Bootstrapping user authentication on devices

US 10,009,355 B2
Filed: 06/14/2016
Issued: 06/26/2018
Est. Priority Date: 07/03/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program that, when executed in at least one computing device, causes the at least one computing device to at least:

authenticate a first application executed on a first computing device to access a user account on a network site based at least in part on a trusted security credential received from the first application, the first application providing at least one visual cue indicating that a first current network page is legitimate;

send a bootstrap security credential to the first application that has been authenticated;

display, by the first application, a first user interface containing the bootstrap security credential and a site verification credential;

display, by a second computing device, a second user interface configured to receive the bootstrap security credential from a user and present the site verification credential; and

authenticate a second application executed on the second computing device for access to the user account on the network site based at least in part on the bootstrap security credential being manually entered in the second user interface and received from the second application in an authentication request that excludes the trusted security credential, the second application omitting visual cues to indicate a second current network page is legitimate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user account. The second device includes visual cues to indicate a network page is legitimate, while the first device excludes visual cues to indicate the network page is legitimate.

Citations

19 Claims

1. A non-transitory computer-readable medium embodying a program that, when executed in at least one computing device, causes the at least one computing device to at least:
- authenticate a first application executed on a first computing device to access a user account on a network site based at least in part on a trusted security credential received from the first application, the first application providing at least one visual cue indicating that a first current network page is legitimate;
  
  send a bootstrap security credential to the first application that has been authenticated;
  
  display, by the first application, a first user interface containing the bootstrap security credential and a site verification credential;
  
  display, by a second computing device, a second user interface configured to receive the bootstrap security credential from a user and present the site verification credential; and
  
  authenticate a second application executed on the second computing device for access to the user account on the network site based at least in part on the bootstrap security credential being manually entered in the second user interface and received from the second application in an authentication request that excludes the trusted security credential, the second application omitting visual cues to indicate a second current network page is legitimate.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the second application comprises a browser omitting at least one of:
    - window borders, an address bar, or a menu.
  - 3. The non-transitory computer-readable medium of claim 1, whereinthe second user interface includes an input field for inputting the bootstrap security credential.
  - 4. The non-transitory computer-readable medium of claim 3, wherein the at least one computing device causes the input field to be rendered by the second application based at least in part on serving up a network page that includes the input field.
  - 5. The non-transitory computer-readable medium of claim 1, wherein when executed the program further causes the at least one computing device to at least:
    - detect a change to the second application; and
      
      disable access to the user account by the second application in response to the change to the second application.

6. A system, comprising:
- a data store storing user account data; and
  
  at least one computing device comprising a hardware processor in communication with the data store, the at least one computing device being configured to at least;
  
  authenticate a first application executed on a first device for access to a user account on a network site based at least in part on the user account data, the first application providing at least one visual cue indicating that a first current network page is legitimate;
  
  receive a request for a bootstrap security credential from the first application that has been authenticated;
  
  send the bootstrap security credential to the first application;
  
  cause the first application to display a first user interface containing the bootstrap security credential and a site verification credential;
  
  receive a request from a second application executed on a second device for access to the user account on the network site;
  
  cause the second application to display a second user interface configured to receive the bootstrap security credential from a user and present the site verification credential; and
  
  authenticate the second application for access to the user account on the network site based at least in part on the bootstrap security credential being received from the second application, wherein the bootstrap security credential is manually entered in the second application, the bootstrap security credential excluding the user account data, and the second application excluding the at least one visual cue to indicate a second current network page is legitimate.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein the at least one computing device is further configured to at least cause an input field to be rendered by the second application.
  - 8. The system of claim 7, wherein the at least one computing device causes the first application to render the bootstrap security credential on a display based at least in part on serving up a network page including the bootstrap security credential.
  - 9. The system of claim 6, wherein the user account data comprises a plurality of user accounts and the at least one computing device is configured to authenticate the first application for access to the user account by matching a trusted security credential with one of the plurality of user accounts in the data store.
  - 10. The system of claim 6, wherein the at least one visual cue comprises a lock icon indicating communications between the at least one computing device and the first application are secured using Secure Socket Layer (SSL) encryption.
  - 11. The system of claim 6, wherein the at least one computing device is further configured to at least:
    - detect a change in a network address of the second application; and
      
      disable access to the user account for the second application in response to the change in the network address.

12. A method, comprising:
- authenticating, via at least one of one or more computing devices, a first computing device to access a user account based at least in part on a security credential received from the first computing device, the first computing device providing at least one visual cue indicating that a first current application is legitimate;
  
  generating, via at least one or more of the one or more computing devices, a bootstrap security credential for the user account;
  
  causing the first computing device to display a first user interface containing the bootstrap security credential and a site verification credential;
  
  causing a second computing device to display a second user interface configured to receive the bootstrap security credential from a user and present the site verification credential; and
  
  authenticating, via at least one or more of the one or more computing devices, the second computing device for access to the user account based at least in part on the bootstrap security credential being manually entered in the second user interface, the bootstrap security credential received from the second computing device in an authentication request from the second computing device that excludes the security credential, the second computing device excluding visual cues indicating that a second current application executed by the second computing device is legitimate.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, further comprising:
    - receiving, via at least one or more of the one or more computing devices, a request for the bootstrap security credential from the first computing device, wherein the request for the bootstrap security credential comprises a location for use;
      
      determining, via at least one or more of the one or more computing devices, that the second computing device is located further from the location for use than a predefined distance; and
      
      disabling, via at least one or more of the one or more computing devices, access to the user account for the second computing device in response to determining that the second computing device is located further from the location for use than the predefined distance.
  - 14. The method of claim 12, further comprising:
    - receiving, via at least one or more of the one or more computing devices, a request for the bootstrap security credential from the first computing device, wherein the request for the bootstrap security credential comprises a location for use;
      
      determining, via at least one or more of the one or more computing devices, that the second computing device is located further from the location for use than a predefined distance; and
      
      causing, via at least one or more of the one or more computing devices, the second computing device to render a prompt to confirm whether to continue access to the user account for a new location of the second computing device in response to determining that the second computing device is located further from the location for use than the predefined distance.
  - 15. The method of claim 12, further comprising:
    - detecting, via at least one or more of the one or more computing devices, a change in a physical location of the second computing device; and
      
      disabling, via at least one or more of the one or more computing devices, access to the user account for the second computing device in response to the change to the physical location.
  - 16. The method of claim 12, wherein the bootstrap security credential comprises an identifier corresponding to the second computing device, and the bootstrap security credential is signed using public-key encryption.
  - 17. The method of claim 12, further comprising:
    - sending, via at least one or more of the one or more computing devices, another bootstrap security credential to the first computing device that has been authenticated; and
      
      authenticating, via at least one or more of the one or more computing devices, a third computing device for access to the user account based at least in part on the other bootstrap security credential being received from the third computing device in another authentication request that excludes the security credential.
  - 18. The method of claim 17, wherein the bootstrap security credential is manually entered into the second computing device and the other bootstrap security credential is transferred from the first computing device to the third computing device through a network.
  - 19. The method of claim 18, wherein the second computing device is authorized for a higher level of access than the third computing device based at least in part on manually entering the bootstrap security credential into the second computing device and transferring the other bootstrap security credential to the third computing device through the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Ramalingam, Harsha, Johansson, Jesper Mikael, Bhimanaik, Bharath Kumar
Primary Examiner(s)
Potratz, Daniel B

Application Number

US15/182,031
Publication Number

US 20160294842A1
Time in Patent Office

742 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 3/0481   based on specific propertie...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/107   wherein the security polici...

H04L 63/1483   service impersonation, e.g....

H04L 63/18   using different networks or...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/43   using shared identity modul...

Bootstrapping user authentication on devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Bootstrapping user authentication on devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links