Phone factor authentication

US 10,334,434 B2
Filed: 09/08/2016
Issued: 06/25/2019
Est. Priority Date: 09/08/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer;

determining, by the identity management application running on the user computer, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection;

requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection;

receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection, wherein the authentication information is provided by the mobile device after receipt from a remote identity management system; and

in response to receiving the authentication information, authenticating the user to access the user application using the user computer, comprising;

sending, by the user computer, the received authentication information to the remote identity management system;

receiving, by the identity management application, confirmation of user authentication from the remote identity management system based on the authentication information provided to the mobile device and received from the user computer;

determining, by the identity management application running on the user computer, that the mobile device is no longer connected to the user computer using the short distance wireless connection; and

in response, revoking the authentication for the user to access the user application using the user computer.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and techniques are described for authenticating a user. A described technique includes receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer. The technique includes determining, by the identity management application, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection. The technique includes requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection. The technique includes receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection. In response to receiving the authentication information, the technique includes authenticating the user to access the user application using the user computer.

Citations

17 Claims

1. A method comprising:
- receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer;
  
  determining, by the identity management application running on the user computer, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection;
  
  requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection;
  
  receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection, wherein the authentication information is provided by the mobile device after receipt from a remote identity management system; and
  
  in response to receiving the authentication information, authenticating the user to access the user application using the user computer, comprising;
  
  sending, by the user computer, the received authentication information to the remote identity management system;
  
  receiving, by the identity management application, confirmation of user authentication from the remote identity management system based on the authentication information provided to the mobile device and received from the user computer;
  
  determining, by the identity management application running on the user computer, that the mobile device is no longer connected to the user computer using the short distance wireless connection; and
  
  in response, revoking the authentication for the user to access the user application using the user computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the short distance wireless connection is a connection that can only be established between devices that are within a relative proximity of each other.
  - 3. The method of claim 1, wherein the determining, the requesting, the receiving, and the authenticating occur automatically in response to receiving the request to authenticate the user to access the user application using the user computer.
  - 4. The method of claim 1, wherein the authentication information can only be used to authenticate the user once.
  - 5. The method of claim 1, further comprising:
    - receiving, by the mobile device, the request for authentication information from the user computer over the short distance wireless connection;
      
      in response to the request;
      
      providing credentials for the user to the identity management system;
      
      receiving the authentication information from the identity management system in response to providing the credentials, andproviding the authentication information to the user computer over the short distance wireless connection.
  - 6. The method of claim 5, further comprising:
    - receiving, by the identity management system, a request to authenticate the user;
      
      determining, by the identity management system, that mobile authentication is available for the request to authenticate the user; and
      
      providing a challenge to the user computer for credentials from the mobile device.
  - 7. The method of claim 6, wherein authenticating the user to access the user application using the user computer comprises:
    - providing the authentication information to the identity management system in response to the challenge or causing the authentication information to be provided to the identity management system in response to the challenge.
  - 8. The method of claim 5, further comprising:
    - receiving, by the identity management system, the credentials from the mobile device;
      
      generating, by the identity management system, the authentication information; and
      
      transmitting, by the identity management system, the authentication information to the mobile device.

9. A system comprising:
- one or more computers; and
  
  one or more storage devices encoded with instructions that when executed by the one or more computers cause the one or more computers to perform operations comprising;
  
  receiving a request to authenticate a user to access a user application using a user computer;
  
  determining that a mobile device associated with the user is connected to the user computer using a short distance wireless connection;
  
  requesting authentication information for the user from the mobile device over the short distance wireless connection;
  
  receiving the authentication information for the user from the mobile device over the short distance wireless connection, wherein the authentication information is provided by the mobile device after receipt from a remote identity management system; and
  
  in response to receiving the authentication information, authenticating the user to access the user application using the user computer, comprising;
  
  sending, by the user computer, the received authentication information to the remote identity management system; and
  
  receiving, by the identity management application, confirmation of user authentication from the remote identity management system based on the authentication information provided to the mobile device and received from the user computer;
  
  determining, by the identity management application running on the user computer, that the mobile device is no longer connected to the user computer using the short distance wireless connection; and
  
  in response, revoking the authentication for the user to access the user application using the user computer.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein the short distance wireless connection is a connection that can only be established between devices that are within a relative proximity of each other.
  - 11. The system of claim 9, wherein the determining, the requesting, the receiving, and the authenticating occur automatically in response to receiving the request to authenticate the user to access the user application using the user computer.
  - 12. The system of claim 9, wherein the authentication information can only be used to authenticate the user once.
  - 13. The system of claim 9, the operations further comprising:
    - receiving, by the mobile device, the request for authentication information from the user device over the short distance wireless connection;
      
      in response to the request;
      
      providing credentials for the user to an identity management system;
      
      receiving the authentication information from the identity management system in response to providing the credentials, andproviding the authentication information to the user computer over the short distance wireless connection.

14. One or more non-transitory computer readable media storing instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
- receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer;
  
  determining, by the identity management application running on the user computer, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection;
  
  requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection;
  
  receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection, wherein the authentication information is provided by the mobile device after receipt from a remote identity management system; and
  
  in response to receiving the authentication information, authenticating the user to access the user application using the user computer, comprising;
  
  sending, by the user computer, the received authentication information to the remote identity management system; and
  
  receiving, by the identity management application, confirmation of user authentication from the remote identity management system based on the authentication information provided to the mobile device and received from the user computer;
  
  determining, by the identity management application running on the user computer, that the mobile device is no longer connected to the user computer using the short distance wireless connection; and
  
  in response, revoking the authentication for the user to access the user application using the user computer.
- View Dependent Claims (15, 16, 17)
- - 15. The computer readable medium of claim 14, wherein the short distance wireless connection is a connection that can only be established between devices that are within a relative proximity of each other.
  - 16. The computer readable medium of claim 14, wherein the determining, the requesting, the receiving, and the authenticating occur automatically in response to receiving the request to authenticate the user to access the user application using the user computer.
  - 17. The computer readable medium of claim 14, wherein the authentication information can only be used to authenticate the user once.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omnissa, LLC
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Soni, Abhishek, Abburi, Lakshman Rao
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Wilcox, James J

Application Number

US15/260,123
Publication Number

US 20180070233A1
Time in Patent Office

1,020 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/629   to features or functions of...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 4/80   Services using short range ...

Phone factor authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Phone factor authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links