Applications login using a mechanism relating sub-tokens to the quality of a master token

US 10,133,858 B2
Filed: 08/17/2015
Issued: 11/20/2018
Est. Priority Date: 12/29/2011
Status: Active Grant

First Claim

Patent Images

1. A user device comprising:

a non-transitory memory; and

one or more hardware processors coupled with the non-transitory memory and configured to read instructions from the non-transitory memory to cause the user device to perform operations comprising;

receiving a notification indicating an authentication of a user based on an authentication input from the user received via a user interface of the user device;

determining a quality score of the authentication of the user based on at least one of a modality in which the authentication input is received, an accuracy of the authentication input, an identity of the user device, or a detected location of the user device;

generating by a first application executing on the user device, a master token corresponding with the determined quality score;

in response to receiving a request to access a second application executing on the user device, generating a sub-token for accessing the second application based on the master token and the corresponding quality score, wherein the sub-token indicates an access level for accessing the second application by the user; and

without receiving additional authentication input from the user and based on the sub-token, automatically authenticating the user for use of the second application according to the access level.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction.

22 Citations

20 Claims

1. A user device comprising:
- a non-transitory memory; and
  
  one or more hardware processors coupled with the non-transitory memory and configured to read instructions from the non-transitory memory to cause the user device to perform operations comprising;
  
  receiving a notification indicating an authentication of a user based on an authentication input from the user received via a user interface of the user device;
  
  determining a quality score of the authentication of the user based on at least one of a modality in which the authentication input is received, an accuracy of the authentication input, an identity of the user device, or a detected location of the user device;
  
  generating by a first application executing on the user device, a master token corresponding with the determined quality score;
  
  in response to receiving a request to access a second application executing on the user device, generating a sub-token for accessing the second application based on the master token and the corresponding quality score, wherein the sub-token indicates an access level for accessing the second application by the user; and
  
  without receiving additional authentication input from the user and based on the sub-token, automatically authenticating the user for use of the second application according to the access level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The user device of claim 1, wherein the user interface comprises a biometric reader device, wherein the authentication input comprises a biometric input of the user, and whereinthe quality score is determined further based on a read quality of the biometric input and a number of times the biometric input has been recognized.
  - 3. The user device of claim 1, wherein the sub-token is associated with an expiration time that is enforced by the first application.
  - 4. The user device of claim 1, wherein the sub-token is generated by the second application based on accessing the master token and using permissions and access granted to the master token.
  - 5. The user device of claim 1, wherein the operations further comprise:
    - in response to receiving a request to access a third application executing on the user device, generating a second sub-token for accessing the third application based on the master token and the associated quality score;
      
      determining, based on the second sub-token, an additional authentication process required for the user to access the third application; and
      
      authenticating the user for use of the third application according to the determined additional authentication process.
  - 6. The user device of claim 1, wherein the sub-token is associated uniquely with the second application and is unusable by other applications executing on the user device.
  - 7. The user device of claim 1, wherein the operations further comprise automatically launching a function of the second application based on the quality score of the master token.
  - 8. The user device of claim 1, wherein automatically authenticating the user for use of the second application comprises bypassing a login process associated with the second application.
  - 9. The user device of claim 1, wherein the operations further comprise performing a payment transaction through a checkout process of the second application based on the sub-token.
  - 10. The user device of claim 1, wherein:
    - the master token is stored on the user device as a root node of a tree data structure; and
      
      the sub-token is stored on the user device as a leaf node in the tree data structure and linked in the tree data structure to the master token.

11. A method of authenticating a user, the method comprising:
- receiving a notification indicating an authentication of a user based on an authentication input from the user received via a user interface of a user device;
  
  obtaining a quality score representing a quality of the authentication of the user, the quality score determined based on at least one of a modality in which the authentication input is received, an accuracy of the authentication input;
  
  an identity of the user device, or a detected location of the user device;
  
  generating, by a first application executing on the user device, a master token corresponding with the determined quality score;
  
  in response to detecting a request to access a second application executing on the user device, generating a sub-token for accessing the second application based on the master token and the corresponding quality score;
  
  determining an authentication level for authenticating the user to access the second application based on the sub-token; and
  
  automatically authenticating the user for accessing the second application according to the determined authentication level.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the authentication input comprises a biometric input provided by the user via a biometric reader device of the user device, wherein the quality score is determined further based on a read quality of the biometric input.
  - 13. The method of claim 11, wherein the sub-token is generated by a master service provider application executing on the user device.
  - 14. The method of claim 11, wherein the sub-token is generated by the first application.
  - 15. The method of claim 11, wherein the sub-token is generated by the second application.
  - 16. The method of claim 11, further comprising automatically launching a function of the second application based on the sub-token.
  - 17. The method of claim 11, wherein automatically authenticating the user for accessing the second application comprises bypassing a login process associated with the second application.
  - 18. The method of claim 11, further comprising performing a payment transaction, based on the sub-token, through a checkout process of the second application.
  - 19. The method of claim 11, further comprising:
    - accessing the sub-token stored in a memory of the user device as a link from a root in a tree data structure, wherein the master token is stored as the root of the tree data structure.

20. A non-transitory computer-readable medium stored thereon machine-readable instructions executable to cause a user device to perform operations comprising:
- receiving a notification indicating an authentication of a user based on an authentication input from the user received via a user interface of the user device;
  
  determining a quality score of the authentication of the user based on at least one of a modality in which the authentication input is received, an accuracy of the authentication input, an identity of the user device, or a detected location of the user device;
  
  generating, by a first application installed on the user device, a master token corresponding with the determined quality score;
  
  in response to receiving a request to access a second application installed on the user device, generating a sub-token for accessing the second application based on the master token and the associated quality score, wherein the sub-token indicates an access level for accessing the second application by the user; and
  
  providing the sub-token to the second application to cause the second application to automatically authenticate the user for accessing the second application according to the access level without receiving additional authentication input from the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Taveau, Sebastien Ludovic Jean, Mardikar, Upendra S.
Primary Examiner(s)
Shaifer Harriman, Dant B

Application Number

US14/828,239
Publication Number

US 20150358319A1
Time in Patent Office

1,191 Days
Field of Search

726 9
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

G06F 21/629   to features or functions of...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06Q 20/12   specially adapted for elect...

G06Q 20/127   Shopping or accessing servi...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/382   insuring higher security of...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/384   using social networks

G06Q 20/401   Transaction verification

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/405   Establishing or using trans...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0861   using biometrical features,...

H04L 9/3226 : using a predetermined code,...

H04L 9/3228 : One-time or temporary data,...

H04L 9/3231 : Biological data, e.g. finge...

View All

Applications login using a mechanism relating sub-tokens to the quality of a master token

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Applications login using a mechanism relating sub-tokens to the quality of a master token

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links