CONNECTED AUTHENTICATION DEVICE USING MOBILE SINGLE SIGN ON CREDENTIALS

US 20150121501A1
Filed: 10/31/2013
Published: 04/30/2015
Est. Priority Date: 10/31/2013
Status: Active Grant

First Claim

Patent Images

1. A device configured to enable a computer'"'"'s access to a secure online resource, the device comprising:

a processor;

a network interface including a subscriber identity module (SIM); and

a memory storing executable instructions for causing the processor to;

request, via the network interface and from a backend server, a Single Sign On PIN;

receive in response to the request the Single Sign On PIN from the backend server;

transmit, via the network interface and to a token server, the Single Sign On PIN and credentials of the SIM to request a token for accessing a secure online resource via a computer different from the device, the token being associated with a user account;

receive, via the network interface and from the token server, the token; and

store the token at the device to enable the computer'"'"'s access to the secure online resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for device-based authentication are disclosed. In some implementations, a device receives a Single Sign On PIN from a backend server. The device transmits, to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) to request a token for accessing a network resource via a computer different from the device. The token is associated with a user account. The device receives the token from the token server. The device stores the token at a local memory of the device.

54 Citations

View as Search Results

20 Claims

1. A device configured to enable a computer'"'"'s access to a secure online resource, the device comprising:
- a processor;
  
  a network interface including a subscriber identity module (SIM); and
  
  a memory storing executable instructions for causing the processor to;
  
  request, via the network interface and from a backend server, a Single Sign On PIN;
  
  receive in response to the request the Single Sign On PIN from the backend server;
  
  transmit, via the network interface and to a token server, the Single Sign On PIN and credentials of the SIM to request a token for accessing a secure online resource via a computer different from the device, the token being associated with a user account;
  
  receive, via the network interface and from the token server, the token; and
  
  store the token at the device to enable the computer'"'"'s access to the secure online resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device of claim 1, wherein the memory further stores executable instructions for causing the processor to:
    - receive from the computer a request for transmission of the token to the computer responsive to the computer'"'"'s request for access to the secure online resource;
      
      responsive to receiving the request from the computer, verify that the computer is being accessed by a user associated with the user account; and
      
      transmit the token to the computer upon verification that the computer is being accessed by the user associated with the user account.
  - 3. The device of claim 2, wherein the instructions for causing the processor to verify that the computer is being accessed by a user associated with the user account comprise instructions to:
    - determine, based on a geographic location of the computer and a geographic location of the device, that a geographic distance between the computer and the device is less than a geographic distance threshold.
  - 4. The device of claim 2, wherein the instructions for causing the processor to verify that the computer is being accessed by a user associated with the user account comprise instructions to:
    - determine that the computer is coupled with the device via a short-range radio connection.
  - 5. The device of claim 2, further comprising an accelerometer, wherein the memory further stores executable instructions for causing the processor to detect, via the accelerometer, an acceleration of the device corresponding to selecting a button with the device, the button being on the computer for signaling the computer to retrieve the token from the device.
  - 6. The device of claim 2, wherein the memory further stores executable instructions for causing the processor to receive the request from the computer and transmit the token to the via a short-range radio connection established by a short-range radio interface between the device and the computer.
  - 7. The device of claim 2, wherein the token is transmitted to the computer via the network interface and via a proxy server.
  - 8. The device of claim 1, wherein the device is a key fob.
  - 9. The device of claim 1, wherein the token for accessing the network resource comprises one or more of a username, a password, or a certificate.
  - 10. The device of claim 1, wherein the device is unable to use the token to enable the device'"'"'s access to the secure online resource.

11. A method to enable a computer'"'"'s access to a secure online resource, the method comprising:
- requesting, via a network interface of a device and from a backend server, a Single Sign On PIN;
  
  receiving, at the device, in response to the request the Single Sign On PIN from the backend server;
  
  transmitting, via the network interface and to a token server, the Single Sign On PIN and credentials of a SIM of the device to request a token for accessing a secure online resource via a computer different from the device, the token being associated with a user account;
  
  receiving, via the network interface and from the token server, the token; and
  
  storing the token at the device to enable the computer'"'"'s access to the secure online resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising:
    - receiving from the computer a request for transmission of the token to the computer responsive to the computer'"'"'s request for access to the secure online resource;
      
      responsive to receiving the request from the computer, verifying that the computer is being accessed by a user associated with the user account; and
      
      transmitting the token to the computer upon verification that the computer is being accessed by the user associated with the user account.
  - 13. The method of claim 12, wherein verifying that the computer is being accessed by a user associated with the user account comprises:
    - determining, based on a geographic location of the computer and a geographic location of the device, that a geographic distance between the computer and the device is less than a geographic distance threshold.
  - 14. The method of claim 12, verifying that the computer is being accessed by a user associated with the user account comprises:
    - determining that the computer is coupled with the device via a short-range radio connection.
  - 15. The method of claim 12, further comprising detecting, via an accelerometer, an acceleration of the device corresponding to selecting a button with the device, the button being on the computer for signaling the computer to retrieve the token from the device.
  - 16. The method of claim 12, further comprising receiving the request from the computer and transmitting the token to the via a short-range radio connection established by a short-range radio interface between the device and the computer.
  - 17. The method of claim 12, wherein the token is transmitted to the computer via the network interface and via a proxy server.
  - 18. The method of claim 11, wherein the device is a key fob.

19. A method comprising:
- requesting, at a computer, access to a secure online resource requiring login credentials;
  
  requesting, at the computer and from a connected device, in response to requesting access to the secure online resource, a token for accessing the secure online resource, wherein the token represents the login credentials;
  
  receiving, at the computer and from the connected device, the token in response to a verification that the computer and the connected device are associated with a same user;
  
  transmitting, from the computer and to a web server associated with the secure online resource, the login credentials represented by the token; and
  
  receiving, at the computer, access to the secure online resource based on the login credentials represented by the token.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the verification that the computer and the connected device are associated with the same user comprises a verification that a geographic distance between the computer and the connected device is less than a geographic distance threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
KHALID, Mohammad Raheel, BERMAN, Paul, KIM, Ji Hoon, BRUNO, Corey Michael, CALDEIRA DE ANDRADA, Mauricio Pati, VAIDYA, Samir

Granted Patent

US 10,135,805 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/30   Security of mobile devices;...

H04W 12/63   Location-dependent; Proximi...

CONNECTED AUTHENTICATION DEVICE USING MOBILE SINGLE SIGN ON CREDENTIALS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONNECTED AUTHENTICATION DEVICE USING MOBILE SINGLE SIGN ON CREDENTIALS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links