Device fingerprint based authentication
First Claim
1. An authentication method comprising, by execution of program instructions by an authentication system:
- maintaining a data repository that stores, for each of a plurality of registered user devices associated with a user account, a respective set of device attribute values, each set comprising values of a plurality of device attributes of the respective registered user device;
transmitting capture instructions over a network to an authenticating user device attempting to authenticate in association with the user account, wherein the capture instructions instruct the authenticating user device to generate and return device attribute values of the plurality of device attributes of the authenticating user device;
receiving a set of device attribute values of the authenticating user device, said set of device attribute values of the authenticating user device generated and returned by the authenticating user device in response to execution of the capture instructions;
determining that the set of device attribute values of the authenticating user device does not match any set of device attribute values of the plurality of registered user devices associated with the user account;
generating a score representing a degree of match between the set of device attribute values of the authenticating user device and the set of device attribute values of a first of the plurality of registered user devices, the degree of match being less than 100%; and
based at least partly on the score, performing an additional level of authentication of the authenticating user device; and
in response to determining that the score satisfies an update threshold, updating the data repository to reflect a change in the set of device attribute values of the first registered user device.
2 Assignments
0 Petitions
Accused Products
Abstract
A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.
80 Citations
16 Claims
-
1. An authentication method comprising, by execution of program instructions by an authentication system:
-
maintaining a data repository that stores, for each of a plurality of registered user devices associated with a user account, a respective set of device attribute values, each set comprising values of a plurality of device attributes of the respective registered user device; transmitting capture instructions over a network to an authenticating user device attempting to authenticate in association with the user account, wherein the capture instructions instruct the authenticating user device to generate and return device attribute values of the plurality of device attributes of the authenticating user device; receiving a set of device attribute values of the authenticating user device, said set of device attribute values of the authenticating user device generated and returned by the authenticating user device in response to execution of the capture instructions; determining that the set of device attribute values of the authenticating user device does not match any set of device attribute values of the plurality of registered user devices associated with the user account; generating a score representing a degree of match between the set of device attribute values of the authenticating user device and the set of device attribute values of a first of the plurality of registered user devices, the degree of match being less than 100%; and based at least partly on the score, performing an additional level of authentication of the authenticating user device; and in response to determining that the score satisfies an update threshold, updating the data repository to reflect a change in the set of device attribute values of the first registered user device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An authentication system, comprising:
-
a data repository that stores, for each of a plurality of registered user devices associated with a user account, a respective set of device attribute values, each set comprising values of a plurality of device attributes of the respective registered user device; a computer system comprising one or more processors, the computer system programmed with executable program instructions to implement an authentication process that comprises; transmitting capture instructions over a network to an authenticating user device attempting to authenticate in association with the user account, wherein the capture instructions instruct the authenticating user device to generate and return device attribute values of the plurality of device attributes of the authenticating user device; receiving a set of device attribute values of the authenticating user device, said set of device attribute values of the authenticating user device generated and returned by the authenticating user device in response to execution of the capture instructions; determining that the set of device attribute values of the authenticating user device does not match any set of device attribute values of the plurality of registered user devices associated with the user account; generating a score representing a degree of match between the set of device attribute values of the authenticating user device and the set of device attribute values of a first of the plurality of registered user devices, the degree of match being less than 100%; based at least partly on the score, performing an additional level of authentication of the authenticating user device; and in response to determining that the score satisfies an update threshold, updating the data repository to reflect a change in the set of device attribute values of the first registered user device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification