FINGERPRINT BASED AUTHENTICATION FOR SINGLE SIGN ON

US 20150237038A1
Filed: 02/13/2015
Published: 08/20/2015
Est. Priority Date: 02/18/2014
Status: Active Grant

First Claim

Patent Images

1. A computerized fingerprint-based authentication system comprising:

one or more hardware processors configured to cause the authentication system to;

receive, over a network, a request for authentication by a user computing device associated with a user, the request resulting from a redirection operation sent to the user computing device from a network service requiring additional authentication of the user in addition to a password;

send, over the network, to the user computing device capture instructions, the capture instructions configured to cause the user computing device to collect a plurality of characteristic values of the user computing device, the plurality of the characteristic values representing at least two attributes of the user computing device;

receive, over the network, the plurality of characteristic values of the user computing device;

generate a device fingerprint value associated with the user computing device based on the plurality of characteristic values of the user computing device;

access a second device fingerprint value associated with the user computing device;

compare the device fingerprint value to the second device fingerprint value and determine if the comparison of the device fingerprint value and the second device fingerprint value indicates that the user computing device has been previously registered with the computerized fingerprint-based authentication system; and

when a determination is made that the user computing device has been previously registered with the computerized fingerprint-based authentication system, transmit an authentication token to the user computing device, the authentication token indicating that the user computing device was authenticated by a fingerprinting mechanism.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.

85 Citations

View as Search Results

21 Claims

1. A computerized fingerprint-based authentication system comprising:
- one or more hardware processors configured to cause the authentication system to;
  
  receive, over a network, a request for authentication by a user computing device associated with a user, the request resulting from a redirection operation sent to the user computing device from a network service requiring additional authentication of the user in addition to a password;
  
  send, over the network, to the user computing device capture instructions, the capture instructions configured to cause the user computing device to collect a plurality of characteristic values of the user computing device, the plurality of the characteristic values representing at least two attributes of the user computing device;
  
  receive, over the network, the plurality of characteristic values of the user computing device;
  
  generate a device fingerprint value associated with the user computing device based on the plurality of characteristic values of the user computing device;
  
  access a second device fingerprint value associated with the user computing device;
  
  compare the device fingerprint value to the second device fingerprint value and determine if the comparison of the device fingerprint value and the second device fingerprint value indicates that the user computing device has been previously registered with the computerized fingerprint-based authentication system; and
  
  when a determination is made that the user computing device has been previously registered with the computerized fingerprint-based authentication system, transmit an authentication token to the user computing device, the authentication token indicating that the user computing device was authenticated by a fingerprinting mechanism.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computerized fingerprint-based authentication system of claim 1, wherein generation of the device fingerprint value comprises the application of a hash algorithm to at least a portion of the plurality of characteristic values.
  - 3. The computerized fingerprint-based authentication system of claim 1, wherein the at least two attributes of the user computing device comprise one or more of:
    - a browser type value,a plurality of browser plugin values,a plurality of browser flash fonts,at least one display resolution size value,at least one value associated with HTML5 local storage,at least one HTTP header value,at least one networking address value,a time zone value,a language value,a plurality of browser-accepted language values,a plurality of browser encoding values,an IP address value, andat least one value associated with browser cookie data.
  - 4. The computerized fingerprint-based authentication system of claim 1, wherein the fingerprint-based authentication system is configured to store the device fingerprint value in local data storage.
  - 5. The computerized fingerprint-based authentication system of claim 1, wherein the authentication token is configured to allow a plurality of distinct network services to accept the authentication token in lieu of authenticating an additional factor with the fingerprint-based authentication system.
  - 6. The computerized fingerprint-based authentication system of claim 1, wherein the request for authentication comprises profile information, the profile information comprising a user identifier value, and at least one of:
    - a user email address value, a telephone number value, or an SMS number value.
  - 7. The computerized fingerprint-based authentication system of claim 1, wherein the second device fingerprint value was previously stored by the computerized fingerprint-based authentication system.

8. A computerized method for authenticating a user in addition to a password, the method comprising:
- by one or more hardware computer processors;
  
  receiving, over a network, a request for authentication by the user computing device associated with a user, the request resulting from a redirection operation sent to the user computing device from a network service requiring additional authentication of the user in addition to a password;
  
  sending, over the network, to the user computing device capture instructions, the capture instructions configured to cause the user computing device to collect a plurality of characteristic values of the user computing device, the plurality of the characteristic values representing at least two attributes of the user computing device;
  
  receiving, over the network, the plurality of characteristic values of the user computing device;
  
  generating a device fingerprint value associated with the user computing device based on the plurality of characteristic values of the user computing device;
  
  accessing a second device fingerprint value associated with the user;
  
  comparing the device fingerprint value to the second device fingerprint value and determine if the comparison of the device fingerprint value and the second device fingerprint value indicates that the user computing device has been previously registered with the computerized fingerprint-based authentication system; and
  
  when a determination is made that that the user computing device has been previously registered with the computerized fingerprint-based authentication system, transmitting an authentication token to the user computing device, the authentication token indicating that the user computing device was authenticated by a fingerprinting mechanism.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computerized method of claim 8, wherein generation of the device fingerprint value comprises the application of a hash algorithm to at least a portion of the plurality of characteristic values.
  - 10. The computerized method of claim 8, further comprising storing the device fingerprint value over the network in remote data storage.
  - 11. The computerized method of claim 8, wherein the at least two attributes of the user computing device comprise one or more of:
    - a browser type value,a plurality of browser plugin values,a plurality of browser flash fonts,at least one display resolution size value,at least one value associated with HTML5 local storage,at least one HTTP header value,at least one networking address value,a time zone value,a language value,a plurality of browser-accepted language values,a plurality of browser encoding values,an IP address value, andat least one value associated with browser cookie data.
  - 12. The computerized method of claim 8, further comprising allowing a plurality of distinct network services to accept the authentication token in lieu of authenticating an additional fingerprinting factor.
  - 13. The computerized method of claim 8, wherein the request for authentication comprises profile information, the profile information comprising a user identifier value, and at least one of:
    - a user email address value, a telephone number value, or an SMS number value.
  - 14. The computerized method of claim 8, wherein the request for authentication indicates an additional certificate based factor of authentication is required by the network service to authenticate the user.

15. A non-transitory computer storage medium which stores a program comprising executable code that directs a computing device to perform a process that authenticates a user in addition to a password, comprising:
- receiving, over a network, a request for authentication by the user computing device associated with a user, the request resulting from a redirection operation sent to the user computing device from a network service requiring additional authentication of the user in addition to a password;
  
  sending, over the network, to the user computing device capture instructions, the capture instructions configured to cause the user computing device to collect a plurality of characteristic values of the user computing device, the plurality of the characteristic values representing at least two attributes of the user computing device;
  
  receiving, over the network, the plurality of characteristic values of the user computing device;
  
  generating a device fingerprint value associated with the user computing device based on the plurality of characteristic values of the user computing device;
  
  accessing a second device fingerprint value associated with the user, the second device fingerprint value previously stored by a computerized fingerprint-based authentication system;
  
  comparing the device fingerprint value to the second device fingerprint value and determine if the comparison of the device fingerprint value and the second device fingerprint value indicates that the user computing device has been previously registered with a computerized fingerprint-based authentication system; and
  
  when a determination is made that the user computing device has been previously registered with the computerized fingerprint-based authentication system, transmitting an authentication token to the user computing device, the authentication token indicating that the user computing device was authenticated by a fingerprinting mechanism.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer storage medium of claim 15, wherein generation of the device fingerprint value comprises the application of a hash algorithm to at least a portion of the plurality of characteristic values.
  - 17. The non-transitory computer storage medium of claim 15, wherein the at least two attributes of the user computing device comprise one or more of:
    - a browser type value,a plurality of browser plugin values,a plurality of browser flash fonts,at least one display resolution size value,at least one value associated with HTML5 local storage,at least one HTTP header value,at least one networking address value,a time zone value,a language value,a plurality of browser-accepted language values,a plurality of browser encoding values,an IP address value, andat least one value associated with browser cookie data.
  - 18. The non-transitory computer storage medium of claim 15, wherein the device fingerprint value and the plurality of characteristic values are stored in local data storage.
  - 19. The non-transitory computer storage medium of claim 15, further comprising allowing a plurality of distinct network services to accept the authentication token in lieu of authenticating an additional factor.
  - 20. The non-transitory computer storage medium of claim 15, wherein the request for authentication comprises profile information, the profile information comprising a user identifier value, and at least one of:
    - a user email address value, a telephone number value, or an SMS number value.
  - 21. The non-transitory computer storage medium of claim 15, wherein the request for authentication indicates an additional certificate based factor of authentication is required by the network service to authenticate the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureAuth Incorporated
Original Assignee
SecureAuth Incorporated
Inventors
Grajek, Garret Florian, Liu, Chihwei, Quach, Allen Yu, Lo, Jeffrey Chiwai

Granted Patent

US 9,660,974 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0876   based on the identity of th...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/125   involving control of end-de...

H04L 67/563   Data redirection of data ne...

FINGERPRINT BASED AUTHENTICATION FOR SINGLE SIGN ON

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

FINGERPRINT BASED AUTHENTICATION FOR SINGLE SIGN ON

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links