Electronic credential and analytics integration

US 10,270,774 B1
Filed: 01/26/2016
Issued: 04/23/2019
Est. Priority Date: 01/26/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

receiving, by a restricted access system and from a client device, a request for access to the restricted access system for a user;

transmitting, by the restricted access system and to a credential management system, a request to authenticate the user, wherein the credential management system maintains a credential for the user and determines that the user has not accessed the credential through a credential management application on a mobile device;

in response to the request to authenticate the user and based on the credential management system maintaining the credential for the user and determining that the user has not accessed the credential through the credential management application on the mobile device, receiving, by the restricted access system and from the credential management system, (i) challenge data, (ii) instructions to output, on a display of the client device, a representation of the challenge data, (iii) instructions to output, on the display of the client device, a request to install the credential management application on the mobile device, and (iv) instructions to output, on the display of the client device, directions to interact with the representation of the challenge data using the credential management application on the mobile device;

transmitting, by the restricted access system and to the client device, (i) the challenge data, (ii) the instructions to output, on the display of the client device, a representation of the challenge data, (iii) the instructions to output, on the display of the client device, the request to install the credential management application on the mobile device, and (iv) the instructions to output, on the display of the client device, the directions to interact with the representation of the challenge data using the credential management application on the mobile device;

receiving, by the restricted access system and from the credential management system, a token indicating that the credential management system authenticated the user based on the user interacting, through the credential management application on the mobile device, with the representation of the challenge data that was output on the display of the client device; and

in response to receiving the token, opening, by the restricted access system, a session between the client device and the restricted access system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for electronic credential and analytics integrations are described. In one aspect, a method includes the actions of receiving, by a restricted access system and from a client device, a request for access to the restricted access system for a user. The actions further include transmitting a request to authenticate the user. The actions further include receiving, by the restricted access system and from the credential management system, challenge data. The actions further include transmitting the challenge data. The actions further include receiving a token indicating that the credential management system authenticated the user based on the user interacting with a representation of the challenge data that was provided to the client device. The actions further include in response to receiving the token, opening a session between the client device and the restricted access system.

Citations

20 Claims

1. A computer implemented method comprising:
- receiving, by a restricted access system and from a client device, a request for access to the restricted access system for a user;
  
  transmitting, by the restricted access system and to a credential management system, a request to authenticate the user, wherein the credential management system maintains a credential for the user and determines that the user has not accessed the credential through a credential management application on a mobile device;
  
  in response to the request to authenticate the user and based on the credential management system maintaining the credential for the user and determining that the user has not accessed the credential through the credential management application on the mobile device, receiving, by the restricted access system and from the credential management system, (i) challenge data, (ii) instructions to output, on a display of the client device, a representation of the challenge data, (iii) instructions to output, on the display of the client device, a request to install the credential management application on the mobile device, and (iv) instructions to output, on the display of the client device, directions to interact with the representation of the challenge data using the credential management application on the mobile device;
  
  transmitting, by the restricted access system and to the client device, (i) the challenge data, (ii) the instructions to output, on the display of the client device, a representation of the challenge data, (iii) the instructions to output, on the display of the client device, the request to install the credential management application on the mobile device, and (iv) the instructions to output, on the display of the client device, the directions to interact with the representation of the challenge data using the credential management application on the mobile device;
  
  receiving, by the restricted access system and from the credential management system, a token indicating that the credential management system authenticated the user based on the user interacting, through the credential management application on the mobile device, with the representation of the challenge data that was output on the display of the client device; and
  
  in response to receiving the token, opening, by the restricted access system, a session between the client device and the restricted access system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, comprising:
    - verifying, by the restricted access system, that the token is valid by providing the token to the credential management system; and
      
      receiving, by the restricted access system and from the credential management system, verification that the token is valid.
  - 3. The method of claim 1, wherein the challenge data is a QR code that the user scans with the mobile device while the mobile device is executing a credential management client application.
  - 4. The method of claim 1, comprising:
    - receiving, by the restricted access system and from the credential management system, data indicating that the credential management system maintains the credential for the user in response to the request to authenticate the user.
  - 5. The method of claim 1, comprising:
    - receiving, by the restricted access system and from the credential management system, data indicating that a particular amount of time has not elapsed after receiving the challenge data, wherein the challenge data expires after the particular amount of time.
  - 6. The method of claim 1, comprising:
    - polling, by the restricted access system, the credential management system, wherein receiving the token comprises receiving, in response to the polling, the credential management system.
  - 7. The method of claim 1, wherein the challenge data includes two or more items selected from a group consisting of a request to scan, using the mobile device, a QR code outputted on the display of the client device, a request to enter a passcode into the mobile device, and a request to scan a finger using the mobile device.
  - 8. The method of claim 1, wherein the request for access is received from a web browser running on the client device.
  - 9. The method of claim 1, comprising:
    - receiving, by the restricted access system and from the credential management system, data indicating that the user is located at a particular geographic location.
  - 10. The method of claim 1, comprising:
    - receiving, by the restricted access system and from the credential management system, data indicating that a credential of the user is valid during a current time of day.
  - 11. The method of claim 1, wherein:
    - the credential management system determines that the credential management application is not installed on the mobile device, andthe restricted access system receives (i) the challenge data, (ii) the instructions to output, on the display of the client device, a representation of the challenge data, (iii) the instructions to output, on the display of the client device, the request to install the credential management application on the mobile device, and (iv) the instructions to output, on the display of the client device, the directions to interact with the representation of the challenge data using the credential management application on the mobile device from the credential management system based on the credential management system determining that the credential management application is not installed on the mobile device.

12. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  receiving, by a restricted access system and from a client device, a request for access to the restricted access system for a user;
  
  transmitting, by the restricted access system and to a credential management system, a request to authenticate the user, wherein the credential management system maintains a credential for the user and determines that the user has not accessed the credential through a credential management application on a mobile device;
  
  in response to the request to authenticate the user and based on the credential management system maintaining the credential for the user and determining that the user has not accessed the credential through the credential management application on the mobile device, receiving, by the restricted access system and from the credential management system, (i) challenge data, (ii) instructions to output, on a display of the client device, a representation of the challenge data, (iii) instructions to output, on the display of the client device, a request to install the credential management application on the mobile device, and (iv) instructions to output, on the display of the client device, directions to interact with the representation of the challenge data using the credential management application on the mobile device;
  
  transmitting, by the restricted access system and to the client device, (i) the challenge data, (ii) the instructions to output, on the display of the client device, a representation of the challenge data, (iii) the instructions to output, on the display of the client device, the request to install the credential management application on the mobile device, and (iv) the instructions to output, on the display of the client device, the directions to interact with the representation of the challenge data using the credential management application on the mobile device;
  
  receiving, by the restricted access system and from the credential management system, a token indicating that the credential management system authenticated the user based on the user interacting, through the credential management application on the mobile device, with the representation of the challenge data that was output on the display of the client device; and
  
  in response to receiving the token, opening, by the restricted access system, a session between the client device and the restricted access system.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the operations comprise:
    - verifying, by the restricted access system, that the token is valid by providing the token to the credential management system; and
      
      receiving, by the restricted access system and from the credential management system, verification that the token is valid.
  - 14. The system of claim 12, wherein the challenge data is a QR code that the user scans with the mobile device while the mobile device is executing a credential management client application.
  - 15. The system of claim 12, wherein the operations comprise:
    - receiving, by the restricted access system and from the credential management system, data indicating that the credential management system maintains the credential for the user in response to the request to authenticate the user.
  - 16. The system of claim 12, wherein the operations comprise:
    - receiving, by the restricted access system and from the credential management system, data indicating that a particular amount of time has not elapsed after receiving the challenge data, wherein the challenge data expires after the particular amount of time.
  - 17. The system of claim 12, wherein the operations comprise:
    - polling, by the restricted access system, the credential management system, wherein receiving the token comprises receiving, in response to the polling, the credential management system.
  - 18. The system of claim 12, wherein the challenge data includes two or more items selected from a group consisting of a request to scan, using the mobile device, a QR code outputted on the display of the client device, a request to enter a passcode into the mobile device, and a request to scan a finger using the mobile device.
  - 19. The system of claim 12, wherein:
    - the credential management system determines that the credential management application is not installed on the mobile device, andthe restricted access system receives (i) the challenge data, (ii) the instructions to output, on the display of the client device, a representation of the challenge data, (iii) the instructions to output, on the display of the client device, the request to install the credential management application on the mobile device, and (iv) the instructions to output, on the display of the client device, the directions to interact with the representation of the challenge data using the credential management application on the mobile device from the credential management system based on the credential management system determining that the credential management application is not installed on the mobile device.

20. A non-transitory computer-readable medium storing software comprising instructions executable by one or more computers which, upon such execution, cause the one or more computers to perform operations comprising:
- receiving, by a restricted access system and from a client device, a request for access to the restricted access system for a user;
  
  transmitting, by the restricted access system and to a credential management system, a request to authenticate the user, wherein the credential management system maintains a credential for the user and determines that the user has not accessed the credential through a credential management application on a mobile device;
  
  in response to the request to authenticate the user and based on the credential management system maintaining the credential for the user and determining that the user has not accessed the credential through the credential management application on the mobile device, receiving, by the restricted access system and from the credential management system, (i) challenge data, (ii) instructions to output, on a display of the client device, a representation of the challenge data, (iii) instructions to output, on the display of the client device, a request to install the credential management application on the mobile device, and (iv) instructions to output, on the display of the client device, directions to interact with the representation of the challenge data using the credential management application on the mobile device;
  
  transmitting, by the restricted access system and to the client device, (i) the challenge data, (ii) the instructions to output, on the display of the client device, a representation of the challenge data, (iii) the instructions to output, on the display of the client device, the request to install the credential management application on the mobile device, and (iv) the instructions to output, on the display of the client device, the directions to interact with the representation of the challenge data using the credential management application on the mobile device;
  
  receiving, by the restricted access system and from the credential management system, a token indicating that the credential management system authenticated the user based on the user interacting, through the credential management application on the mobile device, with the representation of the challenge data that was output on the display of the client device; and
  
  in response to receiving the token, opening, by the restricted access system, a session between the client device and the restricted access system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microstrategy Incorporated
Original Assignee
Microstrategy Incorporated
Inventors
Berman, Terry, Gehret, John
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Murphy, J. Brant

Application Number

US15/006,267
Time in Patent Office

1,183 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 4/023   using mutual or relative lo...

Electronic credential and analytics integration

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic credential and analytics integration

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links