FINGERPRINT BASED AUTHENTICATION FOR SINGLE SIGN ON
First Claim
1. A computerized fingerprint-based authentication system comprising:
- one or more hardware processors configured to cause the authentication system to;
receive, over a network, a request for authentication by a user computing device associated with a user, the request resulting from a redirection operation sent to the user computing device from a network service requiring additional authentication of the user in addition to a password;
send, over the network, to the user computing device capture instructions, the capture instructions configured to cause the user computing device to collect a plurality of characteristic values of the user computing device, the plurality of the characteristic values representing at least two attributes of the user computing device;
receive, over the network, the plurality of characteristic values of the user computing device;
generate a device fingerprint value associated with the user computing device based on the plurality of characteristic values of the user computing device;
access a second device fingerprint value associated with the user computing device;
compare the device fingerprint value to the second device fingerprint value and determine if the comparison of the device fingerprint value and the second device fingerprint value indicates that the user computing device has been previously registered with the computerized fingerprint-based authentication system; and
when a determination is made that the user computing device has been previously registered with the computerized fingerprint-based authentication system, transmit an authentication token to the user computing device, the authentication token indicating that the user computing device was authenticated by a fingerprinting mechanism.
5 Assignments
0 Petitions
Accused Products
Abstract
A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.
85 Citations
21 Claims
-
1. A computerized fingerprint-based authentication system comprising:
one or more hardware processors configured to cause the authentication system to; receive, over a network, a request for authentication by a user computing device associated with a user, the request resulting from a redirection operation sent to the user computing device from a network service requiring additional authentication of the user in addition to a password; send, over the network, to the user computing device capture instructions, the capture instructions configured to cause the user computing device to collect a plurality of characteristic values of the user computing device, the plurality of the characteristic values representing at least two attributes of the user computing device; receive, over the network, the plurality of characteristic values of the user computing device; generate a device fingerprint value associated with the user computing device based on the plurality of characteristic values of the user computing device; access a second device fingerprint value associated with the user computing device; compare the device fingerprint value to the second device fingerprint value and determine if the comparison of the device fingerprint value and the second device fingerprint value indicates that the user computing device has been previously registered with the computerized fingerprint-based authentication system; and when a determination is made that the user computing device has been previously registered with the computerized fingerprint-based authentication system, transmit an authentication token to the user computing device, the authentication token indicating that the user computing device was authenticated by a fingerprinting mechanism. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A computerized method for authenticating a user in addition to a password, the method comprising:
by one or more hardware computer processors; receiving, over a network, a request for authentication by the user computing device associated with a user, the request resulting from a redirection operation sent to the user computing device from a network service requiring additional authentication of the user in addition to a password; sending, over the network, to the user computing device capture instructions, the capture instructions configured to cause the user computing device to collect a plurality of characteristic values of the user computing device, the plurality of the characteristic values representing at least two attributes of the user computing device; receiving, over the network, the plurality of characteristic values of the user computing device; generating a device fingerprint value associated with the user computing device based on the plurality of characteristic values of the user computing device; accessing a second device fingerprint value associated with the user; comparing the device fingerprint value to the second device fingerprint value and determine if the comparison of the device fingerprint value and the second device fingerprint value indicates that the user computing device has been previously registered with the computerized fingerprint-based authentication system; and when a determination is made that that the user computing device has been previously registered with the computerized fingerprint-based authentication system, transmitting an authentication token to the user computing device, the authentication token indicating that the user computing device was authenticated by a fingerprinting mechanism. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A non-transitory computer storage medium which stores a program comprising executable code that directs a computing device to perform a process that authenticates a user in addition to a password, comprising:
-
receiving, over a network, a request for authentication by the user computing device associated with a user, the request resulting from a redirection operation sent to the user computing device from a network service requiring additional authentication of the user in addition to a password; sending, over the network, to the user computing device capture instructions, the capture instructions configured to cause the user computing device to collect a plurality of characteristic values of the user computing device, the plurality of the characteristic values representing at least two attributes of the user computing device; receiving, over the network, the plurality of characteristic values of the user computing device; generating a device fingerprint value associated with the user computing device based on the plurality of characteristic values of the user computing device; accessing a second device fingerprint value associated with the user, the second device fingerprint value previously stored by a computerized fingerprint-based authentication system; comparing the device fingerprint value to the second device fingerprint value and determine if the comparison of the device fingerprint value and the second device fingerprint value indicates that the user computing device has been previously registered with a computerized fingerprint-based authentication system; and when a determination is made that the user computing device has been previously registered with the computerized fingerprint-based authentication system, transmitting an authentication token to the user computing device, the authentication token indicating that the user computing device was authenticated by a fingerprinting mechanism. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification