SYSTEM AND METHOD FOR INTEGRATING TWO-FACTOR AUTHENTICATION IN A DEVICE

US 20140245396A1
Filed: 02/24/2014
Published: 08/28/2014
Est. Priority Date: 02/22/2013
Status: Active Grant

First Claim

Patent Images

1. A method for a service provider with a device application to use a two-factor authentication service comprising:

at the two-factor authentication service, providing a two-factor authentication software development kit;

configuring at least one service provider with software development kit credentials;

enrolling a device application instance of an account into a two-factor authentication service on behalf of a service provider comprising;

receiving a secondary factor of authentication enrollment request of an account, the request received from the service provider,transmitting an activation code to the service provider,the service provider, transferring the activation code to a device application instance,the device application instance communicating the activation code to the multi-factor authentication service, andat the multi-factor authentication service, pairing the device application instance with the account through the activation code;

at the service provider, transmitting an authentication request to the two-factor authentication service, wherein the authentication request identifies the account;

at the two-factor authentication service, transmitting an authentication request to the device application instance paired with the account;

at the device application instance, verifying the authentication request, rendering a user prompt from the authentication request with a service provider defined user interface, and transmitting a response to the multi-factor authentication service wherein the response is cryptographically secured with the software development kit credentials;

at the two-factor authentication service, determining a validity assessment of the response to the application request; and

transmitting the validity assessment to the service provider.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing secondary-factor authentication with a third party application that can include enrolling a device application instance of an account into a secondary-factor authentication service on behalf of a service provider that includes at the secondary-factor authentication service, receiving a secondary factor of authentication enrollment request of an account, the request received from the service provider, transmitting an activation code, and pairing the device application instance with the account through the activation code; receiving an authentication request identifying the account; transmitting an authentication request to the device application instance paired with the account; validating a response to the application request; and transmitting an assessment to the service provider.

114 Citations

20 Claims

1. A method for a service provider with a device application to use a two-factor authentication service comprising:
- at the two-factor authentication service, providing a two-factor authentication software development kit;
  
  configuring at least one service provider with software development kit credentials;
  
  enrolling a device application instance of an account into a two-factor authentication service on behalf of a service provider comprising;
  
  receiving a secondary factor of authentication enrollment request of an account, the request received from the service provider,transmitting an activation code to the service provider,the service provider, transferring the activation code to a device application instance,the device application instance communicating the activation code to the multi-factor authentication service, andat the multi-factor authentication service, pairing the device application instance with the account through the activation code;
  
  at the service provider, transmitting an authentication request to the two-factor authentication service, wherein the authentication request identifies the account;
  
  at the two-factor authentication service, transmitting an authentication request to the device application instance paired with the account;
  
  at the device application instance, verifying the authentication request, rendering a user prompt from the authentication request with a service provider defined user interface, and transmitting a response to the multi-factor authentication service wherein the response is cryptographically secured with the software development kit credentials;
  
  at the two-factor authentication service, determining a validity assessment of the response to the application request; and
  
  transmitting the validity assessment to the service provider.

2. A method for providing secondary-factor authentication with a third party application comprising:
- enrolling a device application instance of an account into a secondary-factor authentication service on behalf of a service provider comprising;
  
  at the secondary-factor authentication service, receiving a secondary factor of authentication enrollment request of an account, the request received from the service provider,transmitting an activation code, andpairing the device application instance with the account through the activation code;
  
  receiving an authentication request identifying the account;
  
  transmitting an authentication request to the device application instance paired with the account;
  
  validating a response to the application request; and
  
  transmitting an assessment to the service provider.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. The method of claim 2, wherein the activation code is an activation universal resource identifier (URI);
    - and wherein pairing the device application instance with the account through the activation code comprises pairing the device application instance with the account in response to the device application instance accessing the activation URI.
  - 4. The method of claim 3, further comprising encoding the activation URI into a computer recognizable code and transmitting the computer recognizable code to the service provider.
  - 5. The method of claim 2, further comprising providing a secondary-factor authentication software development kit, wherein the secondary-factor authentication software development kit is configured to facilitate enrolling a coupled device application instance and configured to facilitate processing an authentication request received from the secondary-factor authentication service.
  - 6. The method of claim 5, further comprising configuring the service provider with software development kit credentials;
    - and wherein the secondary-factor authentication software development kit is further configured to cryptographically secure the response to the authentication request.
  - 7. The method of claim 5, further comprising providing a background device application, wherein the secondary-factor authentication software development kit is configured to direct authentication request processing operations to the background device application, and at the background device application, validating the authentication request and transmitting the response to the secondary-authentication service.
  - 8. The method of claim 2, further comprising providing a secondary device application;
    - receiving the authentication request at the secondary application from the device application; and
      
      at the secondary device application, validating the authentication request, rendering an interface according to customization directives of the device application, transmitting the response to the secondary-authentication service, and redirecting focus to the device application.

9. A method for using an authentication service comprising:
- enrolling a device application instance of an account into an authentication service on behalf of a service provider comprising;
  
  at a service platform, receiving an activation code of an authentication enrollment request,facilitating transfer of the activation code to the device application instance, andat the device application instance, communicating to the authentication service with the activation code;
  
  at the service platform, completing a primary authentication of the account and transmitting an authentication request to the multi-factor authentication service, wherein the authentication request identifies the account;
  
  at the device application instance, receiving the authentication request;
  
  at the device application instance, validating the authentication;
  
  at the device application instance, rendering an authentication interface and receiving a user selected response option;
  
  at the device application, transmitting a response to the authentication service according to the user selected response option;
  
  at the service platform, receiving an assessment of the service provider.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein at the device application, validating the authentication comprises validating the authentication request through a software development kit of the authentication service.
  - 11. The method of claim 10, wherein the activation code is an activation universal resource identifier (URI);
    - and wherein communicating to the authentication service comprises communicating device addressing information to the activation URI.
  - 12. The method of claim 11, wherein the activation URI is a computer recognizable code;
    - and further comprising at the device application, reading the computer recognizable code.

13. A method for providing an authentication service with a third party application comprising:
- providing an authentication software development kit configured to facilitate generating a single-use passcode;
  
  enrolling a device application instance of an account into the authentication service on behalf of a service provider comprising;
  
  at the authentication service, receiving a secondary factor of authentication enrollment request of an account, wherein the request is received from the service provider,transmitting an activation code that configures a passcode generation service of the authentication software development kit, andreceiving an authentication request;
  
  at the authentication service, receiving a submitted passcode and determining a validity assessment of the submitted passcode; and
  
  transmitting the validity assessment to the service provider.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, further comprising generating a passcode in a device application.
  - 15. The method of claim 14, wherein the authentication request includes the passcode.
  - 16. The method of claim 13, further comprising providing a secondary device application;
    - at the secondary device application, validating the authentication request, rendering an interface according to customization configuration of the service provider, generating a passcode, and redirecting focus to the device application.
  - 17. The method of claim 15, further comprising at the secondary device application, rendering the passcode in a user interface.
  - 18. The method of claim 13, further comprising providing a background device application, wherein the secondary-factor authentication software development kit is configured to direct authentication request processing operations to the background device application, and at the background device application, validating the authentication request and transmitting the response to the secondary-authentication service.
  - 19. The method of claim 13, wherein enrolling a device application instance further comprises pairing the device application instance with the account through the activation code, and wherein the authentication request includes a selection of an authentication mode from the set of options that comprises at least a passcode option and an application notification option;
    - wherein if the selection is the application notification option, transmitting an authentication request to the device application paired with the account and validating a response to the application request.
  - 20. The method of claim 17, wherein if the selection of the application notification option is not explicit, automatically selecting an application notification option according to the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Douglas

Granted Patent

US 9,338,156 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

SYSTEM AND METHOD FOR INTEGRATING TWO-FACTOR AUTHENTICATION IN A DEVICE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

114 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR INTEGRATING TWO-FACTOR AUTHENTICATION IN A DEVICE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links