Conditional login promotion

US 10,237,254 B2
Filed: 03/27/2015
Issued: 03/19/2019
Est. Priority Date: 11/13/2014
Status: Active Grant

First Claim

Patent Images

1. A system for authentication comprising at least one processor and at least one memory element, wherein the system is configured for:

receiving an indication of a local operating system login by a user from a client device associated with the user;

receiving one or more authentication factors associated with the user from the client device; and

determining whether the local operating system login is to be promoted to a plurality of relying party entities based upon the one or more authentication factors associated with the user;

wherein, each of the plurality of relying party entities comprise at least one server, configured to provide at least one of data and services to the client device.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to a system and method for providing conditional login promotion. An example system includes at least one processor and at least one memory element, wherein the system is configured for receiving an indication of a local operating system login by a user from a client device associated with the user; receiving one or more authentication factors associated with the user from the client device; and determining whether the local operating system login is to be promoted to a relying party entity based upon the one or more authentication factors associated with the user.

Citations

30 Claims

1. A system for authentication comprising at least one processor and at least one memory element, wherein the system is configured for:
- receiving an indication of a local operating system login by a user from a client device associated with the user;
  
  receiving one or more authentication factors associated with the user from the client device; and
  
  determining whether the local operating system login is to be promoted to a plurality of relying party entities based upon the one or more authentication factors associated with the user;
  
  wherein, each of the plurality of relying party entities comprise at least one server, configured to provide at least one of data and services to the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein determining whether the local operating system login is to be promoted to the plurality of relying party entities includes determining whether the one or more authentication factors meet a required level of security.
  - 3. The system of claim 2, wherein the system is further configured for promoting the local operating system login to the plurality of relying party entities responsive to determining that the authentication factors meet the required level of security.
  - 4. The system of claim 3, wherein promoting the local operating system login to each of the plurality of relying party entities includes authorizing the client device to access one or more resources associated with each of the plurality of relying party entities.
  - 5. The system of claim 4, wherein the one or more resources include at least one of a service provided by each of the plurality of relying party entities or an application provided by each of the plurality of relying party entities.
  - 6. The system of claim 3, wherein the system is further configured for establishing an active session between the client device and each of the plurality of relying party entities responsive to promoting the local operating system login to each of the plurality of relying party entities.
  - 7. The system of claim 1, wherein the one or more authentication factors include one or more of at least one active authentication factor and at least one passive authentication factor.
  - 8. The system of claim 7, wherein the at least one active authentication factor includes a biometric authentication factor.
  - 9. The system of claim 8, wherein the biometric authentication factor includes facial recognition of the user.
  - 10. The system of claim 7, wherein the at least one active authentication factor includes a liveliness indication of the user.
  - 11. The system of claim 7, wherein the at least one passive authentication factor includes a device identifier associated with the client device.

12. At least one non-transitory computer storage medium to store computer code comprising:
- computer code to receive an indication of a local operating system login by a user from a client device associated with the user;
  
  computer code to receive one or more authentication factors associated with the user from the client device; and
  
  computer code to determine whether the local operating system login is to be promoted to a plurality of relying party entities based upon the one or more authentication factors associated with the user;
  
  wherein, each of the plurality of relying party entities comprise at least one server, configured to provide at least one of data and services to the client device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The at least one non-transitory computer storage medium of claim 12, wherein determining whether the local operating system login is to be promoted to each of the plurality of relying party entities includes determining whether the one or more authentication factors meet a required level of security.
  - 14. The at least one non-transitory computer storage medium of claim 13, wherein the system is further configured for promoting the local operating system login to each of the plurality of relying party entities responsive to determining that the authentication factors meet the required level of security.
  - 15. The at least one non-transitory computer storage medium of claim 14, wherein promoting the local operating system login to each of the plurality of relying party entities includes authorizing the client device to access one or more resources associated with each of the plurality of relying party entities.
  - 16. The at least one non-transitory computer storage medium of claim 15, wherein the one or more resources include at least one of a service provided by each of the plurality of relying party entities or an application provided by each of the plurality of relying party entities.
  - 17. The at least one non-transitory computer storage medium of claim 14, wherein the system is further configured for establishing an active session between the client device and each of the plurality of relying party entities responsive to promoting the local operating system login to each of the plurality of relying party entities.
  - 18. The at least one non-transitory computer storage medium of claim 12, wherein the one or more authentication factors include one or more of at least one active authentication factor and at least one passive authentication factor.
  - 19. The at least one non-transitory computer storage medium of claim 18, wherein the at least one active authentication factor includes a biometric authentication factor.
  - 20. The at least one non-transitory computer storage medium of claim 19, wherein the biometric authentication factor includes facial recognition of the user.
  - 21. The at least one non-transitory computer storage medium of claim 18, wherein the at least one active authentication factor includes a liveliness indication of the user.
  - 22. The at least one non-transitory computer storage medium of claim 18, wherein the at least one passive authentication factor includes a device identifier associated with the client device.

23. A system comprising at least one processor and at least one memory element, wherein the system is configured for:
- generating a token within a secure element of a client device associated with a user;
  
  sending the token to a server;
  
  receiving one or more first biometric authentication factors associated with the user; and
  
  sending the one or more first biometric authentication factors to the server, wherein the server is configured to associate the token with the one or more biometric authentication factors;
  
  wherein, the server is configured to provide at least one of data and services to the client device from a plurality of relying parties based on the authentication of the token.

24. At least one non-transitory computer storage medium to store computer code comprising:
- computer code to generate a token within a secure element of a client device associated with a user;
  
  computer code to send the token to a server;
  
  computer code to receive one or more first biometric authentication factors associated with the user; and
  
  computer code to send the one or more first biometric authentication factors to the server, wherein the server is configured to associate the token with the one or more biometric authentication factorswherein, the server is configured to provide at least one of data and services to the client device from a plurality of relying parties based on the authentication of the token.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The at least one non-transitory computer storage medium of claim 24, further comprising:
    - computer code to capture one or more second biometric authentication factors from the user;
      
      computer code to generate a device identifier associated with the client device from the token; and
      
      computer code to digitally sign the one or more second biometric authentication factors with the device identifier.
  - 26. The at least one non-transitory computer storage medium of claim 25, wherein the one or more second biometric authentication factors are signed using a key derived from the device identifier.
  - 27. The at least one non-transitory computer storage medium of claim 26, further comprising computer code to send the signed biometric authentication factors and the device identifier to the server.
  - 28. The at least one non-transitory computer storage medium of claim 27, wherein the server is configured to verify the device identifier and the signed biometric authentication factors.
  - 29. The at least one non-transitory computer storage medium of claim 28, further comprising computer code to receive an indication from the server that the user associated with the client device has been authenticated responsive to the server verifying the device identifier and the signed biometric authentication factors.
  - 30. The at least one non-transitory computer storage medium of claim 29, further comprising computer code to establish a session between the client device and a relying party entity to access one or more resources associated with the relying party entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
McDowell, John R., Kaul, Neeraj, Bharathapudi, Pavan Kumar V., Revashetti, Siddaraya B., Narjala, Ranjit S., Venkatachary, Ramkumar Ram Chary, Mostafa, Sahar, Yalapalli, Vani, Slate, Charles
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US14/780,528
Publication Number

US 20160330183A1
Time in Patent Office

1,453 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 9/321   involving a third party or ...

H04L 9/3231   Biological data, e.g. finge...

Conditional login promotion

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Conditional login promotion

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links