×

Techniques for access management based on multi-factor authentication including knowledge-based authentication

  • US 10,157,275 B1
  • Filed: 10/12/2017
  • Issued: 12/18/2018
  • Est. Priority Date: 10/12/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • performing a first authentication of a user in response to receiving, from a first device of the user, a request to access a resource;

    based on the first authentication being successful, performing a second authentication of the user to determine whether to permit access to the resource, the second authentication comprising;

    identifying, by a computer system of an access management system, a second device associated with the user, wherein the second device is registered with the access management system as a trusted device for the user, and wherein the second device is different from the first device;

    transmitting, by the computer system, via a communication system, to the second device, encrypted data including a first identifier, wherein the first identifier is used by an application on the second device when communicating with the access management system;

    receiving, from the application, a request to perform the second authentication;

    determining that the request to perform the second authentication includes a second identifier;

    responsive to determining that the second identifier matches the first identifier, obtaining authentication data, the authentication data including media content provided by the user at the first device for use in connection with the second authentication, one or more questions related to the media content, and one or more answers corresponding to the one or more questions;

    sending, to the second device, the media content, wherein the application displays the media content to the user at the second device;

    sending, to the first device, the one or more questions related to the media content, wherein the first device displays the one or more questions to the user;

    receiving, from the first device, a response by the user to the one or more questions; and

    determining, by the computer system, whether the response satisfies the one or more answers corresponding to the one or more questions; and

    based on determining that the response satisfies the one or more answers corresponding to the one or more questions, permitting the first device to access the resource.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×