MULTI-FACTOR AUTHENTICATION USING A UNIQUE IDENTIFICATION HEADER (UIDH)

US 20130318581A1
Filed: 05/22/2012
Published: 11/28/2013
Est. Priority Date: 05/22/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a first server device and from a user device, information associated with a request to receive a service from a second server device, the information including a unique identifier,an identifier, associated with the user, being encoded with a key to obtain the unique identifier;

extracting, by the first server device, the unique identifier from the information associated with the request;

retrieving, from a memory associated with the first server device, the identifier, associated with the user, that corresponds to the unique identifier;

obtaining, by the first server device, an indication whether the identifier, associated with the user, is trusted;

performing, by the first server device, one or more additional authentication operations on the user when the identifier, associated with the user, is trusted; and

transmitting, by the first server device and to the second server device, a notification that indicates that the user is authenticated when the one or more additional authentication operations indicate that the user device is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is configured to receive, from a user device, information associated with a request to receive a service from a server device, the information including a unique identifier, an identifier, associated with a user of the user device, being encoded with a key to obtain the unique identifier. The system may also be configured to extract the unique identifier from the information; retrieve, from a memory, the identifier, associated with the user, that corresponds to the unique identifier; obtain an indication whether the identifier, associated with the user, is trusted; perform one or more additional authentication operations on the user when the identifier, associated with the user, is trusted; and transmit, to the server device, a notification that indicates that the user is authenticated when the one or more additional authentication operations indicate that the user device is authenticated.

58 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a first server device and from a user device, information associated with a request to receive a service from a second server device, the information including a unique identifier,an identifier, associated with the user, being encoded with a key to obtain the unique identifier;
  
  extracting, by the first server device, the unique identifier from the information associated with the request;
  
  retrieving, from a memory associated with the first server device, the identifier, associated with the user, that corresponds to the unique identifier;
  
  obtaining, by the first server device, an indication whether the identifier, associated with the user, is trusted;
  
  performing, by the first server device, one or more additional authentication operations on the user when the identifier, associated with the user, is trusted; and
  
  transmitting, by the first server device and to the second server device, a notification that indicates that the user is authenticated when the one or more additional authentication operations indicate that the user device is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where retrieving the identifier, associated with the user, further includes:
    - identifying another unique identifier, of a list of unique identifiers that is stored in the memory, that matches the unique identifier; and
      
      retrieving, from the memory, the identifier, associated with the user, that corresponds to the other unique identifier.
  - 3. The method of claim 2, where obtaining the indication whether the identifier, associated with the user, is trusted further includes:
    - retrieving, from the memory, an indicator that corresponds to the identifier associated with the user; and
      
      transmitting, to the second server device, a notification that the user cannot be authenticated when the indicator indicates that the identifier, associated with the user, is not trusted.
  - 4. The method of claim 1, further comprising:
    - determine whether the user device is associated with two more users, when the identifier, associated with the user, is trusted; and
      
      transmitting the notification that the user is authenticated when the user device is not associated with two or more users.
  - 5. The method of claim 4, further comprising:
    - sending, to the user device, a request for first information, associated with the user, when the user device is associated with two or more users;
      
      receiving, from the user device, the first information;
      
      retrieving, from the memory, second information, associated with the user, that corresponds to the identifier, associated with the user,the second information being provided by the user prior to receiving the information associated with the request;
      
      determining whether the first information matches the second information; and
      
      transmitting another notification that indicates whether the user is authenticated,the other notification indicating that the user is authenticated when the first information matches the second information, orthe other notification indicating that the user is not authenticated when the first information does not match the second information.
  - 6. The method of claim 4, further comprising:
    - sending, to the user device, a request for biometric information, associated with the user, when the user device is associated with two or more users;
      
      receiving, from the user device, the biometric information;
      
      retrieving, from the memory, other biometric information, associated with the user, that corresponds to the identifier, associated with the user,the other biometric information being provided by the user prior to receiving the information associated with the request;
      
      determining whether the received biometric information matches the other biometric information; and
      
      transmitting another notification that indicates whether the user is authenticated,the other notification indicating that the user is authenticated when the received biometric information matches the other biometric information, orthe other notification indicating that the user is not authenticated when the received biometric information does not match the other biometric information.
  - 7. The method of claim 4, further comprising:
    - identifying a level of authentication with which to perform the one or more authentication operations;
      
      performing an authentication operation, of the one or more authentication operations, based on the identified level of authentication, the authentication operation corresponding to at least one of;
      
      a first authentication operation based on first user information when the level of authentication corresponds to a first level of authentication,a second authentication operation based on second user information when the level of authentication corresponds to a second level of authentication, the second level of authentication being higher than the first level of authentication and the second user information being different than the first user information, ora third authentication operation based on at least biometric information, associated with the user, when the level of authentication corresponds to a third level of authentication, the third level of authentication being higher than the second level of authentication.

8. A device comprising:
- a memory to store a list of identifiers associated with a plurality of users of user devices and a list of encoded identifiers that corresponds to the list of identifiers, each encoded identifier, of the list of encoded identifiers, corresponding to a different one of the list of identifiers; and
  
  one or more processors to;
  
  receive, from a user device, information associated with a request to access a server device,extract a first encoded identifier from the information associated with the request,identify a second encoded identifier, of the list of encoded identifiers, that matches the first encoded identifier,determine an identifier, of the list of identifiers and associated with a user of the user device, that corresponds to the second encoded identifier,determine whether the user device is associated with two or more users when the identifier is trusted,transmit, to the user device, a request for first information associated with the user when the user device is associated with the two or more users;
  
  receive, from the user device, the first information, the first information being provided by the user, via the user device, as a result of the request for the first information;
  
  determine whether the first information matches stored second information, associated with the user, that corresponds to the identifier, the second information being obtained from the user prior to receiving the request to access the server device, andtransmit, to the server device, a notification indicating that the user is authenticated when the first information matches the second information.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device of claim 8, where the one or more processors are further to:
    - transmit, to the user device or the server device, a notification indicating that the user is not authenticated when the first information does not match the second information.
  - 10. The device of claim 8, where the first encoded identifier is based on the identifier and a key, the key expiring after a point in time;
    - andwhere the one or more processors are further to;
      
      determine that the first encoded identifier has not expired when the information, associated with the request, is received before the point in time; and
      
      identify the second encoded identifier when the first encoded identifier has not expired.
  - 11. The device of claim 8, where the one or more processors are further to:
    - obtain an indication that identifies whether the identifier is trusted; and
      
      transmit the notification indicating that the user is authenticated;
      
      when the identifier is trusted,when the user device is not associated with the two or more users, andwhen the first information matches the second information.
  - 12. The device of claim 8, where the one or more processors are further to:
    - determine that the user device is not associated with the two or more users,obtain information that identifies whether the server device desires one or more additional authentications to be performed on the user, andtransmit, to the server device, a notification indicating that the user is authenticated when the information indicates that the server device does not desire the one or more additional authentication operations to be performed.
  - 13. The device of claim 12, where the one or more processors are further to:
    - identify a level of authentication with which to perform the one or more authentication operations when the information indicates that the server device desires the one or more additional authentication operations to be performed,perform an authentication operation, of the one or more authentication operations, based on the identified level of authentication, the authentication operation corresponding to at least one of;
      
      a first authentication operation based on the first information when the level of authentication corresponds to a first level of authentication,a second authentication operation based on third information, associated with the user, when the level of authentication corresponds to a second level of authentication, the second level of authentication being higher than the first level of authentication and the third information being different than the first information, ora third authentication operation based on at least biometric information, associated with the user, when the level of authentication corresponds to a third level of authentication, the third level of authentication being higher than the second level of authentication.
  - 14. The device of claim 8, where the one or more processors are further to:
    - determine that the information associated with the request does not include the first encoded identifier,transmit, to the user device, an instruction to transmit the request to the device and via a particular device, the particular device causing the first encoded identifier to be stored in the request, andreceive the request via the particular device, the request, received via the particular device, including the first encoded identifier.

15. One or more computer-readable media, comprising:
- one or more instructions, which when executed by at least one processor, cause the at least one processor to;
  
  receive, from a user device, information associated with a request to access a server device, the request including an encoded identifier,an identifier, associated with the user, being encoded with a key to obtain the encoded identifier;
  
  obtain the identifier using the encoded identifier;
  
  determine whether the user device is associated with two or more users;
  
  provide, to the user device, a request for first information associated with the user when the user device is associated with the two or more users;
  
  receive, from the user device, second information associated with the user; and
  
  transmit a notification that indicates whether the user is authenticated,the notification indicating that the user is authenticated when the first information matches the second information, orthe notification indicating that the user is not authenticated when the first information does not match the second information.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more computer-readable media of claim 15, where the request for first information corresponds to a request for at least one of:
    - information provided by the user via a user interface displayed by the user device,biometric information associated with the user, ora combination of the information provided by the user via the user interface and the biometric information.
  - 17. The one or more computer-readable media of claim 15, where the one or more instructions, which when executed by the at least one processor, further cause the at least one processor to:
    - provide, to a particular server device, the identifier, the particular server device providing a service that identifies whether identifiers, associated with users of user devices, are trusted;
      
      receive, from the particular server device, an indication that the identifier is trusted; and
      
      provide, to the server device, a notification that the user is authenticated when the identifier is trusted and the user device is not associated with the two or more users.
  - 18. The one or more computer-readable media of claim 15, where the user device, corresponding to the two or more users, corresponds to a mobile wireless local area network via which one or more other user devices, associated with the two or more users, are communicating.
  - 19. The one or more computer-readable media of claim 18, where the one or more instructions, which when executed by the at least one processor, further cause the at least one processor to:
    - provide, to a particular server device, the identifier, the particular server device providing a service that identifies whether identifiers, associated with users of user devices, are trusted;
      
      receive, from the particular server device, an indication that the identifier is trusted; and
      
      provide, to the server device, a notification that the user is authenticated when the identifier is trusted and the user device is not associated with the two or more users.
  - 20. The one or more computer-readable media of claim 19, where the one or more instructions, which when executed by the at least one processor, further cause the at least one processor to:
    - provide, to a certain server device, the identifier, the certain server device providing a service that identifies whether user devices are associated with two or more users;
      
      receive, from the certain server device, an indication whether the user device is associated with the two or more users;
      
      perform one or more additional authentications, on the user, when the indication indicates that the user device is associated with the two or more users; and
      
      provide, to the server device, a notification that that the user is authenticated when the indication indicates that the user device is not associated with the two or more users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
COUNTERMAN, Raymond C.

Granted Patent

US 8,763,101 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

H04L 2209/80   Wireless network architectu...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04W 12/069   using certificates or pre-s...

H04W 84/12   WLAN [Wireless Local Area N...

MULTI-FACTOR AUTHENTICATION USING A UNIQUE IDENTIFICATION HEADER (UIDH)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

58 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-FACTOR AUTHENTICATION USING A UNIQUE IDENTIFICATION HEADER (UIDH)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links