Connected authentication device using mobile single sign on credentials

US 10,135,805 B2
Filed: 10/31/2013
Issued: 11/20/2018
Est. Priority Date: 10/31/2013
Status: Active Grant

First Claim

Patent Images

1. A device configured to enable access by a computer to a secure online resource, the device comprising:

a processor;

a network interface including a subscriber identity module (SIM) for connecting to a cellular network; and

a memory storing executable instructions for causing the processor to;

request, via the network interface and from a backend server, a Single Sign On PIN;

receive, in response to the request, the Single Sign On PIN from the backend server;

transmit, via the network interface and to a token server, the Single Sign On PIN and credentials of the SIM to request a token for accessing the secure online resource via the computer, the computer being different from the device, wherein the token is associated with a user account;

receive, via the network interface and from the token server, the token;

store the token at the device to enable the access by the computer to the secure online resource, wherein the device is unable to use the token to enable the device to access the secure online resource;

receive from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource;

responsive to the receiving of the request from the computer, verify, without manual authentication, that the computer is being accessed by a user associated with the user account based on the device being geographically proximate to the computer; and

transmit the token to the computer upon the verification that the computer is being accessed by the user associated with the user account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for device-based authentication are disclosed. In some implementations, a device receives a Single Sign On PIN from a backend server. The device transmits, to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) to request a token for accessing a network resource via a computer different from the device. The token is associated with a user account. The device receives the token from the token server. The device stores the token at a local memory of the device.

Citations

18 Claims

1. A device configured to enable access by a computer to a secure online resource, the device comprising:
- a processor;
  
  a network interface including a subscriber identity module (SIM) for connecting to a cellular network; and
  
  a memory storing executable instructions for causing the processor to;
  
  request, via the network interface and from a backend server, a Single Sign On PIN;
  
  receive, in response to the request, the Single Sign On PIN from the backend server;
  
  transmit, via the network interface and to a token server, the Single Sign On PIN and credentials of the SIM to request a token for accessing the secure online resource via the computer, the computer being different from the device, wherein the token is associated with a user account;
  
  receive, via the network interface and from the token server, the token;
  
  store the token at the device to enable the access by the computer to the secure online resource, wherein the device is unable to use the token to enable the device to access the secure online resource;
  
  receive from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource;
  
  responsive to the receiving of the request from the computer, verify, without manual authentication, that the computer is being accessed by a user associated with the user account based on the device being geographically proximate to the computer; and
  
  transmit the token to the computer upon the verification that the computer is being accessed by the user associated with the user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The device of claim 1, wherein the instructions for causing the processor to verify that the computer is being accessed by the user associated with the user account comprise instructions to:
    - determine, based on a geographic location of the computer and a geographic location of the device, that a geographic distance between the computer and the device is less than a geographic distance threshold.
  - 3. The device of claim 1, wherein the instructions for causing the processor to verify that the computer is being accessed by the user associated with the user account comprise instructions to:
    - determine that the computer is coupled with the device via a short-range radio connection established by a short-range radio interface between the device and the computer.
  - 4. The device of claim 3, wherein the memory further stores executable instructions for causing the processor to receive from the computer the request for transmission of the token and transmit the token to the computer via the short-range radio connection.
  - 5. The device of claim 1, wherein the token is transmitted to the computer via the network interface and via a proxy server.
  - 6. The device of claim 1, wherein the token for accessing the secure online resource comprises one or more of a username, a password, or a certificate.
  - 7. The device of claim 1, wherein the instructions for causing the processor to store the token comprise instructions to store the token in a form such that the device itself cannot use the stored token to access the secure online resource.
  - 8. The device of claim 1, wherein the instructions to verify that the computer is being accessed by a user associated with the user account cause the processor to transmit the token to the computer upon verification by the backend server that a local time for a geographic location of the computer is within a time limitation placed on when the device is allowed to be used to connect the computer to the secure online resource.

9. A method to enable access by a computer to a secure online resource, the method comprising:
- requesting, via a network interface of a device and from a backend server, a Single Sign On PIN;
  
  receiving, at the device, in response to the request, the Single Sign On PIN from the backend server;
  
  transmitting, via the network interface and to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) of the device to request a token for accessing the secure online resource via the computer, wherein the token is associated with a user account and the SIM is for connecting to a cellular network;
  
  receiving, via the network interface and from the token server, the token; and
  
  storing the token at the device to enable the access by the computer to the secure online resource;
  
  receiving from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource;
  
  responsive to the receiving of the request from the computer, verifying that the computer is being accessed by a user associated with the user account, wherein the verifying that the computer is being accessed by the user associated with the user account comprises verifying that a local time for a geographic location of the computer is within a time limitation placed on when the device is allowed to be used to connect the computer to the secure online resource; and
  
  transmitting the token to the computer upon the verification that the computer is being accessed by the user associated with the user account,wherein;
  
  the computer is different from the device,the verifying that the computer is being accessed by the user associated with the user account is further based on the device being geographically proximate to the computer and further comprises;
  
  determining, based on the geographic location of the computer and a geographic location of the device, that a geographic distance between the computer and the device is less than a geographic distance threshold, and the method further comprises setting the geographic distance threshold based on the geographic location of the device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the verifying that the computer is being accessed by the user associated with the user account further comprises:
    - determining that the computer is coupled with the device via a short-range radio connection established by a short-range radio interface between the device and the computer.
  - 11. The method of claim 10, further comprising receiving from the computer the request for transmission of the token and transmitting the token to the computer via the short-range radio connection.
  - 12. The method of claim 9, wherein the token is transmitted to the computer via the network interface and via a proxy server.
  - 13. The method of claim 9, wherein the verifying that the computer is being accessed by the user associated with the user account is performed without manual authentication at the device.
  - 14. The method of claim 9, wherein the device is unable to use the token to enable the device to access the secure online resource.

15. A method to enable access by a computer to a secure online resource, the method comprising:
- requesting, via a network interface of a device and from a backend server, a Single Sign On PIN;
  
  receiving, at the device, in response to the request, the Single Sign On PIN from the backend server;
  
  transmitting, via the network interface and to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) of the device to request a token for accessing the secure online resource via the computer, wherein the token is associated with a user account and the SIM is for connecting to a cellular network;
  
  receiving, via the network interface and from the token server, the token;
  
  storing the token at the device to enable the access by the computer to the secure online resource;
  
  receive from the computer, after the storing of the token, a request for transmission of the token to the computer responsive to a request from the computer for access to the secure online resource;
  
  responsive to the receiving of the request from the computer, verify, without manual authentication, that the computer is being accessed by a user associated with the user account based on the device being geographically proximate to the computer; and
  
  transmit the token to the computer upon the verification that the computer is being accessed by the user associated with the user account,wherein the device is unable to use the token to enable the device to access the secure online resource, andwherein the computer is different from the device.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the verifying that the computer is being accessed by the user associated with the user account comprises verifying that a local time for a geographic location of the computer is within a time limitation placed on when the device is allowed to be used to connect the computer to the secure online resource.
  - 17. The method of claim 15, wherein the verifying that the computer is being accessed by the user associated with the user account is further based on the device being geographically proximate to the computer and further comprises:
    - determining, based on the geographic location of the computer and a geographic location of the device, that a geographic distance between the computer and the device is less than a geographic distance threshold.
  - 18. The method of claim 17, further comprising setting the geographic distance threshold based on the geographic location of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
Khalid, Mohammad Raheel, Kim, Ji Hoon, Bruno, Cory Michael, Berman, Paul, Caldeira De Andrada, Mauricio Pati, Vaidya, Samir
Primary Examiner(s)
Nguyen, Trong H

Application Number

US14/069,310
Publication Number

US 20150121501A1
Time in Patent Office

1,846 Days
Field of Search

726 2, 726 5- 10, 726 26- 30
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/30   Security of mobile devices;...

H04W 12/63   Location-dependent; Proximi...

Connected authentication device using mobile single sign on credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Connected authentication device using mobile single sign on credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links