Credential management using wearable devices

US 10,701,067 B1
Filed: 04/22/2016
Issued: 06/30/2020
Est. Priority Date: 04/24/2015
Status: Active Grant

First Claim

Patent Images

1. A method performed by an electronic device, the method comprising:

receiving, by the electronic device and from a server system over a communication network, an authentication request for a user, wherein the authentication request is associated with a request for access to a secured resource;

determining, by the electronic device, that a wearable device previously associated with the user is in proximity to the electronic device;

in response to determining that the wearable device previously associated with the user is in proximity to the electronic device, sending, by the electronic device, a notification to the wearable device that includes data that causes the wearable device to provide an approval option and a denial option;

receiving, by the electronic device, approval data indicating user selection of the approval option using the wearable device to approve access to the secured resource in response to the notification;

with the wearable device and the electronic device requesting neither credential data nor biometric data from the user after the electronic device receives the authentication request, authenticating, by the electronic device, the user based on the determination that the wearable device is in proximity to the electronic device; and

based on authenticating the user and based on receiving the approval data, providing, by the electronic device and to the server system over the communication network, data indicating approval of the authentication request associated with the request for access to the secured resource in response to receiving the approval data from the wearable device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer-readable medium storing executable instructions, for credential management using wearable devices. In some implementations, an authentication request for a user is received. It is determined that a wearable device previously associated with the user is in proximity to the electronic device. In response to determining that the wearable device associated with the user is in proximity to the electronic device, a notification is sent to the wearable device for output by the wearable device. Approval data is received indicating user interaction with the wearable device approving authentication in response to the notification. Data indicating approval of the authentication request is provided in response to receiving the approval data from the wearable device.

157 Citations

View as Search Results

21 Claims

1. A method performed by an electronic device, the method comprising:
- receiving, by the electronic device and from a server system over a communication network, an authentication request for a user, wherein the authentication request is associated with a request for access to a secured resource;
  
  determining, by the electronic device, that a wearable device previously associated with the user is in proximity to the electronic device;
  
  in response to determining that the wearable device previously associated with the user is in proximity to the electronic device, sending, by the electronic device, a notification to the wearable device that includes data that causes the wearable device to provide an approval option and a denial option;
  
  receiving, by the electronic device, approval data indicating user selection of the approval option using the wearable device to approve access to the secured resource in response to the notification;
  
  with the wearable device and the electronic device requesting neither credential data nor biometric data from the user after the electronic device receives the authentication request, authenticating, by the electronic device, the user based on the determination that the wearable device is in proximity to the electronic device; and
  
  based on authenticating the user and based on receiving the approval data, providing, by the electronic device and to the server system over the communication network, data indicating approval of the authentication request associated with the request for access to the secured resource in response to receiving the approval data from the wearable device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, comprising determining that the wearable device has been continuously worn since the user authenticated to the wearable device;
    - andwherein authenticating the user is based on determining that the wearable device has been continuously worn since the user authenticated to the wearable device.
  - 3. The method of claim 2, wherein determining that the wearable device has been continuously worn since the user authenticated to the wearable device comprises determining that the wearable device has been continuously worn based on skin sensor data or heartbeat data from the wearable device.
  - 4. The method of claim 1, wherein determining, by the electronic device that the wearable device associated with the user is in proximity to the electronic device comprises:
    - receiving, by the electronic device, a signal from the wearable device over a short-range wireless connection; and
      
      determining that the wearable device is in proximity of the electronic device based on the received signal from the wearable device.
  - 5. The method of claim 1, wherein determining, by the electronic device, that the wearable device associated with the user is in proximity to the electronic device comprises determining that the wearable device has been registered with a user account for the user.
  - 6. The method of claim 1, wherein the wearable device is a watch.
  - 7. The method of claim 1, wherein the electronic device is a mobile phone, the mobile phone being configured to output an alert in response to receiving the authentication request when a wearable device is not in proximity to the mobile phone;
    - wherein the method includes determining, by the mobile phone, to not output the alert corresponding to the authentication request based on determining that the wearable device associated with the user is in proximity to the electronic device; and
      
      wherein sending the notification to the wearable device comprises sending the notification to the wearable device instead of outputting the alert at the mobile phone.
  - 8. The method of claim 1, wherein receiving the authentication request comprises receiving, by the electronic device, an authentication request from a resource device over a short-range wireless connection;
    - andwherein providing the data indicating approval of the authentication request comprises providing the data indicating approval of the authentication request to the resource device over the short-range wireless connection.
  - 9. The method of claim 1, further comprising:
    - determining, by the electronic device, that the wearable device is locked or has not been worn continuously since a most recent authentication of the user to the wearable device;
      
      in response to determining that the wearable device is locked or has not been worn continuously since the most recent authentication of the user to the wearable device, sending data to the wearable device requesting that the user authenticate to the wearable device; and
      
      receiving, by the electronic device, data indicating that the user authenticated to the wearable device;
      
      wherein providing the data indicating approval of the authentication request in response to receiving the approval data from the wearable device is based on data indicating that the user authenticated to the wearable device.
  - 10. The method of claim 1, wherein sending the sending the notification to the wearable device comprises forwarding the authentication request received by the electronic device to the wearable device.
  - 11. The method of claim 1, wherein the wearable device has a touchscreen display, and the notification from the electronic device is configured to cause the wearable device to display an approval control and a denial control on the touchscreen display of the wearable device, the approval control being configured to approve the authentication with a single interaction of the user.
  - 12. The method of claim 1, wherein receiving the authentication request comprises receiving an authentication request corresponding to a particular user credential issued to the user, the particular user credential being different from credentials of the user to access the electronic device and the wearable device.
  - 13. The method of claim 12, further comprising determining, by the electronic device, a policy associated with the particular credential;
    - wherein the policy indicates that an additional authentication factor is required when one or more conditions occur;
      
      and wherein the method further comprises;
      
      providing, by the electronic device, a notification requesting user input for the additional authentication factor;
      
      after providing the notification, receiving, by the electronic device, user input for the additional authentication factor; and
      
      based on the policy associated with the particular credential, providing, by the electronic device, the user input for the additional authentication factor to a server system.
  - 14. The method of claim 12, further comprising determining that the particular user credential is valid;
    - wherein sending the notification to the wearable device or providing the data indicating approval of the authentication request is performed in response to determining that the particular user credential is valid.
  - 15. The method of claim 1, wherein the request for access to the secured resource is a request initiated using a device other than the electronic device and the wearable device.
  - 16. The method of claim 1, wherein authenticating the user is performed without the electronic device receiving credential data from the wearable device and without the electronic device receiving biometric data from the wearable device.

17. One or more non-transitory computer-readable media storing instructions that, when executed by one or more processors of an electronic device, cause the electronic device to perform operations comprising:
- receiving, by the electronic device and from a server system over a communication network, an authentication request for a user, wherein the authentication request is associated with a request for access to a secured resource;
  
  determining, by the electronic device, that a wearable device previously associated with the user is in proximity to the electronic device;
  
  in response to determining that the wearable device previously associated with the user is in proximity to the electronic device, sending, by the electronic device, a notification to the wearable device that includes data that causes the wearable device to provide an approval option and a denial option;
  
  receiving, by the electronic device, approval data indicating user selection of the approval option using the wearable device to approve access to the secured resource in response to the notification;
  
  with the wearable device and the electronic device requesting neither credential data nor biometric data from the user after the electronic device receives the authentication request, authenticating, by the electronic device, the user based on the determination that the wearable device is in proximity to the electronic device; and
  
  based on authenticating the user and based on receiving the approval data, providing, by the electronic device and to the server system over the communication network, data indicating approval of the authentication request associated with the request for access to the secured resource in response to receiving the approval data from the wearable device.

18. An electronic device comprising:
- one or more processors; and
  
  one or more non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the electronic device to perform operations comprising;
  
  storing, by the electronic device, an identifier corresponding to a particular secured resource that is accessible using a credential of a user;
  
  providing, by the electronic device, the stored identifier corresponding to the particular secured resource to a server system;
  
  after providing the stored identifier, receiving, by the electronic device, a push notification initiated by the server system in response to an attempt by the user to access the particular secured resource;
  
  determining, by the electronic device, that a wearable device previously associated with the user is in proximity to the electronic device;
  
  in response to determining that the wearable device associated with the user is in proximity to the electronic device, forwarding, by the electronic device, the received push notification to the wearable device for output by the wearable device;
  
  receiving, by the electronic device, approval data indicating user interaction with the wearable device approving authentication in response to output of the push notification by the wearable device; and
  
  providing, by the electronic device and to the server system, data indicating approval of the authentication in response to receiving the approval data from the wearable device.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, wherein the operations further comprise:
    - scanning, by the electronic device, an optical machine-readable code that is displayed by a computing system and that corresponds to the particular secured resource; and
      
      deriving, by the electronic device, the identifier from the optical machine-readable code scanned by the electronic device.
  - 20. The system of claim 19, wherein the particular secured resource is a web page or a virtual private network.
  - 21. The system of claim 18, wherein the operations further comprise:
    - detecting, by the electronic device, the presence of a physical resource near the electronic device;
      
      determining, by the electronic device, that one of the credentials of the user provides access to the physical resource; and
      
      in response to detecting the presence of a physical resource near the electronic device and determining that one of the credentials of the user provides access to the physical resource transmitting, by the electronic device, data to the wearable device that causes the wearable device to indicate the physical resource to the user and provide an interactive user interface element that is selectable to initiate an action involving the physical resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microstrategy Incorporated
Original Assignee
Microstrategy Incorporated
Inventors
Ziraknejad, Siamak, Pena, Victor, Saylor, Michael J.
Primary Examiner(s)
Rashid, Harunur

Application Number

US15/136,449
Time in Patent Office

1,530 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/35   communicating wirelessly

G06F 21/604   Tools and structures for ma...

G06F 21/6209   to a single file or object,...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04W 12/06   Authentication

H04W 12/33   using wearable devices, e.g...

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

Credential management using wearable devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

157 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Credential management using wearable devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others