US007142840B1
`
`(12)
`
`United States Patent
`Geddes et a].
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 7,142,840 B1
`Nov. 28, 2006
`
`(54) METHOD AND SYSTEM FOR
`MULTI-NETWORK AUTHORIZATION AND
`AUTHENTICATION
`
`(75) Inventors; Martin Geddes’ Overland Park’ KS
`(Us); Farm Weaver, Spring H111, KS
`(Us). Piyush Jethwa Overland Park
`KS (Us). Christophe’r Ginn Missiol’l
`KS (US); Von McConnell, LeaWood,
`KS (US); David Anderson, Seattle, WA
`US
`(
`)
`(73) Assigneez sprint spectrum L1)” Overland Park’
`KS (US)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 302 days.
`
`(21) Appl. N0.: 10/370,238
`(22) Filed:
`Feb‘ 20, 2003
`
`(51) Int Cl
`'
`'
`2006.01
`H04M 3/16
`(
`455/4)n_ 455/410 455/418_
`(52) U 5 Cl
`'
`'
`' """""""""" "
`’
`’
`’
`58 F M f Cl _?
`_ 3759 @3214’ 379/9302’4750 59/421317
`(
`)
`1e
`0 4sg/szllocztézn4legrc7l
`155 200f
`’ 709’/237f 379/93 64 93’ 02 ’93 03’
`?l f
`’
`1
`'
`£111,‘
`’
`'
`_
`1,
`S
`ee app lcanon e or Comp ete Seam lstory'
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`
`6,430,407 B1
`
`8/2002 Turtiainen
`
`6,636,733 B1* 10/2003 Helferich ............... .. 455/412.2
`6,782,080 B1* 8/2004 Leivo et a1.
`379/9304
`2002/0112170 A1* 8/2002 Foley et a1. .............. .. 713/184
`2002/0177433 A1* 11/2002 Bravo et a1. .............. .. 455/411
`2003/0096626 A1* 5/2003 Sabo et a1.
`455/466
`2003/0158960 Al* 8/2003 Engberg ................... .. 709/237
`2004/0141508 Al* 7/2004 Schoeneberger et a1.
`370/401
`2004/0250085 Al* 12/2004 Tattan et a1. .............. .. 713/186
`
`OTHER PUBLICATIONS
`
`Young, “Authentication With SMS,” Wireles Review (Jun. 15,
`2001). (WWWWirelessrevieW.com/ar/Wirelessiauthentication>sms/
`
`* cited b examiner
`y
`Primary ExamineriDanh Cong Le
`
`(57)
`
`ABSTRACT
`
`A system for authentlcatmg and/orauthonzmg users of a
`servlce mcludes one commun1cat1on mterface W1th an access
`communication channel and another communication inter
`face With a con?rmation communication channel. Requests
`for a user to access a service are received over the access
`communication channel, and con?rmation codes for the user
`are received over a trusted con?rmation channel, such as an
`SMS text messaging system. Con?rmation codes may be
`received from the user requesting access to the service or by
`a third party acting as a gatekeeper to the service. The
`system tests the validity of received con?rmation codes, and
`enables the user to access the service if a valid con?rmation
`code is received.
`
`19 Claims, 4 Drawing Sheets
`
`RECEIVE ACCESS
`REQUEST
`Q
`
`I
`
`LOCATE CONFIRMATION
`ADDRESS
`5.2
`
`I
`
`SEND CONFIRMATION
`REQUEST
`M
`
`I
`
`RECEIVE CONFIRMATION
`MESSAGE
`i6.
`
`VALID
`CONFIRMATION
`CODE?
`§
`
`YES
`
`ENABLE ACCESS
`5!!
`
`DENY ACCESS
`&
`
`TWILIO, INC. EX. 1005
`Page 1
`
`

`
`U.S. Patent
`
`Nov. 28, 2006
`
`Sheet 1 of4
`
`US 7,142,840 B1
`
`Syn?"
`
`TWILIO, INC. EX. 1005
`Page 2
`
`

`
`U.S. Patent
`
`Nov. 28, 2006
`
`Sheet 2 0f 4
`
`US 7,142,840 B1
`
`ACCESS CHANNEL
`INTERFACE
`1_4
`
`cog?fb'l’?g?o'“
`INTERFACE
`2s
`
`BUS
`g2
`
`USER DATA
`STORAGE
`g2
`
`ACCESS
`CONTROL LOGIC
`2a
`—
`
`SERVICE
`CONTROL
`LOGIC
`12
`
`TWILIO, INC. EX. 1005
`Page 3
`
`

`
`U.S. Patent
`
`Nov. 28, 2006
`
`Sheet 3 0f 4
`
`US 7,142,840 B1
`
`FIGURE 3
`
`RECEIVE ACCESS
`REQUEST
`4_0_
`
`I
`
`LOCATE CONFIRMATION
`ADDRESS
`5;
`
`I
`
`SEND CONFIRMATION
`REQUEST
`it!
`
`I
`
`RECEIVE CONFIRMATION
`MESSAGE
`i5
`
`A
`
`YES
`
`VALID
`CONFIRMATION
`CODE?
`Ag
`
`YES
`
`OFFER
`RETRY?
`52
`
`NO
`
`ENABLE ACCESS
`
`DENY ACCESS
`
`TWILIO, INC. EX. 1005
`Page 4
`
`

`
`U.S. Patent
`
`Nov. 28,2006
`
`Sheet 4 of 4
`
`US 7,142,840 B1
`
`n_m._.<_2OHD<
`
`mo_>mmm
`
`flw
`
`om:<s_o.5<
`
`mo_>mm_m
`
`mum
`
`n_m:<s_o.5<
`
`mo_>mmm
`
`on»
`
`wmm:o_u_
`
`8
`
`mo_>mmm
`
`._Om_._.ZOO
`
`0.004
`
`an
`
`mmmooa.
`
`._Om_._.ZOQ
`
`0.00:.
`
`am
`
`<h<Qmum:
`
`Qmo<mo_.m
`
`TWILIO, INC. EX. 1005
`Page 5
`
`TWILIO, INC. EX. 1005
`Page 5
`
`

`
`US 7,142,840 B1
`
`1
`METHOD AND SYSTEM FOR
`MULTI-NETWORK AUTHORIZATION AND
`AUTHENTICATION
`
`BACKGROUND OF THE INVENTION
`
`2
`To verify the user’s identity, the user must often provide a
`usemame and passWord over the same communication chan
`nel he or she Will use to access the service. In the case ofan
`ATM, the combination of an ATM card and personal iden
`ti?cation number (“PIN”) is used to verify the identity of a
`user. In these systems, any fraudulent user Who learns a
`usemame and passWord can access restricted services over
`the Web, and a thief Who takes an ATM card and learns the
`PIN of the oWner can make banking transactions using the
`card, including Withdrawing cash from the oWner’s account.
`
`SUMMARY OF THE INVENTION
`
`A system for authorizing or authenticating users of a
`service includes a ?rst communication interface With an
`access communication channel and a second communication
`interface With a con?rmation communication channel. The
`con?rmation channel is preferably a secure communication
`channel and may be different from the access communica
`tion channel. The system includes service control logic that
`is in communication With the ?rst communication interface.
`The service control logic receives access requests associated
`With a user requesting access to the service. The system
`further includes access control logic that is in communica
`tion With the second communication interface and that sends
`or receives a con?rmation code through the second com
`munication interface. The access control logic may test the
`received con?rmation code for validity, for example, by
`determining Whether the received con?rmation code is a
`valid passWord associated With the user. The service control
`logic enables the user to access the requested service only
`after it is determined that the received con?rmation code is
`a valid con?rmation code.
`The second communication interface preferably includes
`a short message entity for receiving SMS messages that
`include the con?rmation code. When access requests include
`a user identi?er, the access control logic may retrieve a
`con?rmation-channel address from user data storage and
`send a request for a con?rmation code to that address. Where
`the second communication interface includes a short mes
`sage entity, the con?rmation-channel address may be a
`telephone number of the user’s mobile phone, and the access
`control logic may send an SMS message requesting a
`con?rmation code to the user’s mobile phone.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Exemplary embodiments of the present invention are
`described herein With reference to the draWings, in Which:
`FIG. 1 is a block diagram illustrating an exemplary use of
`a restricted-access system 10 With an IP netWork and an
`SMS messaging system.
`FIG. 2 is a block diagram illustrating an exemplary
`embodiment of the invention.
`FIG. 3 is a process How diagram illustrating an exemplary
`process for the operation of the system of FIG. 2.
`FIG. 4 is a block diagram of a con?rmation server in
`communication With multiple services in accordance With
`another exemplary embodiment of the present invention.
`
`DETAILED DESCRIPTION OF EXEMPLARY
`EMBODIMENTS
`
`FIG. 1 depicts a netWork architecture employing a system
`10 for providing access to a service to authorized users While
`preventing access by unauthorized users. The system 10 has
`interfaces to tWo channels of communication for communi
`cating With prospective users: an access channel 16 and a
`con?rmation channel 18. Aprospective user 11 of the system
`
`1. Field of the Invention
`The present invention relates to telecommunication ser
`vices and more particularly to a method and system for using
`a telecommunications channel to provide authentication or
`authorization for users of a service.
`2. Description of Related Art
`Cellular Wireless is an increasingly popular means of
`communication, as it offers users the opportunity for secure
`exchange of voice and data information using a mobile
`station (“MS”), such as a cellular telephone. In principle, a
`user equipped With a MS can seek information over the
`Internet or call anyone over a Public SWitched Telephone
`Network (“PSTN”) from anyWhere Within the coverage area
`of the cellular Wireless netWork. Security of communica
`tions using a cellular Wireless netWork is maintained
`through, among other things, the use of spread-spectrum
`transmission techniques such as code-division multiple
`access (CDMA). Moreover, individual mobile stations
`include an electronic serial number (“ESN”) hard-coded into
`the circuitry of each MS to make it extraordinarily dif?cult
`to fraudulently mimic the identity of a MS.
`One popular service offered for users of cellular Wireless
`communications, and particularly users of a personal com
`munications service (“PCS”), is the short message service
`(“SMS”). The SMS is a service implemented over a cellular
`Wireless netWork for sending short text messages over the
`netWork betWeen stations called short message entities
`through a message center (“MC”). A short message entity is
`often, but not necessarily, incorporated in a cellular phone or
`other MS. Short message entities may be implemented, for
`example, over an Internet protocol (“IP”) netWork or other
`netWork. In general, the SMS service may alloW a person to
`type in a desired text message, indicate the directory number
`associated With a destination mobile station, and then trans
`mit an SMS message encapsulating the desired text mes
`sage. The telecommunications netWork then conveys the
`text message to the destination mobile station, Where the
`message is typically displayed for receipt by an end user.
`SMS messaging is described in, for example, Gallagher &
`Snyder, “Mobile Telecommunications NetWorking With
`IS-4l” (1997), 285*3l0 and may be compliant With an
`industry standard such as the Telecommunications Industry
`Association (TIA)/Electronics Industry Association (EIA)
`Interim Standard IS-637A (“Short Message Service for
`Spread Spectrum Systems”).
`Other messaging services are Session Initiation Protocol
`(SIP) instant messaging and Wireless application protocol
`(WAP) push. SIP is described in, for example, IETF RFC
`3261 (June 2002), and WAP push is described in, for
`example, “WAP Push Architectural Overview,” WAP-250
`PushArchOvervieW-200l0703-a, ver. 03 (July 2001).
`With the increasing use of automated communication
`services of all kinds, Whether Wired or Wireless, sensitive
`transactions are increasingly carried out over these commu
`nication services. For example, consumers and business
`often perform banking transactions over the Internet or at an
`automated teller machine (ATM), Which itself is a commu
`nications terminal tied With the bank’s central computing
`system. Purchases are often made With credit cards over
`e-commerce Web sites. Employees use the Internet to log in
`to their company’s Web site to access con?dential informa
`tion related to their Work. In all of these situations, it is
`desirable to authenticate the user by verifying the identity of
`a user before providing the user With access to the service.
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`TWILIO, INC. EX. 1005
`Page 6
`
`

`
`US 7,l42,840 B1
`
`3
`is provided With a ?rst communication terminal 20 for
`communicating over the access channel 16 and a second
`communication terminal 22 for communicating over the
`con?rmation channel. When the user Wishes to gain access
`to a service offered through the restricted-access system 10,
`the user sends a request for access to the system 10 over the
`access channel. The system 10 receives the request for
`access and, in response to the request for access, sends a
`request for con?rmation to the user over either the access
`channel 16 or the con?rmation channel 18. In response to the
`request for con?rmation, the user sends a con?rmation
`message to the service provider over the con?rmation chan
`nel 18. The system 10 receives the con?rmation message
`and determines Whether the user has sent a valid con?rma
`tion code. If the user has provided a valid con?rmation code,
`the system 10 provides the service to the user.
`The operation of the restricted-access system 10 in a
`netWork may be understood by the exemplary case in Which
`the access channel 16 includes a packet-switched data
`netWork, such as the Internet or another IP netWork, the
`system 10 operates a restricted-access Web site, and the
`con?rmation channel 18 includes mobile telecommunica
`tions netWork With a text messaging function, such as SMS
`messaging. The ?rst communication terminal 20 is a per
`sonal computer loaded With Web broWser softWare, and the
`second communication terminal 22 is a short message entity
`such as a mobile phone With SMS capability. The user
`requests access to the Web site by, for example, folloWing a
`link or typing in the UPL of a home page of the Web site at
`the personal computer 20. Before alloWing the user access to
`the restricted portions of the Web site, the system 10 requests
`the user to send a con?rmation code, such as a password, via
`an SMS message. The request for con?rmation may itself be
`sent as an SMS message to the user’s mobile telephone 22.
`The user enters the passWord into his or her mobile phone
`and sends the passWord as an SMS message to the system
`10. Where, as in this example, the con?rmation chamnel 18
`is an SMS system and the user employs a mobile telephone
`to communicate over the channel 18, the channel 18 includes
`one or more base stations 24 (“BS”) for maintaining radio
`communications With mobile telephone 22, a serving mobile
`services sWitching center (“SMSC”) 19 for coordinating
`communications With the various base stations, and a mes
`sage center (“MC”) 21 With store-and-forWard capability for
`ensuring that SMS messages are directed to their intended
`recipient.
`When the system 10 receives the SMS message contain
`ing the passWord, it interprets the message to determine the
`sent passWord (for example, by removing Whitespace and
`extraneous addressing information), and tests Whether the
`passWord sent by the user is a valid passWord. If the
`passWord is a valid passWord, the service provider is
`directed to provide the user With access to the restricted
`access Web site.
`The components of the restricted-access system 10 are
`illustrated in FIG. 2. The system 10 includes service control
`logic 12 for offering a service to a user. The service control
`logic 12 may operate by itself providing a service to the user.
`In that case, the service control logic 12 may include, for
`example, an HTTP server softWare program, or logic to
`operate transactions at an ATM. Alternatively, service con
`trol logic 12 may act as a gate by, for example, sending a
`message to an external service provider (not shoWn) con
`?rming or denying that a user is entitled to access the
`service. In that case, the service provider then refuses to
`provide access by a user to a particular service until the
`service control logic system 10 sends a message to the
`
`20
`
`25
`
`30
`
`35
`
`40
`
`50
`
`55
`
`60
`
`65
`
`4
`service provider con?rming that the user is authorized to
`access the service. In another embodiment, the service
`control logic 12 acts as a channel through Which a service is
`provided. In that case, the service control logic 12 may
`include, for example, softWare for operating a proxy server
`or portal server, a ?reWall, or sWitch, or netWork node that
`permits or restricts communications betWeen a user and a
`service (such as an HTTP server) depending on Whether the
`user is properly authenticated and/ or authoriZed to access the
`service.
`System 10 may, in some embodiments, be useful for
`providing restricted access to users of a service Who may
`need to access the service from an untrusted terminal, such
`as an Internet terminal at a library or an “Internet cafe.”
`The system 10 further includes an access channel inter
`face 14 for connecting the system 10 With the access
`communication channel 16 and a con?rmation channel
`interface 26 for connecting the system 10 With the con?r
`mation communication channel 18. The access channel
`interface 14 receives requests for access to the service
`offered through the service control logic 12. The access
`channel interface 14 may be, for example, a netWork inter
`face card or a modem. The con?rmation channel interface 26
`is preferably a short message entity, but may be an interface
`With any other trusted communication channel. The con?r
`mation communication channel 18 is preferably a different
`communication channel from the access communication
`channel 16, i.e., the different channels are sent over different
`media, implemented in different netWorks, and/ or directed to
`different user communication terminals 20, 22. Accordingly,
`the con?rmation channel interface 26 is preferably con
`nected to a different communication channel from the access
`channel interface 14. The con?rmation communication
`channel 18 is preferablyibut need not beia more secure
`channel than the access communication channel 16. For
`example the con?rmation channel 18 may include CDMA
`radio transmissions, While the access channel 16 includes
`transmissions over the public sWitched telephone netWork
`(PSTN). These different channels may be carried over the
`same medium. It is preferable, but not necessary, that the
`access channel 14 be a channel over Which a rich user
`interface may be provided for a good user experience. The
`availability or a rich user interface is less important for the
`con?rmation communication channel 16, Which may be
`readily implemented by simple protocols such as SMS,
`instant messaging (over SIP or otherWise), WAP push, or
`HTTP POST messages.
`Access control logic 28 handles access requests received
`over the access channel interface 14, initiates requests for
`con?rmation, and tests con?rmation messages received
`through the con?rmation channel interface 26 for valid
`con?rmation codes. To test the validity of a con?rmation
`code received over the con?rmation channel interface 26,
`the access control logic may make use of user data storage
`30. The user data storage 30 includes records for authoriZed
`users including user identi?ers and con?rmation codes asso
`ciated With user identi?ers. When the access control logic 28
`handles a request for access that includes a user identi?er
`(for example, a username, an SMS address, an IP address, or
`other code that identi?es the user requesting access), the
`access control logic 28 retrieves a con?rmation channel
`address, such as an SMS address, from the user data storage
`30 and sends to the user a request for a con?rmation code.
`When a con?rmation message is received at the con?rma
`tion channel interface 26, the access control logic 28 tests
`the received con?rmation message for the presence of a
`valid con?rmation code by comparing the received con?r
`
`TWILIO, INC. EX. 1005
`Page 7
`
`

`
`US 7,142,840 B1
`
`5
`mation message With the con?rmation code associated With
`the user identi?er in the user data storage 30. Other knoWn
`methods of testing the validity of a con?rmation code may
`be employed that do not necessarily make use of a com
`parison With a stored con?rmation code.
`The access channel interface 14, the con?rmation channel
`interface 26, the user data storage 30, the access control
`logic 28, and the service control logic 12, communicate over
`a data bus 32 and are operated by a processor (not shoWn).
`The access control logic 28 and the service control logic 12
`may include machine language instructions saved in data
`storage such as computer RAM. It should be noted that,
`although the use of a bus to communicate betWeen logical
`modules is preferable When all modules are implemented
`Within the same computer, one or more of these modules
`may be implemented in different computers, With different
`processors, communicating over a netWork.
`The operations performed by the system 10 are set out in
`the How chart of FIG. 3. In step 40, the system receives a
`request for access to the service over the access channel. The
`request for access may be, in the case of a restricted-access
`Web site, an HTTP request encapsulating a username and/or
`passWord. Alternatively, Where the service is an ATM, the
`access request may be a message automatically sent by the
`ATM When, for example, the user inserts his or her card and
`enters a PIN. The request for access may alternatively be a
`request for a netWork layer connection, such as an IP
`connection, as may be employed by a user attempting to
`access a virtual private netWork (V PN).
`At step 42, the system 10 accesses the user data storage
`30 to locate a con?rmation-channel address associated With
`the access request. Where the con?rmation channel makes
`use of SMS messaging, the con?rmation-channel address is
`preferably a telephone number associated With a user’s MS.
`Where the con?rmation channel includes a presence service,
`the con?rmation-channel address may be an unresolved
`address that is resolved by the presence service, permitting
`the user to be located at one of several addresses. The RFCs
`“A Model for Presence and Instant Messaging,” RFC-2778
`(February 2000), and “Instant Messaging/Presence Protocol
`Requirements,” RFC-2779, (February 2000), describe the
`use of a presence service. Alternatively, the user data storage
`may store a multitude of con?rmation-channel addresses,
`With each address being associated With one or more users.
`In that case, When the access channel interface 14 receives
`an access request that includes a user identi?er, the access
`control logic may query a database to locate the con?rrna
`tion-channel address associated With that user identi?er.
`The system then sends a con?rmation request at step 44
`asking the user to send the con?rmation code over the
`con?rmation channel. The con?rmation request is preferably
`sent by the con?rmation channel interface 26. For example,
`Where the con?rmation channel is an SMS system, the
`con?rmation request may be sent by the con?rmation chan
`nel interface 26 as an SMS message to the user’s mobile
`phone 22. An exemplary con?rmation request for a user With
`the identi?er “j smit ” attempting to access a restricted Web
`site Would appear as folloWs:
`Access requested by jsmith to service.net. Please send
`con?rmation code to verify.
`
`6
`over the con?rmation channel. If a con?rmation message is
`not received before a speci?ed time has elapsed, the system
`may time out Without providing access.
`Where the user is equipped With a MS that includes a
`tWo-Way short message entity, the con?rmation request is
`preferably sent to the user as an SMS message, and the user
`may send the con?rmation code by sending a reply to the
`SMS con?rmation request message With the con?rmation
`code in the text of the reply message. Alternatively, the user
`may enter an SMS address of the system’s short message
`entity manually or from a directory saved in the user’s MS.
`In another embodiment, the con?rmation request includes a
`callback telephone number, and the user may use a telephone
`(preferably a mobile telephone With an integrated short
`message entity) to dial the callback number and then speak
`the con?rmation code (e.g., as a passWord or a series of
`numbers or characters) into an automated ansWering system.
`Once the con?rmation code has been received, the system
`performs any necessary parsing or interpretation of the
`con?rmation message, for example, by removing extraneous
`Whitespace or address information in the message, or by
`converting the case of the message text if the con?rmation
`code is not case-sensitive. If the con?rmation code is spoken
`over a telephone line, the system employs voice recognition
`to interpret the spoken con?rmation code.
`The system tests the code at step 48 to determine Whether
`it is valid. To test the code’s validity, the access control logic
`28 compares the code received from the user With a valid
`con?rmation code stored in the user data storage 30 and
`associated With the user identi?er. Of course, the con?rrna
`tion code may be stored in an encrypted format. If the
`con?rmation code is valid, the system provides access to the
`service at step 50. This may be accomplished by, for
`example, the access control logic 28 sending a validation
`message to the service control logic 12.
`If the con?rmation code is not valid, the access control
`logic determines at step 52 Whether or not to offer the user
`another chance to send a valid con?rmation code. The user
`may be offered a ?xed number of attempts or a limited
`amount of time to enter a valid code before the system
`denies access at step 54 for unauthoriZed users.
`To assist in requesting con?rmation messages and testing
`con?rmation messages for validity, the user data storage 33
`includes a database With a record corresponding to each
`authoriZed user of the system. Each record includes the user
`identi?er, a valid con?rmation code associated With the user
`identi?er, and (if con?rmation requests are sent over the
`con?rmation channel) the con?rmation-channel address
`associated With the user identi?er. Different con?rmation
`channel addresses may be employed for different services
`requested by the user.
`Where the service is a restricted-access Web site and the
`con?rmation-channel address is a telephone number corre
`sponding to a user’s SMS-enabled mobile phone, a sample
`set of database entries in the user data storage 33 Would
`appear as folloWs:
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`USERNAME
`
`CONFIRMATION-
`CHANNEL ADDRES S
`
`CONFIRMATION
`CODE
`
`An exemplary con?rmation request for a user attempting to
`access a restricted Web site Would appear as folloWs:
`Access requested to account of J. Smith. Please send
`con?rmation code to verify.
`After sending the con?rmation request, the system
`receives the con?rmation message from the user at step 46
`
`65
`
`user24
`acct2002
`anon
`
`312-555-6427
`514-555-2456
`905-555-6704
`
`Wqke234
`rtk13xy
`h2gej4e
`
`The user identi?er may take one of several different
`forms, so long as the identi?er is suf?cient to identify
`
`TWILIO, INC. EX. 1005
`Page 8
`
`

`
`US 7,142,840 B1
`
`7
`authorized users of the system. The user identi?er may be,
`for example, a usemame, password, or PIN. The user
`identi?er does not need to be consciously knoWn to the user;
`it may be, for example, a code associated With a token in the
`user’s possession (such as code electronically or magneti
`cally recorded on an ATM card, credit card, or smart card),
`an identi?er associated With the access channel (such as the
`user’s IP address in the case of Internet communications or
`telephone number in the case of telephonic communica
`tions). Of course, the user identi?er may be comprised of a
`combination of any of the above. The user identi?er is not
`necessarily unique for each user; a group of users (for
`example, all users employed at a branch of?ce location)
`could have the same user identi?er. The user identi?er is
`preferably stored in advance the user data storage 30, but
`access control logic 28 may be arranged to permit access to
`users for Whom no identi?er is stored in the user data storage
`30. That Would be the case When, for example, the system is
`designed to restrict access not only to previously-authorized
`users, but also to users Who register for the ?rst time by
`providing an identi?er to the system.
`The con?rmation code may be a passWord knoWn to the
`user. The con?rmation code may alternatively include bio
`metric information such as an eye scan or ?ngerprint read by
`the user’s con?rmation communication terminal 22. The
`con?rmation code may include an identi?er associated With
`the con?rmation channel, such as an identi?er uniquely
`associated With a user’s mobile telephone When the con?r
`mation channel makes use of SMS messaging. For example,
`When an SMS message is sent by an originating short
`message entity to the destination short message entity, the
`message received at the destination short message entityi
`called SMD-ACKiincludes data called the “OriginalOrigi
`natingAddress” that identi?es the originating short message
`entity. Thus, Where SMS is used in the con?rmation channel,
`the con?rmation code can include the OriginalOriginatin
`gAddress of the user’s short message entity. The access
`control logic 28 may use the OriginalOriginatingAddress to
`verify that a con?rmation code sent by SMS messaging Was
`sent by the telephone of the authorized user. Of course, the
`con?rmation code may include a combination of different
`types of codes, such as a passWord together With the user’s
`con?rmation channel address or a personal identi?cation
`number together With biometric data. Preferably, the con
`?rmation code used by the system includes a pass code
`consisting of one or more letters and/ or characters physically
`entered, through a keypad, microphone, or otherWise, by the
`user into the user’s con?rmation communication terminal
`22.
`In addition toior as an alternative toithe user data
`storage 30, the system 10 can make use of a trusted directory
`service, such as an electronic telephone directory, to asso
`ciate a user’s identifying information With a con?rmation
`channel address. This may be used, for example, When the
`step 48 of determining Whether a user is authorized involves
`comparing a name given by the user and the OriginalOrigi
`natingAddress of an SMS message sent by the user With the
`name and corresponding telephone number stored in a
`trusted telephone directory service.
`Instead of con?rmation codes permanently (or semi
`permanently) assigned to particular users, the system may
`make use of a pass code generated randomly (or selected
`from a list of con?rmation codes) for use With a particular
`transaction. For example, to authenticate a user attempting
`to reach a restricted-access Web page on a Web site, the Web
`page can display a pass code oil the user’s personal com
`puter 20. The system also sends a message to the user’s
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`mobile phone 22 requesting a pass code. The user enters the
`pass code displayed in the Web page into mobile phone 22
`and sends the pass code in a reply message to the system. As
`an alternative, if the system does not send a message to
`mobile phone 22, the user may send the pass code to the
`system as a standalone message, rather than as a reply. In
`another embodiment, the user may access a con?nnation
`Web page over a Web-enabled mobile device, such as a PCS
`phone, and enter the pass code in a form on the con?rmation
`Web page. The pass code may then be sent over the
`con?rmation channel as, for example, an HTTP POST
`message. The system may simplify access to the con?rma
`tion Web page by redirecting the user to a specialized
`con?rmation Web page When the user enters a URL of the
`service or selects a link to the service.
`In another alternative, the system may send a pass code to
`the user as a message to the user’s mobile phone 22, and the
`user then sends the pass code to the system by personal
`computer 20. Thus the, system may send a pass code to the
`user by either one of the channels (the access channel or the
`con?rmation channel), the user sends the same pass code
`back to the system over the other of the tWo channels, and
`the system checks the pass code for validity.
`In the embodiment in Which the user receives a pass code
`over one channel and sends the pass code over the other
`channel, a restricted-access Web site may display for the
`user text including a pass code once the user as entered his
`or her user identi?er. The user may then receive a message
`such as the folloWing over the con?rmation channel inter
`face:
`Access requested by jsmith to service.net. Please enter
`code displayed in Web broWser to verify.
`If the user accesses a con?rmation Web page over a
`Web-enabled mobile device, the text of the con?rmation
`Web page may contain a similar instruction, and include a
`form for the con?rmation code, together With a “send” or
`“submit” button. Once the user has sent a pass code, an
`interstitial message such as “Waiting for Authentication”
`may appear on one of the user’s terminals 20, 22.
`In some instances, a user may already have undergone
`security procedures, such as a passWord-protected logon,
`simply to open communications over the con?rmation com
`munication channel, even before requesting access to the
`service. In that case a valid con?rmation code requested by
`the system may be nothing more than an “okay” or “yes”
`message or other similarly uncomplicated con?rmation
`code.
`The system has thus far been described primarily by
`means of the embodiment in Which it is used to authenticate
`users requesting access to