Computer-implemented method for mobile authentication and corresponding computer system

US 10,375,062 B2
Filed: 06/21/2017
Issued: 08/06/2019
Est. Priority Date: 10/06/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium storing a program executable by one or more processors of a first computing device, the program comprising sets of instructions for:

receiving directly from a second computing device an authentication request to authenticate a user associated with a first account associated with a service hosted on the second computing device, wherein the authentication request is associated with a login request to log into the first account that the second computing device receives from a third computing device, wherein the authentication request includes a user identification associated with a second account managed by and stored on the first computing device;

sending to a fourth computing device a request for verification of the second account in order to authenticate the identity of the user;

receiving from the fourth computing device verification information for verifying the second account, wherein the verification information is based on information that the fourth computing device reads from a personal smart card that is separate from the fourth computing device, the information configured for authenticating the user associated with the account; and

sending directly to the second computing device authentication information based on the verification information in order for the second computing device to use the authentication information to log the user into the first account associated with the service.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment of the present invention a computerized method includes receiving at a personal-mobile device a first communication, which includes information for requesting user verification for logging into an account of a user, via a computing device. The account is with a service provided by an application server. The method includes starting a personal-authentication application on the personal-mobile device in response to receiving the first communication, and receiving in the personal-authentication application a user verification for confirming logging into the account. The method includes logging into the account via the computing device based on receipt of the user verification. Embodiments of the present invention provide enhanced security for logging into an account that a user may have with a service by providing that a personal-mobile device, such as a mobile telephone, which is personal to a user, is configured as a security token for login to the account.

12 Citations

20 Claims

1. A non-transitory computer-readable medium storing a program executable by one or more processors of a first computing device, the program comprising sets of instructions for:
- receiving directly from a second computing device an authentication request to authenticate a user associated with a first account associated with a service hosted on the second computing device, wherein the authentication request is associated with a login request to log into the first account that the second computing device receives from a third computing device, wherein the authentication request includes a user identification associated with a second account managed by and stored on the first computing device;
  
  sending to a fourth computing device a request for verification of the second account in order to authenticate the identity of the user;
  
  receiving from the fourth computing device verification information for verifying the second account, wherein the verification information is based on information that the fourth computing device reads from a personal smart card that is separate from the fourth computing device, the information configured for authenticating the user associated with the account; and
  
  sending directly to the second computing device authentication information based on the verification information in order for the second computing device to use the authentication information to log the user into the first account associated with the service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the program further comprises a set of instructions for, during a registration process for the fourth computing device, receiving from the fourth computing device registration information associated with the user.
  - 3. The non-transitory computer-readable medium of claim 2, wherein the program further comprises sets of instructions for:
    - determining that the verification information matches the registration information associated with the user;
      
      based on the determination, including information in the authentication information indicating that the second computing device is allowed to log the user into the first account associated with the service.
  - 4. The non-transitory computer-readable medium of claim 2, wherein the program further comprises sets of instructions for:
    - determining that the verification information does not match the registration information associated with the user;
      
      in response to the determination, including information in the authentication information indicating that the second computing device is not allowed to log the user into the first account associated with the service.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the verification information is received from the fourth computing device via a fifth computing device to which the fourth computing device sends the verification information and a request to send the verification information to the first computing device.
  - 6. The non-transitory computer-readable medium of claim 1, wherein sending the request to the fourth computing device comprises sending a fifth computing device directions to send the fourth computing device the request.
  - 7. The non-transitory computer-readable medium of claim 1, wherein the information is a first information, wherein the verification information is further based on a second information from the fourth computing device, the first and second information configured for authenticating the user associated with the account.

8. A system comprising:
- one or more processors of a first computing device;
  
  a non-transitory computer-readable medium storing a program executable by the one or more processors, the program comprising sets of instructions for;
  
  receiving directly from a second computing device an authentication request to authenticate a user associated with a first account associated with a service hosted on the second computing device, wherein the authentication request is associated with a login request to log into the first account that the second computing device receives from a third computing device, wherein the authentication request includes a user identification associated with a second account managed by and stored on the first computing device;
  
  sending to a fourth computing device a request for verification of the second account in order to authenticate the identity of the user;
  
  receiving from the fourth computing device verification information for verifying the second account, wherein the verification information is based on information that the fourth computing device reads from a personal smart card that is separate from the fourth computing device, the information configured for authenticating the user associated with the account; and
  
  sending directly to the second computing device authentication information based on the verification information in order for the second computing device to use the authentication information to log a user into the first account associated with the service.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the program further comprises a set of instructions for, during a registration process for the fourth computing device, receiving from the fourth computing device registration information associated with the user.
  - 10. The system of claim 9, wherein the program further comprises sets of instructions for:
    - determining that the verification information matches the registration information associated with the user;
      
      based on the determination, including information in the authentication information indicating that the second computing device is allowed to log the user into the first account associated with the service.
  - 11. The system of claim 9, wherein the program further comprises sets of instructions for:
    - determining that the verification information does not match the registration information associated with the user;
      
      in response to the determination, including information in the authentication information indicating that the second computing device is not allowed to log the user into the first account associated with the service.
  - 12. The system of claim 8, wherein the verification information is received from the fourth computing device via a fifth computing device to which the fourth computing device sends the verification information and a request to send the verification information to the first computing device.
  - 13. The system of claim 8, wherein sending the request to the fourth computing device comprises sending a fifth computing device directions to send the fourth computing device the request.
  - 14. The system of claim 8, wherein the information is a first information, wherein the verification information is further based on a second information from the fourth computing device, the first and second information configured for authenticating the user associated with the account.

15. For a first computing device, a method comprising:
- receiving directly from a second computing device an authentication request to authenticate a user associated with a first account associated with a service hosted on the second computing device, wherein the authentication request is associated with a login request to log into the first account that the second computing device receives from a third computing device, wherein the authentication request includes a user identification associated with a second account managed by and stored on the first computing device;
  
  sending to a fourth computing device a request for verification of the second account in order to authenticate the identity of the user;
  
  receiving from the fourth computing device verification information associated with the request, wherein the verification information is based on information that the fourth computing device reads from a personal smart card that is separate from the fourth computing device, the information configured for authenticating the user associated with the account; and
  
  sending directly to the second computing device authentication information associated with logging into the account associated with the service based on the verification information in order for the second computing device to use the authentication information to log a user of the third device into the account associated with the service.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 further comprising, during a registration process for the fourth computing device, receiving from the fourth computing device registration information associated with the user.
  - 17. The method of claim 16 further comprising:
    - determining that the verification information matches the registration information associated with the user;
      
      based on the determination, including information in the authentication information indicating that the second computing device is allowed to log the user into the first account associated with the service.
  - 18. The method of claim 16 further comprising:
    - determining that the verification information does not match the registration information associated with the user;
      
      in response to the determination, including information in the authentication information indicating that the second computing device is not allowed to log the user into the first account associated with the service.
  - 19. The method of claim 15, wherein the verification information is received from the fourth computing device via a fifth computing device to which the fourth computing device sends the verification information and a request to send the verification information to the first computing device.
  - 20. The method of claim 15, wherein the information is a first information, wherein the verification information is further based on a second information from the fourth computing device, the first and second information configured for authenticating the user associated with the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Thun, Philipp
Primary Examiner(s)
Dinh, Minh

Application Number

US15/629,300
Publication Number

US 20170295162A1
Time in Patent Office

776 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/43   wireless channels

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04W 12/068   using credential vaults, e....

Computer-implemented method for mobile authentication and corresponding computer system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Computer-implemented method for mobile authentication and corresponding computer system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links