TECHNIQUES FOR MOBILE DEVICE AUTHENTICATION

US 20120110329A1
Filed: 10/29/2010
Published: 05/03/2012
Est. Priority Date: 10/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:

initially authenticating a mobile device for a user a first time;

acquiring policy that defines information that the mobile device is to collect for multifactor authentication;

pushing the policy to the mobile device;

receiving from the mobile device the information, which the mobile device collected without interaction from the user based on the policy and at least some of the information external to the mobile device; and

performing authentication a second time using the information.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user authenticates a mobile device (MD) to a network-based service (NBS) for initial authentication. Policy is pushed from the NBS to the MD and the MD automatically obtains details about devices and attributes that are near or accessible to the MD in accordance with the policy. The details are pushed as a packet from the MD to the NBS and multifactor authentication is performed based on the details and the policy. If the multifactor authentication is successful, access privileges are set for the MD for accessing the NBS and perhaps for accessing local resources of the MD.

Citations

20 Claims

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- initially authenticating a mobile device for a user a first time;
  
  acquiring policy that defines information that the mobile device is to collect for multifactor authentication;
  
  pushing the policy to the mobile device;
  
  receiving from the mobile device the information, which the mobile device collected without interaction from the user based on the policy and at least some of the information external to the mobile device; and
  
  performing authentication a second time using the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising, setting access privileges for the mobile device and the user in a communication session for accessing network resources in response to successful authentication the second time.
  - 3. The method of claim 1 further comprising, sending to the mobile device an assertion or a token that proves authentication was successful the second time, the assertion or the token used by the mobile device to independently access network resources.
  - 4. The method of claim 1 further comprising, sending a command for the mobile device to lock down preventing the user from accessing the mobile device when the second authentication was unsuccessful.
  - 5. The method of claim 1 further comprising, sending a command for the mobile device to encrypt and block access to a number of local resources of the mobile device in response to access privileges set by authentication the second time.
  - 6. The method of claim 1 further comprising, dynamically revoking access privileges originally provided with successful authentication the second time based on detection of a termination event.
  - 7. The method of claim 1, wherein initially authenticating further includes receiving a user identifier and a user password that is validated for a successful authentication the first time.
  - 8. The method of claim 1, wherein acquiring further includes obtaining the policy based on a user identity for the user and a mobile device identity for the mobile device.
  - 9. The method of claim 1, wherein pushing further includes sending the policy to an automated authentication agent that processes on the mobile device without interaction from the user.
  - 10. The method of claim 1, wherein performing authentication the second time further includes using a second policy with the received information to determine whether authentication the second time is successful and to determine what access rights are to be set for the mobile device with respect to network resources and mobile device resources.

11. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- sending a request for initial authentication to a network-based service;
  
  receiving a policy that defines information to collect to complete subsequent authentication with the network-based service;
  
  using the policy to assemble the information at least some of which is external to a mobile device that the method process on;
  
  sending the assembled information to the network-based service; and
  
  receiving access rights back from the network-based service that defines network resources and mobile device resources that the mobile device can access and interact with.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein sending further includes automatically formulating the request and sending the request to the network-based service when the mobile device is powered on without any interaction from the user.
  - 13. The method of claim 11, wherein using further includes issuing a challenge response dialogue with a device in proximity to the mobile device when assembling the information to ensure the device is a correct device.
  - 14. The method of claim 11, wherein using further includes collecting at least some of the information as one or more of:
    - a blue tooth identifier for a blue tooth device in proximity to the mobile device, a radio frequency identifier (RFID) located on something in proximity to the mobile device, a service set identifier (SSID) of a device connected to a wireless network in proximity to the mobile device, and another device identifier to another device in proximity to the mobile device.
  - 15. The method of claim 11, wherein using further includes collecting all the information from devices that are external to the mobile device.
  - 16. The method of claim 11, wherein sending further includes generating a packet to represent the assembled information and providing the packet to the network-based service.
  - 17. The method of claim 11, wherein receiving further includes obtaining the access rights as a token or an assertion for use when accessing the network resources and mobile device resources.

18. A multi-processor implemented system, comprising:
- a server-authentication service configured and programmed on a non-transitory computer-readable medium and to execute on one or more processors of a server machine; and
  
  a mobile device authentication service configured and programmed on a non-transitory computer-readable medium and to execute on one or more of the processors of a mobile device;
  
  the server-authentication service is configured to perform a first authentication on the mobile device and push policy to the mobile device authentication service to gather external information that is external to the mobile device, which the mobile device authentication service is configured to assemble and provide back to the server-authentication service, the server-authentication service further configured to perform a second authentication on the mobile device in response to the assembled and provided back information and based thereon set access privileges for the mobile device with respect to accessing network resources and mobile device resources, the access privileges sent to the mobile device authentication service.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the server-authentication service is to send the access privileges to the mobile device authentication service as a token or an assertion.
  - 20. The system of claim 19, wherein the server-authentication service is configured to revoke the token or the assertion based on detection of a terminating event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Brown, Jeremy Ray, Sabin, Jason Allen, Kranendonk, Nathaniel Brent, Larsen, Kal A., Burch, Lloyd Leon

Granted Patent

US 8,639,926 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

H04L 2209/80   Wireless

H04L 9/3234   involving additional secure...

H04W 12/06   Authentication

H04W 12/082   using revocation of authori...

TECHNIQUES FOR MOBILE DEVICE AUTHENTICATION

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR MOBILE DEVICE AUTHENTICATION

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links