Multi-factor authentication devices

US 10,360,367 B1
Filed: 06/07/2018
Issued: 07/23/2019
Est. Priority Date: 06/07/2018
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a processor, a first request from a first user device to access a protected device,the first request including user credentials, andthe user credentials being associated with a user identity associated with the first user device;

verifying, by the processor, the user identity based on comparing the user credentials received in the first request and a user profile;

determining, by the processor, that an authentication code is needed to authenticate the first request to access the protected device based on verifying the user identity;

dynamically generating, by the processor, a plurality of codes based on determining that the authentication code is needed to authenticate the first request to access the protected device,a first code, of the plurality of codes, corresponding to a correct authentication code needed to authenticate the first request to access the protected device,the first code being generated using a first pseudo-random code based on user-specific data,one or more second codes, of the plurality of codes, corresponding to one or more decoy codes, andthe one or more second codes being generated using one or more second pseudo-random codes;

determining, by the processor, a second user device associated with the user identity after verifying the user identity;

transmitting, by the processor, the plurality of codes to the second user device;

transmitting, by the processor, a message including an instruction for identifying the correct authentication code from among the plurality of codes using the user-specific data;

transmitting, by the processor and to the first user device, an authentication request that includes a second request for the correct authentication code,the correct authentication code to be identified, based on the authentication request, using the instruction;

receiving, by the processor and from the first user device, a response to the authentication request that includes a third code;

comparing, by the processor, the third code and the plurality of codes;

determining, by the processor and based on the third code matching one of the one or more second codes, that the second user device is compromised;

notifying, by the processor and based on determining that the second user device is compromised, a provider associated with the protected device that the second user device is compromised; and

requesting, by the processor and based on determining that the second user device is compromised, an additional factor for authenticating the user identity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may receive a request from a first user device to access a protected device. The device may verify a user identity of a user of the first device based on user credentials and determine that an authentication code is needed to authenticate the request to access the protected device. The device may dynamically generate multiple codes and transmit the multiple codes to a second user device associated with the user identity of the user of the first device. A first code, of the multiple codes, may correspond to a correct authentication code needed to authenticate the request to access the protected device. The device may transmit a message including an instruction for identifying the correct authentication code from among the multiple codes, receive a second code from the first device, compare the second code and the first code, and selectively authenticate the request to access the protected device.

34 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a processor, a first request from a first user device to access a protected device,the first request including user credentials, andthe user credentials being associated with a user identity associated with the first user device;
  
  verifying, by the processor, the user identity based on comparing the user credentials received in the first request and a user profile;
  
  determining, by the processor, that an authentication code is needed to authenticate the first request to access the protected device based on verifying the user identity;
  
  dynamically generating, by the processor, a plurality of codes based on determining that the authentication code is needed to authenticate the first request to access the protected device,a first code, of the plurality of codes, corresponding to a correct authentication code needed to authenticate the first request to access the protected device,the first code being generated using a first pseudo-random code based on user-specific data,one or more second codes, of the plurality of codes, corresponding to one or more decoy codes, andthe one or more second codes being generated using one or more second pseudo-random codes;
  
  determining, by the processor, a second user device associated with the user identity after verifying the user identity;
  
  transmitting, by the processor, the plurality of codes to the second user device;
  
  transmitting, by the processor, a message including an instruction for identifying the correct authentication code from among the plurality of codes using the user-specific data;
  
  transmitting, by the processor and to the first user device, an authentication request that includes a second request for the correct authentication code,the correct authentication code to be identified, based on the authentication request, using the instruction;
  
  receiving, by the processor and from the first user device, a response to the authentication request that includes a third code;
  
  comparing, by the processor, the third code and the plurality of codes;
  
  determining, by the processor and based on the third code matching one of the one or more second codes, that the second user device is compromised;
  
  notifying, by the processor and based on determining that the second user device is compromised, a provider associated with the protected device that the second user device is compromised; and
  
  requesting, by the processor and based on determining that the second user device is compromised, an additional factor for authenticating the user identity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 19, 20)
- - 2. The method of claim 1, wherein the message, including the instruction for identifying the correct authentication code from among the plurality of codes, is transmitted to the first user device for display by the first user device.
  - 3. The method of claim 2, wherein the message, including the instruction for identifying the correct authentication code from among the plurality of codes, includes:
    - a first instruction that identifies the correct authentication code as having a specified order relative to other codes in the plurality of codes,a second instruction that identifies the correct authentication code as having a relative value compared to other codes in the plurality of codes, ora third instruction that identifies the correct authentication code as having a specified sequence of digits compared to other codes in the plurality of codes.
  - 4. The method of claim 1, wherein the instruction is transmitted to the second user device for display by the second user device.
  - 5. The method of claim 4, wherein the instruction includes a knowledge-based instruction whereby the correct authentication code includes the user-specific data determinable based on the knowledge-based instruction.
  - 6. The method of claim 1, further comprising:
    - storing the plurality of codes in a storage device.
  - 7. The method of claim 1, wherein the message, including the instruction for identifying the correct authentication code from among the plurality of codes, is one of:
    - a text message,a pop-up message,a multimedia message,an electronic mail message, oran audio message.
  - 19. The method of claim 1, further comprising:
    - receiving a fourth code from the first user device;
      
      comparing the fourth code and the plurality of codes; and
      
      locking, based on the fourth code not matching the first code and not matching the one or more second codes, a user, of the first user device, out of an account associated with the protected device.
  - 20. The method of claim 1, further comprising:
    - receiving a fourth code from the first user device;
      
      comparing the fourth code and the plurality of codes;
      
      determining, based on comparing the fourth code and the plurality of codes, that the fourth code does not match the first code;
      
      determining, based on comparing the fourth code and the plurality of codes, that the fourth code comprises a threshold similarity to the first code; and
      
      transmitting, to the first user device, another authentication request.

8. A device, comprising:
- one or more memories; and
  
  one or more processors, communicatively coupled to the one or more memories, to;
  
  receive a first request from a first user device to access a protected device,the first request including user credentials, andthe user credentials being associated with a user identity associated with the first user device;
  
  verify the user identity based on comparing the user credentials received in the first request and a user profile;
  
  determine that an authentication code is needed to authenticate the first request to access the protected device based on verifying the user identity;
  
  dynamically generate a plurality of codes based on determining that the authentication code is needed to authenticate the first request to access the protected device,a first code, of the plurality of codes, corresponding to a correct authentication code needed to authenticate the first request to access the protected device,the first code being generated using a first pseudo-random code based on user-specific data,one or more second codes, of the plurality of codes, corresponding to one or more decoy codes, andthe one or more second codes being generating using one or more second pseudo-random codes;
  
  determine a second user device associated with the user identity after verifying the user identity;
  
  transmit the plurality of codes to the second user device;
  
  transmit a message to the first user device,the message including an instruction for identifying the correct authentication code from among the plurality of codes using the user-specific data, andthe message being configured for display on the first user device;
  
  transmit, to the first user device, an authentication request that includes a second request for the correct authentication code,the correct authentication code to be identified, based on the authentication request, using the instruction;
  
  receive, from the first user device, a response to the authentication request that includes a third code;
  
  compare the third code and;
  
  the first code, andthe one or more second codes;
  
  determine, based on the third code matching one of the one or more second codes, that the second user device is comprised;
  
  provide, to a provider associated with the protected device and based on determining that the second user device is compromised, a notification that the second user device is compromised; and
  
  request, based on determining that the second user device is compromised, an additional factor for authenticating the user identity.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The device of claim 8, wherein the instruction includes:
    - a first instruction that identifies the correct authentication code as having a specified order relative to other codes in the plurality of codes,a second instruction that identifies the correct authentication code as having a relative value compared to other codes in the plurality of codes, ora third instruction that identifies the correct authentication code as having a specified sequence of digits compared to other codes in the plurality of codes.
  - 10. The device of claim 8, wherein the instruction includes a knowledge-based instruction whereby the correct authentication code includes the user-specific data determinable based on the knowledge-based instruction.
  - 11. The device of claim 8, wherein the message, including the instruction for identifying the correct authentication code from among the plurality of codes, is one of:
    - a text message,a pop-up message,a multimedia message,an electronic mail message, oran audio message.
  - 12. The device of claim 8, wherein the device comprises a storage device, andwherein the plurality of codes is stored in the storage device.

13. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
  
  receive a first request from a first user device to access a protected resource,the first request including user credentials, andthe user credentials being associated with a user identity associated with the first user device;
  
  verify the user identity based on comparing the user credentials received in the first request and a user profile;
  
  determine that an authentication code is needed to authenticate the first request to access the protected resource based on verifying the user identity;
  
  dynamically generate a plurality of codes based on determining that the authentication code is needed to authenticate the first request to access the protected resource,a first code, of the plurality of codes, corresponding to a correct authentication code needed to authenticate the first user device to access the protected resource,the first code being generated using a first pseudo-random code based on user-specific data,one or more second codes, of the plurality of codes, corresponding to one or more decoy codes, andthe one or more second codes being generated using one or more second pseudo-random codes;
  
  store the plurality of codes in a storage device;
  
  determine a second user device associated with the user identity after verifying the user identity;
  
  transmit the plurality of codes to the second user device;
  
  transmit, to a third user device associated with the user identity, a message including an instruction for identifying the correct authentication code from among the plurality of codes using the user-specific data;
  
  transmit, to the first user device, an authentication request that includes a second request for the correct authentication code,the correct authentication code to be identified, based on the authentication request, using the instruction for identifying the correct authentication code from among the plurality of codes;
  
  receive, from the first user device, a response to the authentication request that includes a third code;
  
  compare the third code and the plurality of codes;
  
  determine, based on the third code matching one of the one or more second codes, that the second user device is compromised; and
  
  notify, based on determining that the second user device is compromised, a provider of the protected resource that the second user device is compromised.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - generate the instruction for identifying the correct authentication code from among the plurality of codes,the instruction, for identifying the correct authentication code from among the plurality of codes, including one of;
      
      a first instruction that indicates the correct authentication code as having a specified order relative to other codes in the plurality of codes,a second instruction that indicates the correct authentication code as having a relative value compared to other codes in the plurality of codes, ora third instruction that indicates the correct authentication code as having a specified sequence of digits compared to other codes in the plurality of codes.
  - 15. The non-transitory computer-readable medium of claim 13, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - generate the instruction for identifying the correct authentication code from among the plurality of codes,the instruction, for identifying the correct authentication code from among the plurality of codes, including a knowledge-based instruction whereby the correct authentication code includes the user-specific data to be determined based on the knowledge-based instruction.
  - 16. The non-transitory computer-readable medium of claim 13, wherein the one or more instructions, that cause the one or more processors to transmit the message, cause the one or more processors to:
    - transmit the message as a text message, a pop-up message, a multimedia message, an electronic mail message, or an audio message.
  - 17. The non-transitory computer-readable medium of claim 13, wherein the third user device is the first user device.
  - 18. The non-transitory computer-readable medium of claim 13, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - decline, based on a result of comparing the third code and the first code, to authenticate the first request to access the protected resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Mossoba, Michael, Benkreira, Abdelkadar M'Hamed, Edwards, Joshua
Primary Examiner(s)
Lanier, Benjamin E

Application Number

US16/002,927
Time in Patent Office

411 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/42   using separate channels for...

G06F 21/554   involving event detection a...

G06F 2221/034   Test or assess a computer o...

G06F 3/0622   in relation to access

G06F 3/0658   Controller construction arr...

G06F 3/0673   Single storage device

G06F 3/16   Sound input; Sound output s...

G06Q 20/40   Authorisation, e.g. identif...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

Multi-factor authentication devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-factor authentication devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links