Selective authentication system

US 10,135,810 B2
Filed: 11/17/2016
Issued: 11/20/2018
Est. Priority Date: 11/17/2016
Status: Active Grant

First Claim

Patent Images

1. A method of optimizing authentication for an application on a mobile device, the method comprising:

sending a request to authenticate a user of the application from the mobile device to an authentication server;

identifying, on the authentication server, a user profile for the user comprising one or more authentication schemes available to authenticate the user, wherein the authentication schemes comprise a direct authentication scheme in which the user provides a password and a federated authentication scheme;

determining, on the authentication server, a favored authentication scheme from the one or more authentication schemes available based on a policy associated with the user profile;

displaying, on the mobile device, a menu showing the authentication schemes available to allow the user to select an authentication scheme, wherein the favored authentication scheme is displayed ahead of a remainder of the authentications schemes; and

verifying, on the authentication server, credentials for the user profile using the selected authentication scheme to authenticate the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and authentication mechanism is provided. A request is sent to authenticate a user of the application from a mobile device to an authentication server. The authentication server identifies a user profile for the user containing one or more authentication schemes available to authenticate the user. The authentication schemes comprise a direct scheme in which the user provides a password and a federated authentication scheme. The authentication server determines a favored authentication scheme from one or more authentication schemes available based on a policy associated with the user profile. The mobile device displays a menu showing the authentication schemes available to allow the user to select an authentication scheme. The favored authentication scheme is displayed ahead of a remainder of the authentication schemes. The authentication server verifies credentials for the user profile using the selected authentication scheme to authenticate the user.

13 Citations

20 Claims

1. A method of optimizing authentication for an application on a mobile device, the method comprising:
- sending a request to authenticate a user of the application from the mobile device to an authentication server;
  
  identifying, on the authentication server, a user profile for the user comprising one or more authentication schemes available to authenticate the user, wherein the authentication schemes comprise a direct authentication scheme in which the user provides a password and a federated authentication scheme;
  
  determining, on the authentication server, a favored authentication scheme from the one or more authentication schemes available based on a policy associated with the user profile;
  
  displaying, on the mobile device, a menu showing the authentication schemes available to allow the user to select an authentication scheme, wherein the favored authentication scheme is displayed ahead of a remainder of the authentications schemes; and
  
  verifying, on the authentication server, credentials for the user profile using the selected authentication scheme to authenticate the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the policy is based on one or more of a user preference, an online mode status of the mobile device, a risk level, and an employer preference.
  - 3. The method of claim 1, further comprising:
    - generating a token in response to a successful verification of the credentials.
  - 4. The method of claim 3, wherein the token expires after a predetermined amount of time.
  - 5. The method of claim 3, further comprising:
    - presenting a quick response (QR) code on a computer system, wherein the QR code presents a dynamically generated link directed the token;
      
      scanning the QR code using a camera of the mobile device to access the link to the token;
      
      retrieving the token from the authentication server using the mobile device; and
      
      storing the token on the mobile device.
  - 6. The method of claim 3, further comprising:
    - sending a message from the authentication server to the mobile device, wherein the message contains a link to the token.
  - 7. The method of claim 3, wherein the mobile device further comprises a local security mechanism inherent to the mobile device to enable access to the application when the token is present on the mobile device.
  - 8. The method of claim 7, wherein the local security mechanism comprises one or more of a fingerprint scan, a lock-screen password, or a pin number.
  - 9. The method of claim 6, wherein a local security mechanism is used when the mobile device is in an offline mode of the mobile device such that communication between the mobile device and the authentication server is disrupted, and the favored authentication scheme when the mobile device is in an online mode such that the communication between mobile device and the authentication server is established.
  - 10. The method of claim 1, further comprising:
    - sending, via the mobile device, a keyword that is associated with the user to the authentication server, wherein the keyword comprises one or more of a username, an email address, a name of an employer, a client identifier, or a company registration code; and
      
      determining the user profile for the user based on the keyword.

11. An authentication mechanism for authenticating a user using a favored authentication scheme among options comprising a direct authentication scheme and a federated authentication scheme, comprising:
- a mobile device is configured to send a request to authenticate the user to an authentication server;
  
  the authentication server is configured to;
  
  identify a user profile for the user containing one or more authentication schemes available to authenticate the user, wherein the authentication schemes comprise the direct authentication scheme in which the user provides a password and the federated authentication scheme;
  
  determine the favored authentication scheme from the one or more authentication schemes available based on a policy associated with the user profile;
  
  the mobile device further configured to display a menu showing the authentication schemes available to allow the user to select an authentication scheme, wherein the favored authentication scheme is displayed ahead of a remainder of the authentication schemes; and
  
  the authentication server further configured to verify credentials for the user profile using the selected authentication scheme.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The authentication mechanism of claim 11, wherein the policy is based on one or more of a user preference, an online mode status of the mobile device, a risk level, and an employer preference.
  - 13. The authentication mechanism of claim 11, further comprising:
    - generating a token in response to a successful verification of the credentials.
  - 14. The authentication mechanism of claim 13, wherein the token expires after a predetermined amount of time.
  - 15. The authentication mechanism of claim 13, further comprising:
    - presenting a quick response (QR) code on a computer system, wherein the QR code presents a dynamically generated link directed to the token;
      
      scanning the QR code using a camera of the mobile device to access the link to the token;
      
      retrieving the token from the authentication server using the mobile device; and
      
      storing the token on the mobile device.
  - 16. The authentication mechanism of claim 13, further comprising:
    - sending a message from the authentication server to the mobile device, wherein the message contains a link to the token.
  - 17. The authentication mechanism of claim 13, wherein the mobile device further comprises a local security mechanism inherent to the mobile device to enable access to an application when the token is present on the mobile device.
  - 18. The authentication mechanism of claim 17, wherein the local security mechanism comprises one or more of a fingerprint scan, a lock-screen password, or a pin number.
  - 19. The authentication mechanism of claim 16, wherein a local security mechanism is used when the mobile device is in an offline mode of the mobile device such that communication between the mobile device and the authentication server is disrupted, and the favored authentication scheme when the mobile device is in an online mode such that the communication between mobile device and the authentication server is established.
  - 20. The authentication mechanism of claim 11, further comprising:
    - sending, via the mobile device, a keyword that is associated with the user to the authentication server, wherein the keyword comprises one or more of a username, an email address, a name of an employer, a client identifier, or a company registration code; and
      
      comparing, the keyword to a list of known users to determine the user profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ADP, Inc.
Original Assignee
ADP LLC (ADP, Inc.)
Inventors
Ahuja, Sanjoli, Brauman, Michael Justin, Cho, Hanwoong Darren, Kosovan, Brenda Jane, Villavicencio, Francisco
Primary Examiner(s)
Smithers, Matthew

Application Number

US15/354,155
Publication Number

US 20180139199A1
Time in Patent Office

733 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/108   when the policy decisions a...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04W 12/77   Graphical identity

Selective authentication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Selective authentication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links