Simplified login for a computing system

US 10,349,274 B2
Filed: 11/27/2017
Issued: 07/09/2019
Est. Priority Date: 04/25/2008
Status: Active Grant

First Claim

Patent Images

1. A computing system, comprising:

a display configured to provide to a user a request to enter a first credential and a second credential during a first login;

a transmitter configured to transmit the first credential and the second credential, which are received via user input, to a validation server during the first login;

a receiver configured to receive encrypted data that is based on the first credential and the second credential; and

one or more processors configured to generate, for a second login that is subsequent to the first login, a login screen requesting the second credential and not the first credential,the transmitter configured to transmit the second credential that is received via the login screen during the second login and the encrypted data from the computing system to the validation server during the second login to enable the validation server to compare the second credential that is received via the login screen during the second login and at least a portion of the encrypted data that is transmitted from the computing system to the validation server during the second login and that is decrypted by the validation server to determine whether to grant the computing system access to a resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials.

14 Citations

20 Claims

1. A computing system, comprising:
- a display configured to provide to a user a request to enter a first credential and a second credential during a first login;
  
  a transmitter configured to transmit the first credential and the second credential, which are received via user input, to a validation server during the first login;
  
  a receiver configured to receive encrypted data that is based on the first credential and the second credential; and
  
  one or more processors configured to generate, for a second login that is subsequent to the first login, a login screen requesting the second credential and not the first credential,the transmitter configured to transmit the second credential that is received via the login screen during the second login and the encrypted data from the computing system to the validation server during the second login to enable the validation server to compare the second credential that is received via the login screen during the second login and at least a portion of the encrypted data that is transmitted from the computing system to the validation server during the second login and that is decrypted by the validation server to determine whether to grant the computing system access to a resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computing system of claim 1, wherein the transmitter is configured to transmit the second credential, unencrypted, and the encrypted data to the validation server to enable the validation server to compare the second credential, unencrypted, and at least a portion of the encrypted data that has been decrypted to determine whether to grant the computing system access to the resource.
  - 3. The computing system of claim 1, wherein the transmitter is configured to transmit the second credential and a cookie that includes the encrypted data to the validation server to enable the validation server to compare the second credential and at least a portion of the encrypted data that has been decrypted to determine whether to grant the computing system access to the resource.
  - 4. The computing system of claim 1, wherein the transmitter is configured to transmit the encrypted data in a parameter of a uniform resource locator that is associated with the resource.
  - 5. The computing system of claim 1, wherein the one or more processors are configured to:
    - determine whether to generate the login screen to request the first credential and the second credential or to request the second credential and not the first credential depending on whether the encrypted data is on the computing system,the encrypted data not being on the computing system indicates that the login screen is to request the first credential and the second credential,the encrypted data being on the computing system indicates that the login screen is to request the second credential and not the first credential; and
      
      generate, for the second login, the login screen requesting the second credential and not the first credential based at least in part on the encryption data being on the computing system.
  - 6. The computing system of claim 1, wherein the one or more processors are configured to:
    - generate a second screen requesting that the user select one of a plurality of logon preferences, the plurality of logon preferences including a first preference to log on using the first credential, the plurality of logon preferences further including a second preference to log on using the second credential; and
      
      generate, for the second login, the login screen requesting the second credential and not the first credential based at least in part on the user selecting the second preference.

7. A method implemented at least in part by a computing system, the method comprising:
- providing, by a display of the computing system, a request for a user to enter a first credential and a second credential during a first login;
  
  receiving, by a user input interface of the computing system, a user input that includes the first credential and the second credential during the first login;
  
  transmitting, by a transmitter of the computing system, the first credential and the second credential to a validation server during the first login;
  
  receiving, by a receiver of the computing system, encrypted data based on the first credential and the second credential;
  
  generating, by one or more processors of the computing system, a login screen for a second login that is subsequent to the first login, the login screen requesting the second credential and not the first credential; and
  
  transmitting, by the transmitter, the second credential that is received via the login screen during the second login and the encrypted data from the computing system to the validation server during the second login to enable the validation server to compare the second credential that is received via the login screen during the second login and at least a portion of the encrypted data that is transmitted from the computing system to the validation server during the second login and that is decrypted by the validation server to determine whether to grant the computing system access to a resource.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein transmitting the second credential and the encrypted data to the validation server comprises:
    - transmitting, by the transmitter, the second credential, unencrypted, and the encrypted data to the validation server to enable the validation server to compare the second credential, unencrypted, and at least a portion of the encrypted data that has been decrypted to determine whether to grant the computing system access to the resource.
  - 9. The method of claim 7, wherein transmitting the second credential and the encrypted data to the validation server comprises:
    - transmitting, by the transmitter, the second credential and a cookie that includes the encrypted data to the validation server to enable the validation server to compare the second credential and at least a portion of the encrypted data that has been decrypted to determine whether to grant the computing system access to the resource.
  - 10. The method of claim 7, wherein transmitting the second credential and the encrypted data comprises:
    - transmitting, by the transmitter, the second credential and a uniform resource locator that is associated with the resource to the validation server; and
      
      wherein the encrypted data is a parameter of the uniform resource locator.
  - 11. The method of claim 7, further comprising:
    - determining, by the one or more processors, whether to generate the login screen to request the first credential and the second credential or to request the second credential and not the first credential depending on whether the encrypted data is on the computing system,the encrypted data not being on the computing system indicates that the login screen is to request the first credential and the second credential,the encrypted data being on the computing system indicates that the login screen is to request the second credential and not the first credential;
      
      wherein generating the login screen comprises;
      
      generating, for the second login, the login screen requesting the second credential and not the first credential based at least in part on the encryption data being on the computing system.
  - 12. The method of claim 7, further comprising:
    - generating a second screen requesting that the user select one of a plurality of logon preferences, the plurality of logon preferences including a first preference to log on using the first credential, the plurality of logon preferences further including a second preference to log on using the second credential;
      
      wherein the login screen requests the second credential and not the first credential based at least in part on the user selecting the second preference.

13. A computing system comprising:
- memory; and
  
  one or more processors coupled to the memory and configured to;
  
  receive a first credential and a second credential from a computing device in accordance with a first logon;
  
  encrypt data that is based on the first credential and the second credential to provide encrypted data;
  
  send the encrypted data to the computing device for use in subsequent logons;
  
  receive user-specified information and the encrypted data from the computing device in accordance with a subsequent logon;
  
  decrypt the encrypted data that is received from the computing device in accordance with the subsequent logon to obtain the first credential and the second credential;
  
  compare the user-specified information, which is received from the computing device in accordance with the subsequent logon, and the second credential, which is obtained by decrypting the encrypted data that is received from the computing device in accordance with the subsequent logon, to determine whether the user-specified information, which is received from the computing device in accordance with the subsequent logon, and the second credential, which is obtained by decrypting the encrypted data that is received from the computing device in accordance with the subsequent logon, match; and
  
  control whether access to a resource is granted to the computing device based at least in part on whether the user-specified information, which is received from the computing device in accordance with the subsequent logon, and the second credential, which is obtained by decrypting the encrypted data that is received from the computing device in accordance with the subsequent logon, match,the user-specified information, which is received from the computing device in accordance with the subsequent logon, matching the second credential, which is obtained by decrypting the encrypted data that is received from the computing device in accordance with the subsequent logon, indicating that the access is to be granted,the user-specified information, which is received from the computing device in accordance with the subsequent logon, not matching the second credential, which is obtained by decrypting the encrypted data that is received from the computing device in accordance with the subsequent logon, indicating that the access is not to be granted.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computing system of claim 13, wherein the one or more processors are further configured to, in response to the user-specified information not matching the second credential, cause an invalid logon attempt to be recorded in a log.
  - 15. The computing system of claim 14, wherein the one or more processors are configured to, in response to the user-specified information not matching the second credential:
    - generate a message that includes a username and a bogus password; and
      
      send the message to an authentication server, the message configured to cause the authentication server to record the invalid logon attempt in the log.
  - 16. The computing system of claim 13, wherein the one or more processors are further configured to, in response to the user-specified information not matching the second credential, enforce a delay period for a subsequent logon attempt.
  - 17. The computing system of claim 13, wherein the one or more processors are configured to:
    - receive the user-specified information, unencrypted, and the encrypted data from the computing device in accordance with the subsequent logon; and
      
      compare the user-specified information, unencrypted, and the second credential to determine whether the user-specified information, unencrypted, and the second credential match.
  - 18. The computing system of claim 13, wherein the one or more processors are configured to:
    - receive the user-specified information and a cookie that includes the encrypted data from the computing device in accordance with a subsequent logon; and
      
      decrypt the encrypted data, which is included in the cookie, to obtain the first credential and the second credential.
  - 19. The computing system of claim 13, wherein the one or more processors are configured to:
    - receive the user-specified information and a resource locator that is associated with the resource from the computing device in accordance with a subsequent logon; and
      
      decrypt the encrypted data, which is a parameter of the resource locator, to obtain the first credential and the second credential.
  - 20. The computing system of claim 13, wherein the one or more processors are configured to encrypt the data by implementing an encryption algorithm with a private server key to provide the encrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Mendelovich, Meir, Neystadt, John, Aoyama, Ken, Nice, Nir, Gurman, Shay Yehuda
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US15/823,466
Publication Number

US 20180084422A1
Time in Patent Office

589 Days
Field of Search

713168
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/32   including means for verifyi...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Simplified login for a computing system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified login for a computing system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links