Connected authentication device using mobile single sign on credentials
First Claim
Patent Images
1. A device configured to enable access by a computer to a secure online resource, the device comprising:
- a processor;
a network interface including a subscriber identity module (SIM) for connecting to a cellular network; and
a memory storing executable instructions for causing the processor to;
request, via the network interface and from a backend server, a Single Sign On PIN;
receive, in response to the request, the Single Sign On PIN from the backend server;
transmit, via the network interface and to a token server, the Single Sign On PIN and credentials of the SIM to request a token for accessing the secure online resource via the computer, the computer being different from the device, wherein the token is associated with a user account;
receive, via the network interface and from the token server, the token;
store the token at the device to enable the access by the computer to the secure online resource, wherein the device is unable to use the token to enable the device to access the secure online resource;
receive from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource;
responsive to the receiving of the request from the computer, verify, without manual authentication, that the computer is being accessed by a user associated with the user account based on the device being geographically proximate to the computer; and
transmit the token to the computer upon the verification that the computer is being accessed by the user associated with the user account.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for device-based authentication are disclosed. In some implementations, a device receives a Single Sign On PIN from a backend server. The device transmits, to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) to request a token for accessing a network resource via a computer different from the device. The token is associated with a user account. The device receives the token from the token server. The device stores the token at a local memory of the device.
-
Citations
18 Claims
-
1. A device configured to enable access by a computer to a secure online resource, the device comprising:
-
a processor; a network interface including a subscriber identity module (SIM) for connecting to a cellular network; and a memory storing executable instructions for causing the processor to; request, via the network interface and from a backend server, a Single Sign On PIN; receive, in response to the request, the Single Sign On PIN from the backend server; transmit, via the network interface and to a token server, the Single Sign On PIN and credentials of the SIM to request a token for accessing the secure online resource via the computer, the computer being different from the device, wherein the token is associated with a user account; receive, via the network interface and from the token server, the token; store the token at the device to enable the access by the computer to the secure online resource, wherein the device is unable to use the token to enable the device to access the secure online resource; receive from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource; responsive to the receiving of the request from the computer, verify, without manual authentication, that the computer is being accessed by a user associated with the user account based on the device being geographically proximate to the computer; and transmit the token to the computer upon the verification that the computer is being accessed by the user associated with the user account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method to enable access by a computer to a secure online resource, the method comprising:
-
requesting, via a network interface of a device and from a backend server, a Single Sign On PIN; receiving, at the device, in response to the request, the Single Sign On PIN from the backend server; transmitting, via the network interface and to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) of the device to request a token for accessing the secure online resource via the computer, wherein the token is associated with a user account and the SIM is for connecting to a cellular network; receiving, via the network interface and from the token server, the token; and storing the token at the device to enable the access by the computer to the secure online resource; receiving from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource; responsive to the receiving of the request from the computer, verifying that the computer is being accessed by a user associated with the user account, wherein the verifying that the computer is being accessed by the user associated with the user account comprises verifying that a local time for a geographic location of the computer is within a time limitation placed on when the device is allowed to be used to connect the computer to the secure online resource; and transmitting the token to the computer upon the verification that the computer is being accessed by the user associated with the user account, wherein; the computer is different from the device, the verifying that the computer is being accessed by the user associated with the user account is further based on the device being geographically proximate to the computer and further comprises; determining, based on the geographic location of the computer and a geographic location of the device, that a geographic distance between the computer and the device is less than a geographic distance threshold, and the method further comprises setting the geographic distance threshold based on the geographic location of the device. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method to enable access by a computer to a secure online resource, the method comprising:
-
requesting, via a network interface of a device and from a backend server, a Single Sign On PIN; receiving, at the device, in response to the request, the Single Sign On PIN from the backend server; transmitting, via the network interface and to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) of the device to request a token for accessing the secure online resource via the computer, wherein the token is associated with a user account and the SIM is for connecting to a cellular network; receiving, via the network interface and from the token server, the token; storing the token at the device to enable the access by the computer to the secure online resource; receive from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource; responsive to the receiving of the request from the computer, verify, without manual authentication, that the computer is being accessed by a user associated with the user account based on the device being geographically proximate to the computer; and transmit the token to the computer upon the verification that the computer is being accessed by the user associated with the user account, wherein the device is unable to use the token to enable the device to access the secure online resource, and wherein the computer is different from the device. - View Dependent Claims (16, 17, 18)
-
Specification