Systems and methods for multifactor authentication

Description

BACKGROUND OF THE INVENTION

Authenticating people, particularly remotely, has been a difficult operation to make resistant to attack. Since single authenticating techniques are vulnerable to theft, it has become attractive to various groups to devise ways to do multifactor authentication, where more than one of (something you have, something you know, something you are) is used in demonstrating the identity of a person whose identity is to be established.

Typically, doing this has involved using relatively complex or expensive devices such as cards with keyboards on them (where you authenticate to the card and then use it), fingerprint readers, or digital certificates requiring public/private encryption to validate that the presenter is in possession both of a password and of a private key.

All this complexity has delayed widespread use of such systems, since the cost of giving out hundreds of millions of copies of devices has been kept high by the need to authenticate two or more things, as well as by the cost of building the system components themselves.

The invention addresses these problems and others that are present in known systems.

SUMMARY OF THE INVENTION

The invention provides a method for performing an authentication (and a system for performing the method), in conjunction with a transaction, utilizing a primary channel and a secondary channel. The method may include an authenticating entity, such as a bank, (1) receiving from a customer primary authentication information via a primary channel; (2) the authenticating entity processing the primary authentication information, and retrieving customer information based on the primary authentication information; (3) the authenticating entity transmitting secondary authentication information to the customer via a secondary channel, the secondary channel being different than the primary channel; (4) the authenticating entity receiving from the customer at least a portion of the secondary authentication information; and (5) the authenticating entity performing authentication processing on the secondary authentication information received from the customer. Based on the successful authentication of the primary authentication information and the secondary authentication information received from the customer, the authenticating entity approves the customer for the transaction.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention can be more fully understood by reading the following detailed description together with the accompanying drawings, in which any like reference indicators are used to designate like elements, and in which:

FIG. 1 is a flow chart generally showing an authentication process in accordance with one embodiment of the invention;

FIG. 2 is a flow chart generally showing a further authentication process in accordance with one embodiment of the invention;

FIG. 3 is a block diagram showing an authentication system in accordance with one embodiment of the invention;

FIG. 4 is a block diagram showing further details of the authentication system of FIG. 3, and in particular the authentication entity system, in accordance with one embodiment of the invention;

FIG. 5 is a further flow chart showing an enrollment authentication process in accordance with one embodiment of the invention;

FIG. 6 is a flow chart showing an authentication process utilizing multiple transaction approvers in accordance with one embodiment of the invention;

FIG. 7 is a flowchart showing further details of the secondary authentication, performed in the process of FIG. 6, in accordance with one embodiment of the invention; and

FIG. 8 is a flowchart showing aspects of soliciting approval from multiple transaction approvers, performed in the process of FIG. 7, in accordance with one embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

Hereinafter, various aspects of embodiments of the invention will be described. As used herein, any term in the singular may be interpreted to be in the plural, and alternatively, any term in the plural may be interpreted to be in the singular.

What is proposed here is a system and method which provides a form of two factor authentication which resists fraud. The invention can be supported using relatively very simple hardware and/or existing hardware.

More specifically, the invention provides methods and systems for performing an authentication, in conjunction with a transaction. Embodiments of the invention utilize a primary channel and a secondary channel. In accordance with one embodiment of the invention, a primary authentication is performed on the primary channel. In addition, a secondary authentication is performed on a secondary communications, i.e., the secondary authentication relies at least in part on a secondary communication channel. Thus, security is offered by the entities indeed possessing the devices to communicate on both the first channel and the second communications, as well as the information needed to effect such communications. Various details are set forth below.

As described herein, the invention utilizes a primary authentication (or first authentication) on a first communication channel and a secondary authentication (or second authentication) on a secondary communication channel, the first channel being different than the second. It should be well appreciated what is generally known as a “different” communication channel to one of ordinary skill in the art. For example, clearly a land phone communicating with another land phone over telephone lines is a different communication channel vis-à-vis two computers communicating over an internal network. However, for purposes of definition as described herein, a “different communication channel” means that a first communication channel between two entities utilizes either different information or a different device (or both different information and a different device) vis-à-vis another communication channel. Thus, for example, a computer using a dial-up connection via the telephone line is considered a different communication channel vis-à-vis a telephone using the same telephone line, i.e., (1) the computer is a different device vis-à-vis the telephone set, and (2) the computer uses a URL (for example) vis-à-vis a telephone number. Commonly, the use of different devices goes hand in hand with different information needed to use such devices. In accordance with one aspect of the invention, the security provided by the two channel authentication described herein resides in that different information (and different devices) are needed to communicate over a first channel vis-à-vis a second channel. Such mandates that the communicating entities both are in possession of the devices to perform such communications, and are also in possession of the information to utilize such devices. In further explanation, FIG. 1 is a flow chart generally showing an authentication process in accordance with one embodiment of the invention. As illustrated, the authentication process starts in step 100 and passes to step 110. In step 110, customer information is sent from a customer device to the authenticating entity on a primary channel (e.g. sent via the Internet with the customer at a computer terminal—interfacing with a web page). In step 120, the authenticating entity receives the customer information. Then the process passes to step 130.

Step 130 shows that, on the primary channel (such as the Internet), communications are exchanged between customer and authenticating entity to perform a primary authentication. For example, this step might include the customer providing a user name and PIN, and the bank verifying the submitted user name and PIN.

Then, in step 140, the authenticating entity effects a communication to the customer on a secondary channel. For example, the authenticating entity (bank) makes an outbound phone call, sends a SMS (short message service) message or sends an e-mail to the customer. Such customer contact information might be pulled from the authenticating entity database. The customer may also be contacted as to which secondary channel is preferable to them. Thus, the out-bound call, or other communication from the bank, is effected on a secondary channel.

The communication from the authenticating entity to the customer on the secondary channel contains secondary authentication information. This secondary authentication information might be in the form of a one-time password or PIN. Once received, the customer enters the one-time password or PIN onto the website, in accordance with one embodiment of the invention.

That is, in step 150, in accordance with one embodiment of the invention, the customer receives a communication over the secondary channel and responds by submitting the secondary authentication information to the authenticating entity via the primary channel (e.g., the customer enters the password or PIN into the web page of the bank).

Then, the process passes to step 160. In step 160, the authentication request is processed based on the primary authentication and the secondary authentication. That is, the authentication information from the customer is compared with authentication information maintained by the authenticating entity. In this example, the authentication is verified.

Accordingly, in step 170, the authentication process, being successful, is terminated. Thereafter, for example, the requested transaction is processed, i.e., the merchant is given approval, or some other requested action is performed.

FIG. 2 is a further flow chart showing an authentication process in accordance with one embodiment of the invention. While similar to the process of FIG. 1, FIG. 2 shows further specifics of one embodiment.

As shown, the process of FIG. 2 starts in step 200 and passes to step 210. In step 210, a customer working at a PC (personal computer) exchanges communications with a bank over the Internet via the bank's web page. The Internet is thus the primary channel in this example. The exchanged communications over the primary channel include primary authentication information such as a PIN. In step 220, the bank (i.e., an authenticating entity) receives the PIN via the Internet and authenticates the PIN, i.e., a primary authentication is performed.

Then, in step 240, the bank makes an outbound phone call to the customer (i.e., effects a communication via a second channel). In accordance with this embodiment of the invention, the call contains a one time password. Then, in step 245, the customer receives the one time password via the phone call from the bank. The customer then enters the password into the bank website. Alternatively, the customer might be instructed to call the bank and receive the password in some suitable manner. That is, in some manner, the customer would advise the bank of the customer's identity, and the bank in turn would provide the one-time password.

FIG. 2 also shows an alternative embodiment in which the customer the customer sends the password back via the telephone, i.e., instead of the customer conveying the password back to the bank via the Internet (the primary channel). For example, the customer might receive the phone call with the one-time password, and the phone call message advises the client to call back on a separate number. Alternatively, the phone call might prompt the customer to enter back the password that has just been provided to the customer. Such embodiment (over the secondary channel) would confirm that there was indeed a person at the called number, and that the person repeated back the password, which was provided to him.

Returning now to step 245 of FIG. 2, after step 245, the process passes to step 250, as shown in FIG. 2. In step 250, the bank receives the one-time password from the customer via the Internet, such as via the banks website, for example. The bank then authenticates the one time password (i.e., a secondary authentication is performed). In step 260, based on the primary authentication and the secondary authentication, authentication is granted for the transaction such that the desired transaction is authorized. The transaction is then processed. In step 270, the authentication process ends.

FIG. 3 is a block diagram showing an authentication system 300 in accordance with one embodiment of the invention. The authentication system 300 includes a primary authentication device 310 and a secondary authentication device 320. Both the primary authentication device 310 and the secondary authentication device 320 interface with a user 302, i.e., a customer 302. For example, the primary authentication device 310 may be in the form of a personal computer (of the user) with access to the web, for example. On the other hand, the secondary authentication device 320 may be in the form of a telephone of the user, for example. The authentication entity system 340 may be a bank with a bank processing platform, for example. The authentication system 300 may be used to practice the various embodiments of the invention as described herein.

As shown in FIG. 3, the primary authentication device 310 includes an interface portion 314. The interface portion 314 may be in the form of a monitor with keyboard and mouse, for example, i.e., the user interface of a computer. The primary authentication device 310 may further include a communication portion 312. The communication portion 312 may be in the form of an Internet connection, e.g., a modem or other interface.

In this example, the primary authentication device 310 communicates with the authentication entity system 340 over the primary communication channel 362, i.e., the Internet. On the other hand, the secondary authentication device 320 communicates with the authentication entity system 340 over the secondary communication channel 364, i.e., in this example, telephones communicating over a standard phone network.

FIG. 4 is a block diagram showing further details of the authentication entity system 340 of FIG. 3, in accordance with one embodiment of the invention. The authentication entity system 340 includes a communication interface portion 342 and a memory portion 344. The communication interface portion 342 interfaces with the communication channels 362, 364 so as to communicate data, i.e., such as authentication information, with the primary authentication device 310 and the secondary authentication device 320. Accordingly, the communication interface portion 342 is provided with the functionality to interface with a variety of channels, such as an Internet interface and telephony interface, for example. The memory portion 344 serves as a database to store various data associated with, and needed by, operation of the authentication entity system 340, i.e., such as customer information. For example, when a username and password comes in from a customer on the primary channel, the authenticating entity may pull the customer's phone number, or other contact information, from the memory portion 344. The customer's phone number is then used, in this example, to forward a one-time password to the customer via the secondary communication channel 364, in accordance with one embodiment of the invention.

The authentication entity system 340 also includes an authenticating processing portion 350. The authenticating processing portion 350 performs various processing of the authentication entity system 340. In particular, the authenticating processing portion 350 includes a comparison portion 354. The comparison portion 354 performs a comparison between submitted authentication information and information that is on file with the authenticating entity, i.e., stored in the memory portion 344. Based on such comparison, the comparison portion 354 either denies the transaction, approves the transactions, or moves the processing to the next step in the authentication. The authentication processing is performed on the primary authentication, as well as the secondary authentication.

The authenticating processing portion 350 further includes a risk determination portion 356. The risk determination portion 356, in accordance with one embodiment of the invention, is used by the authenticating processing portion 350 to determine the risk associated with a particular transaction. For example, the risk determination portion 356 might flag the transaction if the dollar amount is sufficiently high and/or if the transaction is through a particular merchant, for example. However, as desired, any criteria might be used to flag a particular transaction. For example, criteria relating to the particulars of the customer might be used. Accordingly, the secondary authentication (over the secondary communication channel 364) might only be used if the transaction is flagged by the risk determination portion 356. With un-flagged transactions, e.g., transactions with a low dollar amount, the authentication entity system 340 may rely only on processing (including authentication) over the primary communication channel 362.

The authenticating processing portion 350 further includes a time-out portion. The time-out portion monitors the time elapsed during a complete authentication process. In particular, the time-out portion monitors the time between the primary authentication and the secondary authentication. The measurement of elapsed time may work off any particular event or events in the authentication process. For example, the time-out portion might measure the time between when a PIN is received from the customer (in conjunction with the primary authentication) vis-à-vis when the customer submits secondary authentication information. However, any other suitable events might be used. Further aspects of the time-out portion are described below.

FIG. 5 is a flow chart showing specifics of a further authentication process in accordance with one embodiment of the invention. In particular, the process of FIG. 5 relates to enrollment of a customer in a service offered by the authenticating entity. FIG. 5 shows the various steps in such enrollment process.

The illustrative process of FIG. 5 starts in step 500. Then in step 510, a customer working at his computer exchanges communications with the bank, over the Internet, via the bank's web page. Accordingly, in this example, the Internet is the primary channel. The exchanged communications between the customer and the bank include the customer's User ID and PIN. That is, in this example, the user, who wishes to enroll in a service, is an existing customer of the bank who possesses a User ID and PIN. For example, the service might be newly offered by the bank.

After step 510, the process passes to step 520. In step 520, the bank, i.e., the authenticating entity, receives the User ID and PIN (submitted by the customer) via the Internet and recognizes that information is from a new machine. That is, for that particular service, the bank has not seen the user's computer. However, the bank does recognize the user as a customer.

In step 530, the bank then checks the information on file for that particular customer, i.e., to authenticate the User ID and PIN. Also, the bank checks what contact information the bank has on file for that particular customer. In this example, the bank determines, based on a check of the bank's records, that the user has an e-mail address and a telephone number.

Then, the process passes to step 540. In step 540, the bank generates and presents the user with a message regarding which mode of communication, i.e., upon which communication channel, the user would like to perform the secondary authentication. For example, the bank presents the user, on the user's computer, with a message:

“DO YOU WANT TO CONFIRM IDENTITY VIA E-MAIL OR PHONE”

In this example, the customer responds that he would like to confirm identity via telephone. Accordingly, in step 540, the bank makes an outbound phone call to the customer. That is, the bank initiates a secondary authentication on a secondary channel. Then, the customer takes the call and retrieves the one time password that is in the call. For example, an automated voice-message system managed by the bank might verbally convey the one time password.

The process then passes to step 560. In step 560, the customer enters the password, obtained via the telephone call from the bank to the customer, into the bank website.

In step 570, the bank receives the password from the customer via the Internet (the bank website) and authenticates the password, i.e., the secondary authentication is performed by the bank. Then in step 580, based on the primary authentication and the secondary authentication, authorization is granted for the enrollment. As a result, the authentication loop, operating over two channels is closed. Based on the authentication of the customer, the enrollment is then processed. In step 590 of FIG. 5, the process ends.

As described herein, various schemes are utilized to authenticate the customer (e.g. individual/entity) to an authenticating entity, such as a bank. It is appreciated that in conjunction with the processes of the embodiments described herein, it may be needed or desired for the authenticating entity to authenticate to the customer. For example, a caller identification (caller ID) might be used such that the customer knows that the authenticating entity is calling. Illustratively, the customer may be on-line and doing a purchase. In accordance with the embodiments discussed herein, the bank calls the customer, i.e., the system sends a call to the customer (on the home phone of the customer) with the one time password. The caller ID on the customer's phone may be provided to come up as the authenticating entity, e.g. Chase Bank. Other arrangements may be used to authenticate the authenticating entity (e.g. bank) to the customer. On the other hand, caller ID might also be used to authenticate the customer, such as authenticating the customer's cell phone (prior to receiving instructions from such cell phone).

FIG. 6 is a flow chart showing an authentication process utilizing multiple transaction approvers in accordance with one embodiment of the invention. Each of the multiple transaction approvers may be associated with one or more authentication devices. That is, in this embodiment, multiple persons are contacted (on the secondary channel) to seek approval of the transaction.

As shown in FIG. 6, the process starts in step 600 and passes to step 610. In step 610, the customer requests a transaction to be processed at a retail merchant POS (point-of-sale). The merchant runs the card through the point of sale device and collects information from the customer, for example from the customer and/or the card itself. This information includes the primary authentication information, with the primary PIN. Then, in step 620, the primary authentication information (with primary PIN) is forwarded to the acquiring bank that is associated with the particular merchant, and then on to the card issuing bank that is associated with the particular card that the customer is using. The process passes to step 630.

In step 630, the card issuing bank (authenticating entity) receives the authentication information with PIN and authenticates the primary PIN. Then, in accordance with this embodiment, in step 640, the authentication entity performs secondary authentication for the transaction. Further details of step 640 are shown in both FIGS. 7 and 8. After step 640, the process passes to step 650.

In step 650, the process determines whether the authentication of the primary and secondary password was successful. If yes, the issuing bank approves the transaction. If no, the transaction is declined. Then in step 670, the approval/non-approval is forwarded back to the merchant. The transaction is then completed, i.e., the sale is made or the transaction is terminated. In step 680, the authentication process ends.

As noted above, FIG. 7 is a flowchart showing further details of the secondary authentication, performed in the process of FIG. 6, in accordance with one embodiment of the invention. The subprocess begins in step 640 and passes to step 642.

In step 642, the authenticating entity bank retrieves account data from its records. The account data includes particulars of the account, including secondary authentication rules. The secondary rules may vary as desired. For example, the secondary rules may designate a dollar amount at which the secondary authentication will be invoked, particulars of the secondary authentication and the transaction approver(s) associated with the secondary authentication, which transaction approvers are contacted under what circumstances, and/or any other desired criteria.

In the example of FIG. 7, in step 643, the process, based on the secondary authentication rules, determines which persons and/or entities are transaction approvers for the requested transaction associated with the particular card. Accordingly, in step 644, the process solicits approval from the transaction approvers, i.e., forwards respective communications to the transaction approver requesting their approval of the requested transaction. The authenticating entity then inputs responses from the transaction approvers. The responses may include YES, NO, or DON'T KNOW, for example. Further details of step 644 are illustrated in the flowchart of FIG. 8.

After step 644 of FIG. 7, the process passes to step 646. In step 646, the process determines whether the responses from the transaction approvers satisfy the rules, so as to approve the transaction. Such determination determines whether the secondary authentication will be successful or not.

Then, the process passes to step 647. In step 647, a geographical check is performed on the transaction for the transaction approvers. That is, as described below, a plurality of transaction approvers are contacted to determine if they approve of the transaction. In conjunction with such communications, the authenticating entity may also perform a further check on the validity of the requested transaction. This further check uses geographical information regarding the transaction approver devices, and where they are located, in conjunction with other particulars of the transaction devices. The further check, in short, performs an analysis to determine (based on what the authenticating entity knows) could the requested transaction legitimately take place. For example, assume each of the transaction approvers utilizes a cell phone, and that each have indicated they want to be contacted on their cell phone for any requested secondary authentication. In the course of communications with the transaction approvers, the authenticating entity can determine the geographical location of their respective cell phones. If none of the transaction approvers are at a location of the transaction, then the transaction may be denied. For example, if all the transaction approvers are on the east coast (as determined by the location determination of the cell phones) and the transaction is on the west coast (as determined from knowledge about the merchants point-of-sale), such suggests the transaction is fraudulent. It is appreciated that tolerances and exceptions may be utilized as desired. For example, exceptions might be provided for slight variations in geographical location, i.e., of a POS vis-à-vis authentication devices, for example.

After step 647 of FIG. 7, the process passes to step 648. In step 648, the process returns to step 650 of FIG. 6.

FIG. 8 is a flowchart showing aspects of soliciting approval from multiple transaction approvers, performed in the process of FIG. 7, in accordance with one embodiment of the invention. In this example, responses may include (YES, NO, or DON'T KNOW).

After starting in step 644, the subprocess of FIG. 8 passes to step 645. In step 645, the authenticating entity determines that, in this particular example, there are three (3) transaction approvers:

(1) transaction approver 1 is a mother with a cell phone;

(2) transaction approver 2 is the father with a PDA; and

(3) transaction approver 3 is a son with a cell phone.

Further, the authenticating entity determines that transaction approver 3 is the transaction approver that is indeed requesting the transaction. It should be noted that is not needed that the authenticating entity determine which transaction approver is indeed requesting the transaction. Rather, such may be suitably controlled by the rules that are in place.

FIG. 8 then shows the authenticating entity contacting each of the transaction approvers in parallel. The authenticating entity first contacts transaction approver 3, i.e., the son with a cell phone, who requested the transaction. That is, in step 662 of FIG. 8, the authenticating entity calls transaction approver 3. The call provides the secondary password (for this particular transaction) and requests the transaction approver 3 to provide the one-time password to the merchant (so as to show approval of the transaction). Then, in step 663, the transaction approver 1 has submitted the one-time password, i.e., the secondary password, to the merchant POS, and the authenticating entity receives the secondary password from the merchant POS, i.e., via the primary channel (thus approval from transaction approver 3 is secured).

In parallel to securing the approval of transaction approver 3, the authenticating entity also seeks out the approval of transaction approvers 1 and 2.

That is, in step 666 a call is made to transaction approver 1 (cell phone). The call provides particulars of the transaction (e.g. amount) and requests transaction approver 1 to approve the transaction. In step 667, the authenticating entity receives a response from the transaction approver 1, and the response is “YES”.

Also, in step 664, a transmission is sent to transaction approver 2 (who uses a PDA). The transmission provides particulars of the transaction (e.g. amount) and requests that transaction approver 2 approve the transaction. In step 665, the authenticating entity receives a response from the transaction approver 2. The response is “MAYBE”. Then in step 669, the process returns to step 646 of FIG. 7.

As described above, in step 646, the authenticating entity determines whether the responses from the transaction approvers satisfy the rules, so as to approve the transaction. In this example, transaction approver 3 and transaction approver 1 both indicated yes, while transaction approver 2 indicated maybe, i.e., indicating that transaction approver 2 is neutral. Thus, in this example, the rules are satisfied, and the transaction is approved. As noted herein, any suitable set of rules may be utilized based on various factors. For example, the rules may dictate that all the transaction approver will be contacted only of the dollar amount is above a certain amount. In general, the rules may control which transaction approvers are contacted under which conditions. For example, the rules may only require that only one parent respond affirmatively to a requested transaction.

As described above, the transaction approvers are contacted “in parallel.” However, such is not needed to be the case. The transaction approvers might be contacted in turn, i.e. in serial fashion based on a suitable rule set. Indeed, the rules may provide for a hierarchy of transaction approvers. That is, one transaction approver might be contacted after which the process is not continued till the authenticating entity receives a YES response from that transaction approver (or alternately a MAYBE or DON'T KNOW response might be required before moving on to the next transaction approver). Such hierarchical processing might be used in conjunction with the processing of FIG. 8, e.g. the approval of one transaction approver might be required before contacting the other transaction approvers in parallel (that is, the other transaction approvers are contacted in parallel to each other, but only after the first transaction approver has approved the transaction. It is appreciated that variations of such processing may be used, as is desired.

Various geographic related authentication techniques have been described herein. The invention may also utilize a geographic check performed for computers on the Internet. That is, a geographic check may be performed to determine where a customer's computer is (who is requesting a transaction). Thus, the authenticating entity can tell where the request is coming from. For example, if the authenticating entity (bank) is in an internet banking session and the customer lives in Wilmington, Del., and the request is coming from Russia, a rule set may then direct the system to immediately go into a secondary verification, as described above, or take other appropriate action.

Further, with regard to cell phones, the authenticating entity (or one acting on behalf of the authenticating entity) can determine the location of a cell phone by the tower it is using. Thus, if the authenticating entity determines that the computer the customer is using is in Wilmington, Del. and the location of the cell phone (determined via the secondary authentication) is also in Wilmington, the risk is small that the transaction is fraudulent. However, if the same customer (with the computer in Wilmington) is determined to be calling from a cell phone in Virginia, such scenario identifies that the transaction may be fraudulent. Accordingly, further authentication techniques may be used to dispel the possibility of fraud or decline the transaction.

The systems and methods of embodiments of the invention may be used in any “transaction”, including a conveyance of information, in which authentication of a user is needed or desired. Such transaction might include an enrollment, a telephone transaction, Internet transaction (such as an Internet purchase), network transaction, infrared transaction, radio signal transaction, credit card transaction, debit card transaction, smart card transaction, ACH transaction, stock trade transaction, mutual fund transaction, swap, PAYPAL® transaction, BILL ME LATER® transaction, electronic funds transfer transaction, financial application transaction, an arrangement to set up payments to an entity, a verification, an ATM transaction, an identification message verification, and/or a confirmation of identify, for example. For example, such a transaction might include a message from one human user to another human user, a human user communicating with an electronic device, and/or two electronic devices communicating with each other. The transaction may or may not be in a financial context, i.e., for example, the message might be authorizing the opening of a door or the transfer of a non-financial related message, for example.

Any communication channel which carries suitable communications (e.g. as described herein) may be used for either the primary channel or the secondary channel. The use of one channel for the primary authentication information and a different channel for the secondary authentication information (i.e., for at least one transmission of the secondary authentication information, e.g. from the bank to the customer) lends substantial prevention of fraud. Thus, for example, the communications, over their respective channels, may include network communications, Internet communications, SMS communications, text message communications, telephone communications, land-line telephone communications, cell phone communications, RFID communications, satellite communications, e-mail communications, electronic communications, communications via an ATM, VRU (voice-recognition-unit) communications, and/or radio communications, for example.

Further, the communications in the practice of the invention may utilize and be supported by any suitable device including any of telephone, land phone, cell phone, satellite phone, telegraph, fax, beeper, one-way cable TV, one-way satellite, dial-out terminal, on-line terminal, Internet, Intranet or Extranet, SmartPhone, 2-way beeper, pager, Personal Digital Assistant (PDA), Personal Computer (PC), browser, radio transmission device, desktop computer, laptop computer, a buffer storing retrievable data, express mail delivery, commercial express delivery and various systems of-the-type or similar in nature to those mentioned herein. Such lists set forth herein are merely illustrative, and is not exhaustive.

In one embodiment, the invention herein described can be incorporated in payment systems with very minor changes at issuer sites and using mainly existing merchant facilities. For example, the method might use the secondary authentication information, e.g. the one time password, in place of the commonly used CVV code.

As described above with reference to FIG. 2, secondary authentication information is conveyed to the customer via a phone call from the bank to the customer. This secondary authentication information is then conveyed back to the bank via the customer entering the information into a web page. Illustratively, however, the roles of the two channels may of course be reversed, as they may also be reversed in the other embodiments discussed herein. Further, the secondary authentication information might of course be conveyed to the customer in ways other than via a phone call. That is, any suitable channel may be respectively used for either the primary channel and/or the secondary channel.

FIG. 1 for example, as well as other embodiments, show the customer interacting directly with the authenticating entity, e.g. a bank. Such might be the case when enrolling with the bank, when the customer is checking balances on an account, or when the customer transfers funds from one account to another account. However, in the embodiment of FIG. 1, as well as other embodiments, a merchant (or other point of sale (POS)) may be involved in the transaction. For example, FIG. 3 shows that a merchant 390 might be disposed in the primary communication channel 362, i.e., such that communications (e.g. PIN) from the customer pass through the merchant to the authenticating entity. Thus, a merchant may be disposed in the embodiments described herein in any suitable manner.

In accordance with one embodiment of the invention, the primary channel is an Internet website (of the authenticating entity) accessed via a dial-up connection over a telephone line. The secondary channel is a telephone call (with one-time password or code) to the customer over the same telephone line. Thus, the customer must go off-line from the website to receive the telephone call. The customer then goes back on-line the web site to transmit the secondary authentication information back to the authenticating entity. Accordingly, it is not necessary that the additional verification using the secondary communication channel, i.e., the out-of-band or secondary channel, be concurrent with the communications on the primary communication channel. Thus, for example, communications on the primary channel might take place before and after the secondary authentication information is exchanged on the secondary channel. However, such non-concurrent primary authentication and secondary authentication might take longer. Accordingly, such may be taken into account in the monitoring performed by the time-out portion, described herein. In accordance with one embodiment of the invention, the time-out portion might monitor the particular modes of communication utilized, and adjust allotted time accordingly. In implementation of the invention, it is not needed that numbers be used for either the primary authentication information and/or the secondary authentication information. That is, any of a wide variety of graphics, letters, symbols, gliffs, ruuns, images, biometrics or any other indicia or information, for example, might be used in lieu (or in combination) with numbers. Depending on the nature of the authentication information, point of sale locations might need to be provided with particular devices. However, such would depend on the particular implementation of the invention.

As described above, the customer and the user communicate over a first channel to perform a primary authentication. As can be appreciated, such communication over the primary channel may be effected, and initiated, in any suitable manner. For example, the customer might access a bank's web page, the bank might call the customer, the customer might call the bank, or a bank might send out mailings to targeted customers, for example. As described herein, once the primary authentication is performed on the primary channel, or in conjunction with performing the primary authentication, a communication is established over a secondary channel. As described above the bank might make a telephone call to the customer, thereby providing a one-time password.

As described above, any of a variety of communication channels may be used as the primary channel and the secondary channel. Accordingly, in accordance with one aspect of the invention, a decision process is needed to determine which communication channels should be used. With reference to FIG. 4, the decision process of which communication channel to use may be performed by the authenticating processing portion 350. The particular selection of communication channel may be performed in any suitable manner. For example, the communication channel used might be selected based on accessing the customer's contact information in a suitable database. Alternatively, the communication channel might be manually selected. In regard to the secondary communication channel, such secondary channel might be selected based on information communicated from the client on the primary channel, i.e., the customer might be prompted (on the primary channel) as to what channel to use as the secondary channel.

However, in order to enhance security, it may be desirable for the authenticating entity to provide some integral portion of the information used to effect the secondary authentication over the secondary communication channel. For example, during communication over the primary channel, the bank might ask the user what channel to use as the second channel. In response, the customer might provide a preferred channel, but not the complete information to effect the secondary communications. That is, the customer might be provided with the options (and prompted to select one of):

- <Cell phone>
- <home phone>
- <pager>
  
  However, the customer would not be provided with, nor able to specify, the specifics of such communication channel, e.g., the customer would not be allowed to specify the cell phone number. Rather, upon a selection, the authenticating entity would indeed have the information to effect the desired communications, e.g. the bank would have the phone number or the pager number in its database.

Any of a variety of approaches might be utilized to select the particular channel to be used for the primary channel and/or the secondary channel. For example, the systems and methods disclosed in U.S. Pat. No. 6,535,855 to Cahill et al. and issued Mar. 18, 2003 entitled “PUSH BANKING SYSTEM AND METHOD”, incorporated herein in its entirety, might be used to select the first and second communication channels.

It should be appreciated that the various features of the present invention may be used in conjunction with other encryption technology and/or features. In particular, the various features of the present invention may be used in combination with any of the features described in U.S. patent application Ser. No. 11/137,409 filed May 26, 2005, which is incorporated herein by reference in its entirety.

As described above, a primary authentication is performed over a primary channel. Thereafter, a secondary authentication is performed over a secondary channel. That is, at least some portion of the communications to effect the secondary authentication are performed over a secondary channel. In accordance with one aspect of the invention, the proximity in time between performing the primary authentication and the secondary authentication is controlled. That is, if too much time passes between performing the primary authentication vis-à-vis the secondary authentication, the authentication becomes suspect and more at risk for fraud. As a result, the time between the primary authentication and the secondary authentication may be monitored.

For example, the authenticating processing portion 350 may be provided with the time-out portion 358 described above, in accordance with one embodiment of the invention. The time-out portion 358 monitors the time elapsed between the primary authentication vis-à-vis the secondary authentication. If too much time elapses, the time-out portion 358 will cancel the transaction, or in some suitable manner terminate the authentication process. The customer may then be notified in some manner, and asked to restart the transaction in some suitable manner. Accordingly, the authentication entity system 340 may be provided to monitor the time-out portion 358, and re-start the transaction if needed. As described above, the time afforded before a time-out might be variably controlled based on the particular communication channels utilized.

As described above, FIGS. 3 and 4 show embodiments of structure and system of the invention. Further, FIGS. 1, 2 and 5-8 show various steps in accordance with embodiments of the invention. It is appreciated that the systems and methods described herein may be implemented using a variety of technologies. Hereinafter, general aspects regarding possible implementation of the systems and methods of the invention will be described.

It is understood that the system of the invention, and portions of the system of the invention, may be in the form of a “processing machine,” such as a general purpose computer, for example. As used herein, the term “processing machine” is to be understood to include at least one processor that uses at least one memory. The at least one memory stores a set of instructions. The instructions may be either permanently or temporarily stored in the memory or memories of the processing machine. The processor executes the instructions that are stored in the memory or memories in order to process data. The set of instructions may include various instructions that perform a particular task or tasks, such as those tasks described above in the flowcharts. Such a set of instructions for performing a particular task may be characterized as a program, software program, or simply software.

As noted above, the processing machine executes the instructions that are stored in the memory or memories to process data. This processing of data may be in response to commands by a user or users of the processing machine, in response to previous processing, in response to a request by another processing machine and/or any other input, for example.

As noted above, the processing machine used to implement the invention may be a general purpose computer. However, the processing machine described above may also utilize any of a wide variety of other technologies including a special purpose computer, a computer system including a microcomputer, mini-computer or mainframe for example, a programmed microprocessor, a micro-controller, a peripheral integrated circuit element, a CSIC (Customer Specific Integrated Circuit) or ASIC (Application Specific Integrated Circuit) or other integrated circuit, a logic circuit, a digital signal processor, a programmable logic device such as a FPGA, PLD, PLA or PAL, or any other device or arrangement of devices that is capable of implementing the steps of the process of the invention.

It is appreciated that in order to practice the method of the invention as described above, it is not necessary that the processors and/or the memories of the processing machine be physically located in the same geographical place. That is, each of the processors and the memories used in the invention may be located in geographically distinct locations and connected so as to communicate in any suitable manner. Additionally, it is appreciated that each of the processor and/or the memory may be composed of different physical pieces of equipment. Accordingly, it is not necessary that the processor be one single piece of equipment in one location and that the memory be another single piece of equipment in another location. That is, it is contemplated that the processor may be two pieces of equipment in two different physical locations. The two distinct pieces of equipment may be connected in any suitable manner. Additionally, the memory may include two or more portions of memory in two or more physical locations.

To explain further, processing as described above is performed by various components and various memories. However, it is appreciated that the processing performed by two distinct components as described above may, in accordance with a further embodiment of the invention, be performed by a single component. Further, the processing performed by one distinct component as described above may be performed by two distinct components. In a similar manner, the memory storage performed by two distinct memory portions as described above may, in accordance with a further embodiment of the invention, be performed by a single memory portion. Further, the memory storage performed by one distinct memory portion as described above may be performed by two memory portions.

Further, various technologies may be used to provide communication between the various processors and/or memories, as well as to allow the processors and/or the memories of the invention to communicate with any other entity; i.e., so as to obtain further instructions or to access and use remote memory stores, for example. Such technologies used to provide such communication might include a network, the Internet, intranet, Extranet, LAN, an Ethernet, or any client server system that provides communication, for example. Such communications technologies may use any suitable protocol such as TCP/IP, UDP, or OSI, for example.

As described above, a set of instructions is used in the processing of the invention. The set of instructions may be in the form of a program or software. The software may be in the form of system software or application software, for example. The software might also be in the form of a collection of separate programs, a program module within a larger program, or a portion of a program module, for example The software used might also include modular programming in the form of object oriented programming. The software tells the processing machine what to do with the data being processed.

Further, it is appreciated that the instructions or set of instructions used in the implementation and operation of the invention may be in a suitable form such that the processing machine may read the instructions. For example, the instructions that form a program may be in the form of a suitable programming language, which is converted to machine language or object code to allow the processor or processors to read the instructions. That is, written lines of programming code or source code, in a particular programming language, are converted to machine language using a compiler, assembler or interpreter. The machine language is binary coded machine instructions that are specific to a particular type of processing machine, i.e., to a particular type of computer, for example. The computer understands the machine language.

Any suitable programming language may be used in accordance with the various embodiments of the invention. Illustratively, the programming language used may include assembly language, Ada, APL, Basic, C, C++, COBOL, dBase, Forth, Fortran, Java, Modula-2, Pascal, Prolog, REXX, Visual Basic, and/or JavaScript, for example. Further, it is not necessary that a single type of instructions or single programming language be utilized in conjunction with the operation of the system and method of the invention. Rather, any number of different programming languages may be utilized as is necessary or desirable.

Also, the instructions and/or data used in the practice of the invention may utilize any compression or encryption technique or algorithm, as may be desired. An encryption module might be used to encrypt data. Further, files or other data may be decrypted using a suitable decryption module, for example.

As described above, the invention may illustratively be embodied in the form of a processing machine, including a computer or computer system, for example, that includes at least one memory. It is to be appreciated that the set of instructions, i.e., the software for example, that enables the computer operating system to perform the operations described above may be contained on any of a wide variety of media or medium, as desired. Further, the data that is processed by the set of instructions might also be contained on any of a wide variety of media or medium. That is, the particular medium, i.e., the memory in the processing machine, utilized to hold the set of instructions and/or the data used in the invention may take on any of a variety of physical forms or transmissions, for example. Illustratively, the medium may be in the form of paper, paper transparencies, a compact disk, a DVD, an integrated circuit, a hard disk, a floppy disk, an optical disk, a magnetic tape, a RAM, a ROM, a PROM, a EPROM, a wire, a cable, a fiber, communications channel, a satellite transmissions or other remote transmission, as well as any other medium or source of data that may be read by the processors of the invention.

Further, the memory or memories used in the processing machine that implements the invention may be in any of a wide variety of forms to allow the memory to hold instructions, data, or other information, as is desired. Thus, the memory might be in the form of a database to hold data. The database might use any desired arrangement of files such as a flat file arrangement or a relational database arrangement, for example.

In the system and method of the invention, a variety of “user interfaces” may be utilized to allow a user to interface with the processing machine or machines that are used to implement the invention. As used herein, a user interface includes any hardware, software, or combination of hardware and software used by the processing machine that allows a user to interact with the processing machine. A user interface may be in the form of a dialogue screen for example. A user interface may also include any of a mouse, touch screen, keyboard, voice reader, voice recognizer, dialogue screen, menu box, list, checkbox, toggle switch, a pushbutton or any other device that allows a user to receive information regarding the operation of the processing machine as it processes a set of instructions and/or provide the processing machine with information. Accordingly, the user interface is any device that provides communication between a user and a processing machine. The information provided by the user to the processing machine through the user interface may be in the form of a command, a selection of data, or some other input, for example.

As discussed above, a user interface is utilized by the processing machine that performs a set of instructions such that the processing machine processes data for a user. The user interface is typically used by the processing machine for interacting with a user either to convey information or receive information from the user. However, it should be appreciated that in accordance with some embodiments of the system and method of the invention, it is not necessary that a human user actually interact with a user interface used by the processing machine of the invention. Rather, it is contemplated that the user interface of the invention might interact, i.e., convey and receive information, with another processing machine, rather than a human user. Accordingly, the other processing machine might be characterized as a user. Further, it is contemplated that a user interface utilized in the system and method of the invention may interact partially with another processing machine or processing machines, while also interacting partially with a human user.

It will be readily understood by those persons skilled in the art that the present invention is susceptible to broad utility and application. Many embodiments and adaptations of the present invention other than those herein described, as well as many variations, modifications and equivalent arrangements, will be apparent from or reasonably suggested by the present invention and foregoing description thereof, without departing from the substance or scope of the invention.

Accordingly, while the present invention has been described here in detail in relation to its exemplary embodiments, it is to be understood that this disclosure is only illustrative and exemplary of the present invention and is made to provide an enabling disclosure of the invention. Accordingly, the foregoing disclosure is not intended to be construed or to limit the present invention or otherwise to exclude any other such embodiments, adaptations, variations, modifications or equivalent arrangements.

Claims

1. A method for performing a multifactor authentication between an authenticating entity and a customer remote from the authenticating entity, utilizing a primary communication channel and a secondary communication channel, the method comprising: receiving from the customer, by a processing machine of the authenticating entity, primary authentication information via the primary communication channel;processing the primary authentication information by the processing machine of the authenticating entity, and retrieving customer information based on the primary authentication information;presenting a message to the customer regarding a desired mode of communication through which the customer would like to perform a secondary authentication;receiving from the customer a selection of the desired mode of communication, which desired mode of communication comprises the secondary communication channel;transmitting, by the processing machine of the authenticating entity, secondary authentication information to the customer via the secondary communication channel, the secondary communication channel being different than the primary communication channel;receiving from the customer via the primary communication channel at least a portion of the secondary authentication information;processing the secondary authentication information received from the customer by the processing machine of the authenticating entity to authenticate the customer; andbased on successful authentication of the primary authentication information and receipt of the at least a portion of the secondary authentication information from the customer, the processing machine of the authenticating entity authenticating the customer.
2. The method of claim 1, wherein the primary communication channel is the Internet and the secondary authentication information is transmitted via at least one of a telephone call, text message, or e-mail to the customer.
3. The system of claim 1, wherein the customer uses a first computing device to transmit the primary authentication information to the authenticating entity and a second computing device, different from the first computing device, to transmit the secondary authentication information to the authenticating entity.
4. The method of claim 1, wherein the authenticating entity is a bank.
5. The method of claim 1, wherein processing performed by the authenticating entity includes referring to secondary authentication rules before invoking utilization of the secondary authentication information.
6. The method of claim 5, wherein at least one rule in the secondary authentication rules is based on a dollar amount of a transaction involving the customer.
7. The method of claim 5, wherein at least one rule in the secondary authentication rules is based on a merchant with which the customer is transacting.
8. The method of claim 7, wherein the merchant is identified by a merchant ID received by the processing machine of the authenticating entity.
9. The method of claim 1, wherein the primary authentication information includes a username and password.
10. The method of claim 1, wherein the secondary authentication information includes at least one selected from the group consisting of a one-time password and a one-time authentication code.
11. The method of claim 1, wherein the authentication is performed in conjunction with a transaction.
12. The method of claim 11, wherein the transaction is a purchase of a product or service by the customer.
13. The method of claim 12, wherein the transaction is enrollment of the customer into a service offered by the authenticating entity.
14. The method of claim 11, wherein the transaction requires approval from at least one transaction approver, the method further comprising soliciting approval from the at least one transaction approver before authenticating the customer.
15. The method of claim 14, further comprising determining a geographical location of the at least one transaction approver; and comparing the geographical location of the at least one transaction approver with a location of the transaction, so as to determine legitimacy of the transaction.
16. The method of claim 1, wherein the primary communication channel is a website of the authenticating entity and the secondary communication channel is a telephone call, text message or e-mail to the customer, the method further comprising: the customer receiving the telephone call, text message or e-mail from the authenticating entity via the secondary communication channel; andthe customer transmitting, via the website, the at least a portion of the secondary authentication information back to the authenticating entity.
17. The method of claim 1, wherein the customer information comprises a land-line telephone number, a cell number, an email address, or SMS information of the customer, by which to contact the customer on a channel different than the primary communication channel.
18. A method for performing a multifactor authentication between an authenticating entity and a customer remote from the authenticating entity, utilizing a primary communication channel and a secondary communication channel, the method comprising: receiving from the customer, by a processing machine of the authenticating entity, primary authentication information via the primary communication channel;processing the primary authentication information by the processing machine of the authenticating entity, and retrieving customer information based on the primary authentication information;transmitting, by the processing machine of the authenticating entity, secondary authentication information to the customer via the secondary communication channel, the secondary communication channel being different than the primary communication channel;receiving from the customer via the primary communication channel at least a portion of the secondary authentication information;processing the secondary authentication information received from the customer by the processing machine of the authenticating entity to authenticate the customer; andbased on successful authentication of the primary authentication information and receipt of the at least a portion of the secondary authentication information from the customer, the processing machine of the authenticating entity authenticating the customer; andwherein the authentication times out upon expiration of a time-out period, which time-out period starts after receipt of the primary authentication information via the primary communication channel.
19. A system that performs authentication processing, the system including: a communication interface portion configured to interface with a customer and receive primary authentication information from the customer via a primary communication channel;an authenticating portion that is located remote from the customer, the authenticating portion configured to: authenticate the primary authentication information received from the customer, and based on the primary authentication information, retrieve customer information, the customer information verifying at least in part the primary authentication information,present a message to the customer regarding a desired mode of communication through which the customer would like to perform a secondary authentication;receive from the customer a selection of the desired mode of communication, which desired mode of communication comprises a secondary communication channel;output secondary authentication information to the customer via the secondary communication channel that is different than the primary communication channel, the secondary authentication information comprising at least one selected from the group consisting of a password and an authentication code;process the secondary authentication information, received from the customer via the primary communication channel, to authenticate the customer, andbased on successful receipt of the primary authentication information and the secondary authentication information from the customer, output an approval for the transaction.
20. The system of claim 19, wherein the primary communication channel is the Internet and the secondary authentication information is transmitted via at least one of a telephone call, text message, or e-mail to the customer.
21. The system of claim 19, wherein the customer information comprises a land-line telephone number, a cell number, an email address, or SMS information of the customer, by which to contact the customer on a channel different than the primary communication channel.
22. The system of claim 19, wherein the communication interface portion is further configured to determine whether the system recognizes a computer that the customer is using to send the primary authentication information via the primary communication channel.
23. The system of claim 19, wherein the customer communicates with the system using a smartphone.
24. The system of claim 23, wherein the customer also communicates with the system using a computer separate from the smartphone.

RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No. 11/610,289 filed Dec. 13, 2006, which claims priority to U.S. Provisional Application Ser. No. 60/830,672 filed Jul. 14, 2006, both of which are incorporated herein by reference in its their entirety.

US Referenced Citations (598)

Number	Name	Date	Kind
3705385	Batz	Dec 1972	A
3860870	Furuya	Jan 1975	A
3896266	Waterbury	Jul 1975	A
3938091	Atalla et al.	Feb 1976	A
4013962	Beseke et al.	Mar 1977	A
4321672	Braun et al.	Mar 1982	A
4567359	Lockwood	Jan 1986	A
4633397	Macco	Dec 1986	A
4695880	Johnson et al.	Sep 1987	A
4696491	Stenger	Sep 1987	A
4713761	Sharpe et al.	Dec 1987	A
4725719	Oncken et al.	Feb 1988	A
4745468	Von Kohorn	May 1988	A
4799156	Shavit	Jan 1989	A
4801787	Suzuki	Jan 1989	A
4823264	Deming	Apr 1989	A
4882675	Nichtberger et al.	Nov 1989	A
4926255	Von Kohorn	May 1990	A
4941090	McCarthy	Jul 1990	A
4964043	Galvin	Oct 1990	A
4992940	Dworkin	Feb 1991	A
5016270	Katz	May 1991	A
5050207	Hitchcock	Sep 1991	A
5084816	Boese	Jan 1992	A
5117355	McCarthy	May 1992	A
5157717	Hitchcock	Oct 1992	A
5189606	Burns et al.	Feb 1993	A
5202826	McCarthy	Apr 1993	A
5220501	Lawlor	Jun 1993	A
5233654	Harvey et al.	Aug 1993	A
5235509	Mueller et al.	Aug 1993	A
5241594	Kung	Aug 1993	A
5265033	Vajk	Nov 1993	A
5287268	McCarthy	Feb 1994	A
5297026	Hoffman	Mar 1994	A
5317683	Hager et al.	May 1994	A
5321841	East	Jun 1994	A
5351186	Bullock	Sep 1994	A
5381332	Wood	Jan 1995	A
5412708	Katz	May 1995	A
5420405	Chasek	May 1995	A
5446740	Yien	Aug 1995	A
5450134	Legate	Sep 1995	A
5450537	Hirai et al.	Sep 1995	A
5465206	Hilt et al.	Nov 1995	A
5467269	Flaten	Nov 1995	A
5473143	Vak	Dec 1995	A
5473732	Change	Dec 1995	A
5479530	Nair et al.	Dec 1995	A
5485370	Moss et al.	Jan 1996	A
5511117	Zazzera	Apr 1996	A
5513102	Auriemma	Apr 1996	A
5532920	Hartrick	Jul 1996	A
5534855	Shockley et al.	Jul 1996	A
5537314	Kanter	Jul 1996	A
5537473	Saward	Jul 1996	A
5544086	Davis et al.	Aug 1996	A
5546452	Andrews	Aug 1996	A
5551021	Harada	Aug 1996	A
5557334	Legate	Sep 1996	A
5557518	Rosen	Sep 1996	A
5560008	Johnson et al.	Sep 1996	A
5568489	Yien	Oct 1996	A
5570295	Isenberg	Oct 1996	A
5570465	Tsakanikas	Oct 1996	A
5576951	Lockwood	Nov 1996	A
5583778	Wind	Dec 1996	A
5590197	Chen	Dec 1996	A
5590199	Krajewski et al.	Dec 1996	A
5592378	Cameron	Jan 1997	A
5592553	Guski et al.	Jan 1997	A
5592560	Deaton et al.	Jan 1997	A
5594837	Noyes	Jan 1997	A
5598557	Doner	Jan 1997	A
5602936	Lynn	Feb 1997	A
5603025	Tabb	Feb 1997	A
5604490	Blakely et al.	Feb 1997	A
5606496	D'Agostino	Feb 1997	A
5611052	Dykstra	Mar 1997	A
5621201	Langhans	Apr 1997	A
5621789	McCalmont	Apr 1997	A
5621812	Deaton et al.	Apr 1997	A
5625767	Bartell	Apr 1997	A
5634101	Blau	May 1997	A
5638457	Deaton et al.	Jun 1997	A
5640577	Scharmer	Jun 1997	A
5642419	Rosen	Jun 1997	A
5644493	Motai	Jul 1997	A
5653914	Holmes et al.	Aug 1997	A
5657383	Gerber	Aug 1997	A
5659165	Jennings	Aug 1997	A
5661807	Guski et al.	Aug 1997	A
5664115	Fraser	Sep 1997	A
5666493	Wojcik et al.	Sep 1997	A
5671285	Newman	Sep 1997	A
5675637	Szlam et al.	Oct 1997	A
5675662	Deaton et al.	Oct 1997	A
5677955	Doggett et al.	Oct 1997	A
5678046	Cahill et al.	Oct 1997	A
5682524	Freund	Oct 1997	A
5684870	Maloney	Nov 1997	A
5687322	Deaton et al.	Nov 1997	A
5689100	Carrithers et al.	Nov 1997	A
5692132	Hogan	Nov 1997	A
5699528	Hogan	Dec 1997	A
5703344	Bezy et al.	Dec 1997	A
5710886	Christensen et al.	Jan 1998	A
5710887	Chelliah	Jan 1998	A
5710889	Clark et al.	Jan 1998	A
5715298	Rogers	Feb 1998	A
5715314	Payne	Feb 1998	A
5715399	Bezos	Feb 1998	A
5715402	Popolo	Feb 1998	A
5715450	Ambrose	Feb 1998	A
5724424	Gifford	Mar 1998	A
5727163	Bezos	Mar 1998	A
5734838	Robinson	Mar 1998	A
5737414	Walker et al.	Apr 1998	A
5740231	Cohn et al.	Apr 1998	A
5754840	Rivette	May 1998	A
5758126	Daniels et al.	May 1998	A
5758328	Giovannoli	May 1998	A
5761288	Gray	Jun 1998	A
5761647	Boushy	Jun 1998	A
5761661	Coussenns	Jun 1998	A
5764789	Pare et al.	Jun 1998	A
5765141	Spector	Jun 1998	A
5765143	Sheldon	Jun 1998	A
5768382	Schnier et al.	Jun 1998	A
5774122	Kojima	Jun 1998	A
5778178	Arunachalam	Jul 1998	A
5781909	Logan et al.	Jul 1998	A
5784562	Diener	Jul 1998	A
5787403	Randle	Jul 1998	A
5787404	Fernandez-Holmann	Jul 1998	A
5790650	Dunn	Aug 1998	A
5790785	Klug et al.	Aug 1998	A
5793861	Haigh	Aug 1998	A
5794178	Caid	Aug 1998	A
5794207	Walker	Aug 1998	A
5794259	Kikinis	Aug 1998	A
5796395	De Hond	Aug 1998	A
5797127	Walker et al.	Aug 1998	A
5798508	Walker et al.	Aug 1998	A
5802498	Comesanas	Sep 1998	A
5802502	Gell	Sep 1998	A
5805719	Pare et al.	Sep 1998	A
5815657	Williams et al.	Sep 1998	A
5815665	Teper et al.	Sep 1998	A
5815683	Vogler	Sep 1998	A
5818936	Mashayekhi	Oct 1998	A
5819092	Ferguson	Oct 1998	A
5819285	Damico	Oct 1998	A
5825863	Walker	Oct 1998	A
5825870	Miloslavsky	Oct 1998	A
5826241	Stein	Oct 1998	A
5826245	Sandberg-Diment	Oct 1998	A
5826250	Trefler	Oct 1998	A
5828734	Katz	Oct 1998	A
5828751	Walker et al.	Oct 1998	A
5828812	Khan et al.	Oct 1998	A
5828833	Belville et al.	Oct 1998	A
5832211	Blakley, III et al.	Nov 1998	A
5832460	Bednar	Nov 1998	A
5832476	Tada	Nov 1998	A
5835087	Herz	Nov 1998	A
5835580	Fraser	Nov 1998	A
5835603	Coutts	Nov 1998	A
5838903	Blakely, III et al.	Nov 1998	A
5838906	Doyle	Nov 1998	A
5842178	Giovannoli	Nov 1998	A
5842211	Horadan	Nov 1998	A
5844553	Hao	Dec 1998	A
5845259	West et al.	Dec 1998	A
5845260	Nakano et al.	Dec 1998	A
5847709	Card	Dec 1998	A
5848143	Andrews	Dec 1998	A
5848400	Chang	Dec 1998	A
5848427	Hyodo	Dec 1998	A
5852812	Reeder	Dec 1998	A
5857079	Claus et al.	Jan 1999	A
5862223	Walker	Jan 1999	A
5862323	Blakely, III et al.	Jan 1999	A
5864830	Armetta et al.	Jan 1999	A
RE36116	McCarthy	Feb 1999	E
5866889	Weiss et al.	Feb 1999	A
5870718	Spector	Feb 1999	A
5870724	Lawlor	Feb 1999	A
5870725	Belinger et al.	Feb 1999	A
5871398	Schneier et al.	Feb 1999	A
5873072	Kight	Feb 1999	A
5873096	Lim	Feb 1999	A
5880769	Nemirofsky	Mar 1999	A
5883810	Franklin et al.	Mar 1999	A
5884032	Bateman	Mar 1999	A
5884270	Walker et al.	Mar 1999	A
5884272	Walker et al.	Mar 1999	A
5884274	Walker et al.	Mar 1999	A
5884288	Chang	Mar 1999	A
5889863	Weber	Mar 1999	A
5892900	Ginter et al.	Apr 1999	A
5898780	Liu et al.	Apr 1999	A
5899982	Randle	May 1999	A
5903881	Schrader	May 1999	A
5909486	Walker et al.	Jun 1999	A
5910988	Ballard	Jun 1999	A
5913202	Motoyama	Jun 1999	A
5914472	Foladare et al.	Jun 1999	A
5915244	Jack et al.	Jun 1999	A
5918214	Perkowski	Jun 1999	A
5918217	Maggioncalda	Jun 1999	A
5918239	Allen et al.	Jun 1999	A
5920847	Kolling et al.	Jul 1999	A
5921864	Walker et al.	Jul 1999	A
5923763	Walker et al.	Jul 1999	A
5926796	Walker et al.	Jul 1999	A
5926812	Hilsenrath	Jul 1999	A
5930764	Melchione	Jul 1999	A
5933816	Zeanah	Aug 1999	A
5933817	Hucal	Aug 1999	A
5933823	Cullen	Aug 1999	A
5933827	Cole	Aug 1999	A
5940812	Tengel et al.	Aug 1999	A
5943656	Crooks	Aug 1999	A
5944824	He	Aug 1999	A
5945653	Walker et al.	Aug 1999	A
5946388	Walker et al.	Aug 1999	A
5947747	Walker et al.	Sep 1999	A
5949044	Walker et al.	Sep 1999	A
5949875	Walker et al.	Sep 1999	A
5950173	Perkowski	Sep 1999	A
5950174	Brendzel	Sep 1999	A
5950206	Krause	Sep 1999	A
5952639	Ohki	Sep 1999	A
5952641	Korshun	Sep 1999	A
5953710	Fleming	Sep 1999	A
5956695	Carrithers et al.	Sep 1999	A
5958007	Lee et al.	Sep 1999	A
5960411	Hartman et al.	Sep 1999	A
5961593	Gabber et al.	Oct 1999	A
5963635	Szlam et al.	Oct 1999	A
5963925	Kolling et al.	Oct 1999	A
5963952	Smith	Oct 1999	A
5963953	Cram et al.	Oct 1999	A
5966695	Melchione et al.	Oct 1999	A
5966699	Zandi	Oct 1999	A
5967896	Jorasch et al.	Oct 1999	A
5969318	Mackenthun	Oct 1999	A
5970143	Schneier et al.	Oct 1999	A
5970470	Walker et al.	Oct 1999	A
5970478	Walker et al.	Oct 1999	A
5970482	Pham	Oct 1999	A
5970483	Evans	Oct 1999	A
5978467	Walker et al.	Nov 1999	A
5983196	Wendkos	Nov 1999	A
5987434	Libman	Nov 1999	A
5987454	Hobbs	Nov 1999	A
5987498	Athing et al.	Nov 1999	A
5991736	Ferguson et al.	Nov 1999	A
5991738	Ogram	Nov 1999	A
5991748	Taskett	Nov 1999	A
5991751	Rivette et al.	Nov 1999	A
5991780	Rivette	Nov 1999	A
5995948	Whitford	Nov 1999	A
5995976	Walker et al.	Nov 1999	A
5999596	Walker et al.	Dec 1999	A
5999907	Donner	Dec 1999	A
6000033	Kelley et al.	Dec 1999	A
6001016	Walker et al.	Dec 1999	A
6003762	Hayashida	Dec 1999	A
6005939	Fortenberry et al.	Dec 1999	A
6006205	Loeb et al.	Dec 1999	A
6006249	Leong	Dec 1999	A
6009415	Shurling et al.	Dec 1999	A
6009442	Chen et al.	Dec 1999	A
6010404	Walker et al.	Jan 2000	A
6012088	Li et al.	Jan 2000	A
6012983	Walker et al.	Jan 2000	A
6014439	Walker et al.	Jan 2000	A
6014635	Harris et al.	Jan 2000	A
6014636	Reeder	Jan 2000	A
6014638	Burge et al.	Jan 2000	A
6014641	Loeb et al.	Jan 2000	A
6014645	Cunningham	Jan 2000	A
6016476	Maes et al.	Jan 2000	A
6016810	Ravenscroft	Jan 2000	A
6018714	Risen, Jr.	Jan 2000	A
6018718	Walker et al.	Jan 2000	A
6024640	Walker et al.	Feb 2000	A
6026398	Brown et al.	Feb 2000	A
6026429	Jones et al.	Feb 2000	A
6032134	Weissman	Feb 2000	A
6032147	Williams et al.	Feb 2000	A
6038547	Casto	Mar 2000	A
6038552	Fleischl et al.	Mar 2000	A
6042006	Van Tilburg et al.	Mar 2000	A
6044362	Neely	Mar 2000	A
6045039	Stinson et al.	Apr 2000	A
6049778	Walker et al.	Apr 2000	A
6049782	Gottesman et al.	Apr 2000	A
6049835	Gagnon	Apr 2000	A
6055637	Hudson et al.	Apr 2000	A
6061665	Bahreman	May 2000	A
6064987	Walker et al.	May 2000	A
6065120	Laursen et al.	May 2000	A
6065675	Teicher	May 2000	A
6070147	Harms et al.	May 2000	A
6070153	Simpson	May 2000	A
6070244	Orchier et al.	May 2000	A
6073105	Sutcliffe et al.	Jun 2000	A
6073113	Guinan	Jun 2000	A
6075519	Okatani et al.	Jun 2000	A
6076072	Libman	Jun 2000	A
6081790	Rosen	Jun 2000	A
6081810	Rosenzweig et al.	Jun 2000	A
6081900	Subramaniam et al.	Jun 2000	A
6085168	Mori et al.	Jul 2000	A
6088444	Walker et al.	Jul 2000	A
6088451	He et al.	Jul 2000	A
6088683	Jalili	Jul 2000	A
6088686	Walker et al.	Jul 2000	A
6088700	Larsen et al.	Jul 2000	A
6091817	Bertina et al.	Jul 2000	A
6092192	Kanevsky et al.	Jul 2000	A
6092196	Reiche	Jul 2000	A
6095412	Bertina et al.	Aug 2000	A
6098070	Maxwell	Aug 2000	A
6101486	Roberts et al.	Aug 2000	A
6104716	Crichton et al.	Aug 2000	A
6105012	Chang et al.	Aug 2000	A
6105865	Hardesty	Aug 2000	A
6111858	Greaves et al.	Aug 2000	A
6112181	Shear et al.	Aug 2000	A
6115690	Wong	Sep 2000	A
6119093	Walker et al.	Sep 2000	A
6119099	Walker et al.	Sep 2000	A
6128599	Walker et al.	Oct 2000	A
6128602	Northington et al.	Oct 2000	A
6131810	Weiss et al.	Oct 2000	A
6134549	Regnier et al.	Oct 2000	A
6134592	Montulli	Oct 2000	A
6135349	Zirkel	Oct 2000	A
6138106	Walker et al.	Oct 2000	A
6138118	Koppstein et al.	Oct 2000	A
6141651	Riley et al.	Oct 2000	A
6141666	Tobin	Oct 2000	A
6144946	Iwamura	Nov 2000	A
6144948	Walker et al.	Nov 2000	A
6145086	Bellemore et al.	Nov 2000	A
6148293	King	Nov 2000	A
6151584	Papierniak et al.	Nov 2000	A
6154750	Roberge et al.	Nov 2000	A
6154879	Pare et al.	Nov 2000	A
6161182	Nadooshan	Dec 2000	A
6164533	Barton	Dec 2000	A
6170011	Beck et al.	Jan 2001	B1
6178511	Cohen et al.	Jan 2001	B1
6182052	Fulton et al.	Jan 2001	B1
6182142	Win et al.	Jan 2001	B1
6182220	Chen et al.	Jan 2001	B1
6182225	Hagiuda et al.	Jan 2001	B1
6185242	Arthur et al.	Feb 2001	B1
6189029	Fuerst	Feb 2001	B1
6195644	Bowie	Feb 2001	B1
6199077	Inala et al.	Mar 2001	B1
6201948	Cook et al.	Mar 2001	B1
6202005	Mahaffey	Mar 2001	B1
6202054	Lawlor et al.	Mar 2001	B1
6202151	Musgrave et al.	Mar 2001	B1
6202158	Urano et al.	Mar 2001	B1
6208978	Walker et al.	Mar 2001	B1
6208984	Rosenthal	Mar 2001	B1
6216115	Barrameda et al.	Apr 2001	B1
6219639	Bakis et al.	Apr 2001	B1
6219706	Fan	Apr 2001	B1
6222914	McMullin	Apr 2001	B1
6226623	Schein et al.	May 2001	B1
6226679	Gupta	May 2001	B1
6226752	Gupta et al.	May 2001	B1
6227447	Campisano	May 2001	B1
6230148	Pare et al.	May 2001	B1
6243688	Kalina	Jun 2001	B1
6243816	Fang et al.	Jun 2001	B1
6253327	Zhang et al.	Jun 2001	B1
6253328	Smith, Jr.	Jun 2001	B1
6256664	Donoho et al.	Jul 2001	B1
6260026	Tomida et al.	Jul 2001	B1
6266648	Baker, III	Jul 2001	B1
6266683	Yehuda et al.	Jul 2001	B1
6267292	Walker et al.	Jul 2001	B1
6269348	Pare et al.	Jul 2001	B1
6275944	Kao et al.	Aug 2001	B1
6289322	Kitchen et al.	Sep 2001	B1
6298330	Gardenswartz et al.	Oct 2001	B1
6298356	Jawahar et al.	Oct 2001	B1
6301567	Leong et al.	Oct 2001	B1
6308273	Goertzel et al.	Oct 2001	B1
6308274	Swift	Oct 2001	B1
6311275	Jin et al.	Oct 2001	B1
6317834	Gennaro et al.	Nov 2001	B1
6317838	Baize	Nov 2001	B1
6324524	Lent et al.	Nov 2001	B1
6327573	Walker et al.	Dec 2001	B1
6327578	Linehan	Dec 2001	B1
6332192	Boroditisky et al.	Dec 2001	B1
6336104	Walker et al.	Jan 2002	B1
6343279	Bissonette et al.	Jan 2002	B1
6345261	Feidelson	Feb 2002	B1
6349242	Mahaffey	Feb 2002	B2
6349336	Sit et al.	Feb 2002	B1
6363381	Lee et al.	Mar 2002	B1
6366682	Hoffman et al.	Apr 2002	B1
6385591	Mankoff	May 2002	B1
6385652	Brown et al.	May 2002	B1
6401125	Makarios et al.	Jun 2002	B1
6401211	Brezak, Jr. et al.	Jun 2002	B1
6408389	Grawrock et al.	Jun 2002	B2
6411933	Maes et al.	Jun 2002	B1
6418457	Schmidt et al.	Jul 2002	B1
6438594	Bowman-Amuah	Aug 2002	B1
6438666	Cassagnol et al.	Aug 2002	B2
6449765	Ballard	Sep 2002	B1
6453353	Win et al.	Sep 2002	B1
6460141	Olden	Oct 2002	B1
6487641	Cusson et al.	Nov 2002	B1
6493677	von Rosen et al.	Dec 2002	B1
6493685	Ensel et al.	Dec 2002	B1
6496855	Hunt et al.	Dec 2002	B1
6496936	French et al.	Dec 2002	B1
6507912	Matyas, Jr. et al.	Jan 2003	B1
6510523	Perlman et al.	Jan 2003	B1
6526404	Slater et al.	Feb 2003	B1
6532284	Walker et al.	Mar 2003	B2
6535855	Cahill et al.	Mar 2003	B1
6535917	Zamanzadeh et al.	Mar 2003	B1
6535980	Kumar et al.	Mar 2003	B1
6539424	Dutta	Mar 2003	B1
6557039	Leong et al.	Apr 2003	B1
6574348	Venkatesan et al.	Jun 2003	B1
6580814	Ittycheriah et al.	Jun 2003	B1
6581040	Wright et al.	Jun 2003	B1
6584505	Howard et al.	Jun 2003	B1
6584508	Epstein et al.	Jun 2003	B1
6589291	Boag et al.	Jul 2003	B1
6592044	Wong et al.	Jul 2003	B1
6609106	Robertson	Aug 2003	B1
6609113	O'Leary et al.	Aug 2003	B1
6609125	Layne et al.	Aug 2003	B1
6609198	Wood et al.	Aug 2003	B1
6609654	Anderson et al.	Aug 2003	B1
6618579	Smith et al.	Sep 2003	B1
6618806	Brown et al.	Sep 2003	B1
6623415	Gates et al.	Sep 2003	B2
6640302	Subramaniam et al.	Oct 2003	B1
6668322	Wood et al.	Dec 2003	B1
6675261	Shandony	Jan 2004	B2
6684384	Bickerton et al.	Jan 2004	B1
6687222	Albert et al.	Feb 2004	B1
6687245	Fangman et al.	Feb 2004	B2
6697947	Matyas, Jr. et al.	Feb 2004	B1
6714987	Amin et al.	Mar 2004	B1
6718482	Sato et al.	Apr 2004	B2
6718535	Underwood	Apr 2004	B1
6725269	Megiddo	Apr 2004	B1
6735695	Gopalakrishnan et al.	May 2004	B1
6738779	Shapira	May 2004	B1
6751654	Massarani et al.	Jun 2004	B2
6754833	Black et al.	Jun 2004	B1
6755341	Wong et al.	Jun 2004	B1
6766370	Glommen et al.	Jul 2004	B2
6769605	Magness	Aug 2004	B1
6772146	Khemlani et al.	Aug 2004	B2
6785810	Lirov et al.	Aug 2004	B1
6789115	Singer et al.	Sep 2004	B1
6805288	Routhenstein et al.	Oct 2004	B2
6810395	Bharat	Oct 2004	B1
6819219	Bolle et al.	Nov 2004	B1
6820202	Wheeler et al.	Nov 2004	B1
6826696	Chawla et al.	Nov 2004	B1
6832202	Schuyler et al.	Dec 2004	B1
6847991	Kurapati	Jan 2005	B1
6856970	Campbell et al.	Feb 2005	B1
6868391	Hultgren	Mar 2005	B1
6892231	Jager	May 2005	B2
6907566	McElfresh et al.	Jun 2005	B1
6925481	Singhal et al.	Aug 2005	B2
6934848	King et al.	Aug 2005	B1
6937976	Apte	Aug 2005	B2
6938158	Azuma	Aug 2005	B2
6950936	Subramaniam et al.	Sep 2005	B2
6954932	Nakamura et al.	Oct 2005	B2
6957337	Chainer et al.	Oct 2005	B1
6965939	Cuomo et al.	Nov 2005	B2
6976164	King et al.	Dec 2005	B1
6980962	Arganbright et al.	Dec 2005	B1
6983421	Lahti et al.	Jan 2006	B1
6992786	Breding et al.	Jan 2006	B1
7010512	Gillin et al.	Mar 2006	B1
7020696	Perry et al.	Mar 2006	B1
7032110	Su et al.	Apr 2006	B1
7051199	Berson et al.	May 2006	B1
7051330	Kaler et al.	May 2006	B1
7058817	Ellmore	Jun 2006	B1
7080036	Drummond et al.	Jul 2006	B1
7089208	Levchin et al.	Aug 2006	B1
7089503	Bloomquist et al.	Aug 2006	B1
7093020	McCarty et al.	Aug 2006	B1
7103556	Del Rey et al.	Sep 2006	B2
7117239	Hansen	Oct 2006	B1
7137006	Grandcolas et al.	Nov 2006	B1
7185094	Marquette et al.	Feb 2007	B2
7870202	Madams et al.	Jan 2011	B2
20010011255	Asay et al.	Aug 2001	A1
20010012974	Mahaffey	Aug 2001	A1
20010016835	Hansmann et al.	Aug 2001	A1
20010027474	Nachman et al.	Oct 2001	A1
20010032184	Tenembaum	Oct 2001	A1
20010047295	Tenembaum	Nov 2001	A1
20010051917	Bissonette et al.	Dec 2001	A1
20010054003	Chien et al.	Dec 2001	A1
20020002479	Almog et al.	Jan 2002	A1
20020007313	Mai et al.	Jan 2002	A1
20020007460	Azuma	Jan 2002	A1
20020010599	Levison	Jan 2002	A1
20020010668	Travis et al.	Jan 2002	A1
20020018585	Kim	Feb 2002	A1
20020019938	Aarons	Feb 2002	A1
20020023108	Daswani et al.	Feb 2002	A1
20020029269	McCarty et al.	Mar 2002	A1
20020032613	Buettgenbach et al.	Mar 2002	A1
20020032650	Hauser et al.	Mar 2002	A1
20020059141	Davies et al.	May 2002	A1
20020077964	Brody et al.	Jun 2002	A1
20020077978	O'Leary et al.	Jun 2002	A1
20020087447	McDonald et al.	Jul 2002	A1
20020087471	Ganesan et al.	Jul 2002	A1
20020095443	Kovack	Jul 2002	A1
20020099826	Summers et al.	Jul 2002	A1
20020104006	Boate et al.	Aug 2002	A1
20020104017	Stefan	Aug 2002	A1
20020107788	Cunningham	Aug 2002	A1
20020143874	Marquette et al.	Oct 2002	A1
20020152163	Bezos et al.	Oct 2002	A1
20020156900	Marquette et al.	Oct 2002	A1
20020165949	Na	Nov 2002	A1
20020174010	Rice, III	Nov 2002	A1
20020178113	Clifford et al.	Nov 2002	A1
20020184507	Makower et al.	Dec 2002	A1
20020188869	Patrick	Dec 2002	A1
20020191548	Ylonen et al.	Dec 2002	A1
20020198806	Blagg et al.	Dec 2002	A1
20030001888	Power	Jan 2003	A1
20030018915	Stoll	Jan 2003	A1
20030023880	Edward et al.	Jan 2003	A1
20030034388	Routhenstein et al.	Feb 2003	A1
20030037131	Verma	Feb 2003	A1
20030037142	Munger et al.	Feb 2003	A1
20030040995	Daddario et al.	Feb 2003	A1
20030041165	Spencer et al.	Feb 2003	A1
20030046587	Bheemarasetti et al.	Mar 2003	A1
20030046589	Gregg	Mar 2003	A1
20030051026	Carter et al.	Mar 2003	A1
20030055871	Roses	Mar 2003	A1
20030070069	Belapurkar et al.	Apr 2003	A1
20030070084	Satomaa et al.	Apr 2003	A1
20030074580	Knouse et al.	Apr 2003	A1
20030079147	Hsieh et al.	Apr 2003	A1
20030084345	Bjornestad et al.	May 2003	A1
20030084647	Smith et al.	May 2003	A1
20030088552	Bennett et al.	May 2003	A1
20030105981	Miller et al.	Jun 2003	A1
20030110399	Rail	Jun 2003	A1
20030115160	Nowlin et al.	Jun 2003	A1
20030119642	Gates et al.	Jun 2003	A1
20030154171	Karp et al.	Aug 2003	A1
20030154403	Keinsley et al.	Aug 2003	A1
20030159072	Bellinger et al.	Aug 2003	A1
20030163700	Paatero	Aug 2003	A1
20030163733	Barriga-Caceres et al.	Aug 2003	A1
20030177067	Cowell et al.	Sep 2003	A1
20030191549	Otsuka et al.	Oct 2003	A1
20040019563	Sines et al.	Jan 2004	A1
20040031856	Atsmon et al.	Feb 2004	A1
20040049702	Subramaniam et al.	Mar 2004	A1
20040111369	Lane et al.	Jun 2004	A1
20040117409	Scahill et al.	Jun 2004	A1
20050080747	Anderson et al.	Apr 2005	A1
20050082362	Anderson et al.	Apr 2005	A1
20050086160	Wong et al.	Apr 2005	A1
20050086177	Anderson et al.	Apr 2005	A1
20050120180	Schornbach et al.	Jun 2005	A1
20050193056	Schaefer et al.	Sep 2005	A1
20050278641	Mansour et al.	Dec 2005	A1
20060274970	Seki et al.	Dec 2006	A1
20070019806	Conley et al.	Jan 2007	A1
20070178882	Teunissen et al.	Aug 2007	A1
20070203850	Singh et al.	Aug 2007	A1
20070234408	Burch et al.	Oct 2007	A1

Foreign Referenced Citations (24)

Number	Date	Country
2430549	Jun 2002	CA
19731293	Jan 1999	DE
0855659	Jul 1998	EP
0884877	Dec 1998	EP
0917119	May 1999	EP
1014318	Jun 2000	EP
1022664	Jul 2000	EP
1056043	Nov 2000	EP
1089516	Apr 2001	EP
1471708	Oct 2004	EP
H10-187467	Jul 1998	JP
200324329	Nov 2000	JP
2001134672	May 2001	JP
2005-242976	Sep 2005	JP
WO 9743736	Nov 1997	WO
WO 9940507	Aug 1999	WO
WO 9952051	Oct 1999	WO
WO 0068858	Nov 2000	WO
WO 0118656	Mar 2001	WO
WO 0135355	May 2001	WO
WO 0143084	Jun 2001	WO
WO 0188659	Nov 2001	WO
WO 0217082	Feb 2002	WO
WO 2004079603	Sep 2004	WO

Non-Patent Literature Citations (65)

Entry
Kutler, A Different Drummer on the Data Highway, American Banker, Section: No. 91, vol. 160, May 12, 1995, p. 14.
Epper, A Player Goes After Big Bucks in Cyberspace, American Banker, vol. 160, No. 86, ISSN: 0002-7561, May 5, 1995, p. 17.
Berry et al., A potent new tool for selling databse, Business Week, Cover Story, Sep. 5, 1994, pp. 56-62.
Applets, java.sun.com, May 21, 1999.
Associates National Bank (DE) Credit Card, The Associates, www.theassociates.com/consumer/credit—cards/main.html, Apr. 6, 1999, 6 pages.
At Your Request, www.wingspanbank.com, Sep. 28, 1999.
Anonymous, Aversion Therapy: Banks Overcoming Fear of the 'Net to Develop Safe Internet-based Payment System w/ Netscape Communicator, Network World, ISSN: 0887-7661, Dec. 12, 1994.
Java, Banking on Java(TM) Technology, java.sun.com, May 21, 1999.
Fusaro, Roberta, Builders Moving to Web tools Computerworld, Nov. 16, 1998, vol. 32, No. 46, pp. 51, 53.
Anonymous, CORBA Overview, arch2.htm at pent21.infosys.tuwien.ac.at, May 25, 1999.
Vandenengel, Cards on the Internet: Advertising on a $3 Bill, Industry Intelligence, Feb. 1, 1995, pp. 46-48.
Bank, Cash, Check,Charge—What's Next?, Seattle Times, Mar. 6, 1995.
Marlin, Chasing Document Management, Inform, vol. 13, No. 4, Apr. 199, p. 76-82.
Consortium Created to Manage Common Electronic Purse Specifications, http://www.visa.com/av/news/PRmisc051199.vhtml, printed Feb. 23, 2001.
Marchman, Construction Scheduling with Primavera Project Planner, May 25, 1999.
Chester, Cross-platform integration with XML and SOAP, IT PTO Sep.-Oct. 2001.
Mitchell, Cyberspace: Crafting Software . . . , Business Week, Feb. 27, 1999, pp. 78-86.
Strassel, Dutch Software Concern Experiments with Electronic ‘Cash’ in Cyberspace, The Wall Street Journal, Apr. 17, 1995.
Post, E-Cash: Can't Live With It, Can't Live Without It, The American Lawyer, Mar. 1, 1995, pp. 116-117.
Thomas, Enterprise Javabeans(TM) Technology: Server Component Model for the Java(TM) platform, java.sun.com, May 2, 1999.
Seibert, Paul, Facilities Planning & Design for Financial Institutions Bankline Publications, 1996, ISBN: 1-55738-780-X.
Owens, David, Facilities Planning & Relocation RSMeans, 1993, ISBN: 0-87629-281-3.
Maize, Fannie Mae on the Web, Doucment ID: 52079, May 8, 1995.
The Gale Group, G&D America's Multi-application Smart Card Selected for Combined Payroll and ‘Virtual Banking’ Program in Mexico, Business Wire, Apr. 24, 1998, p. 241047.
Getting Smart with Java: Sun Micro Says American Express to Use Java for Smart Card, ABCNews.com, printed on Jun. 6, 2000.
Knowles, Improved Internet Security Enabling On-Line Commerce, PCWeek, vol. 12, No. 11, ISSN: 0740-1604, Mar. 20, 1995.
Radosevich, Is Work Flow Working?, CNN.com, Apr. 6, 1999 at <http://www.cnn.com/TECH/computing/9904/06/workflow/ent.idg, p. 1 of 5, retrieved from the internet on Nov. 28, 2005.
Java, Java (TM) Technology in the Real World, java.sun.com, May 21, 1999.
Java, Java(TM) Remote Method Invocation (RMI) Interface, java.sun.com, 05/32/1999.
Java, Java(TM) Servlet API, java.sun.com, May 21, 1999.
Frank, John N. Frank, Beyond Direct Mail, Credit Card Management, vol. 9, Iss. 5, Aug. 1996, 4pgs.
OMG, Library, www.omg.com, May 25, 1999.
Mary C. Lacity, et al., Mary C. Lacity, et al., The Information Systems Outsourcing Bandwagon, Sloan Management Review, vol. 35, No. 1, Fall 1993, p. 73-86.
Method of Protecting Data on a Personal Computer, IBM Corporation, TDB 11-85, Order 85A 62426, Nov. 1, 1995, p. 2530.
Clark, Microsoft, Visa to Jointly Develop PC Electronic-Shopping Software, The Wall Street Journal, Nov. 9, 1994, WSJ B9.
Mitchell, Netlink Goes After an Unbanked Niche, Card Technology, ISSN: 1093-1279, Sep. 1999, p. 22.
Houlder, OFT Gives the Individual Top Priority: Report Calls for Deregulation of Business Lending, Document ID: 91716, Jun. 8, 1994.
Omware, Inc., Web Pages, Feb. 2000, Retrieved from http://web.archive.org/web20000226033405/www.omware.com/products.html, Retrieved from the interneet on Nov. 28, 2005.
Anonymous, Overview of CORBA, May 25, 1999.
Harris, Planning Using Primavera Project Planner P3 Version 3.0, User Guide, Copyright 1999 by Eastwood Harry Pty Ltd., 1999.
Johnston, Pondering Passport: Do You Trust Microsoft With Your Data?, www.pcworld.com/resource/printable/article/0.aid,63244,00.asp, Sep. 24, 2001.
Primavera Systems, Inc.—How the World Manages Projects, Expedition Contract Control Software, www.primavera.com, Jun. 23, 2005.
Primavera and PurchasePro.com to Create E-Commerce Markerplace for Construction Industry, Primavera Ships P3, version 3.0, www.purchasepro.com/, Sep. 21, 1999, pp. 1-3.
Resource Center: Consolidated Edison Selects GE TPN Post, printed Apr. 26, 1999.
Kormann, Risks of the Passport Single Signon Protocol, Computer Networks, Elsevier Science Press, vol. 33, Sep. 20, 2003, pp. 51-58.
Safe Single-Sign-On Protocol with Minimal Passwork Exposure No Decryption and Technology Adaptivity, IBM Corporation, TDB 03-95, Order 95A, Mar. 1, 1995, pp. 245-248.
Deckmyn, Dominique, San Francisco manages $45M project via web-based Service, Computerworld, Aug. 9, 1999, vol. 33, No. 32, p. 14.
Sun Microsystems, Inc., Schema for Representing CORBA Objects in an LDAP directory, May 21, 1999, pp. 1-9.
Jakobsson et al., Secure and lightweight advertising on the web, Computer Networks, 31 (1999) 1101-1109.
Siebel, Siebel: Ensuring Customer Success, www.siebel.com, Nov. 17, 1999.
SmartAxis, How it works, http://www.smartaxis.co.uk/seller/howitworks.html, printed on Feb. 23, 2001.
Mosig, Richard, Software Review: the Construction Project Manager Cost Engineering, Jan. 1996, vol. 38, No. 1, pp. 7-8.
Hernandez, Tomas et al., Software Solutions Building Design & Construction, Nov. 1999, vol. 40, No. 11, pp. 38-40.
Java, Staying in Touch with JNDI, java.sun.com, May 21, 1999.
Summary of the At Your Request Architecture, First USA Bank Confidential and Proprietary, Apr. 2, 1999, pp. 1-8.
Taylor, Telecommunications Demand Analysis in Transition, Proceedings of the 31st Hawaii International Conference on System Sciences, vol. 5, Jan. 6-9, 1998, pp. 409-415.
Temporary Global Passwords, IBM Corporation, IBM TDB v36, n3, 03-93. Order 93A 60636, Mar. 1, 1993, pp. 451-454.
Java, The JDBC(TM) Data Access API, java.sun.com, May 21, 1999.
Carden, Philip, The New Face of Single Sign-on, Network Computing, http://www.networkcomputing.com, printed Dec. 29, 2000, 4 pages.
OMG, Welcome to OMG's CORBA for Beginners Page!, www.omg.co, May 25, 1999.
OMG, What is CORBA?, www.omg.com, May 25, 1999.
eCharge, eCharge Corporation, www.echarge.com, Dec. 3, 1999.
Federal Financial Institutions Examination Council, Authentication in an Electronic Banking Environment, Aug. 8, 2001, pp. 1-12.
Federal Financial Institutions Examination Council, Authentication in an Internet Banking Environment, Oct. 12, 2005, pp. 1-14.
Federal Financial Institutions Examination Council, Supplement to Authentication in an Internet Banking Environment, Jun. 28, 2011, pp. 1-12.

Provisional Applications (1)

	Number	Date	Country
	60830672	Jul 2006	US

Continuations (1)

	Number	Date	Country
Parent	11610289	Dec 2006	US
Child	14313159		US

Systems and methods for multifactor authentication

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

CPC

International Classifications

Abstract