Proximity-based access

US 10,657,242 B1
Filed: 04/16/2018
Issued: 05/19/2020
Est. Priority Date: 04/17/2017
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computing device, the method comprising:

detecting, by the computing device, an attempt to access the computing device while the computing device is in a secured state;

in response to detecting the attempt to access the computing device, sending, by the computing device, a first message to a server system over a network;

after sending the first message, receiving, by the computing device, a second message from the server system over the network, the second message comprising authentication data transmitted to the server system by a mobile device that was previously designated as an authentication factor for accessing the computing device, wherein the authentication data is transmitted by the mobile device after the computing device sent the first message to the server system, and wherein the authentication data demonstrates authorization to access the computing device;

determining, by the computing device, that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within a predetermined level of proximity of the computing device; and

in response to determining that the computing device is located within the predetermined level of proximity of the computing device, and based on the received authentication data, granting, by the computing device, access to the computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for proximity-based access. In some implementations, a computing device detects an attempt to access the computing device while the computing device is in a secured state. In response to detecting the attempt to access the computing device, the computing device sends a first message to a server system over a network. After sending the message, the computing device receives a second message from the server system over the network, the second message comprising authentication data for the computing device. The computing device determines that a mobile device that was previously designated as an authentication factor for accessing the computing device is located within a predetermined level of proximity of the computing device, and the computing device grants access to the computing device.

Citations

20 Claims

1. A method performed by a computing device, the method comprising:
- detecting, by the computing device, an attempt to access the computing device while the computing device is in a secured state;
  
  in response to detecting the attempt to access the computing device, sending, by the computing device, a first message to a server system over a network;
  
  after sending the first message, receiving, by the computing device, a second message from the server system over the network, the second message comprising authentication data transmitted to the server system by a mobile device that was previously designated as an authentication factor for accessing the computing device, wherein the authentication data is transmitted by the mobile device after the computing device sent the first message to the server system, and wherein the authentication data demonstrates authorization to access the computing device;
  
  determining, by the computing device, that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within a predetermined level of proximity of the computing device; and
  
  in response to determining that the computing device is located within the predetermined level of proximity of the computing device, and based on the received authentication data, granting, by the computing device, access to the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising determining, by the computing device, a password from the authentication data in the second message;
    - wherein granting access to the computing device comprises providing the password to an operating system of the computing device.
  - 3. The method of claim 1, wherein the computing device receives the second message before determining that the computing device is located within the predetermined level of proximity of the computing device;
    - andwherein the method further comprises delaying granting access to the computing device until after determining that the computing device is located within the predetermined level of proximity of the computing device.
  - 4. The method of claim 1, wherein determining, by the computing device, that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within the predetermined level of proximity of the computing device comprises:
    - determining that the mobile device that is located within the predetermined level of proximity is the same mobile device that transmitted, to the server system, the authentication data that the server system sent to the computing device.
  - 5. The method of claim 1, further comprising determining, by the computing device, that detection of the presence of the mobile device within the predetermined level of proximity of the computing device occurs within a predetermined time period from transmission of the first message or receipt of the authentication data;
    - wherein access to the computing device is granted based on the determination that detection of the presence of the mobile device within the predetermined level of proximity of the computing device occurs within the predetermined time period of the transmission of the first message or the receipt of the authentication data.
  - 6. The method of claim 1, wherein determining that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within the predetermined level of proximity of the computing device comprises:
    - receiving, by the computing device, a third message from the mobile device over a direct, wireless radio-frequency communication channel;
      
      determining, by the computing device, that a signal strength with which the third message was received satisfies a signal strength threshold; and
      
      determining, by the computing device, that the third message includes a device identifier for the mobile device that matches a device identifier for a mobile device previously registered with the computing device as an authentication token for accessing the computing device.
  - 7. The method of claim 1, wherein receiving data indicating an attempt to access the computing device while the computing device is in a secured state comprises receiving data indicating that the computing device has been powered on, woken from a low-power state, or received user input from a locked state.
  - 8. The method of claim 1, wherein granting access to the computing device comprises unlocking the computing device.
  - 9. The method of claim 1, receiving, by the computing device, a second message from the server system over the network comprises receiving encrypted data in the second message, wherein the encrypted data was generated by the mobile device and comprises an encrypted form of a password;
    - wherein the method further comprises decrypting the password; and
      
      wherein granting access to the computing device comprises providing the password to software executing on the computing device to enable access to the computing device.
  - 10. The method of claim 9, wherein decrypting the password and providing the password are performed by an agent executing on the computing device along with an operating system of the computing device, the agent having permission to provide passwords to the operating system of the computing device;
    - andwherein providing the password to software executing on the computing device to enable access to the computing device comprises passing, by the agent executing on the computing device, the password to the operating system of the computing device.
  - 11. The method of claim 1, wherein determining that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within the predetermined level of proximity of the computing device comprises receiving a communication from the mobile device over a direct wireless communication link.
  - 12. The method of claim 11, wherein the direct wireless communication link is a Bluetooth communication link, and wherein determining that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within the predetermined level of proximity of the computing device comprises determining that the mobile device has previously been paired with the computing device over the Bluetooth communication link.
  - 13. The method of claim 1, wherein determining that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within the predetermined level of proximity of the computing device comprises:
    - communicating by the computing device with the mobile device using a link key established during pairing of the mobile device with the computing device using hardware-level Bluetooth pairing managed by an operating system of the computing device.
  - 14. The method of claim 1, wherein granting access to the computing device comprises unlocking a user interface of the computing device, initiating a new user session on the computing device, resuming an existing user session on the computing device, authenticating a user to the computing device, or logging a user into a user account.
  - 15. The method of claim 1, wherein granting access to the computing device comprises providing a user access to a user interface of the computing device that was unavailable prior to authentication of the user, the access being provided without user input being entered to the computing device or the mobile device between detecting the attempt to access the computing device and providing access to the user interface.
  - 16. The method of claim 1, further comprising:
    - in response to receiving the message from the mobile device, determining a signal strength of a wireless connection between the computing device and the mobile device; and
      
      determining that the signal strength satisfies a threshold level, wherein the threshold level corresponds to sufficient proximity to allow access to the computing device based on proximity of the mobile device;
      
      wherein granting access to the computing device is based at least in part on determining that the signal strength satisfies the threshold level.
  - 17. The method of claim 16, further comprising:
    - in response to receiving a wireless message from the mobile device, identifying, based on the wireless message, the mobile device or a user associated with the mobile device; and
      
      accessing data indicating a signal strength threshold designated for the mobile device or a user associated with the mobile device, wherein the signal strength threshold indicates a signal strength that represents a user-selected level of proximity for providing access to the computing device;
      
      wherein determining that the signal strength satisfies the threshold level comprises determining that the signal strength satisfies the signal strength threshold.
  - 18. The method of claim 1, wherein the authentication data comprises an encrypted password that was encrypted using a public key of the computing device;
    - andwherein the method comprises decrypting the encrypted password using a private key of the computing device that is stored at the computing device.

19. A computing device comprising:
- one or more processors; and
  
  one or more computer-readable media storing instructions that, when executed by the one or more processors, cause the computing device to perform operations comprising;
  
  detecting, by the computing device, an attempt to access the computing device while the computing device is in a secured state;
  
  in response to detecting the attempt to access the computing device, sending, by the computing device, a first message to a server system over a network;
  
  after sending the first message, receiving, by the computing device, a second message from the server system over the network, the second message comprising authentication data transmitted to the server system by a mobile device that was previously designated as an authentication factor for accessing the computing device, wherein the authentication data is transmitted by the mobile device after the computing device sent the first message to the server system, and wherein the authentication data demonstrates authorization to access the computing device;
  
  determining, by the computing device, that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within a predetermined level of proximity of the computing device; and
  
  in response to determining that the computing device is located within the predetermined level of proximity of the computing device, and based on the received authentication data, granting, by the computing device, access to the computing device.

20. One or more non-transitory computer-readable media storing instructions that, when executed by a computing device, cause the computing device to perform operations comprising:
- detecting, by the computing device, an attempt to access the computing device while the computing device is in a secured state;
  
  in response to detecting the attempt to access the computing device, sending, by the computing device, a first message to a server system over a network;
  
  after sending the first message, receiving, by the computing device, a second message from the server system over the network, the second message comprising authentication data transmitted to the server system by a mobile device that was previously designated as an authentication factor for accessing the computing device, wherein the authentication data is transmitted by the mobile device after the computing device sent the first message to the server system, and wherein the authentication data demonstrates authorization to access the computing device;
  
  determining, by the computing device, that the mobile device that was previously designated as an authentication factor for accessing the computing device is located within a predetermined level of proximity of the computing device; and
  
  in response to determining that the computing device is located within the predetermined level of proximity of the computing device, and based on the received authentication data, granting, by the computing device, access to the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microstrategy Incorporated
Original Assignee
Microstrategy Incorporated
Inventors
Xia, Feng, Ziraknejad, Siamak, Chen, Liang, Jia, Quan
Primary Examiner(s)
Le, Chau

Application Number

US15/954,100
Time in Patent Office

764 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2209/80   Wireless

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04W 12/08   Access security

H04W 12/50   Secure pairing of devices

H04W 12/63   Location-dependent; Proximi...

H04W 12/77   Graphical identity

Proximity-based access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Proximity-based access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links