Preventing unauthorized access to secured information systems using multi-device authentication techniques
First Claim
1. A computing platform, comprising:
- at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to;
store first device registration information linking a first computing device and a second computing device to a first user account associated with a client portal provided by a client portal server, wherein the second computing device is different from the first computing device;
receive, via the communication interface, and from the client portal server, a request to authenticate a first user to the first user account associated with the client portal provided by the client portal server;
based on receiving the request to authenticate the first user to the first user account, evaluate authentication state information associated with the first user account;
select a multi-device authentication technique for authenticating the first user to the first user account based on evaluating the authentication state information associated with the first user account;
based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a first one-time passcode for the first computing device associated with the first user account;
send, via the communication interface, to the first computing device associated with the first user account, the first one-time passcode generated for the first computing device associated with the first user account;
based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a second one-time passcode for the second computing device associated with the first user account, wherein the second one-time passcode generated for the second computing device associated with the first user account is different from the first one-time passcode generated for the first computing device associated with the first user account;
send, via the communication interface, to the second computing device associated with the first user account, the second one-time passcode generated for the second computing device associated with the first user account;
receive, via the communication interface, from the client portal server, first one-time passcode input;
validate the first one-time passcode input based on the first one-time passcode generated for the first computing device associated with the first user account;
receive, via the communication interface, from the client portal server, second one-time passcode input;
validate the second one-time passcode input based on the second one-time passcode generated for the second computing device associated with the first user account;
based on validating the first one-time passcode input and the second one-time passcode input, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and
send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing platform may receive, from a client portal server, a request to authenticate a first user to a first user account. The computing platform may generate a first one-time passcode for a first computing device associated with the first user account and may send, to the first computing device, the first one-time passcode. The computing platform also may generate a second one-time passcode for a second computing device associated with the first user account and may send, to the second computing device, the second one-time passcode. Thereafter, the computing platform may receive first one-time passcode input and second one-time passcode input, which the computing platform may validate. Based on the validating, the computing platform may generate a validation message directing the client portal server to provide the first user with access to the first user account, which the computing platform may send to the client portal server.
80 Citations
17 Claims
-
1. A computing platform, comprising:
-
at least one processor; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to; store first device registration information linking a first computing device and a second computing device to a first user account associated with a client portal provided by a client portal server, wherein the second computing device is different from the first computing device; receive, via the communication interface, and from the client portal server, a request to authenticate a first user to the first user account associated with the client portal provided by the client portal server; based on receiving the request to authenticate the first user to the first user account, evaluate authentication state information associated with the first user account; select a multi-device authentication technique for authenticating the first user to the first user account based on evaluating the authentication state information associated with the first user account; based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a first one-time passcode for the first computing device associated with the first user account; send, via the communication interface, to the first computing device associated with the first user account, the first one-time passcode generated for the first computing device associated with the first user account; based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a second one-time passcode for the second computing device associated with the first user account, wherein the second one-time passcode generated for the second computing device associated with the first user account is different from the first one-time passcode generated for the first computing device associated with the first user account; send, via the communication interface, to the second computing device associated with the first user account, the second one-time passcode generated for the second computing device associated with the first user account; receive, via the communication interface, from the client portal server, first one-time passcode input; validate the first one-time passcode input based on the first one-time passcode generated for the first computing device associated with the first user account; receive, via the communication interface, from the client portal server, second one-time passcode input; validate the second one-time passcode input based on the second one-time passcode generated for the second computing device associated with the first user account; based on validating the first one-time passcode input and the second one-time passcode input, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
at a computing platform comprising at least one processor, memory, and a communication interface; storing, by the at least one processor, first device registration information linking a first computing device and a second computing device to a first user account associated with a client portal provided by a client portal server, wherein the second computing device is different from the first computing device; receiving, by the at least one processor, via the communication interface, and from the client portal server, a request to authenticate a first user to the first user account associated with the client portal provided by the client portal server; based on receiving the request to authenticate the first user to the first user account, evaluating, by the at least one processor, authentication state information associated with the first user account; selecting, by the at least one processor, a multi-device authentication technique for authenticating the first user to the first user account based on evaluating the authentication state information associated with the first user account; based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generating, by the at least one processor, a first one-time passcode for the first computing device associated with the first user account; sending, by the at least one processor, via the communication interface, to the first computing device associated with the first user account, the first one-time passcode generated for the first computing device associated with the first user account; based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generating, by the at least one processor, a second one-time passcode for the second computing device associated with the first user account, wherein the second one-time passcode generated for the second computing device associated with the first user account is different from the first one-time passcode generated for the first computing device associated with the first user account; sending, by the at least one processor, via the communication interface, to the second computing device associated with the first user account, the second one-time passcode generated for the second computing device associated with the first user account; receiving, by the at least one processor, via the communication interface, from the client portal server, first one-time passcode input; validating, by the at least one processor, the first one-time passcode input based on the first one-time passcode generated for the first computing device associated with the first user account; receiving, by the at least one processor, via the communication interface, from the client portal server, second one-time passcode input; validating, by the at least one processor, the second one-time passcode input based on the second one-time passcode generated for the second computing device associated with the first user account; based on validating the first one-time passcode input and the second one-time passcode input, generating, by the at least one processor, a first validation message directing the client portal server to provide the first user with access to the first user account; and sending, by the at least one processor, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account. - View Dependent Claims (16)
-
17. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:
-
store first device registration information linking a first computing device and a second computing device to a first user account associated with a client portal provided by a client portal server, wherein the second computing device is different from the first computing device; receive, via the communication interface, and from the client portal server, a request to authenticate a first user to the first user account associated with the client portal provided by the client portal server; based on receiving the request to authenticate the first user to the first user account, evaluate authentication state information associated with the first user account; select a multi-device authentication technique for authenticating the first user to the first user account based on evaluating the authentication state information associated with the first user account; based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a first one-time passcode for the first computing device associated with the first user account; send, via the communication interface, to the first computing device associated with the first user account, the first one-time passcode generated for the first computing device associated with the first user account; based on selecting the multi-device authentication technique for authenticating the first user to the first user account, generate a second one-time passcode for the second computing device associated with the first user account, wherein the second one-time passcode generated for the second computing device associated with the first user account is different from the first one-time passcode generated for the first computing device associated with the first user account; send, via the communication interface, to the second computing device associated with the first user account, the second one-time passcode generated for the second computing device associated with the first user account; receive, via the communication interface, from the client portal server, first one-time passcode input; validate the first one-time passcode input based on the first one-time passcode generated for the first computing device associated with the first user account; receive, via the communication interface, from the client portal server, second one-time passcode input; validate the second one-time passcode input based on the second one-time passcode generated for the second computing device associated with the first user account; based on validating the first one-time passcode input and the second one-time passcode input, generate a first validation message directing the client portal server to provide the first user with access to the first user account; and send, via the communication interface, to the client portal server, the first validation message directing the client portal server to provide the first user with access to the first user account.
-
Specification