Search

US-12619992-B2 - Method and apparatus for improving security of a computer network utilizing simple mail transfer protocol (SMTP)

US12619992B2US 12619992 B2US12619992 B2US 12619992B2US-12619992-B2

Abstract

An email-based e-commerce system is disclosed with additional features for added security. The system may include security features for email based e-commerce providing added assurance to customers of a higher level of protection than generally required. These security features enhance the password reset function without requiring a password, generate confirmations on outside messaging systems and implement an oversight management tool for authorizing transactions. The methods and apparatus described herein may enhance security by designing a system that can confirm payments through a separate non-email based media. The e-commerce system may send alerts or requests for confirmation in a variety of media to ensure a secure payment process. The methods and apparatus described herein may expand the list of individuals that may request or approve payments based on a single account registered by a single credit card holder. A single user may receive requests from registered sub-customers for payments by email.

Inventors

  • James Kassemi
  • Lawrence Glen Holcomb
  • John P. Killoran, JR.
  • Patrick Killoran

Assignees

  • SWOOP IP HOLDINGS LLC

Dates

Publication Date
20260505
Application Date
20230508

Claims (17)

  1. 1 . A method for authenticating user access to a secure website without passwords, comprising: receiving, via a webpage, a login request from a user attempting to access the secure website; capturing, via the webpage, metadata of the login request including an Internet Protocol (IP) address and an HTTP user-agent string; generating, for the login request, an authentication token that is cryptographically bound to at least the IP address and the HTTP user-agent string; embedding the authentication token in an email message sent to a registered email address of the user using Simple Mail Transfer Protocol (SMTP); prior to receiving a message body of the email during an SMTP dialog, verifying Sender Policy Framework (SPF) for a sending domain and, upon SPF failure, discarding the message without accessing the message body; receiving a response email from the user containing the authentication token; extracting and validating the authentication token against a stored authentication record including verifying a cryptographic binding to captured IP address and the HTTP user-agent string; when the authentication token is valid and received within a predefined time window, granting the user access to the secure website; and, responsive to granting access, invalidating any other active authentication tokens for the user and transmitting an authentication confirmation message that includes a new authentication token for a next login; and when the authentication token is expired or invalid, denying access to the secure website and prompting the user to request the new authentication token.
  2. 2 . The method of claim 1 , wherein the authentication token is generated upon customer submitting an email address on a website.
  3. 3 . The method of claim 1 , further comprising: registering a user as the registered user via a web page.
  4. 4 . The method of claim 1 , further comprising: invalidating the new authentication token after a predetermined period of time has elapsed since the secure website was accessed.
  5. 5 . The method of claim 1 , further comprising: on a condition that access to the secure website is not granted: transmitting, using SMTP, an authentication message to the user.
  6. 6 . The method of claim 1 , wherein the secure website enables payment of an e-commerce transaction.
  7. 7 . A system for managing authentication sessions and controlling access to a secure website, comprising: a memory; a network interface; and one or more processors that are communicatively coupled to the network interface and the memory, wherein the one or more processors are collectively configured to: receive, via a web page, a login request from a user attempting to access the secure website; capture, via the web page, metadata of the login request including an Internet Protocol (IP) address and an HTTP user-agent string; generate, for the login request, an authentication token that is cryptographically bound to at least the IP address and the HTTP user-agent string; transmit, using the network interface and Simple Mail Transfer Protocol (SMTP), an email message to a registered email address of the user that embeds the authentication token; prior to receiving a message body of a response email during an SMTP dialog, verify Sender Policy Framework (SPF) for a sending domain and, upon SPF failure, discard the message without accessing the message body; receive, using the network interface, the response email from the user containing the authentication token; extract and validate the authentication token against a stored authentication record, including verifying a cryptographic binding to the IP address and the HTTP user-agent string; when the authentication token is valid and received within a predefined time window, grant the user access to the secure website; and, responsive to granting access, invalidate any other active authentication tokens for the user and transmit, using the network interface and SMTP, an authentication confirmation message that includes a new authentication token for a next login; and when the authentication token is expired or invalid, deny access to the secure website and prompt the user to request the new authentication token.
  8. 8 . The system of claim 7 , wherein the authentication token is generated upon customer submitting an email address on a website.
  9. 9 . The system of claim 7 , wherein the one or more processors are further collectively configured to: receive, using the network interface, a registration of a user, wherein the registration is performed a web page, and identify the user as a registered user.
  10. 10 . The system of claim 7 , wherein the one or more processors are further collectively configured to: invalidate the new authentication token after a predetermined period of time has elapsed since the secure website associate was accessed.
  11. 11 . The system of claim 7 , wherein the one or more processors are further collectively configured to: on a condition that access to the secure website is not granted: transmit, using network interface, an authentication message to the user utilizing SMTP.
  12. 12 . The system of claim 7 , wherein the secure website enables payment of an e-commerce transaction.
  13. 13 . The system of claim 7 , wherein access to the secure website is granted in response to: activation of a link t, and receipt of a new token.
  14. 14 . A non-transitory computer-readable medium storing instructions that, when executed by a processor, cause a computing device to perform a method for managing authentication sessions and controlling access to a secure website, the method comprising: receiving, via a web page, a login request from a user attempting to access the secure website; capturing, via the web page, metadata of the login request including an Internet Protocol (IP) address and an HTTP user-agent string; generating, for the login request, an authentication token that is cryptographically bound to at least the IP address and the HTTP user-agent string; embedding the authentication token in an email message sent to a registered email address of the user using Simple Mail Transfer Protocol (SMTP); prior to receiving a message body of the email during an SMTP dialog, verifying Sender Policy Framework (SPF) for a sending domain and, upon SPF failure, discarding the message without accessing the message body; receiving a response email from the user containing the authentication token; extracting and validating the authentication token against a stored authentication record including verifying a cryptographic binding to captured IP address and the HTTP user-agent string; when the authentication token is valid and received within a predefined time window, granting the user access to the secure website; and, responsive to granting access, invalidating any other active authentication tokens for the user and transmitting an authentication confirmation message that includes a new authentication token for a next login; and when the authentication token is expired or invalid, denying access to the secure website and prompting the user to request the new authentication token.
  15. 15 . The non-transitory computer readable storage medium of claim 14 , wherein the method further comprises: invalidate the new authentication token after a predetermined period of time has elapsed since the secure website was accessed.
  16. 16 . The non-transitory computer readable storage medium of claim 14 , wherein the method further comprises: on a condition that access to the secure website is not granted: transmit, using network interface, an authentication message to the user utilizing SMTP.
  17. 17 . The method of claim 1 , further comprising: transmitting, to a registered user device via Short Message Service (SMS), a one-time out-of-band confirmation code bound to the authentication token; receiving, from the registered user device, a confirmation response including the out-of-band code; and granting the user access only when both the DKIM/SPF verification and the out-of-band confirmation succeed and an account state is UNLOCKED, wherein the account may be set to a LOCKED state in response to a user instruction received via SMS.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 16/506,848 filed Jul. 9, 2019, which is a continuation of U.S. patent application Ser. No. 14/695,917, filed Apr. 24, 2015, which issued on Jul. 9, 2019 as U.S. Pat. No. 10,346,846, which claims the benefit of U.S. Provisional Application No. 61/983,785 filed Apr. 24, 2014, which are incorporated by reference as if fully set forth herein. FIELD OF INVENTION The present invention is related to electronic payment systems. BACKGROUND There are a growing number of opportunities to complete financial transactions online. The form of these transactions may display various formats and design concepts, however, the majority of these financial transactions for single customers are based on using a web page interface. A method that allows a customer to complete a financial transaction by email offers a new set of possibilities for the consumer. For an email-based financial transaction system to be considered viable, it may need to possess the same or similar security assurances as a web-based checkout. A system that exploits the particularities of email communication to build added security may be desirable in the market place. For an email financial transaction based system an additional array of security may be possible. An email-based e-commerce system may leverage the fact that the email account is a secure place where registered members possess security and privacy in their online correspondence. Logically, this security may be extended to a function where registered customers may approve financial transactions within their email client. The security to such a customer of that system is important. Many security systems work in tandem with other forms of messaging and communication to verify and authenticate transactions. A system that adds failsafe assurances, either through approval systems or verifications in other arenas, may be beneficial to the consumer. SUMMARY An email-based e-commerce system is disclosed herein with additional features for added security. The system may include security features for email based e-commerce that provide added assurance to customers, for example, a higher level of protection than may be generally required. These security features may eliminate the need for a password function, generate confirmations on outside messaging systems, and implement a management oversight tool for authorizing transactions. The methods and apparatus described herein may further use email-based confirmation of account activity that allows for a higher level of security for accounts where sensitive information is accessible. The methods and apparatus described herein may enhance security by implementing a system that may, with dual authorization or multi-factor authentication, confirm payments through a separate non-email based media. The e-commerce system may send alerts or requests for confirmation in a variety of media to ensure a secure payment process. The methods and apparatus described herein may expand the list of individuals that may request or approve payments based on a single account registered by a single credit card holder. A single user may receive requests from registered sub-customers for payments by email. The methods and apparatus described herein may create a method for resetting, adjusting, and/or bypassing password authentication. This allows a payment server to authenticate a customer without requiring a password prompt while improving user experience and increasing security. In one embodiment, this may eliminate the need for a password to access the e-commerce system. BRIEF DESCRIPTION OF THE DRAWINGS A more detailed understanding may be had from the following description, given by way of example in conjunction with the accompanying drawings wherein: FIG. 1 shows an example system that may be used for confirmations of payments and account logon in an email-based checkout; FIG. 2 is a transactional flow diagram that describes the process for authenticating a user for the e-commerce system which may be applied to confirmations and account logon; FIG. 3 is a diagram showing the steps to the signup of a full-customer and a payment request made by a sub-customer and the subsequent approval of a full-customer; FIG. 4 is an illustration of an account signup where a customer may register for the e-commerce system and choose security options; FIG. 5 is an illustration of a payment approval email sent to the full-customer; FIG. 6 is a transactional flow diagram that describes the process where one of multiple sub-customers might request transactions with full-customer oversight and approval; FIG. 7 is a diagram that illustrates the e-commerce system and its parsing function in approval of email transactions distinguishing between full-customers and sub-customer status; FIG. 8 is a transactional flow diagram that describes the process for using text messages and or social media