`
`UKITED STATES DEPARTME.\IT OF COMMERCE
`United States Patent and Trademark Office
`Address: COMMISSIO'JER FOR PATENTS
`P.O. Box 1450
`Alexandria, Virgmia 22313-1450
`""""w.uspto.gov
`
`APPLICATION NUMBER
`60/572,776
`
`PATENT NUMBER
`
`GROUP ART UNIT
`
`FILE WRAPPER LOCATION
`
`1111111111111111111111 m~m~~~~~~~~~~~llllllllllllllllllllllll
`Correspondence Address/Fee Address Change
`
`The following fields have been set to Customer Number 80048 on 07/16/2008
`• Correspondence Address
`• Power of Attorney Address
`
`The address of record for Customer Number 80048 is:
`
`80048
`Pearl Cohen Zedek Latzer, LLP
`1500 Broadway
`12th Floor
`New York, NY 10036
`
`PART 1 -ATTORNEY/APPLICANT COPY
`page 1 of 1
`
`TWILIO INC. Ex. 1021 Page 1
`
`
`
`1'\I'I'II:IYCU lUI Ul>to UIIUIJ~II lVI.> IILVUL. VIVID UOO 1-uU.>L
`Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a
`valid OMS control number.
`PROVISIONAL APPLICATION FOR PATENT COVER SHEET
`This Is a request for filing a PROVISIONAL APPLICATION FOR PATENT under 37 CFR 1.53(c).
`
`INVENTOR(S}
`
`Given Name (first and middle Pf anyj)
`Naftali
`Lior
`Nira
`..
`
`Family Name or Surname
`BENNETT
`GOLAN
`RIVNER
`
`Residence
`(City and either State or Foreign Country)
`New York, NY
`Tel Aviv, Israel
`Ramat Gan, Israel
`
`~
`
`0 Additional inventors are being named on the A separately numbered sheets attached hereto
`TITLE OF THE INVENTION (280 characters max)
`SYSTEM AND METHOD OF FRAUD REDUCTION
`
`CORRESPONDENCE ADDRESS
`
`27130
`Type Customer Number here
`
`Place Customer Number
`Bar Code Label here
`
`Direct all correspondence to:
`I
`!81 Customer Number
`I
`~
`OR
`I Eitan, Pearl, Latzer & Cohen Zedek, LLP.
`!"lrm or
`!81
`Individual Name
`Address 10 Rockefeller Plaza
`Address Suite 1001
`New York
`City
`Country USA
`
`I ZIP I 10020
`I
`State
`I Fax I 212-6~2-3489
`I Telephone
`ENCLOSED APPLICATION PARTS (check all that apply)
`!81 Specification Number of Pages ~ 0 CD(s), Number
`I
`
`1 NewYork
`1 212-&32-3480
`
`I
`
`D Drawing(s) NumberofSheem ~
`D Application Data Sheet See 37 CFR 1. 76
`181 Other (specify)
`
`I
`
`postcard
`
`I
`
`The Commissioner is hereby authorized to charge filing fees I
`
`05.0649
`
`METHOD OF. PAYMENT OF FlUNG FEES FOR THIS PROVISIONAL APPLICATION FOR PATENT (check one)
`!81
`Applicant claims small entity status. Se_e 37 CFR 1.27.
`0
`A check or money order is enclosed to cover the filing fees
`!81
`or credit any overpayment to Deposit Account Number:
`D
`Payment by credit care:!. Form PT0-2038 is attached.
`The invention was made by an agency of the United States Government or under a contract with an agency of the
`United States Government
`!81 No.
`0
`Yes, the name of the U.S. Government agency and the Government contract number are:
`
`FILING FEE
`AMOUNT($)
`1 so
`
`I
`
`I
`
`Date I 21
`
`I May I 20041
`
`REGISTRATION NO..
`(if appropriate)
`
`....,--------,
`._3_7_,9_1_2 _____ -'
`
`SIGNATURE --++-----J'--~,---,ft--+-----T
`TYPED or PRINTED
`TELEPHONE
`Docket Number:
`USE ONLY FOR FILING A PROVISIONAL APPLICATION FOR PATENT
`This collection of information is required by 37 CFR 1.51. The information is used by the public to file (and by the PTO to process) a
`provisional application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimated to take 8 hours to
`complete, including gathering, preparing, and submitting the complete provisional application to the PTO. Time will vary depending upon the
`individual case. Any comments on the amount of time you require to complete this form and/or suggestions for reducing this burden, should
`be sent to the Chief Information Officer, U.S. Patent and Trademark Office, U;S. Department of Commerce, Washington, D.C. 20231. DO
`NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Provisional Application, Commissioner for Patents, P.O. Box
`1!t50. Alexandria. VA 22313-1450.
`
`P-6864-USP
`
`TWILIO INC. Ex. 1021 Page 2
`
`
`
`P-6864-USP
`
`UNITED STATES PROVISIONAL PATENT APPLICATION FOR:
`SYSTEM AND METHOD OF FRAUD REDUCTION
`
`Embodiments of the present invention relate to a method and system for addressing massive theft
`(or suspected theft) of identification information used in order to access services that contain
`confidential information of the users of those services, or services where the user can perform
`sensitive operations (such identifying information includes but is not limited to user-names and
`passwords of any form, or any other personal identifying data that can be used in order to access
`services that contain confidential information. all together referred herein as "Credentials" or
`''User Credentials").
`The system and method described herein can be implemented whenever massive Credentials' theft
`has occmTed, as well as when it is suspected to have occurred, or anytime.
`One of the advantages of an embodiment of the invention is that it can be deployed immediately
`when needed and where needed, and has very low operational and deployment costs, moreover, it
`does not require prior access (such as pre-enrolment, or pre-distribution of hardware) to users,
`who are potential victims of such theft.
`An embodiment of the invention extends authentication to a two-factor out-of-band form,
`requiring an additional data element (in addition to the credentials) to be transmitted to the user
`via a different channel. Such channel could be, but is not limited to a mobile phone or a landline
`phone, or a pager, or any channel that has the characteristic that it is difficult (either logistically,
`money-wise, or time-wise) to obtain access to many access points to it (for example it is difficult/
`expensive to own numerous telephone lines, or mobile numbers to beeper numbers), and in a
`preferable embodiment of this invention, it is widely available and easy to access by users (on an
`individual basis).
`
`It should be noted that unlike typical two-factor authentication methods, the additional
`authentication channel does not have to be previously uniquely linked to a user, and therefore
`there is no need for prior access to the users (either in the form of registration, distribution of
`hardware or education of users) prior to deploying the method. Secmity is achieved by limiting
`the number of different user service accounts that can use the same authentication channel (for
`example, if the service is a bank account, such limitation would be achieved by limiting the
`number of bank accounts that can be linked to a certain telephone number, , or by limiting the
`number of users who can link their accounts to that telephone number (based on name/ SSN/
`whether they are members of the same family), and by deploying as part of the method only those
`channels that have the characteristic that it is difficult (either logistically, money-wise, or time(cid:173)
`wise) to obtain access to many access points to it (for example, it is both expensive and
`logistically difficult to obtain access to a significant number efland-line telephone numbers).
`The deployment of an embodiment of the invention can be governed and set according to criteria
`intended to specify the level of the threat of fraud. It can also be applied selectively to users
`according to various criteria intended to assess the probability of fraud (for example, at various
`levels of fraud users logging into a service from their typical IP location may be exempt from the
`method, or users who performed a successful out of band authentication, for example from a
`certain location (such as computer or ATM machine) according to the method would be exempt
`from the method in their: next attempt to access the service from the same location).
`
`In summary this method pertains to a two factor authentications using a communication channel
`that meets certain criteria. When using this method, users will be authenticated using a
`combination of their regular Credentials and proof that the User has access to a communication
`channel that meets the criteria of this method (for example, without limitation, such proof could
`
`1
`
`TWILIO INC. Ex. 1021 Page 3
`
`
`
`P-6864-USP
`
`be delivered by the user presenting a dynamic piece of data that would be delivered to it via a
`communication channel that meets the criteria of this method, or by the user showing it knows the
`content of this dynamic data; or by the user initiating a call from the phone/ channel to a certain
`phone number). The criteria that the additional communication channel needs to meet under this
`method, is that it would be difficult anQ/or cumbersome and/or expensive to obtain a significant
`number of it (for example, without limitation, it is expensive and cumbersome to obtain numerous
`telephone/ mobile phone numbers including access to them). Security is achieved not only by
`selecting such a type of communication channel for delivery of the dynamic password, but also
`by restricting the number of Users or User accounts (or any other number of distinct values of a
`property of the user/account, such as owner name, SSN, billing address) that can be linked to a
`particular channel. This method can be used either with respect to Users who have pre-registered
`the details of their secondary authentication channel, as well as with respect to users who have
`not pre-registered. With respect to the latter, such details can be collected during the
`authentication session, as shall be illustrated in the following sections
`·
`
`This method can more generally be seen as a method for achieving a sufficient level of security in
`authentication not by actually validating user's identity but rather by (i) requiring users to provide
`details of "something" that is either expensive, complicated or hard to achieve (Ideally, it should
`be something that meets the above criteria, but that is readily available (such as a telephone line));
`and (ii) by limiting the number of different user service accounts or users who can use the same
`"something" for authentication
`
`In one embodiment, this method and system would not protect from any single false
`authentication. It is rather intended to protect from massive use of stolen or fabricated data.
`
`BACKGROUND:
`Various seryice providers use Credentials in order to authenticate users in remote applications.
`Authentication is required whenever a sensitive operation takes place - viewing personal
`information, performing financial transactions, updating the user's profile and more.
`During authentication the user is usually required to supply a pre-established password and
`optionally an additional shared secret between the user and the service provider.
`·
`Users' credentials enable access to sensitive information as well as funds, and therefore getting
`hold of them has become a popular criminal activity. Stealing users' credentials can be done in
`various ways. For example, theft of a file containing credentials from the bank or a third party
`(including an "inside job"), a large and successful ''Phishing" attack, keyboard sniffing and more.
`
`When there is no threat of fraud, a service provider may elect to operate, using Credentials via the
`regular single communication channel as the only means for authentication. However when faced
`with a fraud alert using Credentials only may not provide sufficient security.
`In general, service providers may face various levels of fraud alert, and act accordingly,
`implementing their contingency plans which are appropriate to a given level of alert. For ease of
`exposition the current description shall refer to 3 levels of alert: (i) no alert (i.e. business as
`usual); (ii) suspected fraud- medium level alert; (iii) actual (massive) fraud- high level of
`alert. Other numbers and types of alerts may be used
`
`When faced with a major theft of user credentials, the service provider may execute one or more
`of the following unsatisfactory options:
`• Operate its business at a much higher risk level - checking and. analyzing
`transactions to make sure no fraudulent activity takes place
`
`2
`
`TWILIO INC. Ex. 1021 Page 4
`
`
`
`P-6864-USP
`
`• Perform a costly operation of changing the user credentials or deploying a new
`authentication mechanism
`
`• Shut down parts of the business in case the other two options are not acceptable
`
`• Perform other sets of actions.
`It should be noted that many times the service provider will not have any external alert as to the
`occurrence of a massive credential theft. For example -
`it may not know when a large set of
`credentials is stolen by an insider job, or from a Brd party service provider. In addition, even
`when a large theft is known, like in the case of a large phishing attempt, the service provider may
`not know when the stolen credentials will actually be used.
`
`Service providers are therefore looking for alternative authentication options. Some of the
`alternative solutions offered today are:
`
`• Ask for shared secret information that changes over time and is therefore more
`difficult to obtain (or that loses its value after some time, as it becomes
`irrelevant) - like· details about recent transactions, or invoicing
`
`•
`
`· Ask for random parts of shared secret information: Like random digits of the
`password, or raridom data elements out of a set of known data elements
`• Mobile I phone authentication - in which the mobile phone is pre-registered to
`the service and is used to authenticate the user
`
`• Token based authentication
`The current solutions are not satisfactory, since none of them strikes a good balance between
`security and usability. Either they are not secure enough (like asking for random pieces of a
`shared secret- information which can easily be obtained during the initial user credentials theft)
`not usable enough or too expensive to actually deploy (like token authentication - which is
`· expensive to implement, requires customer education; and deployment ahead of time to all users).
`To create an efficient and cost-effective solution, one must make sure the solution offered:
`
`1. Provides adequate security
`Is non-intrusive - can be deployed on demand and not burden all customers all of the time
`2.
`3. Requires low deployment and operation costs
`
`DETAJLED DESCRIPTION OF THE INVENTION
`
`In the description herein, various aspects of the present invention will be described. For
`purposes of explanation, specific configurations and details are set forth in order to provide a
`thorough understanding of the present invention. However, it will also be apparent to one skilled
`in the art that the present invention may be practiced without the specific details presented l:terein.
`Furthermore, well-known features may be omitted or simplified in order not to obscure the
`present invention. Various examples are given throughout this description. These are merely
`descriptions of specific embodiments of the invention, but the scope of the invention is not
`limited to the examples given.
`
`Embodiments of the invention may be used so Service Providers that provide services
`containing confidential information, will be able to continue providing access to such services to
`their users, even in the face of massive theft, or suspected theft of Credentials of the users of their
`services. It will be appreciated, however that the present invention is not limited to usage by
`
`3
`
`TWILIO INC. Ex. 1021 Page 5
`
`
`
`P-6864-USP
`
`service providers, but rather could also be used by the government, and any other authority/ entity
`that offers access to information of confidential/ private. nature.
`
`An embodiment of the invention, mustration
`According to one embodiment of the present invention an embodiment of the invention and
`system can be used by financial institutions (Fis) to address massive credentials theft or suspected
`theft of their users and members (according to other embodiments it can be used by non-financial
`institutions as well. The present invention and is relevant to anyone that operates a service
`requiring remote customer access using some form of credentials and that is subjected to massive
`credential. exposure). An FI using an embodiment of the invention would not be required to
`distribute any hardware ahead of time, nor would it be required to educate its users. The FI would
`be able to deploy the method exactly when needed and where needed. An embodiment of the
`invention would therefore provide a high level of protection against massive theft of credentials,
`at low cost.
`
`As stated at the outset according to an embodiment of the invention authentication is extended to a
`two-factor out-of-band form by requiring an additional piece of data to be transmitted through a
`different channel, or by requiring any other type of proof that a user has access to a second
`channel. The characteristics of that channel should be that on the one hand it is difficult/
`expensive to get hold of in large quantities, but on the other hand it is widely available (otherwise
`it would be necessary to expend costs on making it available). Unlike the conventional thought
`behind double factor authentication, the channel does not have to be uniquely linked to the user,
`and it is not necessary ~o establish ownership or any other relationship between the user and the
`additional channel. (The implication of this is that there is no need for prior distribution of
`hardware or education of users). The method can therefore be deployed precisely when needed, in
`which case it will be effective for all users immediately. To achieve security, an embodiment of
`the invention limits the number of different accounts or limiting number of users, or SSNs or any
`other identifying factor that can use the same channel.
`An embodiment of the invention would not require out-of-band authentication from all users all of
`the time. An embodiment of the invention can accommodate various levels of alerts (whether
`those are real, or set on purpose by the user of the service), which would define the extent of its
`use. According to one embodiment of the current invention, if alert level is very high (as defined
`above)- all users may be required to perform out-of-band authentication. According to another
`embodiment of the . current invention, even when alert level is high, users who successfully
`authenticated themselves pursuant to an embodiment of the invention may be exempt from repeat
`authentication when accessing from the same location. If alert level is medium, either certain or
`all users may be required to authenticate themselves. When alert level is low, the FI could decide
`whether to deploy the method with respect to any category or portion of users, in order to collect
`information from users ahead of time, or for research reasons, as well as in order to facilitate
`selective deployment at a later stage. It could also decide to deploy it on a narrow scale in order
`to sense the alert leveL
`
`According to the embodiment of the invention illustrated in this section an embodiment of the
`invention and system would be implemented by a financial institution ("FI") in order to
`authenticate users who wish to access its service.
`According to such embodiment, the method could be implemented as follows
`1. The User authenticates itself using its regular Credentials (e.g. User ID and
`Password, referred to as "Regular Authentication)
`2. After the Regular Authentication is completed successfully, each authentication
`is evaluated to see whether it requires further checks. This is done based on the
`
`4
`
`TWILIO INC. Ex. 1021 Page 6
`
`
`
`P-6864-USP
`
`alert level and the specific user characteristics. It should be noted that the FI
`performs the initial authentication using its current means. An embodiment of the
`invention and its underlying system do not need to obtain the regular user's
`credentials or to process the initial authentication itself - it will simply process
`the additional phase in authentication only with respect to successful initial
`authentications.
`3. If further
`checks
`are
`required,
`the customer is
`asked for a phone number
`that the service can SMS I
`call back
`is
`number
`4. The phone
`checked to see if it can still
`be used (it can be used if it
`is not associated with a
`number of accounts or other
`element above a certain
`limit).
`a
`sends
`system
`5. The
`completion code
`the
`to
`customer via
`the phone
`number, and the customer is
`requested
`to provide
`the
`completion code
`6. The
`system checks
`completion code.
`7. If the code matches
`the
`customer proceeds. The
`phone number is marked as
`belonging to the customer.
`The
`device
`customer~s
`(computer)
`details
`are
`logged, and the device is marked to enable· skipping the An embodiment of the ·
`invention authentication process next time. And in addition, the user is allowed to
`proceed to the online banking application.
`
`the
`
`Moving between alert levels
`
`As mentioned previously, an embodiment of the invention defines several alert levels in the
`system. Each alert level represents a certain level of threat.
`An embodiment of the invention does not require out-of-band authentication from all users all of
`time. It performs a per-user decision (see section 0) plus considers the current alert level of the
`system.
`The alert level is altered based on input from several sources, the first two are external to An
`embodiment of the invention:
`1. The FI indicates there has been a theft of credentials (or suspects of such a theft)
`2. Other fraud detection services
`In addition, the activity in An embodiment of the invention itself provides a mean to
`3.
`increase or release alert levels:
`
`5
`
`TWILIO INC. Ex. 1021 Page 7
`
`
`
`P-6864-USP
`
`~ Even in low alert levels, the system can randomly select a small percentage of customers and
`ask them to perform an out-of-band authentication. This method is effective and relatively
`non-intrusive, especially since after a successful authentication takes place users could be
`exempt from out-of-band authentication when using the same device .
`., The system raises the alert level when more than a predefined percentage or number of
`customers fails to perform out-of-band authentication.
`In higher alert levels, a higher percentage of the cuitomers, up to 100%, would be asked to
`perform out-of-band authentication.
`~ The system could lower the alert level when more that a predefined percentage or number of
`customers succeed in performing out-of-band authentication.
`
`~
`
`The following illustration shows the way the activity in an embodiment of the invention serves to
`move between alert levels, using an example in which there are three alert levels:
`
`Raise alert when more
`than Y failures in
`defined period
`
`Release alert when
`less than Y failures in
`defined period
`
`Out-of-band authentication on
`1 00% of users
`
`Out-of-band authentication on
`10%ofusers
`
`Out-of-band autenticatlon on
`1% of users
`
`When does the system decide the customer was unable to perform out-of-band authentication? In
`one embodiment, these conditions must be met (other conditions may be used):
`1. The customer entered the correct regular credentials (for example login name and
`password).
`2. The customer was not able to supply a valid and not taken phone number to
`perform an out-of-band authentication
`
`While there are other possible reasons for this pattern of behavior, when it exceeds a certain pre(cid:173)
`defined level, it is suspicious, as this is precisely the pattern one would expect in a case of
`credential theft: the credentials are correct, however the channels are hard to come by.
`
`Sector-based alerts
`
`Alert level may be general per FI, or relate to specific sectors within the Fl. For example- if the
`credentials that were stolen all belong to a certain affinity or product - there is no reason to raise
`the alert level for all the users of the Fl. Also - if there is information on the theft which links it to
`
`6
`
`TWILIO INC. Ex. 1021 Page 8
`
`
`
`P-6864-USP
`
`the alert may be raised only for users that access the service from these
`
`a specific location -
`locations.
`The decision rules are fed into An embodiment of the invention either automatically from other
`systems or service connected to the HS, or manually via an administrator application.
`
`Per User Decision
`
`While the authentication process of An embodiment of the invention is simple and user-friendly,
`it is still desired to refrain from repetitive out-of-band authentications if there is good enough
`reason to believe the user is indeed the FI customer and not a thief. This has the effect of both
`lowering the costs of running the service (less SMS I outgoing calls) and reducing intrusiveness
`on customers.
`
`Therefore An embodiment of the invention performs a per-user decision: the basic idea is to
`refrain from out-of-band authentication for a user that has performed such an authentication in the .
`recent past from a familiar device, and then logs in again from such a device.
`
`To identify the device An embodiment of the invention can utilize two methods (it should be
`noted that the following methods are relevant for PCs. Of course, for other devices, other types of
`identifications might be used, such as caller ID in case of call center calls, or an ATM network id
`in case of ATMs, etc ... :.
`1.
`IP identification:
`a. The system collects past IP addresses of successful out-of-band
`authentications per user.
`b. The. system compares the IP of the incoming authentication to
`the list (the comparison is done on the class C subnet of the IP
`address (of course, :other types of comparisons can be done on
`the IP, for example - we can check that it is issued by the same
`ISP, and for the same geographical area as the first IP. This way,
`we will recognize that both IPs come from a certain ISP in a
`certain location and say it is ok). If there is a match -no out-of(cid:173)
`band a~entication is required.
`c. Note that IP addresses can also be added to the list by the FI,
`based on previous records of the user.
`d. Also note that known suspicious IP addresses are closely
`watched and may either be blocked all together or will trigger an
`out-of-band authentication request.
`2. Cookie usage:
`successful An embodiment of
`invention
`the
`a
`a. After
`authentication an encrypted cookie is uploaded to the user's
`computer. The cookie contains a list of user IDs. (alternatively(cid:173)
`the cookie just contains a cookie id, and the system retains a list
`of cookie id ~~user associations, just like the IP address ~~
`user association described in the previous section)
`b. On subsequent login attempts, An embodiment of the invention
`checks the user ID against the list in the cookie. If it is identical
`- no An embodiment of the invention authentication will be
`required.
`
`7
`
`. I
`
`TWILIO INC. Ex. 1021 Page 9
`
`
`
`P-6864-USP
`
`( '
`
`· c. Note that this method will only work as long as the device is not
`protected against cookies and the user does not erase cookies
`from the device.
`Note that the user-device mapping adds an additional layer of authentication.
`It should also be noted that if there is another element identifying the device it could be used as
`·well.
`
`Solution Architecture Example
`
`Various devices and architectures, and sets of devices, may form a system according to various
`embodiments of the present invention, and my effect a method according to embodiments of the
`present invention. Methods according to variouS embodiments of the present invention may, for
`example, be executed by one or more processors or computing sy~tems (including, for example,
`memories, processors, software, databases, etc.), which, for example, may be distributed across
`various sites or computing platforms; alternatively some methods according to embodiments may
`be executed by single processors or computing systems. The following illustration outlines a
`solution architecture according to one embodiment of the present invention; other suitable
`architectures are possible in accordance with other embodiments of the invention:
`
`It will be appreciated by persons skilled in the art that embodiments of the invention are not
`limited by what has been particularly shown and described hereinabove. Rather the scope of at
`least one embodiment of the invention is defined by the claims below.
`
`Moreover the solution architecture example, pertains to the usage of this system and method by a
`financial institution ("Ff'), in order to achieve. a sufficient level of security in authentication of
`the users of its online services whenever there is an actual or a suspected theft of the Credintials
`used by the users of its services in order to gain access to their accounts.
`
`It will be appreciated by persons skilled in the art that this system and method are not limited to
`use by financial institutions, but rather by any Service provider, that users are required to
`authenticate themselves in order to gain access to the services. Moreover, in the solution
`architecture example reference is made to a telephone and a telephone number, as the second
`factor for the authentication. While a telephone line and number do indeed correspond to the
`requirements defined above for the second comminication channel to be used under this method,
`it should be appreciate4 by persons skilled in the art that other communication channels could be
`used as well, and the telephone is just used in order to provide a simple illustration of a certain
`embodiment of this method.
`
`I will also be appreciated by persons skilled in the art that the "Users" referred to herein, could be
`individuals as well as corporations and other legal entities.
`
`Finally it will be appreciated by persons skilled in the art, that the "levels of fraud alert" referred
`to in the following sections are intended as an :illustration and there may be many other
`configurations intended to distinguish between various levels of fraud attack or suspected attack.
`
`Architecture
`
`This lllustration of Architecture considers an online Banking service provided by a Fl. It will be
`appreciated by those skilled in the art that this example is only one illustration of the system and
`
`8
`
`TWILIO INC. Ex. 1021 Page 10
`
`
`
`P-6864-USP
`
`method, which could be applied to different services provided by Fis as well as to . different
`services provided by different types of organizations.
`
`The system is composed of two major ingredients:
`l. A small plug-in for the Frs online banking system
`2. A Hosted System/ Service ("HS")
`The online banking and the HS both communicate with the end-user.
`
`------------------------
`
`Plug-In /hosted system
`communication
`·
`
`Authentlcalfan application
`communicates with
`end-user's device
`
`Online banking system
`communicates with endl-us,ar's---....1 ......
`device
`
`-
`
`-
`
`-
`
`-.- -- -- -- - - - -.- .
`
`9
`
`BEST AVAILABLE COPY
`
`TWILIO INC. Ex. 1021 Page 11
`
`
`
`P-6864-USP
`
`1.1.1
`
`The FI Plug-in
`
`A small plug-in is installed at the FI's data centre- where the online banking application is
`hosted.
`The plug-in has several versions, pending on the architecture used by the FI (J2EE, Microsoft
`.Net, Microsoft ASP, and more).
`'
`The Plug-in functionalities are:
`(:ommunicates with the bank's system
`1.
`2. Communicates with an Authentication Application- including the cryptographic
`validation of the HS response to ensure it is legitimate.
`3. Replaces the session ID with a proxy session ID when communicating with an
`~uthentication Application (to pre~t resp~e spoofing and re-play attac~ _____ _
`
`_
`
`~ Plug in
`I • I • ..
`.. :
`I • I
`I • I
`I t-!~':g.:~--
`
`I
`I
`
`I
`I
`
`Communicates
`with the online
`banking System
`
`Plug-In /hosted system
`communication
`
`Online Banking System
`
`Online banking system
`communicates with end!-us,er's-----1~
`device
`
`1.1.2
`
`TheHS
`
`The HS contains the following components:
`1. The authentication application:
`
`10
`
`TWILIO INC. Ex. 1021 Page 12
`
`
`
`P-6864-USP
`
`a. Displays the authentication m: communicates with the end user's device
`b. Communicates with the plug-in
`c. Cryptographically Signs the messages that go to the plug-in (therefore it is linked
`totheHSM)
`d. Coinmunicates with the history DB -logs information into it
`e. Communicates with the decision engine - initiates a decision request and
`receives a decision response: whether an out-of-band authentication should take
`place.
`f Communicates with the user-channel mapping DB- sends the channel
`information to the DB and receives a status for this channel, as well as receiving
`a list of past channels to al