11140142 - Method and system for authentication

US Patent No. 11140142 - Prepared by Attorney David Tran for Salesforce and filed by Dergosits & Noah LLP

Brief description:  The login flow may start with operation 305 where a user (e.g., user 103) initiates a request to log in to the server computing system (e.g., server computing system 255. In operation 310, the server computing system 255 may then request the user 103 to provide user ID and password information. In operation 315, the user ID and password information is transmitted from the user to the server computing system. When there is a MITM attack, the user ID and password information may be intercepted along path 318. In operation 320, the server computing system verifies the user ID and password information. When a second level verification is required, the server computing system may send a second level question to the user (via user computing system) in operation 325 based on successful verification of the user ID and password information. In operation 330, the user may send a response to the second level question to the server computing system. When there is a MITM attack, the response to the second level question may be intercepted along path 335. In operation 340, the server computing system may enable a login session with the user based on successful second level question verification after the user ID, password and response to the second level question already intercepted by the MITM attack.  In operation 415, the user ID is transmitted from the user to the server computing system. When there is a MITM attack, it may be possible that the user ID may be intercepted along path 418 but no user password is compromised. In operation 420, the server computing system verifies the user ID. When a second level verification is required, the server computing system may send a second level question to the user (via user computing system) in operation 425 based on successful verification of the user ID. The second level question may be encrypted based on a stored user's password. Since the second level question is encrypted, it is not exposed to the MITM attack.

View Complete Description

Images courtesy of Pixabay.com

The information provided on this website does not, and is not intended to, constitute legal advice.   Contacting PCIP by phone, email or by using an online contact form does not establish an attorney-client relationship.  Please do not send any confidential information to us until such time as a formal attorney-client relationship has been established.

Contact Us

(408) 800-6223

This email address is being protected from spambots. You need JavaScript enabled to view it.

2200 Eastridge Loop, San Jose, CA.  95173

Copyright

Copyright © 2024 Patent Counselors - IP Counseling and Prosecution. All Rights Reserved.