Authentication on thin clients using independent devices

US 10,523,665 B2
Filed: 02/03/2017
Issued: 12/31/2019
Est. Priority Date: 02/03/2017
Status: Active Grant

First Claim

Patent Images

1. A method for performing authentication on a thin client using a mobile device, the method comprising:

maintaining, by an authentication service that executes on a server, mappings, each of the mappings linking mobile device information for a particular mobile device to a domain identity of a particular user and linking the domain identity of the particular user to a particular thin client desktop;

executing, on a first mobile device, a mobile application;

authenticating, by the mobile application, a first user of the first mobile device, wherein the mobile application authenticates the first user by employing an authentication architecture of the first mobile device;

after authenticating the first user by employing the authentication architecture of the first mobile device, sending, by the mobile application, an authentication notification to the authentication service, the authentication notification indicating that the first user has been authenticated on the first mobile device, the authentication notification including mobile device information that identifies the first mobile device;

in response to receiving the authentication notification, comparing, by the authentication service, the mobile device information that was included in the authentication notification to the mappings;

based on the comparison, determining, by the authentication service, that a first mapping of the mappings links the mobile device information that was included in the authentication notification to a domain identity of the first user;

determining, by the authentication service, that the first mapping links the domain identity of the first user to a first thin client desktop;

in response to receiving the authentication notification that indicates that the first user has been authenticated on the first mobile device and based on the first mapping linking the mobile device information that was included in the authentication notification to the domain identity of the first user, sending, by the authentication service, a logon command to an agent on a thin client including providing login information for the domain identity of the first user; and

in response to receiving the logon command, logging, by the agent on the thin client, the first user into the first thin client desktop that is linked to the domain identity of the first user such that the first user is logged into the first thin client desktop on the thin client based on the authentication of the first user that employed the authentication architecture of the first mobile device rather than requiring the first user to input credentials to the thin client.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authentication can be performed on thin clients using independent mobile devices. Because many users have smart phones or other similar mobile devices that include biometric scanners, such mobile devices can be leveraged to perform authentication of users as part of logging in to a thin client desktop. A mapping can be created on a central server between a user'"'"'s mobile device and the user'"'"'s domain identity. A mapping can also be created between the user'"'"'s domain identity and the user'"'"'s thin client desktop. Then, when a user desires to log in to his thin client desktop, the user can employ the appropriate biometric scanner on his mobile device to perform authentication. The central server can then rely on this authentication to identify and log the user into his thin client desktop.

Citations

20 Claims

1. A method for performing authentication on a thin client using a mobile device, the method comprising:
- maintaining, by an authentication service that executes on a server, mappings, each of the mappings linking mobile device information for a particular mobile device to a domain identity of a particular user and linking the domain identity of the particular user to a particular thin client desktop;
  
  executing, on a first mobile device, a mobile application;
  
  authenticating, by the mobile application, a first user of the first mobile device, wherein the mobile application authenticates the first user by employing an authentication architecture of the first mobile device;
  
  after authenticating the first user by employing the authentication architecture of the first mobile device, sending, by the mobile application, an authentication notification to the authentication service, the authentication notification indicating that the first user has been authenticated on the first mobile device, the authentication notification including mobile device information that identifies the first mobile device;
  
  in response to receiving the authentication notification, comparing, by the authentication service, the mobile device information that was included in the authentication notification to the mappings;
  
  based on the comparison, determining, by the authentication service, that a first mapping of the mappings links the mobile device information that was included in the authentication notification to a domain identity of the first user;
  
  determining, by the authentication service, that the first mapping links the domain identity of the first user to a first thin client desktop;
  
  in response to receiving the authentication notification that indicates that the first user has been authenticated on the first mobile device and based on the first mapping linking the mobile device information that was included in the authentication notification to the domain identity of the first user, sending, by the authentication service, a logon command to an agent on a thin client including providing login information for the domain identity of the first user; and
  
  in response to receiving the logon command, logging, by the agent on the thin client, the first user into the first thin client desktop that is linked to the domain identity of the first user such that the first user is logged into the first thin client desktop on the thin client based on the authentication of the first user that employed the authentication architecture of the first mobile device rather than requiring the first user to input credentials to the thin client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the mobile device information that identifies the first mobile device includes one or more of an IMEI number, a phone number, or a MAC address of the first mobile device.
  - 3. The method of claim 1, wherein the domain identity of the first user comprises a username.
  - 4. The method of claim 1, wherein the first thin client desktop is a local desktop.
  - 5. The method of claim 1, wherein the first thin client desktop is a remote desktop.
  - 6. The method of claim 1, wherein the login information includes authentication information that was received from the first mobile device in the authentication notification.
  - 7. The method of claim 1, further comprising;
    - prior to sending the logon command, evaluating, by the authentication service, the authentication notification against one or more policies.
  - 8. The method of claim 7, wherein the one or more policies are identified based on the domain identity of the first user.
  - 9. The method of claim 1, further comprising:
    - sending, by the authentication service, an authentication confirmation to the mobile application; and
      
      in response to the authentication confirmation, receiving, by the authentication service, a desktop launch request from the mobile application;
      
      wherein the authentication service sends the logon command in response to receiving the desktop launch request.
  - 10. The method of claim 9, wherein the authentication confirmation includes a token, the method further comprising:
    - validating a token received by the thin client against the token that was included in the authentication confirmation.
  - 11. The method of claim 1, wherein the login information includes a username and password for the domain identity of the first user.
  - 12. The method of claim 1, further comprising:
    - sending a Wake-On-LAN command to the agent.
  - 13. The method of claim 1, wherein the authentication architecture of the first mobile device is a biometric-based authentication architecture.
  - 14. The method of claim 1, wherein the first mobile device is a smart phone.
  - 15. The method of claim 1, wherein the thin client to which the logon command is sent is selected based on input from the first user, or based on an identification of the thin client that is associated with the first thin client desktop.

16. One or more non-transitory computer storage media storing computer-executable instructions which when executed implement a method comprising:
- maintaining, by an authentication service that executes on a server, mappings, each of the mappings linking mobile device information for a particular mobile device to a domain identity of a particular user and linking the domain identity of the particular user to a particular thin client desktop;
  
  executing, on a first mobile device, a mobile application;
  
  authenticating, by the mobile application, a first user of the first mobile device, wherein the mobile application authenticates the first user by employing an authentication architecture of the first mobile device;
  
  after authenticating the first user by employing the authentication architecture of the first mobile device, sending, by the mobile application, an authentication notification to the authentication service, the authentication notification indicating that the first user has been authenticated on the first mobile device, the authentication notification including mobile device information that identifies the first mobile device;
  
  in response to receiving the authentication notification, comparing, by the authentication service, the mobile device information that was included in the authentication notification to the mappings;
  
  based on the comparison, determining, by the authentication service, that a first mapping of the mappings links the mobile device information that was included in the authentication notification to a domain identity of the first user;
  
  determining, by the authentication service, that the first mapping links the domain identity of the first user to a first thin client desktop;
  
  in response to receiving the authentication notification, sending, by the authentication service, a logon command to an agent on a thin client;
  
  based on the first mapping linking the mobile device information that was included in the authentication notification to the domain identity of the first user, providing, by the authentication service, login information associated with the domain identity of the first user to the agent; and
  
  employing, by the agent, the login information to log the first user into the first thin client desktop on the thin client such that the first user is logged into the first thin client desktop on the thin client based on the authentication of the first user that employed the authentication architecture of the first mobile device rather than requiring the first user to input credentials to the thin client.
- View Dependent Claims (17, 18)
- - 17. The computer storage media of claim 16, wherein the method further comprises, prior to the agent employing the login information to log the first user into the first thin client desktop on the thin client:
    - sending, by the authentication service, a token to the mobile application;
      
      receiving, at the agent, the token; and
      
      validating the token received by the agent against the token sent by the authentication service.
  - 18. The computer storage media of claim 16, wherein the method further comprises:
    - evaluating, by the authentication service, the authentication notification against one or more policies.

19. A method for logging a user into a thin client desktop, the method comprising;
- maintaining, by an authentication service that executes on a server, mappings, each of the mappings linking mobile device information for a particular mobile device to a domain identity of a particular user and linking the domain identity of the particular user to a particular thin client desktop;
  
  executing, on a first mobile device, a mobile application;
  
  authenticating, by the mobile application, a first user of the first mobile device, wherein the mobile application authenticates the first user by employing an authentication architecture of the first mobile device;
  
  after authenticating the first user by employing the authentication architecture of the first mobile device, sending, by the mobile application, an authentication notification to the authentication service, the authentication notification indicating that the first user has been authenticated on the first mobile device, the authentication notification including mobile device information that identifies the first mobile device;
  
  in response to receiving the authentication notification, accessing, by the authentication service, the mappings using the mobile device information that identifies the first mobile device;
  
  determining, by the authentication service, that a first mapping of the mappings links the mobile device information that identifies the first mobile device to a domain identity of the first user and links the domain identity of the first user to a first thin client desktop;
  
  in response to the authentication notification and based on the determination, instructing, by the authentication service, an agent on a thin client to employ the domain identity of the first user to log the first user into the first thin client desktop on the thin client; and
  
  based on the instruction, logging, by the agent on the thin client, the first user into the first thin client desktop such that the first user is logged into the first thin client desktop on the thin client based on the authentication of the first user that employed the authentication architecture of the first mobile device rather than requiring the first user to input credentials to the thin client.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein instructing the agent on the thin client to employ the domain identity of the first user to log the first user into the first thin client desktop on the thin client comprises providing one or more of:
    - a password;
      
      orauthentication information that was included in the authentication notification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Marketing Corporation (Dell Technologies Inc.)
Original Assignee
Wyse Technology L.L.C. (Dell Technologies Inc.)
Inventors
Joshi, Salil, Kaushik, Puneet, Popli, Sumit, Dubey, Suruchi, Rombakh, Oleg, Raghavan, Varun
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
Mahmoudi, Rodman Alexander

Application Number

US15/423,715
Publication Number

US 20180227296A1
Time in Patent Office

1,061 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04W 12/06   Authentication

Authentication on thin clients using independent devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication on thin clients using independent devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links