Trusted status transfer between associated devices

US 10,063,540 B2
Filed: 05/27/2016
Issued: 08/28/2018
Est. Priority Date: 06/07/2015
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user device, the method comprising, at a computing device:

verifying a trusted status for an associated user device, wherein the trusted status indicates an existing authentication for the associated user device;

receiving data items from the associated user device and the user device, wherein the data items include at least (i) a device identifier for the associated user device, (ii) a device identifier for the user device, and iii a data item that indicates that the user device is associated with the associated user device;

determining whether the data items from the associated user device and the user device satisfy a predetermined level of association; and

in response to determining that the data items satisfy the predetermined level of association;

generating an authentication token, andcausing the existing authentication for the associated user device to extend to the user device by sending the authentication token to the associated user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments set forth systems and techniques to authenticate a user device for device services, such as by transferring or extending a trusted device status from a separate and trusted associated user device, which can be paired with the user device. This can be done automatically without requiring the user to sign in at or on behalf of the user device, and the automated process can include verifying a trusted status for the associated user device, receiving data items from both devices, evaluating the data items, and facilitating an authentication of the user device when the evaluating returns a favorable result. Data items can include provisioned machine identifiers, temporally limited one-time user passwords, and a provisioned password reset key. Authentication or trusted device status transfer can be achieved by way of an authentication token that is given to the user device.

8 Citations

View as Search Results

20 Claims

1. A method for authenticating a user device, the method comprising, at a computing device:
- verifying a trusted status for an associated user device, wherein the trusted status indicates an existing authentication for the associated user device;
  
  receiving data items from the associated user device and the user device, wherein the data items include at least (i) a device identifier for the associated user device, (ii) a device identifier for the user device, and iii a data item that indicates that the user device is associated with the associated user device;
  
  determining whether the data items from the associated user device and the user device satisfy a predetermined level of association; and
  
  in response to determining that the data items satisfy the predetermined level of association;
  
  generating an authentication token, andcausing the existing authentication for the associated user device to extend to the user device by sending the authentication token to the associated user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the associated user device sends the authentication token to the user device.
  - 3. The method of claim 2, wherein, subsequent to the user device receiving the authentication token, the user device is not required to provide a password in order to extend the existing authentication to the user device.
  - 4. The method of claim 1, wherein the data items further include a first one-time password associated with the associated user device and a second one-time password associated with the user device.
  - 5. The method of claim 4, wherein determining whether the data items satisfy the predetermined level of association includes verifying that the second one-time password was formed while the first one-time password was valid.
  - 6. The method of claim 5, wherein the first one-time password and the second one-time password are valid for only a limited period of time.
  - 7. The method of claim 1, wherein the user device is paired with the associated user device when the computing device receives the data items from the associated user device and the user device.
  - 8. The method of claim 1, wherein the data items further include a password reset key that is unique to the associated user device.

9. A system adapted to authenticate an electronic device that is associated with a user, the system comprising:
- at least one processor; and
  
  at least one memory storing instructions that, when executed by the at least one processor, cause the system to;
  
  verify a trusted status for an associated user device, wherein the trusted status indicates an existing authentication for the associated user device;
  
  receive data items from the associated user device and the electronic device, wherein the data items from the associated user device include a unique associated user device identifier and a first one-time password, and the data items from the electronic device include a unique electronic device identifier and a second one-time password;
  
  evaluating the data items from the electronic device with the data items from the associated user device;
  
  generating an authentication token when evaluating the data items from the electronic device and the associated user device returns a favorable result; and
  
  sending the authentication token to the associated user device such that the existing authentication for the associated user device is extended to the electronic device when the associated user device provides the authentication token to the electronic device, wherein extending the existing authentication for the associated user device does not require that the user sign in and manually authenticate the electronic device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the data items from the associated user device further include a unique password reset key.
  - 11. The system of claim 9, wherein the first one-time password and the second one-time password are formed using unique password reset keys.
  - 12. The system of claim 9, wherein the first and second one-time passwords are valid for only a limited amount of time formed.
  - 13. The system of claim 12, wherein the evaluating the data items from the electronic device and the associated user device includes verifying that the second one-time password was formed while the first one-time password was valid.
  - 14. The system of claim 9, wherein the favorable result indicates that the associated user device and the electronic device satisfy a predetermined level of association.

15. A non-transitory computer readable storage medium storing instructions that, when executed by at least one processor included in a computing device, cause the computing device to:
- verify a trusted status for an associated user device, wherein the trusted status indicates an existing authentication for the associated user device;
  
  receive data items from the associated user device and a user device, wherein the data items from the associated user device and the user device include at least (i) a device identifier for the associated user device, (ii) a device identifier for the user device, and (iii) a data item that indicates that the user device is associated with the associated user device;
  
  determine whether the data items from the associated user device and the user device satisfy a predetermined level of association; and
  
  in response to determining that the data items satisfy the predetermined level of association;
  
  generate an authentication token, andcause the existing authentication for the associated user device to extend to the user device by sending the authentication token to the associated user device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the associated user device sends the authentication token to the user device.
  - 17. The non-transitory computer readable storage medium of claim 16, wherein, subsequent to the user device receiving the authentication token, the user device is not required to provide a password in order to extend the existing authentication to the user device.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein the data items further include a first one-time password associated with the associated user device and a second one-time password associated with the user device.
  - 19. The non-transitory computer readable storage medium of claim 18, wherein the first one-time password and the second one-time password are valid for only a limited period of time.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein the user device is paired with the associated user device when the computing device receives the data items from the associated user device and the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Wilson, James C., Ali, Lestat, Arromratana, Aniwat
Primary Examiner(s)
Zaidi, Syed

Application Number

US15/167,735
Publication Number

US 20160359848A1
Time in Patent Office

823 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 2221/2131   Lost password, e.g. recover...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

Trusted status transfer between associated devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted status transfer between associated devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links