(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2004/0203595 A1
`Singhal
`(43) Pub. Date:
`Oct. 14, 2004
`
`US 20040203595A1
`
`(54)
`
`(76)
`
`(21)
`(22)
`
`METHOD AND APPARATUS FOR USER
`AUTHENTICATION USING A CELLULAR
`TELEPHONE AND A TRANSIENT PASS
`CODE
`
`Inventor: Tara Chand Singhal, Torrance, CA
`US
`(
`)
`Correspondence Address;
`Tara Chand Singha]
`P_()_ BOX 5075
`Torrance, CA 90510 (Us)
`
`Appl, N()_j
`
`10/217,287
`
`Filed:
`
`Aug. 12, 2002
`
`Publication Classi?cation
`
`(51) Int. Cl? .................................................... ..H04M 1/66
`(52) US. Cl. ....................................... ..455/411;455/414.1
`
`(57)
`
`ABSTRACT
`
`Authentication system 10 is used to store a user’s existing
`passwords; alternatively, the authentication system creates
`on demand a transient random pass code that is good for a
`limited duration. When the user has forgotten the password
`in a traditional system, alternatively, without the need to
`create or remember passwords, user can use transient pass
`codes. The user retrieves the password or the pass code via
`a cell telephone 800 call to the authentication system, before
`logging on to the system.
`
`Telephone
`
`‘
`
`‘ Authentlcatlon System 10
`
`Network 16
`
`Verify caller and create
`time-limited pass code,
`or retrieve existing password
`
`K04
`I;
`
`User
`05
`
`D u D
`
`
`
`System interface 02
`
`Bank
`System 20A
`
`@
`
`Business
`System 208
`
`Consumer
`System 200
`
`Facility
`Access
`System 20D
`
`TWILIO, INC. EX. 1008
`Page 1
`
`

`
`Patent Application Publication Oct. 14, 2004 Sheet 1 of 6
`
`US 2004/0203595 A1
`
`
`
`
`
`Eoawmmqmc_..m_xmm>mEm_5
`
`
`
`®“_.m®._Uvcm.m__mo>u__._®>
`
`
`
`.300mmmau9_E__-mEm
`
`
`
`orE3m>m_._o_umo=:o£:<
`
`m:o:am_m.r
`
`9vzoémz
`
`momEeam
`
`a___o$
`
`mwm8<
`
`oomswim
`
`_mE:m:oo
`
`<_.2:9“.
`
`<8522m
`
`xcmm
`
`mwm_.__w:m®
`
`momE296
`
`+\\\\\\\\\\\\\®mo8mtmE_
`
`TWILIO, INC. EX. 1008
`Page 2
`
`TWILIO, INC. EX. 1008
`Page 2
`
`
`
`
`
`
`

`
`Patent Application Publication Oct. 14, 2004 Sheet 2 0f 6
`
`US 2004/0203595 A1
`
`9 {0362
`
`96522.
`
`
`
`
`
`vm cosoczm 6:50 mwm8<
`
`Q-< 8 E226
`
`No
`
`m? MMDUE
`
`l
`L_____________’_______________..________.._
`
`UDIJ
`IIIIJCI
`[IUD
`
`6%
`
`mo
`
`TWILIO, INC. EX. 1008
`Page 3
`
`

`
`Patent Application Publication Oct. 14, 2004 Sheet 3 0f 6
`
`US 2004/0203595 A1
`
`
`
`
`
`3 5:82 6:50 mwm8<
`
`Q-< 8 522w
`
`@
`
`@ ww :wBEE 4 .............. -
`
`
`
`8 5296 5.38552
`
`
`
`>wxmmma uwtE=¢Ez
`
`
`
`Bmwb Em 6:8 >uEw>
`
`UP MMDQE
`
`8 text: #281
`
`
`850m
`
`cozmczwma
`
`mm >oxwwmn_ Q “96mm
`
`
`
`mm BmQ Hwxomm
`
`mHmQ
`
`@
`@
`
`No 886E
`
`E996
`
`DEIIII
`IJDIII
`HUD
`
`6m:
`
`mo
`
`TWILIO, INC. EX. 1008
`Page 4
`
`

`
`Patent Application Publication Oct. 14, 2004 Sheet 4 of 6
`
`US 2004/0203595 A1
`
`
`
`mun.wEo3mmma.mnEmEm__._omummzo3tom:oz
`
`
`
`
`
`
`
`ommmamamamaam>>Eao._
`
`NF2._mw3
`
`
`
`
`
`3NmuoommmaEmficmfi
`
`
`
`ormmamamamanm>>Eao._
`
`Eozwmma
`
`U_._mmD
`
`9.93__8:5»E888mam8m;:8
`
`
`
`.®UOOwmmaEm_mcm:NEmfioOH
`
`
`
`muoowmmaEm_m:m._._.mm:
`
`
`
`.Eo>>wmmam£c_mEo925%.__850>9%:83Nam83__mo
`
`
`
`ownEoiwmma._=o>E98:o>=
`
`
`
`
`
`mv..m.Tmmmvmmfionamxmmma
`
`92
`
`H.
`
`EDDU
`
`_H_D_H_
`
`DUE
`
`D_H:H_
`
`
`
`ommmamamamanm>>Eao._
`
`z_n__mEmuc<Emu50>mu__mEmw:_
`
`
`
`
`
`<.,mv_mwmam£:_mEo9mcoca__mo30>ac_m:mcoxcmmoomé__mo
`
`Nm._:
`9".
`
`
`
`
`
`a:_w:8%NNN83__mO.Z_n_.5_m=£.—mm:
`
`
`
`
`
`.2_aEm_m:m:m:_mEo9mcoca__mo50>
`
`TWILIO, INC. EX. 1008
`Page 5
`
`
`
`Sm_mc_E._m._.wwmoo<>:__omu_\mOnS>F<
`
`
`
`
`
`TWILIO, INC. EX. 1008
`Page 5
`
`
`

`
`Patent Application Publication Oct. 14, 2004 Sheet 5 of 6
`
`US 2004/0203595 A1
`
`mmm9<E926
`
`mommEm2<E396
`
`
`
`mom£.mn_mmm8<
`
`ovmmmmnfimoE996
`
`
`
`<2co:o_._:u_:o_=mo_Em£:<
`
`
`
`momEw..m>w9:980
`
`8m6._m__m395592.0
`
`Nam9&2
`
`
`
`vmmmmmfivm__mE-m_
`
`ommza
`
`mmmn__<Eeflm
`
`8m.9.33
`
`momme:am
`
`WmmEo>>wwmn_
`
`
`
`wmmmwmnflmo_®mD
`
`
`
`ommmocflmzwmcozomwcmc.
`
`NRwEE2mo
`
`ownn:5m:
`
`wmmn:E2m>w
`
`vnm_u_._w__mO
`
`mumwasEm
`
`
`
`NWOmmmnfimoco_8mm:m._._.
`
`
`
`ownmmo_>mn_mmfioflw
`
`
`
`omm.ommmoo._n_E235co:mo_Em£:<
`
`:o:mu_Em£:<
`
`orE3m>m
`
`m..:=m_"_
`
`TWILIO, INC. EX. 1008
`Page 6
`
`TWILIO, INC. EX. 1008
`Page 6
`
`
`

`
`Patent Application Publication Oct. 14, 2004 Sheet 6 of 6
`
`US 2004/0203595 A1
`
`
`
`vanu._o>>mwmn_mumoEmzEmam>m._wnE::_ml_.__mo
`
`
`
`
`
`
`
`39900mcaaocm11‘__mE-m_
`8oNN_mm$c_w:m2E
`
`
`
`
`oN_o9<xcmm.mEmz
`
`
`
`
`
`o3m.mn_n_m>>93Emum02.09385m88<E8oE88<
`
`
`
`om...m.mn.n®>>co_6m_mmEmflwm
`
`
`
`
`
`
`
`
`
`omvmE_._.vcm95w:Em_.m>m_mEm.Em_.m>w.om_mw
`
`
`
`
`
`
`
`
`
`dmmomomE_v_EEw<3...oeo/lcmm_x
`
`Nun92:.Sn9am:8”252EBm>wN?:o_.8_ommm»9E236
`
`dmmomoovyoomE.in>55
`
`zmv_‘mmmw._O<03%v_m_>>z8%
`
`mNmE<qocw
`
`v2:9".
`
`Om<mmmsmsm
`
`z__>_o<wm
`
`TWILIO, INC. EX. 1008
`Page 7
`
`TWILIO, INC. EX. 1008
`Page 7
`
`

`
`US 2004/0203595 A1
`
`Oct. 14, 2004
`
`METHOD AND APPARATUS FOR USER
`AUTHENTICATION USING A CELLULAR
`TELEPHONE AND A TRANSIENT PASS CODE
`
`FIELD OF THE INVENTION
`
`[0001] The present invention is directed to a method and
`apparatus for user authentication to a computer system using
`a cellular telephone and transient pass codes.
`
`BACKGROUND
`
`[0002] Access to a computer system is controlled by a
`combination of a user ID to identify a user and a passWord
`to verify the user. The passWord is initially created by the
`system and then can be changed by the user. It is only knoWn
`to the user and is kept secure by an access control function
`Within the computer system.
`
`[0003] The combination of a user ID and passWord are the
`prevalent technology for access control to computer systems
`and are used in:
`government agencies such as defense
`systems by defense employees to control access to classi?ed
`data, (ii) business systems by employees of the business to
`control access to sensitive data, (iii) consumer systems by
`consumers to control access to consumer services and
`resources provided by a business, and (iv) banking systems
`to control access to online account data and so on.
`
`[0004] The use of a passWord to control access suffers
`from some de?ciencies, such as, too many passWords, easy
`to forget and unfamiliar dif?cult to remember long string
`passWords, and risk of compromise.
`
`[0005] There have been many solutions to address one or
`more of these de?ciencies. Some of them have been: 1)
`having longer passWords of at least 6 to 8 characters, Where
`the passWord must have a combination of numerals and
`alphabets, 2) having passWord that have a combination of
`loWer and upper case letters as Well as a punctuation
`character, also referred to a pass phrase 3) having tWo layers
`of passWords common in defense systems 4) having the
`passWord changed periodically such as once a month or
`every three months, Which is common in defense and
`sensitive business systems, 5) supplying additional personal
`data such as mother’s name, place of birth or other data to
`the computer system When a passWord is forgotten, so that
`such data may be used to verify the user in lieu of a forgotten
`passWord.
`[0006] NeW innovative solutions to address these de?cien
`cies in passWord technology are also being researched. One
`example is a recent neWs report on Microsoft, Which
`describes a research effort on creating and using a passWord
`that depends upon a user selecting points on a picture. The
`pixel location sequence is to be used as a passWord, as it is
`believed that points on a picture are easy to remember and
`also create a complex passWord.
`
`[0007] Other solutions have been biometrics, such as the
`use of one’s ?ngerprint, handprint, or retina-scan, to control
`access to a facility controlled by a computer system. Based
`on published stories, use of biometrics, have problems such
`as, having ?nger print can be easily fooled by an imposter
`gluing on some-one else’s ?nger print on his ?ngers, and
`that people are hesitant to make biometric data available to
`computer systems for privacy reasons.
`
`[0008] Smart cards are also being used in some cases to
`control access to a computer system. Use of smart cards or
`tokens require a smart card reader and a smart card being
`given to a person in advance. For these and other reasons
`they have not gained Wide spread popularity.
`[0009] In light of the above, it is an objective of the present
`invention to have a user authentication system that elimi
`nates the problems of:
`the users in having to create and
`remember passWords, in having to create different pass
`Words for access to different systems, and passWords being
`stolen from the users by their carelessness or negligence;
`and (ii) the businesses in having to maintain computer
`systems that have a risk of compromise of passWord by
`carelessness of their employees or external hacker attacks.
`
`SUMMARY
`
`[0010] The present invention is directed to a method and
`apparatus for a user authentication system that uses a
`cellular telephone. In one embodiment, an authentication
`system is used to store a user’s existing passWords. When the
`user has forgotten the passWord, the user can retrieve it via
`an 800 number call to the authentication system using
`his/her cell telephone, before logging on to the system. The
`current caller ID technology provided by the telephone
`companies uniquely identi?es a cell phone oWner and is
`used to verify the caller to the authentication system.
`
`[0011] In another embodiment, the authentication system
`does not store existing passwords, but creates, on demand,
`a temporary or transient random pass code that is good for
`a limited time. Such transient pass codes are randomly
`created only at the instance of use. They do not exist earlier
`anyWhere. They can be very simple, for example a 3-digit
`numeral, and are believed to be far more secure in their
`operation and use than the current use of passWords.
`
`[0012] The user has only a set time to gain access to the
`computer system using the user ID and the transient pass
`code. The set time may be selected based on user’s prefer
`ence and the security needs of the system.
`
`[0013] This invention may be practiced in different ver
`sions, as the systems have different security needs and the
`users have different habits. These are described in the
`description section.
`[0014] The authentication system of this invention serves
`(i) the users, by the users not having to create and or
`remember passWords, and (ii) the businesses by eliminating
`the risk of having passWords compromised by carelessness
`or negligence of users or employees and of being a target for
`hackers.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0015] The novel features of this invention, as Well as the
`invention itself, both as to its structure and its operation, Will
`be best understood from the accompanying draWings, taken
`in conjunction With the accompanying description, in Which
`similar reference characters refer to similar parts, and in
`Which:
`
`[0016] FIG. 1A is a block diagram that illustrates a
`version of the current invention;
`
`[0017] FIG. 1B is a block diagram that illustrates another
`version of the current invention;
`
`TWILIO, INC. EX. 1008
`Page 8
`
`

`
`US 2004/0203595 A1
`
`Oct. 14, 2004
`
`[0018] FIG. 1C is a block diagram that illustrates yet
`another version of the current invention;
`[0019]
`[0020] FIG. 3 is a block diagram that illustrates a version
`of the authentication system; and
`
`FIG. 2 illustrates system interfaces;
`
`[0021] FIG. 4 is a version of Web pages that illustrates
`user access to the authentication system.
`
`DESCRIPTION
`
`[0022] Introduction
`[0023] In this speci?cation, the terminology pass code and
`passWord is used interchangeably. HoWever, Where it is
`necessary to distinguish, the term passWord is used for an
`eXisting passWord and pass code is used for those passWords
`that are created on demand for an instance of use according
`to this invention.
`
`[0024] With initial reference to FIG. 1A, authentication
`system 10, interfaces With a user 06 via a cellular telephone
`04 and telephone netWork 16. The user has access to the
`system 20A-D via a system interface 02. The system 20A-D
`may be a bank system 20A, a business system 20B, a
`consumer system 20C or a facility access system 20D.
`
`[0025] As illustrated in FIG. 2, the system interface 02
`may be a log in Web page 210, 220, 230 or it may be an
`ATM/POS/Facility Access terminal 250.
`
`[0026] As illustrated in FIG. 1A, the authentication sys
`tem 10 may be deployed as a stand-alone system, Where it
`may store and alloW the user to retrieve passWords of
`multiple number of systems 20A-D Where user maintains
`accounts.
`
`[0027] Alternatively, the authentication system 10 func
`tions may be embedded in the system 20A-D itself, such that
`the user is able to retrieve the passWord for that particular
`system. With reference to FIG. 1B, authentication system 10
`functions may be embedded in the system 20 itself as
`authentication function 10A, as part of the system 20A-D’s
`eXisting access control function 34, Which maintains user ID
`12 and passWord 28.
`
`[0028] In a ?rst embodiment With stored passWords, the
`invention enables storing user’s passWords of system 20A-D
`in an authentication system 10, from Where they can be
`retrieved by the user 06, When forgotten, through use of a
`cell phone 04.
`
`[0029] In a second embodiment With transient pass codes,
`the authentication system 10, on request of a user 06 via a
`cell phone 04, creates in real time a random transient pass
`code for use for a limited time. The authentication system 10
`communicates the transient pass code to the user 06 via
`voice response on the cell phone 04. The authentication
`system 10 also communicates the transient pass code to the
`speci?c system 20 to Which the user 06 Wishes to gain
`access.
`
`a user as the caller ID is provided by the telephone company
`computer systems, further more the caller ID cannot be
`blocked When calling an 800 number (iv) due to it’s con
`venience and affordable pricing are used by almost every
`body, and (v) have a minimal risk of theft as the location of
`a cell phone can be traced by the telephone company.
`HoWever, ?Xed telephones as in a home may also be used.
`
`[0031] These embodiments are described herein. The
`headings are provided for the convenience of the reader.
`
`[0032] Embodiment With Stored PassWords
`
`[0033] The user 06 makes a secure Internet connection to
`the authentication system 10 (not shoWn), Which provides a
`Web page 400 as illustrated in FIG. 4. The Web page 400
`alloWs the user 06 to create or access the user’s account in
`the authentication system 10. The data required on Web page
`400 is cell tel number 350, name 352, e-mail 354 and PIN
`356.
`
`[0034] The Web page 410, displayed in response to com
`pleting Web page 400 data entries, alloWs the user 06 to enter
`the system 20 names 366 and corresponding passWords 364.
`The user can enter multiple system names and passWords.
`The data so entered is saved in the authentication system 10,
`described later With respect to FIG. 3.
`
`[0035] Subsequently, With reference to FIG. 2, if the user
`06 When logging on a system 20A-D With a login Web page
`210, Which requires a user ID 12 and a passWord 28, has
`forgotten the passWord, the legend 216 advises the user to
`call an 800 number to retrieve the passWord.
`
`[0036] When the user 06 calls the authentication system
`10 using his/her cell phone 04, the authentication system 10
`veri?es the caller ID as telephone number 350 and prompts
`for the PIN 356 and the name of the system 366, asking the
`user to enter PIN 356 and select the system 20, if the user
`has stored a passWord for more than one system. The
`authentication system 10 then voice responds With the
`passWord 364 of the selected system. The voice response
`technology such as being able to annunciate alphanumeric
`digits is prior art that is in common use in telephone and
`banking systems.
`
`[0037] Embodiment With Transient Pass Code
`
`[0038] The user 06 makes a secure Internet connection to
`the authentication system 10 (not shoWn), Which provides a
`Web page 400 as illustrated in FIG. 4, The Web page 400
`alloWs the user 06 to create or access the user account in the
`authentication system 10. The data required on Web page
`400 is cell tel number 350, name 352, e-mail 354 and PIN
`356.
`
`[0039] The Web page 420, displayed in response to com
`pleting the data in Web page 400, provides a list of systems
`20A-D With Which the authentication system 10 has a prior
`established interface. The page 420 displays a list of such
`systems by system ID 358 and system name 366.
`
`[0030] A cell telephone 04 to call the authentication sys
`tem 10 is used because a cell telephone:
`is a personal item
`in the personal physical control of the oWner, (ii) uniquely
`identi?es the oWner, an entity independent of the oWner, the
`telephone company has veri?ed the oWner identity, (iii)
`provides caller ID Which cannot be tampered or altered by
`
`[0040] The Web page 420, alloWs the user 06 to select the
`systems Where he/she has an account 422 and for each such
`system to enter the corresponding user ID 360 and set time
`362 for the transient pass code. As an illustration, the user 06
`has selected three systems Bank Acme 414A, DMV 414B
`and Shop NWRK 414C. These selections are identi?ed as 1,
`
`TWILIO, INC. EX. 1008
`Page 9
`
`

`
`US 2004/0203595 A1
`
`Oct. 14, 2004
`
`2 and 3 as system ID 422. The data so entered in page 420
`is saved in the authentication system 10, described later With
`respect to FIG. 3.
`
`[0041] User 06 opens the authentication system 10
`account via a secure Internet connection. To eliminate the
`possibility of fraud Where some one else may open the user
`account With access to user data, the authentication system
`10 veri?es the user identity. This veri?cation of user identity
`may include one or more steps such as, calling the user on
`the cell phone number to verify the user has the cell phone
`number and contacting the telephone company and verifying
`that the cell phone oWner name matches that provided by the
`user.
`
`[0042] The steps required to use the authentication system
`10, as highlighted in FIG. 1A by encircled numerals are:
`
`[0043] (1) A user 06 calls, on his/her cell phone 04,
`the authentication system 10. The authentication
`system has pre-stored system identi?cation and cor
`responding user identi?cation. The user enters a PIN
`and identi?es the system as 1, 2 or 3.
`[0044] (2) The authentication system veri?es the
`caller by caller ID and the PIN and creates a time
`limited passWord.
`[0045] (3) The authentication system communicates
`the time-limited passWord to the cell phone via voice
`response.
`[0046] (4) The authentication system communicates
`the time-limited passWord to the system 20 using the
`system identi?cation and the user identi?cation.
`
`[0047] (5) User accesses the system 20, via a system
`interface 02, by providing the user identi?cation and
`the time-limited passWord. The system then grants
`access after verifying the user identi?cation and the
`time-limited passWord.
`
`[0048] (6) The system 20 deletes the time-limited
`passWord on occurrence of ?rst access or eXpiration
`of a time limit.
`
`[0049] Authentication System 10
`[0050] Referring to FIG. 3, the authentication system 10
`includes
`a storage device 326, (ii) an operating system
`302 stored in the storage device 326, (iii) an authentication
`function program 10A stored in the storage device 326, (iv)
`and a processor 330 connected to the storage device 326.
`
`[0051] The processor 330 can include one or more con
`ventional CPU’s. The processor 330 can be capable of high
`volume processing and database searches.
`
`[0052] The authentication system storage device 326 can,
`for eXample, include one or more magnetic disk drives,
`magnetic tape drives, optical storage units, CD-ROM drives
`and/or ?ash memory. The storage device 326 also contains
`a plurality of databases used in the processing of transac
`tions pursuant to the present invention. For eXample, as
`illustrated in FIG. 3, the storage device 326 can include a
`system database 340, a customer database 338 and a trans
`action database 342.
`
`[0053] The authentication system 10 includes a system
`netWork interface (not shoWn) that alloWs the authentication
`system 10 to communicate With the user 06. Conventional
`
`internal or eXternal modems may serve as the system net
`Work interface. In one embodiment, the system netWork
`interface is connected to the user interface 02 on a global
`netWork 18.
`
`[0054] The authentication system 10 also includes a sys
`tem netWork interface (not shoWn) that alloWs the authen
`tication system 10 to communicate With the telephone
`netWork 16 to receive and respond to telephone calls from
`the user 06.
`
`[0055] The authentication system 10 also includes a sys
`tem netWork interface (not shoWn) that alloWs the computer
`10 to communicate With systems 20A-D. Conventional
`internal or eXternal modems may serve as the system net
`Work interface. In one embodiment, the system netWork
`interface is connected to the system 20A-D on a global
`netWork 18.
`
`[0056] The processor 330 is operative With the authenti
`cation function 10A to perform a customer interface func
`tion, a passWord function, and a system interface function.
`These are described later in the speci?cation.
`[0057] Databases 338-342
`[0058] With reference to FIG. 3, the databases in the
`authentication system 10 are described.
`
`[0059] The customer database 338 Within the authentica
`tion system 10 contains data speci?cally related to the user
`06 that is transferred to the system 10 from the user. The
`private data related to the user 06 is caller ID 350, name 352,
`e-mail address 354, PIN 356, system A ID 358 and corre
`sponding user ID 360, and set time 362 or the passWord 364.
`
`[0060] The system database 340 identi?es the information
`on the system 20, Which needs to be accessed by the
`authentication system 10 to send the transient passWords.
`The Information may include system ID 358, system name
`366, and system access path 368.
`[0061] This transaction database 342 logs all passWord
`request transactions by a transaction reference 370, date/
`time 372, caller ID 374, and system ID 358. In addition user
`ID 360 and set time 376 are also maintained for the
`embodiment that enables sending a transient pass code to
`system 20.
`[0062] Authentication System Function 10A
`[0063] As described earlier, the authentication function
`10A is operative With the processor 330 to provide the
`functions of
`customer interface function, (ii) passWord
`function, and (iii) system interface function.
`[0064] The customer interface function performs the tasks
`of
`opening an account via Web page 400, (ii) receiving
`user id, system id, and set time via Web page 420 or
`receiving system name and passWord via Web page 410, (iii)
`receiving an 800 call, verifying caller id, and (iv) delivering
`a voice/text response transient passWord or a stored pass
`Word.
`
`[0065] In addition to caller id, a PIN 356 may be utiliZed
`to verify the caller to the authentication system 10. Use of
`a PIN is the prevalent technology, for eXample in gaining
`access to banking services and voice mail messages.
`
`
`
`[0066] The passWord function performs the tasks of creating a random transient passWord, (ii) alerting the sys
`
`TWILIO, INC. EX. 1008
`Page 10
`
`

`
`US 2004/0203595 A1
`
`Oct. 14, 2004
`
`tem interface function to send user ID and the transient
`password, (iii) set a timer for set time, and (iv) at the
`expiration of the timer alerting the system interface function
`to send user ID and a null password.
`
`[0067] The transient passWords are randomly created by
`the passWord function using a prior art random number
`generator. The transient passWords may be very simple. For
`example, they may be a tWo to four digit numerals, making
`them easy to receive and use by the user.
`[0068] Transient passWords do not permanently reside
`anyWhere, including the authentication system 10 or even
`the computer system 20 beyond their transient life. The
`transient life may be selected by the user based on his/her
`personal habits in hoW long does it take them to log on to the
`system after they have requested a transient passWord. User
`speci?es the set time at the time of pre-storing the user ID
`in the authentication system 10 via Web page 420. The set
`time may be speci?ed from a group of 15 seconds, 30
`seconds, 45 seconds, 60 seconds, one hour, one day, one
`month, and three month. The set time is based on user habits
`and the security needs of the system 20.
`[0069] The system interface function performs the tasks of
`(i) interfacing With the system 20, and (ii) sending user ID
`and the transient passWord to the system 20. The system
`interface function may use a special connect path to obtain
`access to the access control function 34 of the system 20.
`
`[0070] The system interface function enables a privileged
`and secure connection to the system 20 that alloWs the
`access control function 34 in the system 20 to receive from
`the authentication system 10, the user ID 12 and transient
`passWord 14. The system interface connection may be via
`the Internet or it may be a dedicated telephone line connec
`tion.
`
`[0071] The system interface function sends to the system
`20, a user’s pre-stored user ID and the random pass code
`created on user demand. The access control function in the
`system 20 updates the existing passWord by the pass code.
`Subsequently, after Waiting a set time, the system interface
`function sends the same pre-stored user ID and a null pass
`code to the system 20. The system 20 updates the passWord
`by the null pass code, ending the life of the pass code.
`[0072] Alternate Versions
`[0073] This invention may be practiced in different ver
`sions, as the systems have different security needs and the
`users have different habits. The access control function 34 of
`system 20 may have different versions alloWing ?exibility in
`hoW the passWords and pass codes are used.
`
`[0074] In one version, the authentication system 10 sends
`the user ID, the transient pass code and the set time all at the
`same time, avoiding a second or subsequent data interface to
`system 20. In this version the access control function 34 of
`the system 20, Would run its oWn timer and after expiry of
`set time Would disable the transient pass code. The access
`control function 34 may disable the transient pass code
`either upon ?rst access or after set time expires.
`
`[0075] In other versions the access control function 34
`may be able to use either an existing passWord or a transient
`pass code. Three different versions are described here.
`
`[0076] In the ?rst version a system may require only the
`transient pass code for gaining access to system 20. In the
`
`second version either the traditional passWord OR the tran
`sient pass code may be used by the user to gain access to the
`system 20. The access control function 34 is adapted to
`recogniZe, either the traditional passWord or the transient
`pass code as valid user veri?cation, enabling those users
`Who do not see a need to adopt the transient pass code, to
`continue to use the traditional passWord and those users Who
`Want to use the transient pass code, to also do so. In the third
`version both the traditional passWord AND the transient pass
`code may be required to gain access, as may be used in very
`high security systems.
`[0077] With reference to FIG. 2, log on Web pages for
`some of the different versions are illustrated. Log in page
`210 requires the use of an existing passWord 14. User
`instructions 216 describe hoW the passWord is obtained by
`calling an 800 number using the user’s cell phone. Log in
`page 220 requires the use of a transient pass code, as
`instructions 226 describes this feature of the log on proce
`dure.
`
`[0078] In yet another version, the passWord is in the form
`of a passkey. The passkey has embedded user identi?cation
`and a random pass code. The passkey is suf?cient both to
`identify the user and to verify the user to the system.
`
`[0079] As an illustration, take a banking application,
`Where the bank computer system already has ability to
`respond to telephone calls by their customers, as Well as to
`provide Web-based online banking services, Where a user ID
`and passWord is required, the user ID being in many cases
`a social security number.
`
`[0080] According to this invention, a user before logging
`on to the online bank system Would call an 800 number of
`the bank. The bank Would verify the caller ID With either the
`user home number or the cell telephone number, and request
`the PIN code, the same PIN code for an ATM card. On
`customer identi?cation and veri?cation, the authentication
`function 10A in the bank computer system 20 Would gen
`erate a random number and append it to the user telephone
`number making it a passkey, send it to the user on the
`telephone, and send it to the access control function 34 of the
`system 20.
`
`[0081] In this version, there is no need for the user to open
`an account as With other versions described earlier because
`the banking system already has the data on the user of
`telephone number, name, e-mail address and the PIN.
`
`[0082] As illustrated in FIG. 2, log-in-page 230, the user
`Would log on With a passkey 29 as one string, eliminating the
`user ID and passWord data entry ?elds. The access control
`function 34 Would both identify the user 06 and verify the
`user With the passkey 29.
`
`[0083] As further illustration of this version, a user has a
`cell telephone number of 1-707 399 4333 and calls 1-800
`Bank One. The bank system asks for a PIN and the user
`enters a PIN of 1249, the same PIN used for an ATM or the
`last four digits of social security number. The authentication
`function 10A in the bank computer system identi?es and
`veri?es the user and creates a passkey of 7073994333-4345,
`Where the ?rst number is the cell telephone number and the
`last four digits are a random number created for this user for
`this transaction. The authentication function 10A commu
`nicates the passkey of 7073994333-4345 to the access
`control function 34. The authentication function 10A also
`
`TWILIO, INC. EX. 1008
`Page 11
`
`

`
`US 2004/0203595 A1
`
`Oct. 14, 2004
`
`communicates the passkey to the user 06. Since the user
`already knows the telephone number, there is no need to
`communicate that part of the passkey. Therefore the voice
`response may be “plus 3445. A time limit for Which this
`passkey is useable may also be voice annunciated such as
`“plus3445 three minutes”.
`
`obtaining the objective and providing the advantages herein
`before stated, it is to be understood that it is merely
`illustrative of the presently preferred embodiments of the
`invention and that no limitations are intended to the details
`of construction or design herein shoWn other than as
`described in the appended claims.
`
`[0084] The user, on login page 230, enters passkey 29 as
`7073994333-4345. Legend 236 describes to the user hoW to
`obtain the passkey 29. The bank identi?es the user 06 by the
`telephone number 707 399 4333 and veri?es the user 06 by
`the random code of 4345, and grants access for one time or
`for a time limit of three minutes.
`
`[0085] This, it is believed, is far more secure and conve
`nient for the bank customer and the bank. It enables the bank
`customer:
`to not have to have a passWord to remember
`and safeguard, (ii) to not have to use a social security
`number as user ID to access the account, (iii) to not need
`additional resources as the user already has a cell phone or
`home phone With unique phone numbers and (iv) to not have
`to learn neW procedure as the user is already familiar With
`the procedure of using an 800 number call to bank and a
`voice response.
`not having to implement
`[0086] To the bank it provides:
`a neW system other than the authentication function softWare
`10A in their eXisting bank computer system 20, (2) security
`for the bank, as a transaction log is created for each request
`for a passkey and a random number is embedded in each
`passkey, and (3) additional security as the use of a passkey
`may be limited for a single transaction and/or for a set time,
`and the user may be so advised When the passkey is voice
`response delivered.
`[0087] Another version of this invention is illustrated With
`reference to FIG. 1C. The system 20 has a ?reWall 24,
`Which screens all data packets 22 of information coming in
`from system interface 02 over the Internet. A packet 22 has
`a packet header 30 and packet data 32.
`[0088] The system interface 02 is adapted to embed the
`passkey 29 as part of each packet header 30. The passkey 29
`may be included in the source ?eld of the packet header 30,
`Without the need to create a neW ?eld for the passkey 29. The
`access control function 34 of the system 20 copies the
`passkey to the ?reWall 24. The ?reWall 24 stores this passkey
`and uses it to compare With the passkey of the data packets
`as