Reduced user authentication input requirements

US 10,313,357 B2
Filed: 01/13/2017
Issued: 06/04/2019
Est. Priority Date: 01/13/2017
Status: Active Grant

First Claim

Patent Images

1. A system for selecting between a plurality of authentication protocols for processing account access requests, the system comprising:

at least one processor; and

at least one memory in communication with the at least one processor, the at least one memory having computer-readable instructions stored thereupon that, when executed by the at least one processor, cause the at least one processor to implement a communication service and an authentication service,the communication service configured to;

identify, from at least one first computing device, a particular electronic communication that includes reservation data that is associated with a user, wherein the reservation data indicates an expected time period corresponding to an expected geolocation of the user;

generate extracted reservation data by parsing the particular electronic communication, wherein the extracted reservation data includes at least the expected time period and the expected geolocation;

based on the extracted reservation data, generate a confirmation wrapper that prompts for confirmation that the user intends to be present at the expected geolocation during the expected time period;

receive, from at least one second computing device and based on the confirmation wrapper, a confirmed time period that corresponds to a confirmed geolocation of the user, wherein the confirmation wrapper is configured to cause the at least one second computing device to render a user interface element that prompts for at least one of;

modification of the expected time period to indicate the confirmed time period, ormodification of the expected geolocation to indicate the confirmed geolocation;

generate a confirmed itinerary that associates the confirmed time period and the confirmed geolocation with an account of the user; and

provide the confirmed itinerary to the authentication service; and

the authentication service configured to;

receive a request to access the account of the user; and

in response to the request, select an authentication protocol, of the plurality of authentication protocols, based on a validation of the request against the confirmed itinerary.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques disclosed herein enable a system to reduce user authentication requirements during a user'"'"'s travels by analyzing transportation data and/or event data sent to the user via a communication service, e.g. email. The system may analyze the data in order to determine where the user will be at some future time and, ultimately, to then validate access requests against such determinations to mitigate the need for heightened user authentication requirements while the user is traveling. For instance, the system may identify an airline reservation sent to the user and enable the user to confirm that she has corresponding travel plans. Once she confirms her travel plans, the system may refrain from increasing authentication requirements from Single-Factor Authentication (SFA) to Multi-Factor Authentication (MFA) input requirements for access requests that match the confirmed travel plans.

Citations

19 Claims

1. A system for selecting between a plurality of authentication protocols for processing account access requests, the system comprising:
- at least one processor; and
  
  at least one memory in communication with the at least one processor, the at least one memory having computer-readable instructions stored thereupon that, when executed by the at least one processor, cause the at least one processor to implement a communication service and an authentication service,the communication service configured to;
  
  identify, from at least one first computing device, a particular electronic communication that includes reservation data that is associated with a user, wherein the reservation data indicates an expected time period corresponding to an expected geolocation of the user;
  
  generate extracted reservation data by parsing the particular electronic communication, wherein the extracted reservation data includes at least the expected time period and the expected geolocation;
  
  based on the extracted reservation data, generate a confirmation wrapper that prompts for confirmation that the user intends to be present at the expected geolocation during the expected time period;
  
  receive, from at least one second computing device and based on the confirmation wrapper, a confirmed time period that corresponds to a confirmed geolocation of the user, wherein the confirmation wrapper is configured to cause the at least one second computing device to render a user interface element that prompts for at least one of;
  
  modification of the expected time period to indicate the confirmed time period, ormodification of the expected geolocation to indicate the confirmed geolocation;
  
  generate a confirmed itinerary that associates the confirmed time period and the confirmed geolocation with an account of the user; and
  
  provide the confirmed itinerary to the authentication service; and
  
  the authentication service configured to;
  
  receive a request to access the account of the user; and
  
  in response to the request, select an authentication protocol, of the plurality of authentication protocols, based on a validation of the request against the confirmed itinerary.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the instructions further cause the at least one processor to:
    - determine, based on the confirmed geolocation, a trust zone to associate with the confirmed time period; and
      
      select one of;
      
      a first authentication protocol, from the plurality of authentication protocols, in response to the request originating during the confirmed time period from within the trust zone;
      
      ora second authentication protocol, from the plurality of authentication protocols, in response to the request originating during the confirmed time period from outside the trust zone.
  - 3. The system of claim 1, wherein the confirmation wrapper is configured to enable the user to provide input to:
    - accept the expected time period as the confirmed time period, andaccept the expected geolocation as the confirmed geolocation.
  - 4. The system of claim 1, wherein the reservation data comprises one or more of transportation data indicating one or more expected transportation segments associated with the user or event data indicating one or more expected events associated with the user.
  - 5. The system of claim 1, wherein the reservation data comprises an electronic itinerary confirmation that indicates, for at least one transportation segment associated with the user, at least a scheduled departure time corresponding to a schedule departure location and a scheduled arrival time corresponding to a schedule arrival location.
  - 6. The system of claim 1, wherein the reservation data is generated in response to user interaction data that is transmitted between the at least one first computing device and the at least one second computing device, and wherein the user interaction data is not transmitted through the communication service.
  - 7. The system of claim 1, wherein generating the confirmation wrapper is another electronic communication that is configured to inform the user that the extracted reservation data has been parsed from the particular electronic communication, and wherein the other electronic communication includes a link to the particular electronic communication.

8. A computer-implemented method, comprising:
- identifying, from a first computing device, an electronic communication that includes reservation data that corresponds to a user, wherein the reservation data indicates an expected time period corresponding to an expected geolocation associated with the user;
  
  generating extracted reservation data by parsing the electronic communication wherein the extracted reservation data includes at least the expected time period and the expected geolocation;
  
  based on the extracted reservation data, generating a confirmation wrapper that prompts for a confirmation that the user intends to be present at the expected geolocation during the expected time period, wherein the confirmation wrapper is configured to cause a second computing device to render a user interface element that prompts for at least one of;
  
  modification of the expected time period to indicate the confirmed time period, ormodification of the expected geolocation to indicate the confirmed geolocation;
  
  receiving, from the second computing device, input that indicates that the user intends to be at a confirmed geolocation during a confirmed time period;
  
  generating, based at least in part on the input, a confirmed itinerary to associate an account of the user with the confirmed time period and the confirmed geolocation; and
  
  communicating the confirmed itinerary to an authentication service, wherein the confirmed itinerary is configured to enable the authentication service to validate a request to access the account based on the request originating during the confirmed time period from within a trust zone corresponding to the confirmed geolocation.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented method of claim 8, wherein the authentication service is configured to provide access to a productivity-suite having at least a communication service that is configured to transmitting electronic messages.
  - 10. The computer-implemented method of claim 8, wherein the trust zone is based on one or more parameters that are defined by at least one of the authentication service or a client of the authentication service.
  - 11. The computer-implemented method of claim 8, wherein communicating the confirmed itinerary to the authentication service comprises transmitting the confirmed itinerary to at least one virtual private network (VPN) service configured to provide secured access to the account of the user.
  - 12. The computer-implemented method of claim 8, further comprising parsing supplemental data obtained from a communication service associated with the user to identify one or more of user-defined appointments, event confirmation messages, an associate itinerary of an associate of the user, and wherein the trust zone is based at least in part on the parsing the supplemental data.
  - 13. The computer-implemented method of claim 8, wherein the input further indicates that one or more other users intend to be at the confirmed geolocation during the confirmed time period, and wherein the confirmed itinerary further associates one or more other accounts of the one or more other users with at least the confirmed time period and the confirmed geolocation.
  - 14. The computer-implemented method of claim 8, wherein the confirmed time period is associated with at least one scheduled departure time and at least one scheduled arrival time of a transportation segment, and wherein the confirmed geolocation is associated with at least one at least one schedule departure location and at least one schedule arrival location of the transportation segment.

15. A computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by one or more processors of a computing device, cause the one or more processors of the computing device to:
- identify, from a first computing device, an electronic communication that includes reservation data that corresponds to a user, wherein the reservation data indicates at least an expected time period and an expected geolocation associated with the user;
  
  generate extracted reservation data by parsing the electronic communication, wherein the extracted reservation data includes at least the expected time period and the expected geolocation;
  
  generate, based on the extracted reservation data, a confirmation wrapper that prompts for confirmation that the user intends to be at the expected geolocation during the expected time period, wherein the confirmation wrapper is configured to cause a second computing device to render a user interface element that prompts for at least one of;
  
  modification of the expected time period to indicate the confirmed time period, ormodification of the expected geolocation to indicate the confirmed geolocation;
  
  receive, from the second computing device, a response corresponding to the confirmation wrapper, the response including a confirmed time period and a confirmed geolocation corresponding to the user;
  
  generate, based at least in part on the response, a confirmed itinerary indicating that the user will be within a trust zone associated with the confirmed geolocation during the confirmed time period, the confirmed itinerary associating an account of the user with at least the confirmed time period and the confirmed geolocation; and
  
  select a first authentication protocol, from a plurality of authentication protocols, based at least in part on the request originating during the confirmed time period from within the trust zone.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer-readable storage medium of claim 15, wherein the instructions further cause the one or more processors of the computing device to select a second authentication protocol, from the plurality of authentication protocols, based at least in part on the request originating during the confirmed time period from outside the trust zone.
  - 17. The computer-readable storage medium of claim 16, wherein the first authentication protocol comprises an N-factor authentication protocol and the second authentication protocol comprises an M-factor authentication protocol, and wherein M and N are integers and M is greater than N.
  - 18. The computer-readable storage medium of claim 15, wherein the instructions further cause the one or more processors of the computing device to generate an access attempt notification based at least in part on a second request originating during the confirmed time period from within a second trust zone associated with one or more other geolocations that are frequented by the user.
  - 19. The computer-readable storage medium of claim 15, wherein the instructions further cause the one or more processors of the computing device to:
    - parse supplemental data associated with the user to identify one or more entities corresponding to reservations for one or more of lodging, vehicle pick-up locations, vehicle drop-off locations, professional conventions, or entertainment events; and
      
      generate the trust zone based on one or more geolocations associated with the one or more entities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Roussos, George E., Dickens, Christopher S.
Primary Examiner(s)
Turchen, James R

Application Number

US15/406,439
Publication Number

US 20180205741A1
Time in Patent Office

872 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06Q 10/02   Reservations, e.g. for tick...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 2463/082   applying multi-factor authe...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

Reduced user authentication input requirements

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Reduced user authentication input requirements

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links