Authentication Techniques Utilizing a Computing Device

US 20130097682A1
Filed: 10/13/2011
Published: 04/18/2013
Est. Priority Date: 10/13/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium comprising computer-executable instructions that, when executed by a computing device, cause the computing device at least to:

establish a data session with an authentication server for authenticating a user to utilize a service;

send a device ID over the data session to the authentication server;

receive a sample phrase over the data session;

present a voiceprint matching prompt on a display of the computing device, the voiceprint matching prompt comprising a request for the user to speak the sample phrase;

receive a speech input of the sample phrase; and

transmit the speech input to the authentication server via the data session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A pre-registration procedure is utilized to create a user profile for a user of a multi-factor authentication (“MFA”) service. A client application installation procedure is utilized to install a client application on a computing device that is to be utilized as an authentication factor for the MFA service. A computing device enrollment procedure is utilized to enroll the computing device on which the client application was installed for the MFA service. A voice enrollment procedure is utilized to create a voice print for the user of the computing device that is to be utilized as an authentication factor for the MFA service. An authentication procedure is utilized to provide multi-factor authenticated access to a service, such as an online service that provides access to sensitive account information.

448 Citations

20 Claims

1. A computer-readable storage medium comprising computer-executable instructions that, when executed by a computing device, cause the computing device at least to:
- establish a data session with an authentication server for authenticating a user to utilize a service;
  
  send a device ID over the data session to the authentication server;
  
  receive a sample phrase over the data session;
  
  present a voiceprint matching prompt on a display of the computing device, the voiceprint matching prompt comprising a request for the user to speak the sample phrase;
  
  receive a speech input of the sample phrase; and
  
  transmit the speech input to the authentication server via the data session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-readable storage medium of claim 1, further comprising computer-executable instructions that, when executed by the computing device, cause the computing device at least to:
    - receive a notification comprising an indication of the service for which authentication is required;
      
      present the notification on the display of the computing device; and
      
      receive an input to proceed;
      
      wherein the instructions to present the voiceprint matching prompt comprise instructions to present the voiceprint matching in response to receiving the input to proceed with the authentication procedure, and wherein the instructions to establish the data session comprise instructions to establish the data session in response to receiving the notification.
  - 3. The computer-readable storage medium of claim 2, further comprising computer-executable instructions that, when executed by the computing device, cause the computing device at least to:
    - present an authentication prompt requesting input of an authentication credential;
      
      receive an input of the authentication credential; and
      
      send the authentication credential to the authentication server.
  - 4. The computer-readable storage medium of claim 3, further comprising computer-executable instructions that, when executed by the computing device, cause the computing device at least to:
    - receive a second sample phrase over the data session;
      
      present the voiceprint matching prompt on the display of the computing device, the voiceprint matching prompt comprising a request for the user to speak the second sample phrase;
      
      receive a second speech input of the second sample phrase; and
      
      transmit the second speech input to the authentication server via the data session.
  - 5. The computer-readable storage medium of claim 1, wherein the sample phrase comprises a challenge phrase comprising a rewording of a challenge question as a statement comprising a blank portion in which the user is requested to speak the challenge question and an answer to the challenge question.
  - 6. The computer-readable storage medium of claim 1, further comprising computer-executable instructions that, when executed by the computing device, cause the computing device at least to receive a message specifying that an authentication process is complete.
  - 7. The computer-readable storage medium of claim 1, wherein the sample phrase comprises a challenge question and the speech input comprises an answer to the challenge question.
  - 8. The computer-readable storage medium of claim 1, wherein a device-specific artifact is inserted in the speech input of the sample phrase, the device-specific artifact being inserted in the speech input of the sample phrase in accordance with an artifacting scheme that is known by the authentication server.
  - 9. The computer-readable storage medium of claim 1, wherein the sample phrase is a voice passphrase provided by the user in a user profile created during a pre-registration procedure.

10. A computer-readable storage medium comprising computer-executable instructions that, when executed by an authentication server computer, cause the authentication server computer at least to:
- receive an authentication request comprising a request to authenticate a user;
  
  in response to receiving the authentication request, generate a notification request, the notification request comprising an indication of a service;
  
  send the notification request to the computing device;
  
  if the notification request is accepted, establish a data session with the computing device for authenticating the user;
  
  receive a device ID over the data session from the computing device;
  
  authenticate the computing device using the device ID;
  
  select a sample phrase for use to authenticate the user;
  
  send the sample phrase to the computing device;
  
  receive a speech input of the sample phrase as provided by the user at the computing device;
  
  generate a speaker verification request comprising the speech input;
  
  send the speaker verification request to a speech server computer;
  
  receive a speaker verification response from the speech server computer, the speaker verification response comprising words in the speech input and an indication of how well the speech input matches a voice print;
  
  in response to receiving the verification response, generate an authentication result notification comprising the indication of whether or not the user is authenticated to use the service; and
  
  send the authentication result notification to the provider server computer.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer-readable storage medium of claim 10, further comprising computer-executable instructions that, when executed by an authentication server computer, cause the authentication server computer at least to, prior to receiving the authentication request:
    - create a user profile for the user during a pre-registration procedure for a multi-factor authentication service, the user profile comprising the voice print, a device identifier for the computing device, and an authentication credential;
      
      wherein the voice print is created based at least in part upon one of the followinga phrase spoken by the user,an answer to a challenge question spoken by the user,a spoken answer to a challenge question provided by the user at the computing device, anda voice sample provided by the user for another service.
  - 12. The computer-readable storage medium of claim 11, wherein the notification request comprises a request for the user to input the authentication credential, and further comprising computer-executable instructions that, when executed by an authentication server computer, cause the authentication server computer at least to:
    - receive an input from the computing device;
      
      determine if the input is the authentication credential;
      
      if the input is the authentication credential, send the sample phrase to the computing device; and
      
      if the input is not the authentication credential, terminate the data session.
  - 13. The computer-readable storage medium of claim 12, further comprising computer-executable instructions that, when executed by the authentication server computer, cause the authentication server computer at least to:
    - select a second sample phrase for use to authenticate the user to access the service;
      
      send the second sample phrase to the computing device;
      
      receive a second speech input of the second sample phrase as provided by the user at the computing device;
      
      generate a second speech verification request comprising the second speech input;
      
      send the second speech verification request to a speech server computer; and
      
      receive a second speech verification response from the speech server computer, the second speech verification response comprising a second indication of whether or not the second speech input matches the voice print.
  - 14. The computer-readable storage medium of claim 10, wherein the sample phrase comprises a challenge phrase comprising a rewording of a challenge question as a statement comprising a blank portion in which the user is requested to speak the statement and an answer to the challenge question.
  - 15. The computer-readable storage medium of claim 10, further comprising computer-executable instructions that, when executed by the authentication server computer, cause the authentication server computer at least to send a message to the computing device, the message indicating that an authentication process is complete.
  - 16. The computer-readable storage medium of claim 10, wherein the sample phrase comprises a challenge question and the speech input comprises an answer to the challenge question.
  - 17. The computer-readable storage medium of claim 10, wherein device-specific artifact is inserted in the speech input of the sample phrase, the device-specific artifact being inserted in the speech input of the sample phrase in accordance with an artifacting scheme that is known by the authentication server.

18. A computer-implemented method for setting up a multi-factor authentication service for a user, the computer-implemented method comprising computer-implemented operations for:
- creating, at an authentication server computer, a user profile for the user for the multi-factor authentication service, the user profile comprising personal data of the user and an authentication credential selected by the user;
  
  generating, at the authentication server computer, a notification message comprising a link containing a one-time use encrypted token that is used to initiate, upon selection, download and subsequent installation of a multi-factor authentication client application on a computing device;
  
  sending, at the authentication server computer, the notification message to the computing device;
  
  receiving, at the authentication server computer, a token from the computing device in response to the computing device receiving a selection of the link included in the notification message;
  
  determining, at the authentication server computer, if the token is valid by comparing the token to the one-time use encrypted token contained in the link included in the notification message;
  
  if the authentication server computer determines that the token is valid,validating, at the authentication server computer, the multi-factor authentication client application that has been downloaded to and installed on the computing device,validating, at the authentication server computer, the computing device and saving a device identifier of the computing device to the user profile if the device identifier was not previously added to the user profile during creation of the user profile, andcreating, at the authentication server computer, a voice print for the user and saving the voice print in association with the user profile, the voice print being created by collecting data from the user directly or from existing speech databases to which the user has contributed speech data; and
  
  if the authentication server computer determines that the token is not valid, ending the method.
- View Dependent Claims (19, 20)
- - 19. The computer-implemented method of claim 18, wherein validating the computing device comprises, prior to validating the computing device:
    - generating a request for the authentication credential;
      
      sending the request for the authentication credential to the computing device;
      
      receiving an input from the computing device;
      
      comparing the input received from the computing device to the authentication credential to determine if the input is the same as the authentication credential;
      
      if the authentication server computer determines that the input is the same as the authentication credential, computing device, validating, at the authentication server computer, the computing device and saving a device identifier of the computing device to the user profile if the device identifier was not previously added to the user profile during creation of the user profile; and
      
      if the authentication server computer determines that the input is not the same as the authentication credential, ending the method.
  - 20. The computer-implemented method of claim 18, wherein creating the voice print comprises:
    - generating a request for a voice sample, the voice sample comprising a sample phrase or an answer to a challenge question selected during creation of the user profile;
      
      sending the request for the voice sample to the computing device;
      
      receiving a speech input in response to the request;
      
      determining if the speech input comprises the sample phrase or the answer to the challenge question selected during creation of the user profile;
      
      if the speech input comprises the sample phrase or the answer to the challenge question selected during the creation of the user profile, creating a voice print at least from the speech input; and
      
      if the speech input does not comprise the answer to the challenge question selected during the creation of the user profile, performing at least one of the following;
      
      generating a subsequent request for the voice sample and sending the subsequent request to the computing device;
      
      generating a subsequent request for a new voice sample, the new voice sample comprising a new sample phrase or a new answer to a new challenge question, and sending the subsequent request to the computing device; and
      
      ending the method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
Alton W. Drake II
Inventors
Zeljkovic, Ilija, Drake, Alton W. II, Garay, Juan A., Novack, Brian, Toretti, Gary A., Wilpon, Jay, Birkes, Jerry, Stent, Amanda Joy, Whitescarver, James, Andres, Robert J.

Granted Patent

US 9,021,565 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 3/167   Audio in a user interface, ...

H04L 63/0861   using biometrical features,...

H04L 63/0884   by delegation of authentica...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

Authentication Techniques Utilizing a Computing Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

448 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Authentication Techniques Utilizing a Computing Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

448 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others