{"schema_version":"1.0","canonical_url":"https://patentable.app/patents/US-11962580","patent":{"patent_number":"US-11962580","title":"Browser extensionless phish-proof multi-factor authentication (MFA)","assignee":null,"inventors":[],"filing_date":"2021-11-17T00:00:00.000Z","publication_date":"2024-04-16T00:00:00.000Z","cpc_codes":["H04L","H04L","H04L"],"num_claims":17,"abstract":"A multi-factor authentication scheme uses an MFA authentication service and a browser extensionless phish-proof method to facilitate an MFA workflow. Phish-proof MFA verifies that the browser the user is in front of is actually visiting the authentic (real) site and not a phished site. This achieved by only allowing MFA to be initiated from a user trusted browser by verifying its authenticity through a signing operation using a key only it possesses, and then also verifying that the verified browser is visiting the authentic site. In a preferred embodiment, this latter check is carried out using an iframe postMessage owning domain check. In a variant embodiment, the browser is verified to be visiting the authentic site through an origin header check. By using the iframe-based or ORIGIN header-based check, the solution does not require a physical security key (such as a USB authenticator) or any browser extension or plug-in."},"analysis":{"summary":null,"layman_explanation":null,"technical_analysis":null,"business_analysis":null,"faqs":null,"topics":[],"tech_cluster":null},"seo":{"title":"Browser extensionless phish-proof multi-factor authentication (MFA)","description":"A multi-factor authentication scheme uses an MFA authentication service and a browser extensionless phish-proof method to facilitate an MFA workflow. Phish-proof MFA verifies that the browser the user","keywords":[]},"attribution":{"source":"Patentable","source_url":"https://patentable.app","canonical_url":"https://patentable.app/patents/US-11962580","license":"CC-BY-4.0-like","license_terms":"AI-generated analysis on this page (summary, layman_explanation, technical_analysis, business_analysis, faqs) may be reused with attribution and a visible link back to the canonical URL above. Patent abstracts, claims, and bibliographic data are USPTO public domain.","required_link":"https://patentable.app/patents/US-11962580","citation_suggestion":"Patentable. \"Browser extensionless phish-proof multi-factor authentication (MFA)\" (US-11962580). https://patentable.app/patents/US-11962580","copyright_holder":"Nomic Interactive Technology LLC"},"links":{"html":"https://patentable.app/patents/US-11962580","json":"https://patentable.app/api/llm-context/US-11962580","site":"https://patentable.app","llms_txt":"https://patentable.app/llms.txt"},"generated_at":"2026-05-31T01:31:47.526Z"}