Two factor authentication with authentication objects
First Claim
Patent Images
1. A computer-implemented method, comprising:
- obtaining, from a first device, a request to authenticate an identity;
providing, on a second device, a graphical user interface that makes an authentication object available for selection, the graphical user interface including graphical representations of sets of actions for authenticating by corresponding service provider systems, including a graphical representation that represents a set of actions for authenticating the identity by a service provider system, wherein the authentication object encodes;
a set of credentials usable to authenticate the identity; and
an access policy that specifies a permitted use or a restriction on use of the authentication object; and
is associated with a set of actions for authenticating the identity;
receiving, from the second device, user input indicating selection of the authentication object; and
performing the set of actions by at least;
obtaining an authentication claim generated based at least in part on the request from the first device and the set of credentials encoded in the authentication object selected from the second device; and
causing, at least in part by providing the authentication claim to a computing resource service provider system, the authentication claim to be used to authenticate the identity.
1 Assignment
0 Petitions
Accused Products
Abstract
Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.
109 Citations
23 Claims
-
1. A computer-implemented method, comprising:
-
obtaining, from a first device, a request to authenticate an identity; providing, on a second device, a graphical user interface that makes an authentication object available for selection, the graphical user interface including graphical representations of sets of actions for authenticating by corresponding service provider systems, including a graphical representation that represents a set of actions for authenticating the identity by a service provider system, wherein the authentication object encodes; a set of credentials usable to authenticate the identity; and an access policy that specifies a permitted use or a restriction on use of the authentication object; and is associated with a set of actions for authenticating the identity; receiving, from the second device, user input indicating selection of the authentication object; and performing the set of actions by at least; obtaining an authentication claim generated based at least in part on the request from the first device and the set of credentials encoded in the authentication object selected from the second device; and causing, at least in part by providing the authentication claim to a computing resource service provider system, the authentication claim to be used to authenticate the identity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
one or more computing devices including one or more processor and memory, the memory including executable instructions that, as a result of execution by the one or more processors, cause the system to; receive, from a first computing device of the one or more computing devices, a request to authenticate an identity; receive, from a second computing device of the one or more computing devices, an authentication object usable to authenticate the identity to a service provider system, the authentication object selected via a graphic interface including graphical representations of sets of actions for authenticating by corresponding systems including the service provider system, the authentication object encoding; a set of credentials sufficient to authenticate the identity to a service provider system; and a policy that specifies a type of access associated with the authentication object; generate, based at least in part on the set of credentials encoded in the authentication object, an authentication claim that corresponds to the request from the first computing device; and provide the authentication claim to the service provider system to facilitate performance of an operation involving interaction with the service provider system. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
16. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a first computer system, cause the first computer system to at least:
-
cause, as a result of an attempt by the first computer system to access a resource of a service provider, a graphical user interface to be displayed on a second computer system, the graphical user interface including a plurality of graphical representations including a graphical representation that represents a set of actions for authenticating an identity by a service provider system, at least a portion of the plurality of graphical representations being associated with; a set of actions for authenticating the identity with a service provider; a set of policies specifying permitted uses or restrictions associated with the plurality of graphical representations; and a set of credentials usable to authenticate the identity with the service provider; generate, based at least in part on the set of credentials received as a result of a selection from the plurality of graphical representations made via the second computer system, an authentication claim sufficient to authenticate with the service provider; and access the resource of the service provider at least in part by providing the authentication claim to the service provider for authentication. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification