Multi-factor authentication devices
First Claim
1. A method, comprising:
- receiving, by a processor, a first request from a first user device to access a protected device,the first request including user credentials, andthe user credentials being associated with a user identity associated with the first user device;
verifying, by the processor, the user identity based on comparing the user credentials received in the first request and a user profile;
determining, by the processor, that an authentication code is needed to authenticate the first request to access the protected device based on verifying the user identity;
dynamically generating, by the processor, a plurality of codes based on determining that the authentication code is needed to authenticate the first request to access the protected device,a first code, of the plurality of codes, corresponding to a correct authentication code needed to authenticate the first request to access the protected device,the first code being generated using a first pseudo-random code based on user-specific data,one or more second codes, of the plurality of codes, corresponding to one or more decoy codes, andthe one or more second codes being generated using one or more second pseudo-random codes;
determining, by the processor, a second user device associated with the user identity after verifying the user identity;
transmitting, by the processor, the plurality of codes to the second user device;
transmitting, by the processor, a message including an instruction for identifying the correct authentication code from among the plurality of codes using the user-specific data;
transmitting, by the processor and to the first user device, an authentication request that includes a second request for the correct authentication code,the correct authentication code to be identified, based on the authentication request, using the instruction;
receiving, by the processor and from the first user device, a response to the authentication request that includes a third code;
comparing, by the processor, the third code and the plurality of codes;
determining, by the processor and based on the third code matching one of the one or more second codes, that the second user device is compromised;
notifying, by the processor and based on determining that the second user device is compromised, a provider associated with the protected device that the second user device is compromised; and
requesting, by the processor and based on determining that the second user device is compromised, an additional factor for authenticating the user identity.
1 Assignment
0 Petitions
Accused Products
Abstract
A device may receive a request from a first user device to access a protected device. The device may verify a user identity of a user of the first device based on user credentials and determine that an authentication code is needed to authenticate the request to access the protected device. The device may dynamically generate multiple codes and transmit the multiple codes to a second user device associated with the user identity of the user of the first device. A first code, of the multiple codes, may correspond to a correct authentication code needed to authenticate the request to access the protected device. The device may transmit a message including an instruction for identifying the correct authentication code from among the multiple codes, receive a second code from the first device, compare the second code and the first code, and selectively authenticate the request to access the protected device.
34 Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a processor, a first request from a first user device to access a protected device, the first request including user credentials, and the user credentials being associated with a user identity associated with the first user device; verifying, by the processor, the user identity based on comparing the user credentials received in the first request and a user profile; determining, by the processor, that an authentication code is needed to authenticate the first request to access the protected device based on verifying the user identity; dynamically generating, by the processor, a plurality of codes based on determining that the authentication code is needed to authenticate the first request to access the protected device, a first code, of the plurality of codes, corresponding to a correct authentication code needed to authenticate the first request to access the protected device, the first code being generated using a first pseudo-random code based on user-specific data, one or more second codes, of the plurality of codes, corresponding to one or more decoy codes, and the one or more second codes being generated using one or more second pseudo-random codes; determining, by the processor, a second user device associated with the user identity after verifying the user identity; transmitting, by the processor, the plurality of codes to the second user device; transmitting, by the processor, a message including an instruction for identifying the correct authentication code from among the plurality of codes using the user-specific data; transmitting, by the processor and to the first user device, an authentication request that includes a second request for the correct authentication code, the correct authentication code to be identified, based on the authentication request, using the instruction; receiving, by the processor and from the first user device, a response to the authentication request that includes a third code; comparing, by the processor, the third code and the plurality of codes; determining, by the processor and based on the third code matching one of the one or more second codes, that the second user device is compromised; notifying, by the processor and based on determining that the second user device is compromised, a provider associated with the protected device that the second user device is compromised; and requesting, by the processor and based on determining that the second user device is compromised, an additional factor for authenticating the user identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19, 20)
-
-
8. A device, comprising:
-
one or more memories; and one or more processors, communicatively coupled to the one or more memories, to; receive a first request from a first user device to access a protected device, the first request including user credentials, and the user credentials being associated with a user identity associated with the first user device; verify the user identity based on comparing the user credentials received in the first request and a user profile; determine that an authentication code is needed to authenticate the first request to access the protected device based on verifying the user identity; dynamically generate a plurality of codes based on determining that the authentication code is needed to authenticate the first request to access the protected device, a first code, of the plurality of codes, corresponding to a correct authentication code needed to authenticate the first request to access the protected device, the first code being generated using a first pseudo-random code based on user-specific data, one or more second codes, of the plurality of codes, corresponding to one or more decoy codes, and the one or more second codes being generating using one or more second pseudo-random codes; determine a second user device associated with the user identity after verifying the user identity; transmit the plurality of codes to the second user device; transmit a message to the first user device, the message including an instruction for identifying the correct authentication code from among the plurality of codes using the user-specific data, and the message being configured for display on the first user device; transmit, to the first user device, an authentication request that includes a second request for the correct authentication code, the correct authentication code to be identified, based on the authentication request, using the instruction; receive, from the first user device, a response to the authentication request that includes a third code; compare the third code and; the first code, and the one or more second codes; determine, based on the third code matching one of the one or more second codes, that the second user device is comprised; provide, to a provider associated with the protected device and based on determining that the second user device is compromised, a notification that the second user device is compromised; and request, based on determining that the second user device is compromised, an additional factor for authenticating the user identity. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium storing instructions, the instructions comprising:
-
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive a first request from a first user device to access a protected resource, the first request including user credentials, and the user credentials being associated with a user identity associated with the first user device; verify the user identity based on comparing the user credentials received in the first request and a user profile; determine that an authentication code is needed to authenticate the first request to access the protected resource based on verifying the user identity; dynamically generate a plurality of codes based on determining that the authentication code is needed to authenticate the first request to access the protected resource, a first code, of the plurality of codes, corresponding to a correct authentication code needed to authenticate the first user device to access the protected resource, the first code being generated using a first pseudo-random code based on user-specific data, one or more second codes, of the plurality of codes, corresponding to one or more decoy codes, and the one or more second codes being generated using one or more second pseudo-random codes; store the plurality of codes in a storage device; determine a second user device associated with the user identity after verifying the user identity; transmit the plurality of codes to the second user device; transmit, to a third user device associated with the user identity, a message including an instruction for identifying the correct authentication code from among the plurality of codes using the user-specific data; transmit, to the first user device, an authentication request that includes a second request for the correct authentication code, the correct authentication code to be identified, based on the authentication request, using the instruction for identifying the correct authentication code from among the plurality of codes; receive, from the first user device, a response to the authentication request that includes a third code; compare the third code and the plurality of codes; determine, based on the third code matching one of the one or more second codes, that the second user device is compromised; and notify, based on determining that the second user device is compromised, a provider of the protected resource that the second user device is compromised. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification