Multi-factor user authentication framework using asymmetric key

US 10,268,809 B2
Filed: 04/02/2018
Issued: 04/23/2019
Est. Priority Date: 10/14/2015
Status: Active Grant

First Claim

Patent Images

1. An authentication system comprising:

a gesture verification system, executing on one or more processor circuits, configured to receive a gesture detected by a gesture system, the gesture indicating that a user is present at a host device, and to verify the gesture; and

a digital signature generator, executing on the one or more processor circuits, configured to generate, in response to the gesture being verified, proof of knowledge of a private key of a public/private key pair, the proof of knowledge of the private key comprising a statement digitally signed using the private key, the digitally signed statement indicating both that the authentication system has knowledge of the private key and that the gesture has been verified by the authentication system, and communicate the proof of knowledge to a user agent of the host device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-factor user authentication framework using asymmetric key includes a host device, a user agent, a gesture system, and an authentication system. The multiple factors include a user credential as well as a user gesture that indicates that the user is present. The user interacts with the user agent via the host device in order to obtain access to something for which user authentication is needed. The authentication system maintains the user credentials, which are provided to authenticate the user in response to the authentication system determining that the user is present (which can be determined in different manners, such as using a personal identification number (PIN), biometric information regarding the user, geographic location of the gesture system, etc.). The user agent, gesture system, and authentication system can be implemented on the same device (e.g., the host device), or alternatively implemented across one or more different devices.

32 Citations

20 Claims

1. An authentication system comprising:
- a gesture verification system, executing on one or more processor circuits, configured to receive a gesture detected by a gesture system, the gesture indicating that a user is present at a host device, and to verify the gesture; and
  
  a digital signature generator, executing on the one or more processor circuits, configured to generate, in response to the gesture being verified, proof of knowledge of a private key of a public/private key pair, the proof of knowledge of the private key comprising a statement digitally signed using the private key, the digitally signed statement indicating both that the authentication system has knowledge of the private key and that the gesture has been verified by the authentication system, and communicate the proof of knowledge to a user agent of the host device.
- View Dependent Claims (2, 3, 4)
- - 2. The authentication system as recited in claim 1, the gesture verification system being further configured to enforce gesture parameters specified by an enterprise management service.
  - 3. The authentication system as recited in claim 1, the gesture comprising one or both of a user input of a personal identification number (PIN) and biometric information of the user.
  - 4. The authentication system as recited in claim 1, the proof of knowledge of the private key including proof that the public/private key pair is bound to an authentication device implementing the authentication system.

5. A computing device comprising:
- one or more processor circuits; and
  
  one or more computer-readable storage devices having stored thereon instructions that, responsive to execution by the one or more processor circuits, cause the one or more processors processor circuits to;
  
  receive, from an authentication system both proof of knowledge of a private key of a public/private key pair and an indication that a gesture of a user detected by a gesture system has been verified by the authentication system, the gesture indicating that the user is present at the computing device and the proof of knowledge comprising a statement digitally signed using the private key; and
  
  provide an authentication result of the user to a requester of the authentication result based at least on the proof of knowledge and the indication.
- View Dependent Claims (6, 7, 8)
- - 6. The computing device as recited in claim 5, the instructions further causing the one or more processors to provide a consistent user experience regardless of whether the requester is a program running on the computing device or a remote service being accessed by the computing device.
  - 7. The computing device as recited in claim 5, the instructions further causing the one or more processors to store a copy of the gesture, protected by a password associated with the user, to permit recovery of the gesture.
  - 8. The computing device as recited in claim 5, the gesture comprising one or both of a user input of a personal identification number (PIN) and biometric information of the user.

9. A method performed by a computing device, the method comprising:
- receiving by the computing device, from an authentication system, both proof of knowledge of a private key of a public/private key pair and an indication that a gesture of a user detected by a gesture system has been verified by the authentication system, the gesture indicating that the user is present at the computing device and the proof of knowledge comprising a statement digitally signed using the private key; and
  
  providing by the computing device an authentication result of the user to a requester of the authentication result based at least on the proof of knowledge and the indication.
- View Dependent Claims (10, 11, 12)
- - 10. The method as recited in claim 9, further comprising repeatedly receiving the proof of knowledge based on additional gestures of the user received by the authentication system at particular intervals for continued authentication of the user.
  - 11. The method as recited in claim 9, the gesture comprising the geographic location of a gesture device that implements the gesture system, the gesture indicating that the user is present at the computing device by indicating that the gesture device is in a same geographic location as the computing device.
  - 12. The method as recited in claim 11, the gesture indicating that the gesture device is in the same geographic location as the computing device in response to the gesture device and the computing device being logged into a same Wi-Fi network.

13. An authentication system comprising:
- a gesture verification system, executing on one or more processor circuits, configured to receive a gesture of a user detected by a gesture system, the gesture indicating that the user is present at a computing device, and to verify the gesture; and
  
  a digital signature generator, executing on the one or more processor circuits, configured to generate both proof of knowledge of a private key of a public/private key pair and an indication that the gesture detected by the gesture system has been verified by the authentication system, the proof of knowledge comprising a statement digitally signed using the private key, and to provide to the computing device both the proof of knowledge of the private key and the indication that the gesture detected by the gesture system has been verified by the authentication system.
- View Dependent Claims (14, 15, 16)
- - 14. The authentication system as recited in claim 13, the proof of knowledge of the private key including proof that the public/private key pair is bound to an authentication device implementing the authentication system.
  - 15. The authentication system as recited in claim 13, the gesture verification system being further configured to enforce gesture parameters specified by an enterprise management service.
  - 16. The authentication system as recited in claim 13, the authentication system being implemented in an additional device separate from the computing device.

17. A method implemented by an authentication system executing on one or more processor circuits, the method comprising:
- receiving, by a computing device, a gesture of a user detected by a gesture system the gesture indicating that the user is present at the device;
  
  verifying the gesture;
  
  generating both proof of knowledge of a private key of a public private key pair and an indication that the gesture detected by the gesture system has been verified by the authentication system, the proof of knowledge comprising a statement digitally signed using the private key; and
  
  providing to the computing device both the proof of knowledge of the private key and the indication that the gesture detected by the gesture system has been verified by the authentication system.
- View Dependent Claims (18, 19, 20)
- - 18. The method as recited in claim 17, the gesture comprising one or both of a user input of a personal identification number (PIN) and biometric information of the user.
  - 19. The method as recited in claim 17, the gesture comprising the geographic location of a gesture device that implements the gesture system, the gesture indicating that the user is present at the computing device by indicating that the gesture device is in a same geographic location as the computing device.
  - 20. The method as recited in claim 17, further comprising repeatedly performing the receiving, verifying, generating, and providing on additional gestures of the user received by the authentication system at particular intervals for continued authentication of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Saboori, Anooshiravan, Porter, Nelly, Bharadwaj, Vijay G., Weinert, Alexander Thomas, Ureche, Octavian T., Vincent, Benjamin Richard, Kamel, Tarek Bahaa El-Din Mahmoud
Primary Examiner(s)
Shaifer Harriman, Dant B

Application Number

US15/943,340
Publication Number

US 20180225433A1
Time in Patent Office

386 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/35   communicating wirelessly

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2463/082   applying multi-factor authe...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04W 12/63   Location-dependent; Proximi...

H04W 12/68   Gesture-dependent or behavi...

Multi-factor user authentication framework using asymmetric key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-factor user authentication framework using asymmetric key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links