USOO8302175B2
`
`(12) United States Patent
`Thoursie et a].
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 8,302,175 B2
`Oct. 30, 2012
`
`(54) METHOD AND SYSTEM FOR ELECTRONIC
`REAUTHENTICATION OF A
`COMMUNICATION PARTY
`
`(58) Field of Classi?cation Search ..................... .. 726/9
`See application ?le for complete search history.
`R f
`C, d
`e erences lte
`
`56
`
`(75) Inventors: Anders Thoursie, Nacka (SE); Peter
`HOhn’ SOHemuna (SE); sven-Hékan
`Olsson’ StOCkh°1m(SE)
`
`_
`(73) ASSlgneei D0¢A¢¢01111t AB, Nacka (SE)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term ofthis
`
`379/243
`ZofUll/IEIFTS
`5 588 051
`er 0W1 Z c a .
`.......... ..
`,
`,
`380/271
`9/1997 Falk et a1. ............ ..
`5,668,876 A *
`6,175,831 B1* 1/2001 Weinreich et a1. .................. .. 1/1
`7,239,688 B1 *
`7/2007 Sayko et a1. ............. .. 379/9302
`2002/0004831 A1
`1/2002 Woodhill
`*
`Rl/I?nciifgeistlet 31~ ~~~~~~~ ~~ 713/201
`
`'
`
`'
`
`ue er 6 a .
`
`Patent 15 mended or adluswd under 35
`U-S-C- 154(1)) by 914 days-
`
`2004/0243832 A1 * 12/2004 Wilf et a1. ................... .. 713/200
`2005/0215306 A1* 9/2005 O’Donnell et a1. ........... .. 463/17
`
`(21) Appl_ No;
`
`11/918,877
`
`(22) PCT Filed:
`
`Apr. 20, 2005
`
`86 PCT No.:
`§ 371 (0X1),
`(2), (4) Date:
`
`PCT/SE2005/000568
`
`Oct. 19, 2007
`
`(87) PCT Pub. No.: WO2006/112761
`
`PCT Pub. Date: Oct. 26, 2006
`
`(65)
`
`PriOl‘ PublicatiOIl Data
`Us 2009/0106829 A1
`A r 23 2009
`p '
`’
`
`(51) Int. Cl.
`G06F 7/04
`
`(2006 01)
`
`FOREIGN PATENT DOCUMENTS
`1 102 150
`5/2001
`EP
`* Cited by examiner
`
`ABSTRACT
`
`Primar Examiner i Cordelia Zecher
`y
`(74) Attorney, Agent, or Firm * Harness, Dickey & Pierce,
`P'L'C'
`57
`.
`.
`.
`(
`)
`The present 1nventlon relates to a method for electromc reau
`thentication of a communication party (12, 22). The method
`further relates to a device for electronic reauthentication of a
`communication party. A basic idea of the present invention is
`to have a communication party, Which employs a service,
`state two different communication addresses, one being a
`telephone number, via Which the communicating party may
`.
`.
`.
`authent1cate herself to a prowder (11, 21) of the serV1ce.
`
`(52) US. Cl. ......................................................... .. 726/9
`
`41 Claims, 2 Drawing Sheets
`
`29
`
`K
`
`28
`
`(23’) (23")
`
`(23 )
`
`I"
`
`,
`
`21
`
`(24)
`(25)
`
`(27)
`<—_————
`
`[L1—
`
`(30)
`(31)
`
`(32)
`(33)
`
`TWILIO, INC. EX. 1007
`Page 1
`
`

`
`US. Patent
`
`Oct. 30, 2012
`
`Sheet 1 0f 2
`
`US 8,302,175 B2
`
`(14)
`(15)
`
`(16)
`(11)
`
`4
`
`<
`
`12
`
`w
`
`A
`
`(13’)
`(13”)
`(13”!)
`
`11
`
`FIG. 1
`
`TWILIO, INC. EX. 1007
`Page 2
`
`

`
`US. Patent
`
`0a. 30, 2012
`
`Sheet 2 0f2
`
`US 8,302,175 B2
`
`29
`
`/
`\
`
`28
`\
`
`‘
`
`4
`
`(23’)
`(23")
`23”!
`(
`) j 4
`
`21
`
`‘
`
`22
`\
`~22
`A
`
`(24)
`(25)
`
`(26)
`(27)
`
`(30)
`(31)
`
`(32)
`
`(33)
`
`>
`
`>
`
`>
`
`>
`
`FIG. 2
`
`TWILIO, INC. EX. 1007
`Page 3
`
`

`
`US 8,302,175 B2
`
`1
`METHOD AND SYSTEM FOR ELECTRONIC
`REAUTHENTICATION OF A
`COMMUNICATION PARTY
`
`This application is a National Phase of PCT Application
`No. PCT/SE2005/000568 ?led on Apr. 20, 2005, which
`claims priority under 35 U.S.C. §365(c).
`
`TECHNICAL FIELD OF THE INVENTION
`
`The present invention relates to a method for electronic
`reauthentication of a communication party. The method fur
`ther relates to a device for electronic reauthentication of a
`communication party.
`
`BACKGROUND ART
`
`Today companies and organizations communicate with
`their customers and other parties via the Internet to an ever
`increasing extent. In these situations, the companies and orga
`nizations need to ensure that a speci?c party is the same party
`they communicated with at an earlier occasion.
`One way to ensure this is to provide the communication
`party with a code or a user name and password. Ifa person is
`able to replicate the code at a later occasion, this replication is
`considered to be an indication that it is the same person who
`previously received the code.
`The use of codes or passwords as authenticating means has
`the disadvantage that there is a risk that an unauthorized
`person acquires these authenticating means. In today’s soci
`ety, people also need to learn and memorize codes to an
`ever-increasing extent, e. g. to use various services on the
`Internet or to use credit cards. This fact increases the risk that
`people will start to write down codes, making them easier for
`other people to acquire. It also makes these solutions less
`user-friendly, since it becomes considerably harder for people
`to remember all the codes. There is also a risk that so called
`brute force attacks or dictionary based attacks are used to ?nd
`out and acquire passwords.
`In many situations, code- or password-based solutions are
`hence considered insuf?cient. Instead, there is a need to intro
`duce another mechanism which the communication party can
`controliwhich is more secure yet easy-to-use. Hence, the
`following features are desirable for such a mechanism:
`The user is able to protect authenticating means, e.g. pass
`words, from being stolen.
`A possible theft of authentication means is easily discov
`ered.
`The effect of a possible theft of authenticating means can
`be reduced, e.g. through a procedure of revoking the
`authenticating means.
`It should be easy for companies to start using the mecha
`nism on a wide basis, e.g. as a means for administering
`the communication with a great number of communica
`tion parties.
`The mechanism should be easy-to-use and straightforward
`from a user perspective.
`There are currently available solutions that meet these
`requirements to some degree. One example is the usage of
`card-based certi?cates, based on Public Key Infrastructure,
`PKI, as a tool for identi?cation. A card-based certi?cate can
`be protected. A stolen certi?cate may easily be identi?ed. If it
`is stolen, it may be revoked. However, the card-based tech
`nology requires an infrastructure that is not yet widely spread,
`as well as being relatively complex to implement to any
`greater extent.
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`An alternative is to use ?le-based certi?cates based on
`Public Key Infrastructure. These are more widely spread than
`card-based certi?cates, but are still by many considered not
`suf?ciently spread and available to citizens and consumers.
`
`SUMMARY OF THE INVENTION
`
`An object of the invention is to alleviate the problems of
`prior art through providing a straightforward and easy-to-use
`method for electronic reauthentication.
`This object is accomplished by a method of electronic
`reauthentication of a communication party in accordance
`with claim 1, and a device for electronic reauthentication of a
`communication party in accordance with claim 21.
`According to a ?rst aspect of the present invention, a
`method is provided of electronically reauthenticating a com
`munication party. First, an association between a telephone
`communication address of the communication party, an addi
`tional communication address of the communication party
`and the communication party itself, which association serves
`as a basis for future authentication of the communication
`party, is created. Then, a request is received from a requesting
`communication party and it is veri?ed that an association
`exists for the requesting communication party. A ?rst con?r
`mation token is distributed to the requesting communication
`party over a ?rst communication channel and a second con
`?rmation token is received from the requesting communica
`tion party over a second communication channel, wherein at
`least one of the ?rst and the second channel is established by
`using the telephone communication address of the associa
`tion for the requesting communication party. Thereafter, cor
`respondence is veri?ed between the ?rst con?rmation token
`and the second con?rmation token. A third con?rmation
`token is distributed over a third communication channel to the
`requesting communication party and a fourth con?rmation
`token is received from the communication party over a fourth
`communication channel, wherein at least one of the third and
`the fourth channel is established by using the additional com
`munication address of the association for the requesting com
`munication party. Further, correspondence is veri?ed
`between the third con?rmation token and the fourth con?r
`mation token, wherein the requesting communication party is
`considered to be authenticated.
`If the request comprises a request to create an association
`for a further telephone communication address, a ?fth con
`?rmation token is distributed to the requesting communica
`tion party over a ?fth communication channel and a sixth
`con?rmation token is received from the requesting commu
`nication party over a sixth communication channel, wherein
`at least one of the ?fth and the sixth channel is established by
`using said further telephone communication address of the
`request. Then, correspondence is veri?ed between the ?fth
`con?rmation token and the sixth con?rmation token and an
`association between said further telephone communication
`address of the requesting communication party, said addi
`tional communication address and the requesting communi
`cation party itself is created, which association serves as a
`basis for future authentication of the requesting communica
`tion party.
`If the request comprises a request to create an association
`for a further additional communication address, a seventh
`con?rmation token is distributed to the requesting communi
`cation party over a seventh communication channel and an
`eighth con?rmation token is received from the requesting
`communication party receiving over an eighth communica
`tion channel, wherein at least one of the seventh and the
`eighth channel is established by using said further additional
`
`TWILIO, INC. EX. 1007
`Page 4
`
`

`
`US 8,302,l75 B2
`
`3
`communication address of the request. Correspondence is
`veri?ed between the seventh con?rmation token and the
`eighth con?rmation token and an association between said
`further additional communication address of the requesting
`communication party, said telephone communication address
`and the requesting communication party itself is created,
`which association serves as a basis for future authentication
`of the requesting communication party.
`According to a second aspect of the present invention, a
`device is provided for electronic reauthentication of a com
`munication party comprising means for creating an associa
`tion between a telephone communication address of the com
`munication party, an additional communication address of
`the communication party and the communication party itself,
`which association serves as a basis for future authentication
`of the communication party and means for storing the asso
`ciation. Further, the device comprises means for receiving a
`request from a requesting communication party, means for
`verifying that an association exists for the requesting com
`munication party, means for distributing, over a ?rst commu
`nication channel, a ?rst con?rmation token to the requesting
`communication party and means for receiving, over a second
`communication channel, a second con?rmation token from
`the requesting communication party, wherein at least one of
`the ?rst and the second channel is established by using the
`telephone communication address of the association for the
`requesting communication party. Moreover, the device com
`prises means for verifying correspondence between the ?rst
`con?rmation token and the second con?rmation token, means
`for distributing, over a third communication channel, a third
`con?rmation token to the requesting communication party,
`means for receiving, over a fourth communication channel, a
`fourth con?rmation token from the communication party,
`wherein at least one of the third and the fourth channel is
`established by using the additional communication address of
`the association for the requesting communication party and
`means for verifying correspondence between the third con
`?rmation token and the fourth con?rmation token, wherein
`the requesting communication party is considered to be
`authenticated.
`Further, the device comprises means for distributing, if the
`request comprises a request to create an association for a
`further telephone communication address, over a ?fth com
`munication channel, a ?fth con?rmation token to the request
`ing communication party, means for receiving, over a sixth
`communication channel, a sixth con?rmation token from the
`requesting communication party, wherein at least one of the
`?fth and the sixth channel is established by using said further
`telephone communication address of the request, means for
`verifying correspondence between the ?fth con?rmation
`token and the sixth con?rmation token, means for creating an
`association between said further telephone communication
`ad-dress of the requesting communication party, said addi
`tional communication address and the requesting communi
`cation party itself, which association serves as a basis for
`future authentication of the requesting communication party.
`Finally, the device comprises means for distributing, if the
`request comprises a request to create an association for a
`further additional communication address, over a seventh
`communication channel, a seventh con?rmation token to the
`requesting communication party, means for receiving, over
`an eighth communication channel, an eighth con?rmation
`token from the requesting communication party, wherein at
`least one of the seventh and the eighth channel is established
`by using said further additional communication address of the
`request, means for verifying correspondence between the
`seventh con?rmation token and the eighth con?rmation
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`token, means for creating an association between said further
`additional communication address of the requesting commu
`nication party, said telephone communication address and the
`requesting communication party itself, which association
`serves as a basis for future authentication of the requesting
`communication party.
`A basic idea of the present invention is to have a commu
`nication party, which employs a service, state two different
`communication addresses, one being a telephone number, via
`which the communicating party may authenticate herself to a
`provider of the service.
`A relation with the communication party, in the following
`referred to as a user, is established by con?rming user control
`of the telephone communication address and an additional
`communication address. Initially, an association between the
`telephone communication address of the user, the additional
`communication address of the user and the user herself are
`created. When receiving a request from a user, which user not
`necessarily is the same as the user for which an association is
`created, it must be veri?ed that an association exists for this
`requesting user. The con?rmation of the requesting user’s
`control of the telephone communication address of the asso
`ciation is made by distributing a ?rst con?rmation token over
`a ?rst communication channel to the requesting user, receiv
`ing a second con?rmation token over a second communica
`tion channel from the requesting user and then verifying that
`the two tokens are the same. At least one of the two commu
`nication channels should be established by means of using the
`telephone communication address of the association of the
`requesting user. In this way it is ensured that the requesting
`user is in control of the device which is designated by the
`telephone communication address. For instance, in case the
`telephone communication address is a telephone number, the
`requesting user shows, by sending a second token that is
`identical to the ?rst token, that she actually is in possession of
`the telephone linked to the telephone number to which the
`?rst token was sent, and authentication of the requesting user
`is hence made.
`To further strengthen authentication validity, con?rmation
`of the requesting user’s control of the additional communi
`cation address of the association is made by distributing a
`third con?rmation token over a third communication channel
`to the requesting user, receiving a fourth con?rmation token
`over a fourth communication channel from the requesting
`user and then verifying that the two tokens are the same. At
`least one of the two communication channels shouldbe estab
`lished by means of using the additional communication
`address of the association of the requesting user. In this way,
`it is ensured that the requesting user is in control of the means
`which is designated by the additional communication
`address. For instance, in case the additional communication
`address is an e-mail address, the requesting user shows, by
`sending a fourth token that is identical to the third token, that
`she actually is in possession of the e-mail account linked to
`the e-mail address to which the third token was sent, and
`authentication of the requesting user is hence made again.
`The request of the user may for instance be to access an
`account which the user has at the service provider. The
`request may also be to create an association for a further
`telephone communication address and/ or a further additional
`communication address. Alternatively, the request may com
`prise both an access request and an association request.
`If the user request comprises a request to create an asso
`ciation for a further telephone communication address, a ?fth
`con?rmation token is distributed to the requesting user over a
`?fth communication channel and a sixth con?rmation token
`is received from the requesting user over a sixth communica
`
`TWILIO, INC. EX. 1007
`Page 5
`
`

`
`US 8,302,175 B2
`
`5
`tion channel. Then, it is veri?ed that the two tokens are the
`same. At least one of the two communication channels should
`be established by means of using the further telephone com
`munication address of the request. In analogy with the
`description above, authentication is made, and an association
`between the further telephone communication address of the
`requesting communication party, the additional communica
`tion address and the requesting communication party itself is
`created, which association serves as a basis for future authen
`tication of the requesting communication party.
`Moreover, if the user request comprises a request to create
`an association for a further additional communication
`address, a seventh con?rmation token is distributed to the
`requesting user over a seventh communication channel and an
`eighth con?rmation token is received from the requesting
`user over an eighth communication channel. Then, it is veri
`?ed that the two tokens are the same. At least one of the two
`communication channels should be established by means of
`using the further additional communication address of the
`request. Again, authentication is made and an association is
`created between the further additional communication
`address of the requesting communication party, the telephone
`communication address and the requesting communication
`party itself, which association serves as a basis for future
`authentication of the requesting communication party.
`Note that the pair of communication channels, i.e. the ?rst
`and second channel for the telephone communication
`address, the third and fourth channel for the additional com
`munication address, etc., may comprise the same physical
`channel, but the two channels of each pair may also be sepa
`rate. Typically, separated channels imply a higher level of
`security (with respect to e.g. eavesdropping) in transferring
`the respective tokens across the corresponding channel. Also
`note that the tokens delivered to the communication party, i.e.
`the ?rst con?rmation token, the third con?rmation token, the
`?fth con?rmation token, etc., preferably differ from each
`other such that con?rmation tokens cannot be reused by any
`malicious party.
`In accordance with an embodiment of the present inven
`tion, the initial measure to create an association between the
`telephone communication address of the user, the additional
`communication address of the user and the user herself is
`preceded by authenticating the user in conformity with the
`authentication method described in the above. First, the tele
`phone communication address and the additional communi
`cation address of the user are received. Then, tokens are
`delivered to and received from the user in a manner as previ
`ously described, wherein the user is authenticated by means
`of using the telephone communication address and the addi
`tional communication address for which the association is
`created. Note that the communication channels used in this
`embodiment may be the same as the communication channels
`used after the association has been made. For example, a
`mobile telephone channel may be employed one day for
`establishing contact with the user by using the user’s tele
`phone communication address and an IP telephony channel
`may be used another day for establishing contact with the
`same user via the telephone communication address.
`In another embodiment of the invention, the user is pro
`vided with the possibility of revoking a telephone communi
`cation address and/or a stored additional communication
`address. This is performed by disassociating the concerned
`communication address with the association in which it is
`comprised.
`In another embodiment of the invention, the users are made
`aware of the telephone communication address of the party
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`administering and managing the authentication of the user, to
`further increase the security of the authentication.
`In yet an embodiment of the invention, the ?rst con?rma
`tion token is distributed over a communication channel that is
`established using the telephone communication address. If
`so, the second con?rmation token could either be distributed
`over the same telephone communication channel or over a
`digital network, which in a further embodiment is the Inter
`net.
`A communication channel that is established using the
`telephone communication address could for instance be an IP
`telephone communication channel, a “regular” voice tele
`phone communication channel using for example PSTN or
`GSM (or some other type of mobile phone system) or a
`combination of the two. The con?rmation tokens could then
`be comprised in e.g. voice messages, SMS, MMS or instant
`messaging messages. Con?rmation tokens may be generated
`by means of using touch-tone signaling.
`Note that the steps of electronically reauthenticating a
`communication party need not be performed in the order
`given in the method de?ned by the claims.
`Further features of, and advantages with, the pre-sent
`invention will become apparent when studying the appended
`claims and the following description. Those skilled in the art
`realize that different features of the present invention can be
`combined to create embodiments other than those described
`in the following.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`A detailed description of preferred embodiments of the
`present invention will be given with reference made to the
`accompanying drawing, in which:
`FIG. 1 illustrates the method and device in accordance with
`an embodiment of the present invention; and
`FIG. 2 illustrates the method and device in accordance with
`another embodiment of the present invention.
`Corresponding elements are denoted with corresponding
`reference numbers in the drawings.
`
`DETAILED DESCRIPTION OF PREFERRED
`EMBODIMENTS OF THE INVENTION
`
`FIG. 1 illustrates how a company, an organization or other
`party 11 maintains and manages an electronic authentication
`of a user 12 over time. This is performed by associating a
`telephone communication address (13') with an additional
`communication address (13") and the user (13"') and storing
`the association in a storage 18. Then, it is veri?ed that the user
`is in control of the telephone communication address by
`distributing, over a ?rst communication channel, a ?rst con
`?rmation token (14) and receiving, over a second communi
`cation channel, a second con?rmation token (15), where at
`least one of the two communication channels are established
`using the telephone communication address. Finally, it is
`analogously veri?ed that the user is in control also of the
`additional communication address by distributing, over a
`third communication channel, a third con?rmation token (1 6)
`and receiving, over a fourth communication channel, a fourth
`con?rmation token (17), where at least one of the two com
`munication channels is established using said additional com
`munication address.
`The steps de?ned in the method of the present invention is
`typically performed by a computer 19 at the company 11,
`which computer executes appropriate software for perform
`ing these steps. The customer 12 is typically remotely located
`from the company 11.
`
`TWILIO, INC. EX. 1007
`Page 6
`
`

`
`US 8,302,175 B2
`
`7
`An example of the environment in which the present inven
`tion may be applied is given in the following.
`Consider a company 11 providing a service to customers
`12 over the Internet. When a customer 12 signs up for the
`service, the customer registers a telephone number, i.e. a
`telephone communication address, and an email address, i.e.
`an additional communication address, in a form on the Inter
`net home page of the company. The customer is then called on
`the telephone number and a voice reads a code to the cus
`tomer. The customer enters the code in another form on the
`Internet. The customer receives an e-mail with a further code,
`which the customer enters, which is denoted by the code, in
`yet another form on the lntemet. Thus, in analogy with the
`description of FIG. 1, an initial authentication of the customer
`has been performed. An association between the telephone
`communication address, the additional communication
`address and the customer is created and possibly stored,
`which association serves as a basis for future authentication
`of the customer.
`Now, reference is made to FIG. 2. Subsequently, i.e. after
`initial authentication has been undertaken, when the cus
`tomer 22 needs to access the service and use resources that
`should only be available to the customer at the company 21,
`i.e. through using his user account, the procedure is repeated
`using new codes. The customer requests to access the account
`(and/or to create a new association comprising new commu
`nication addresses). The customer is then called on the tele
`phone number associated with the account, a voice reads a
`code 24, and the customer enters the code 25 on the lntemet.
`The customer receives an e-mail with a further code 26 and
`enters this further code 27 in a form on the lntemet. If the
`codes are found to match in the two cases, the customer is
`granted access to the account. Consequently, an authentica
`tion of the customer has been undertaken.
`The customer may also add an alternative telephone num
`ber to be used to access the account. The customer is then
`called on the telephone number currently used to access the
`account, a voice reads a code 30 and the customer enters the
`code 31 on the lntemet. The customer receives an e-mail with
`a further code 32 to the e-mail address currently associated
`with the account and enters it 33 in a form on the lntemet. If
`the distributed code is found to match the received code in
`each of the previous rounds of authentication as well as in this
`round of authentication, the new telephone number is
`accepted and associated with the user account. An additional
`e-mail address may be added in an analog manner.
`Even though the invention has been described with refer
`ence to speci?c exemplifying embodiments thereof, many
`different alterations, modi?cations and the like will become
`apparent for those skilled in the art. The described embodi
`ments are therefore not intended to limit the scope of the
`invention, as de?ned by the appended claims.
`The invention claimed is:
`1. A method for electronic reauthentication of a communi
`cation party, said method comprising:
`creating and storing an association between a telephone
`communication address of the communication party, an
`additional communication address of the communica
`tion party and the communication party itself;
`receiving a request, which includes a request to create an
`association for a further additional communication
`address, from a requesting communication party;
`verifying that a stored association exists for the requesting
`communication party;
`distributing, over a ?rst communication channel, a ?rst
`con?rmation token to the requesting communication
`Party;
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`receiving, over a second communication channel, a second
`con?rmation token from the requesting communication
`party, wherein at least one of the ?rst and the second
`channel is established by using the telephone communi
`cation address of the association for the requesting com
`munication party;
`verifying correspondence between the ?rst con?rmation
`token and the second con?rmation token;
`distributing, over a third communication channel, a third
`con?rmation token to the requesting communication
`Party;
`receiving, over a fourth communication channel, a fourth
`con?rmation token from the communication party,
`wherein at least one of the third and the fourth channel is
`established by using an additional communication
`address of the association for the requesting communi
`cation party;
`verifying correspondence between the third con?rmation
`token and the fourth con?rmation token, wherein the
`requesting communication party is considered to be
`authenticated if one of the correspondence between the
`?rst con?rmation token and the second con?rmation
`token and the correspondence between the third con?r
`mation token and the fourth con?rmation token is found
`to match;
`distributing, over a ?fth communication channel, a ?fth
`con?rmation token to the requesting communication
`Party;
`receiving, over a sixth communication channel, which is
`separate from the ?fth communication channel, a sixth
`con?rmation token from the requesting communication
`party, wherein one of the ?fth and the sixth channel is
`established by using said further additional communica
`tion address included in the request;
`verifying correspondence between the ?fth con?rmation
`token and the sixth con?rmation token; and
`if the correspondence between the ?fth con?rmation token
`and the sixth con?rmation token is found to match,
`creating and storing an association between said further
`additional communication address of the requesting
`communication party, said telephone communication
`address and the requesting communication party itself.
`2. The method according to claim 1, wherein creating an
`association between said further telephone communication
`address of the requesting communication party, said addi
`tional communication address and the requesting communi
`cation party itself is preceded by:
`receiving the telephone communication address and the
`additional communication address of the communica
`tion party;
`distributing, over a seventh communication channel, a sev
`enth con?rmation token to the communication party;
`receiving, over an eighth communication channel, an
`eighth con?rmation token from the communication
`party, wherein at least one of the seventh and the eighth
`channel is established by using the telephone communi
`cation address;
`verifying correspondence between the seventh con?rma
`tion token and the eighth con?rmation token;
`distributing, over a ninth communication channel, a ninth
`con?rmation token to the communication party;
`receiving, over a tenth communication channel, a tenth
`con?rmation token from the communication party,
`wherein at least one of the ninth and the tenth channel is
`established by using the additional communication
`address; and
`
`TWILIO, INC. EX. 1007
`Page 7
`
`

`
`US 8,302,l75 B2
`
`verifying correspondence between the ninth con?rmation
`token and the tenth con?rmation token.
`3. The method according to claim 1, further comprising:
`revoking a telephone communication address by disasso
`ciating the telephone communication address with the
`association thereof.
`4. The method according to claim 1, further comprising:
`revoking an additional communication address by disasso
`ciating the additional communication address with the
`association thereof.
`5. The method according to cl