Public authentication systems and methods

US 10,263,981 B1
Filed: 11/30/2016
Issued: 04/16/2019
Est. Priority Date: 12/02/2015
Status: Active Grant

First Claim

Patent Images

1. An authentication system for electronic data, comprising:

a backend system, comprising;

non-volatile storage storing;

the electronic data, wherein permission to perform actions on the electronic data is limited to a user or set of users; and

a set of user profiles, wherein at least one of the set of user profiles comprises a user profile associated with the user or the set of users; and

at least one hardware-based processor configured to;

receive, from a client system, a request to perform an action on the electronic data;

receive primary authentication information and secondary authentication information, from the client system, a secondary device, or both;

authenticate the request by;

identifying a user profile associated with the primary authentication information;

determining whether the user profile associated with the primary authentication information is associated with the user or set of users;

determining whether the primary authentication information matches expected primary authentication of the user profile associated with the primary authentication information; and

determining whether the secondary authentication information matches or sufficiently overlaps with expected secondary authentication information of the user profile;

determining the request is authenticated when;

the user profile associated with the primary authentication information is associated with the user or set of users;

the primary authentication information matches the expected primary authentication of the user profile associated with the primary authentication information; and

the secondary authentication information matches or sufficiently overlaps with the expected secondary authentication information of the user profile; and

determining the request is not authenticated when;

the user profile associated with the primary authentication information is not associated with the user or set of users;

the primary authentication information does not match the expected primary authentication of the user profile associated with the primary authentication information;

orthe secondary authentication information does not match or sufficiently overlap the expected secondary authentication information of the user profile; and

when the request is authenticated, perform the action; and

when the request is not authenticated, deny performance of the action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques provided herein relate to electronic authentication on public systems. A backend system receives at least one electronic data action request from a publicly available client system that is shared amongst a plurality of users. At least a portion of the primary authentication information is received from a secondary device separate from the publicly available client system. The electronic data action request is authenticated by determining if the primary authentication information matches expected primary authentication information that is expected to complete the electronic data action request. Performance of the electronic data action request is facilitated when the primary authentication information matches the expected primary authentication information.

51 Citations

View as Search Results

18 Claims

1. An authentication system for electronic data, comprising:
- a backend system, comprising;
  
  non-volatile storage storing;
  
  the electronic data, wherein permission to perform actions on the electronic data is limited to a user or set of users; and
  
  a set of user profiles, wherein at least one of the set of user profiles comprises a user profile associated with the user or the set of users; and
  
  at least one hardware-based processor configured to;
  
  receive, from a client system, a request to perform an action on the electronic data;
  
  receive primary authentication information and secondary authentication information, from the client system, a secondary device, or both;
  
  authenticate the request by;
  
  identifying a user profile associated with the primary authentication information;
  
  determining whether the user profile associated with the primary authentication information is associated with the user or set of users;
  
  determining whether the primary authentication information matches expected primary authentication of the user profile associated with the primary authentication information; and
  
  determining whether the secondary authentication information matches or sufficiently overlaps with expected secondary authentication information of the user profile;
  
  determining the request is authenticated when;
  
  the user profile associated with the primary authentication information is associated with the user or set of users;
  
  the primary authentication information matches the expected primary authentication of the user profile associated with the primary authentication information; and
  
  the secondary authentication information matches or sufficiently overlaps with the expected secondary authentication information of the user profile; and
  
  determining the request is not authenticated when;
  
  the user profile associated with the primary authentication information is not associated with the user or set of users;
  
  the primary authentication information does not match the expected primary authentication of the user profile associated with the primary authentication information;
  
  orthe secondary authentication information does not match or sufficiently overlap the expected secondary authentication information of the user profile; and
  
  when the request is authenticated, perform the action; and
  
  when the request is not authenticated, deny performance of the action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The authentication system of claim 1, wherein the primary authentication information comprises a username and password combination.
  - 3. The authentication system of claim 1, wherein the primary authentication information comprises information sourced from the secondary device.
  - 4. The authentication system of claim 3, wherein the primary authentication information comprises a unique identifier of the secondary authentication device.
  - 5. The authentication system of claim 4, wherein the unique identifier comprises a media access control (MAC) address of the secondary device.
  - 6. The authentication system of claim 3, wherein the primary authentication information comprises a cookie, token, or both stored on the secondary device.
  - 7. The authentication system of claim 1, wherein the primary authentication information comprises biometric information.
  - 8. The authentication system of claim 7, wherein the biometric information is obtained via one or more sensors of the secondary device.
  - 9. The authentication system of claim 1, wherein the secondary authentication information comprises information sourced from the secondary device.
  - 10. The authentication system of claim 9, wherein the secondary authentication information comprises a unique identifier of the secondary device, biometric information obtained via a sensor of the secondary device, or both.
  - 11. The authentication system of claim 1, wherein:
    - the primary authentication information and secondary authentication information is received from the client system; and
      
      the secondary authentication information comprises information sourced from the secondary device.
  - 12. The authentication system of claim 1, wherein:
    - the primary authentication information and secondary authentication information is received from the client system; and
      
      the secondary authentication information comprises information sourced from the secondary device.
  - 13. The authentication system of claim 1, wherein:
    - the primary authentication information is received from the client system;
      
      the secondary authentication information is received from the secondary device; and
      
      the secondary authentication information comprises information sourced from the secondary device.

14. A tangible, non-transitory, machine-readable medium, comprising machine-readable instructions that when executed by one or more processors of an electronic device, cause the electronic device to:
- receive, from a client system, a request to perform an action on electronic data, wherein permission to perform actions on the electronic data is limited to a user of a set of users;
  
  receive primary authentication information and secondary authentication information, from the client system, a secondary device, or both;
  
  authenticate the request by;
  
  identifying a user profile associated with the primary authentication information;
  
  determining whether the user profile associated with the primary authentication information is associated with the user or set of users;
  
  determining whether the primary authentication information matches expected primary authentication of a user profile associated with the primary authentication information;
  
  determining whether the secondary authentication information matches or sufficiently overlaps with expected secondary authentication information of the user profile;
  
  determining the request is authenticated when;
  
  the user profile associated with the primary authentication information is associated with the user or set of users;
  
  the primary authentication information matches the expected primary authentication of the user profile associated with the primary authentication information; and
  
  the secondary authentication information matches or sufficiently overlaps with the expected secondary authentication information of the user profile; and
  
  determining the request is not authenticated when;
  
  the user profile associated with the primary authentication information is not associated with the user or set of users;
  
  the primary authentication information does not match the expected primary authentication of the user profile associated with the primary authentication information;
  
  orthe secondary authentication information does not match or sufficiently overlap the expected secondary authentication information of the user profile; and
  
  when the request is authenticated, perform the action; and
  
  when the request is not authenticated, deny performance of the action.
- View Dependent Claims (15, 16, 17)
- - 15. The machine-readable medium of claim 14, wherein the secondary authentication information comprises information sourced from the secondary device.
  - 16. The machine-readable medium of claim 15, comprising instructions to receive the secondary authentication information from client system.
  - 17. The machine-readable medium of claim 15, comprising instructions to receive the secondary authentication information from the secondary device.

18. A computer-implemented method, comprising:
- receiving, from a client system, a request to perform an action on electronic data, wherein permission to perform actions on the electronic data is limited to a user of a set of users;
  
  receiving primary authentication information and secondary authentication information, from the client system, a secondary device, or both;
  
  authenticating the request by;
  
  identifying a user profile associated with the primary authentication information;
  
  determining whether the user profile associated with the primary authentication information is associated with the user or set of users;
  
  determining whether the primary authentication information matches expected primary authentication of a user profile associated with the primary authentication information; and
  
  determining whether the secondary authentication information matches or sufficiently overlaps with expected secondary authentication information of the user profile;
  
  determining the request is authenticated when;
  
  the user profile associated with the primary authentication information is associated with the user or set of users;
  
  the primary authentication information matches the expected primary authentication of the user profile associated with the primary authentication information; and
  
  the secondary authentication information matches or sufficiently overlaps with the expected secondary authentication information of the user profile; and
  
  determining the request is not authenticated when;
  
  the user profile associated with the primary authentication information is not associated with the user or set of users;
  
  the primary authentication information does not match the expected primary authentication of the user profile associated with the primary authentication information;
  
  orthe secondary authentication information does not match or sufficiently overlap the expected secondary authentication information of the user profile;
  
  when the request is authenticated, perform the action; and
  
  when the request is not authenticated, deny performance of the action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Prasad, Bharat, Oakes, III, Charles Lee, Vijayvergia, Gunjan C., Jayapalan, Vijay, Buckingham, Thomas Bret
Primary Examiner(s)
Song, Hosuk

Application Number

US15/365,480
Time in Patent Office

867 Days
Field of Search

726 2- 7, 713168, 713182, 713186
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/10   specially adapted for elect...

H04L 2209/56   Financial cryptography, e.g...

H04L 2463/082   applying multi-factor authe...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 9/3236   using cryptographic hash fu...

H04L 9/50   using hash chains, e.g. blo...

H04W 4/80   Services using short range ...

Public authentication systems and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Public authentication systems and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links