore
`provide a high level of protection against any kind of theft of
`credentials, at low cost.
`Some embodiments of the present invention may include a
`system and/or method which may provide flexible transaction 60
`processing based on for example the risk assessment or risk
`level of a transaction and/or a user or party to a transaction.
`For example, based on a risk level, a level of authentication or
`other aspects of a transaction may be set or altered.
`It will be appreciated by persons skilled in the art that this 65
`system and method may not be limited to use by financial
`institutions, but rather by any Service provider, that users may
`
`6
`be required to authenticate themselves in order to gain access
`to the services. Moreover, in some embodiments reference
`may be made to a telephone and a telephone number, as the
`second factor for the authentication. While a telephone line
`and number may correspond to the requirements defined
`herein for the second communication channel, it should be
`appreciated by persons skilled in the art that other communi(cid:173)
`cation channels may be used as well, and the telephone may
`be used in order to provide a simple illustration of a certain
`10 embodiments of this invention.
`It will also be appreciated by persons skilled in the art that
`the "Users" referred to herein, could be individuals as well as
`corporations and other legal entities. The alert levels or levels
`15 of fraud alert referred to in the following sections may be
`intended as an illustration and there may be many other con(cid:173)
`figurations intended to distinguish between various levels of
`fraud attack or suspected attack.
`The system and method described herein may be imple-
`20 mented whenever massive Credentials' theft may occur, as
`well as when it is suspected to have occurred, or anytime.
`One of the advantages of an embodiment of the invention is
`that it may be deployed immediately when needed and where
`needed, and may have very low operational and deployment
`25 costs, moreover, it may not require prior access such as, for
`example, pre-enrolment, or pre-distribution of hardware to
`users, who may be potential victims of such theft.
`An embodiment of the invention may extend authentica(cid:173)
`tion to a two-factor out-of-band form, requiring an additional
`30 data element, in addition to the credentials, to be transmitted
`to the user via a different channel. In one embodiment such
`second channel may be, but is not limited to a mobile tele(cid:173)
`phone or a landline telephone, or a pager, or any channel that
`has the characteristic that it is difficult either logistically,
`money-wise, or time-wise, to obtain access to many access
`points to it, for example, it may be difficult and/or expensive
`to own numerous telephone lines, or mobile numbers or
`beeper numbers, and in a preferable embodiment of this
`invention, it may be widely available and easy to access by
`users (on an individual basis). Channels not having such
`characteristics may be used for out-of-band communication.
`It should be noted that unlike typical two-factor authenti(cid:173)
`cation methods, the additional authentication channel (e.g., a
`channel used outside a normal process or channel for authen(cid:173)
`tication or identification) may not be previously uniquely
`linked to a user, and therefore there may not be a need for prior
`access to the users, for example, in the form of registration,
`distribution of hardware or education of users, prior to
`deploying a method according to one embodiment.
`In one embodiment, the system may ensure that for each of
`an out-of-band or secondary communication channel, only
`one or a certain number of users or accounts can use this
`channel for authentication. Security may be achieved by for
`example limiting the number of different user service
`accounts that may use the same authentication channel. For
`example, if the service is a bank account, such limitation may
`be achieved by limiting the number of bank accounts that may
`be linked to a certain telephone number, or by limiting the
`number of users who may link their accounts to that telephone
`number, based on for example name/SSN/whether they are
`members of the same family, and by deploying as part of a
`method according to one embodiment only those channels
`that may have the characteristic that it may be difficult (e.g.,
`logistically, money-wise, or time-wise) to obtain access to
`many access points to it. For example, it may be both expen(cid:173)
`sive and logistically difficult to obtain access to a significant
`number ofland-line telephone numbers.
`
`TWILIO INC. Ex. 1005 Page 9
`
`

`
`US 8,781,975 B2
`
`7
`The deployment of an embodiment of the invention may be
`governed and set according to criteria intended to specifY the
`level of the threat offraud. It may also be applied selectively
`to users according to various criteria intended to assess the
`probability of fraud, for example, at various levels of fraud
`users logging into a service from their typical IP location may
`be exempt from a method according to one embodiment, or
`users who may perform a successful out of band authentica(cid:173)
`tion, for example from a certain location (such as computer or
`ATM machine) may be exempt from extra authentication in
`their next attempt to access the service from the same loca(cid:173)
`tion).
`Embodiments of the invention may pertain to a two factor
`authentications using a communication channel that meets
`certain criteria. Users may be authenticated using a combina- 15
`tion of their regular Credentials and proof that the user may
`have access to a communication channel that meets the cri(cid:173)
`teria of this method, for example, without limitation, such
`proof could be delivered by the user presenting a dynamic
`piece of data that may be delivered to it via a communication 20
`channel that meets the criteria of this method, by the user
`showing it knows the content of this dynamic data, or by the
`user initiating a call from a telephone or a channel to a certain
`telephone number. The criteria that the additional communi(cid:173)
`cation channel may need to meet under this method, may be 25
`that it would be difficult and/ or cumbersome and/ or expensive
`to obtain a significant number of it, for example, without
`limitation, it is expensive and cumbersome to obtain numer(cid:173)
`ous telephone or mobile telephone numbers including access
`to them. Security may be achieved not only by selecting such 30
`a type of communication channel for delivery of the dynamic
`password, but also by restricting the number of, for example,
`users or user accounts, or any other number of distinct values
`of a property of the users or accounts, such as owner name,
`SSN, billing address, that may be linked to a particular chan- 35
`nel. This method may be used either with respect to users may
`have pre-registered the details of their secondary authentica(cid:173)
`tion channel, as well as with respect to users who may not
`pre-registered With respect to the latter, such details may be
`collected during the authentication session.
`Other secondary communication channels having other
`characteristics, for example that may not be difficult to obtain,
`maybe used.
`This method may more generally be seen as a method for
`achieving a sufficient level of security in authentication not by 45
`actually validating user's identity but rather by (i) requiring
`users to provide details of "something" that may be either
`expensive, complicated or hard to achieve in large numbers
`(e.g., it may be something that meets the above criteria, but
`that may be readily available, such as for example, a tele- 50
`phone line); and (ii) by limiting the number of different user
`service accounts or users who may use the same "something"
`for authentication.
`FIG. 1 depicts an authentication system 10 according to
`one embodiment of the present invention. Referring to FIG.1, 55
`an end user 14 may use a terminal such as a personal com(cid:173)
`puter, automated teller machine, PDA, telephone, cellular
`device, or other computing device may wish to conduct a
`transaction (e.g., login to a service, make a purchase, opening
`a financial account, etc.) with an institution 18. Institution 18 60
`may be, for example, a provider that may provide services
`containing confidential or private information, for example, a
`financial institution ("FI") system, government agencies,
`health institution, communication service provider or any
`other institution, authority or entity. End user 14 and institu- 65
`tion 18 may communicate, for example, via one or more
`communications network(s) 15 such as, for example, the
`
`8
`Internet, a cellular system, intranets, data lines, a combination
`of