U.S. Patent 7,360,244 describes a method for authenticating a user access request over an initial communication medium to a device protected by a firewall system. The method involves communicating a password, or a portion of a password, which is required to complete the authentication back to the user on a communication medium other than the initial communication medium. This process is commonly referred to as two-factor authentication.
Now, according to the Wikipedia entry on two-factor authentication:
It should be remembered, however, that strong authentication and multi-factor authentication are fundamentally different processes. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves 'something you have' or 'something you are', it would not be considered multi-factor. The [Federal Fincial Institutions Examination Council] issued supplemental guidance on this subject in August 2006, in which they clarified, "By definition true multifactor authentication requires the use of solutions from two or more of the three categories of factors. Using multiple solutions from the same category ... would not constitute multifactor authentication."
Given that this kind of authentication is a business method, I would have thought that this kind of readily available evidence of prior art would have been enough to invalidate GraphOn's application for a patent.
