Authenticator centralization and protection

US 10,250,602 B2
Filed: 08/28/2018
Issued: 04/02/2019
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for authenticating a user who is communicating with an enterprise via a user device, comprising:

receiving authenticators for a user and storing the received authenticators;

receiving, from the enterprise, a request to authenticate the user with an authentication policy for authenticating the user, wherein the request does not identify which of the stored authenticators is to be used for authenticating the user;

determining whether the stored authenticators include a first authenticator to be used for authenticating the user based on the authentication policy;

when the stored indicators include the first authenticator, transmitting an authentication request to the user device requesting the first authenticator, receiving, from the user device, an authenticator in response to the authentication request, and authenticating the user by comparing the received authenticator with the stored first authenticator; and

when the stored authenticators do not include the first authenticator, transmitting to the entity an identification of at least one of the stored authenticators, for the entity to determine if the at least one of stored authenticators is to be used for authentication.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by by comparing the received authenticator with the stored first authenticator.

19 Citations

View as Search Results

11 Claims

1. A computer implemented method for authenticating a user who is communicating with an enterprise via a user device, comprising:
- receiving authenticators for a user and storing the received authenticators;
  
  receiving, from the enterprise, a request to authenticate the user with an authentication policy for authenticating the user, wherein the request does not identify which of the stored authenticators is to be used for authenticating the user;
  
  determining whether the stored authenticators include a first authenticator to be used for authenticating the user based on the authentication policy;
  
  when the stored indicators include the first authenticator, transmitting an authentication request to the user device requesting the first authenticator, receiving, from the user device, an authenticator in response to the authentication request, and authenticating the user by comparing the received authenticator with the stored first authenticator; and
  
  when the stored authenticators do not include the first authenticator, transmitting to the entity an identification of at least one of the stored authenticators, for the entity to determine if the at least one of stored authenticators is to be used for authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11)
- - 2. The method of claim 1, wherein the stored authenticators include a plurality of authenticators including at least two different authenticators in different categories of authenticators, the different categories including a knowledge category including information known to the user, a possession category including something physically possessed by the user, and a biometric category identifying physical attributes of the user.
  - 3. The method of claim 1, wherein the stored authenticators include a plurality of authenticators including one or more of:
    - (i) at least two different authenticators in different categories of authenticators, the different categories including at least two of a knowledge category including information known to the user, a possession category including something physically possessed by the user, and a biometric category identifying physical attributes of the user;
      
      (ii) at least two different types of authenticators in a same category of authenticators;
      
      or (iii) at least two different species of authenticators of the same type of authenticator.
  - 4. The method of claim 1, further comprising:
    - receiving from the user device, via the network, a device identifier that identifies the user device and storing the device identifier in association with a user account identifier, the stored received authenticators being stored with the user account identifier;
      
      storing a relationship identifier that identifies a relationship between the enterprise and the user device using the device identifier; and
      
      the determining whether the stored authenticators include the first authenticator comprises identifying the stored authenticators using the relationship identifier to identify the device identifier and using the device identifier to identify the user account identifier stored with the received authenticators.
  - 5. The method of claim 1, wherein the stored authenticators are stored in a hierarchy based on predetermined level of trust associated with each of the received authenticators.
  - 6. The method of claim 5, wherein the first authenticator of the stored authenticators is used for authenticating the user by applying the authentication policy to the stored hierarchy of authenticators.
  - 7. The method of claim 1, further comprising:
    - transmitting to the enterprise a result of the authentication including a type of authenticator used for the authentication.
  - 10. The method of claim 1, wherein the received authenticators are stored in a hierarchy based on predetermined level of trust associated with each of the received authenticators.
  - 11. The method of claim 10, wherein the first authenticator of the stored authenticators is used for authenticating the user by applying the authentication policy to the stored hierarchy of authenticators, and the first user device or the second user device is selected to be used for authentication based on the stored hierarchy.

8. A computer implemented method for authenticating a user who is communicating with an enterprise via a network, comprising:
- receiving, via the network, authenticators for a user from a first user device associated with the user and authenticators for a second user device associated with the user, and storing the received authenticators;
  
  receiving, from the enterprise, a request to authenticate the user with an authentication policy for authenticating the user, wherein the request does not identify which of the stored authenticators is to be used for authenticating the user;
  
  determining whether the stored authenticators include a first authenticator to be used for authenticating the user based on the authentication policy; and
  
  when the stored indicators include the first authenticator, selecting one of the first user device and the second user device to use for authentication, transmitting an authentication request to the selected user device via the network requesting the first authenticator, receiving, from the selected user device, an authenticator in response to the authentication request, and authenticating the user by comparing the received authenticator with the stored first authenticator; and
  
  .when the stored authenticators do not include the first authenticator, transmitting to the enterprise an identification of at least one of the stored authenticators, for the entity to determine if the at least one of stored authenticators is to be used for authentication.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising:
    - receiving from the first user device, via the network, a first device identifier that identifies the first user device and storing the first device identifier in association with a user account identifier, the stored authenticators being stored with the user account identifier;
      
      receiving from the second user device, via the network, a second device identifier that identifies the second user device and storing the second device identifier in association with the user account identifier, the stored received authenticators being stored with the user account identifier;
      
      storing a first relationship identifier that identifies a relationship between the enterprise and the first user device using the first device identifier;
      
      storing a second relationship identifier that identifies a relationship between the enterprise and the second user device using the second device identifier; and
      
      the determining whether the stored authenticators include the first authenticator comprises identifying the stored authenticators using the first relationship identifier to identify the first device identifier and using the first device identifier to identify the user account identifier stored with the received authenticators.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Payfone Incorporated
Original Assignee
Early Warning Services, LLC
Inventors
Rolfe, Andrew Robert, Dundas, Alan, Slowiak, Gregory
Primary Examiner(s)
Patel, Haresh N

Application Number

US16/115,281
Publication Number

US 20180367537A1
Time in Patent Office

217 Days
Field of Search

726 6
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/06   for supporting key manageme...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0884   by delegation of authentica...

Authenticator centralization and protection

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticator centralization and protection

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links