Trusted status transfer between associated devices

US 10,230,722 B2
Filed: 08/27/2018
Issued: 03/12/2019
Est. Priority Date: 06/07/2015
Status: Active Grant

First Claim

Patent Images

1. A method for extending access to a secured user session for a service among portable electronic devices that are associated with a user account, the method comprising, at a computing device:

receiving, from a portable electronic device that is associated with the user account, a first set of data items that includes at least (i) a first unique device identifier associated with the portable electronic device, and (ii) a first password reset key, wherein the first password key is stored at the portable electronic device subsequent to the computing device granting the portable electronic device a trusted device status to access the secured user session;

receiving, from an additional portable electronic device that is associated with the user account, a request to access the secured user session, wherein the request includes a second set of data items that includes at least a second unique device identifier associated with the additional portable electronic device;

determining whether to extend the trusted device status to the additional portable electronic device to access the secured user session by comparing the first set of data items to the second set of data items; and

in response to determining that the first set of data items satisfy a predetermined threshold of trust with the second set of data items;

generating an authentication token, andextending the secured user session to the additional portable electronic device by providing the authentication token to the portable electronic device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments set forth systems and techniques to authenticate a user device for device services, such as by transferring or extending a trusted device status from a separate and trusted associated user device, which can be paired with the user device. This can be done automatically without requiring the user to sign in at or on behalf of the user device, and the automated process can include verifying a trusted status for the associated user device, receiving data items from both devices, evaluating the data items, and facilitating an authentication of the user device when the evaluating returns a favorable result. Data items can include provisioned machine identifiers, temporally limited one-time user passwords, and a provisioned password reset key. Authentication or trusted device status transfer can be achieved by way of an authentication token that is given to the user device.

13 Citations

View as Search Results

20 Claims

1. A method for extending access to a secured user session for a service among portable electronic devices that are associated with a user account, the method comprising, at a computing device:
- receiving, from a portable electronic device that is associated with the user account, a first set of data items that includes at least (i) a first unique device identifier associated with the portable electronic device, and (ii) a first password reset key, wherein the first password key is stored at the portable electronic device subsequent to the computing device granting the portable electronic device a trusted device status to access the secured user session;
  
  receiving, from an additional portable electronic device that is associated with the user account, a request to access the secured user session, wherein the request includes a second set of data items that includes at least a second unique device identifier associated with the additional portable electronic device;
  
  determining whether to extend the trusted device status to the additional portable electronic device to access the secured user session by comparing the first set of data items to the second set of data items; and
  
  in response to determining that the first set of data items satisfy a predetermined threshold of trust with the second set of data items;
  
  generating an authentication token, andextending the secured user session to the additional portable electronic device by providing the authentication token to the portable electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein, in response to determining that the first set of data items satisfy the predetermined threshold of trust with the second set of data items, the method further comprises:
    - sending a second password reset key to the portable electronic device.
  - 3. The method of claim 2, wherein the portable electronic device is capable of sending (i) the authentication token, and (ii) the second password reset key to the additional portable electronic device.
  - 4. The method of claim 2, wherein the authentication token and the second password reset key are stored at the additional portable electronic device.
  - 5. The method of claim 1, wherein, subsequent to extending the secured user session to the additional portable electronic device, the portable electronic device and the additional portable electronic device are granted the trusted device status to access the secured user session.
  - 6. The method of claim 1, wherein the portable electronic device is paired to the additional portable electronic device.
  - 7. The method of claim 1, wherein the first password reset key is unavailable to be provided by the portable electronic device to the computing device unless the portable electronic device is locally unlocked by way of at least one of a password, an access code, or a biometric identifier.

8. A system for extending access to a secured user session for a service among portable electronic devices that are associated with a user account, the system comprising:
- at least one processor; and
  
  at least one memory storing instructions that, in response to being executed by the at least one processor, cause the system to;
  
  receive, from a portable electronic device that is associated with the user account, a first set of data items that includes at least (i) a first unique device identifier associated with the portable electronic device, and (ii) a first password reset key, wherein the first password key is stored at the portable electronic device subsequent to the system granting the portable electronic device a trusted device status to access the secured user session;
  
  receive, from an additional portable electronic device that is associated with the user account, a request to access the secured user session, wherein the request includes a second set of data items that includes at least a second unique device identifier associated with the additional portable electronic device;
  
  determine whether to extend the trusted device status to the additional portable electronic device to access the secured user session by comparing the first set of data items to the second set of data items; and
  
  in response to determining that the first set of data items satisfy a predetermined threshold of trust with the second set of data items;
  
  generate an authentication token, andextend the secured user session to the additional portable electronic device by providing the authentication token to the portable electronic device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein, in response to determining that the first set of data items satisfy the predetermined threshold of trust with the second set of data items, the at least one processor further causes the system to:
    - send a second password reset key to the portable electronic device.
  - 10. The system of claim 9, wherein the portable electronic device is capable of sending (i) the authentication token, and (ii) the second password reset key to the additional portable electronic device.
  - 11. The system of claim 9, wherein the authentication token and the second password reset key are stored at the additional portable electronic device.
  - 12. The system of claim 8, wherein, subsequent to extending the secured user session to the additional portable electronic device, the portable electronic device and the additional portable electronic device are granted the trusted device status to access the secured user session.
  - 13. The system of claim 8, wherein the first password reset key is unavailable to be provided by the portable electronic device to the system unless the portable electronic device is locally unlocked by way of at least one of a password, an access code, or a biometric identifier.
  - 14. The system of claim 8, wherein, in response to determining that the first set of data items does not satisfy a predetermined threshold of trust with the second set of data items, the at least one processor further causes the system to:
    - deny the additional portable electronic device access to the secured user session.

15. At least one non-transitory computer readable storage medium storing instructions that, when executed by at least one processor included in a computing device, cause the computing device to:
- receive, from a portable electronic device that is associated with a user account, a first set of data items that includes at least (i) a first unique device identifier associated with the portable electronic device, and (ii) a first password reset key, wherein the first password key is stored at the portable electronic device subsequent to the computing device granting the portable electronic device a trusted device status to access a secured user session for a service;
  
  receive, from an additional portable electronic device that is associated with the user account, a request to access the secured user session, wherein the request includes a second set of data items that includes at least a second unique device identifier associated with the additional portable electronic device;
  
  determine whether to extend the trusted device status to the additional portable electronic device to access the secured user session by comparing the first set of data items to the second set of data items; and
  
  in response to determining that the first set of data items satisfy a predetermined threshold of trust with the second set of data items;
  
  generate an authentication token, andextend the secured user session to the additional portable electronic device by providing the authentication token to the portable electronic device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The at least one non-transitory computer readable storage medium of claim 15, wherein, in response to determining that the first set of data items satisfy a predetermined threshold of trust with the second set of data items, the at least one processor further causes the computing device to:
    - send a second password reset key to the portable electronic device.
  - 17. The at least one non-transitory computer readable storage medium of claim 16, wherein the portable electronic device is capable of sending (i) the authentication token, and (ii) the second password reset key to the additional portable electronic device.
  - 18. The at least one non-transitory computer readable storage medium of claim 15, wherein, subsequent to extending the secured user session to the additional portable electronic device, the portable electronic device and the additional portable electronic device are granted the trusted device status to access the secured user session.
  - 19. The at least one non-transitory computer readable storage medium of claim 15, wherein the first password reset key is unavailable to be provided by the portable electronic device to the computing device unless the portable electronic device is locally unlocked by way of at least one of a password, an access code, or a biometric identifier.
  - 20. The at least one non-transitory computer readable storage medium of claim 15, wherein, in response to determining that the first set of data items satisfy a predetermined threshold of trust with the second set of data items, the at least one processor further causes the computing device to:
    - deny the additional portable electronic device access to the secured user session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Wilson, James C., Ali, Lestat, Arromratana, Aniwat
Primary Examiner(s)
Zaidi, Syed A

Application Number

US16/113,851
Publication Number

US 20180367532A1
Time in Patent Office

197 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 2221/2131   Lost password, e.g. recover...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

Trusted status transfer between associated devices

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted status transfer between associated devices

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links