PASSWORD-LESS AUTHENTICATION SERVICE

US 20150249540A1
Filed: 03/13/2014
Published: 09/03/2015
Est. Priority Date: 02/28/2014
Status: Active Grant

First Claim

Patent Images

1. An authentication device, comprising:

one or more processors to;

receive a user identifier and a device identifier associated with a user;

verify the user using the device identifier;

cause a first device, identified by the device identifier, to generate or obtain a digital certificate based on verifying the user;

receive an authentication request generated based on a request to access a service via a second device that is different from the first device,the authentication request including the user identifier;

identify the first device using the user identifier included in the authentication request;

authenticate the first device, using the digital certificate, based on identifying the first device;

generate an access notification based on authenticating the first device,the access notification including information relating to the request to access the service;

provide the access notification to the first device;

receive an access response from the first device,the access response indicating whether to allow or deny access to the service via the second device;

selectively perform a first action or a second action based on the access response,the first action including providing a first instruction to allow access to the service via the second device when the access response indicates to allow access to the service,the second action including providing a second instruction to deny access to the service via the second device when the access response indicates to deny access to the service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may receive an authentication request generated based on a request to access a service. The authentication request may include a user identifier. The device may identify a mobile device associated with the user identifier. The device may authenticate the mobile device, and may generate an access notification based on authenticating the mobile device. The access notification may include information relating to the request to access the service. The device may provide the access notification to the mobile device, and may receive an access response from the mobile device. The access response may indicate whether to permit access to the service. The device may cause access to the service to be permitted when the access response indicates to permit access to the service, or may cause access to the service to be denied when the access response indicates to deny access to the service.

Citations

20 Claims

1. An authentication device, comprising:
- one or more processors to;
  
  receive a user identifier and a device identifier associated with a user;
  
  verify the user using the device identifier;
  
  cause a first device, identified by the device identifier, to generate or obtain a digital certificate based on verifying the user;
  
  receive an authentication request generated based on a request to access a service via a second device that is different from the first device,the authentication request including the user identifier;
  
  identify the first device using the user identifier included in the authentication request;
  
  authenticate the first device, using the digital certificate, based on identifying the first device;
  
  generate an access notification based on authenticating the first device,the access notification including information relating to the request to access the service;
  
  provide the access notification to the first device;
  
  receive an access response from the first device,the access response indicating whether to allow or deny access to the service via the second device;
  
  selectively perform a first action or a second action based on the access response,the first action including providing a first instruction to allow access to the service via the second device when the access response indicates to allow access to the service,the second action including providing a second instruction to deny access to the service via the second device when the access response indicates to deny access to the service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The authentication device of claim 1, where the one or more processors, when causing the first device to generate or obtain the digital certificate, are further to:
    - cause the first device to generate or obtain a private cryptographic key;
      
      obtain a public cryptographic key that corresponds to the private cryptographic key;
      
      where the one or more processors, when authenticating the first device, are further to;
      
      receive a communication from the first device,the communication including the digital certificate; and
      
      verify the digital certificate using the public cryptographic key.
  - 3. The authentication device of claim 2, where the communication is encrypted using the private cryptographic key;
    - andwhere the one or more processors are further to;
      
      decrypt the communication using the public cryptographic key.
  - 4. The authentication device of claim 1, where the digital certificate is a first digital certificate;
    - where the one or more processors are further to;
      
      verify a third party associated with providing the service;
      
      cause a third party device, associated with the third party, to generate or obtain a second digital certificate based on verifying the third party;
      
      where the one or more processors, when receiving the authentication request, are further to;
      
      receive the authentication request from the third party device; and
      
      verify the authentication request using the second digital certificate.
  - 5. The authentication device of claim 1, where the one or more processors are further to:
    - receive information that identifies a user preference that controls a manner in which the access notification is provided for display via the first device; and
      
      where the one or more processors, when generating the access notification, are further to;
      
      generate the access notification based on the user preference.
  - 6. The authentication device of claim 1, where the one or more processors, when providing the access notification, are further to:
    - cause the access notification to be provided for display via the first device,the access notification including information that identifies the service and a date or time associated with the request to access the service.
  - 7. The authentication device of claim 1, where the one or more processors are further to:
    - receive information that identifies a service type of the service being requested;
      
      where the one or more processors, when generating the access notification, are further to;
      
      generate the access notification based on the service type.

8. A computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
  
  receive, from a third party device, an authentication request generated based on a request, by a client device, to access a service provided by the third party device,the authentication request including a user identifier;
  
  identify a mobile device associated with the user identifier;
  
  authenticate the mobile device, using a digital certificate, based on identifying the mobile device;
  
  generate an access notification based on authenticating the mobile device,the access notification including information relating to the request to access the service;
  
  provide the access notification to the mobile device to cause the access notification to be provided for display via the mobile device;
  
  receive an access response from the mobile device based on an interaction with the access notification,the access response indicating whether to permit the client device to access the service provided via the third party device; and
  
  selectively perform a first action or a second action based on the access response,the first action including providing a first instruction, to the third party device, to permit access to the service via the client device when the access response indicates to permit access to the service,the second action including providing a second instruction, to the third party device, to deny access to the service via the client device when the access response indicates to deny access to the service.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - receive the user identifier and a mobile device identifier associated with the mobile device;
      
      verify a user, associated with the mobile device, using the user identifier and the device identifier; and
      
      cause the mobile device to generate or obtain the digital certificate based on verifying the user,the digital certificate being uniquely associated with the user identifier and the mobile device.
  - 10. The computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - obtain information that identifies a first credential associated with verifying the access response;
      
      identify a second credential included in the access response;
      
      determine whether the first credential and the second credential match; and
      
      where the one or more instructions, that cause the one or more processors to selectively perform the first action or the second action, further cause the one or more processors to;
      
      selectively perform the first action or the second action based on determining whether the first credential and the second credential match,the first action being performed based on determining that the first credential and the second credential match,the second action being performed based on determining that the first credential and the second credential do not match.
  - 11. The computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - determine a service type of the service being requested;
      
      determine whether to include a security feature in the access notification based on the service type of the service being requested; and
      
      where the one or more instructions, that cause the one or more processors to generate the access notification, further cause the one or more processors to;
      
      selectively include the security feature in the access notification based on determining whether to include the security feature in the access notification,the security feature being included in the access notification when the service type is a first service type,the security feature being excluded from the access notification when the service type is a second service type that is different from the first service type.
  - 12. The computer-readable medium of claim 8, where the request to access the service includes at least one of:
    - a login request, ora purchase request.
  - 13. The computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - receive information that identifies a third party preference that controls a manner in which the access notification is provided for display via the mobile device; and
      
      where the one or more instructions, that cause the one or more processors to generate the access notification, further cause the one or more processors to;
      
      generate the access notification based on the third party preference.
  - 14. The computer-readable medium of claim 8, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - determine that a plurality of user identifiers are associated with the mobile device,the plurality of user identifiers including the user identifier; and
      
      where the one or more instructions, that cause the one or more processors to generate the access notification, further cause the one or more processors to;
      
      include a security feature in the access notification based on determining that the plurality of user identifiers are associated with the mobile device.

15. A method, comprising:
- receiving, by an authentication device, an authentication request generated based on a request to access a service,the authentication request including a user identifier;
  
  identifying, by the authentication device, a mobile device associated with the user identifier;
  
  authenticating, by the authentication device, the mobile device;
  
  generating, by the authentication device, an access notification based on authenticating the mobile device,the access notification including information relating to the request to access the service;
  
  providing, by the authentication device, the access notification to the mobile device;
  
  receiving an access response from the mobile device based on providing the access notification to the mobile device,the access response indicating whether to permit access to the service; and
  
  selectively performing a first action or a second action based on the access response,the first action including causing access to the service to be permitted when the access response indicates to permit access to the service,the second action including causing access to the service to be denied when the access response indicates to deny access to the service.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, where the access notification includes a first input mechanism and a second input mechanism,the first input mechanism permitting a user to interact with the access notification to provide a first indication to permit access to the service,the second input mechanism permitting the user to interact with the access notification to provide a second indication to deny access to the service;
    - where receiving the access response further comprises;
      
      determining whether the access response includes the first indication or the second indication; and
      
      where selectively performing the first action or the second action further comprises;
      
      selectively performing the first action or the second action based on determining whether the access response includes the first indication or the second indication,the first action being performed when the first indication is received,the second action being performed when the second indication is received.
  - 17. The method of claim 15, further comprising:
    - receiving the user identifier and a mobile device identifier associated with the mobile device;
      
      verifying a user associated with the mobile device;
      
      storing information that identifies a relationship between the user identifier and the mobile device identifier based on verifying the user; and
      
      causing the mobile device to generate or obtain a digital certificate based on verifying the user,the digital certificate being uniquely associated with the user identifier and the mobile device.
  - 18. The method of claim 17, where causing the mobile device to generate or obtain the digital certificate further comprises:
    - causing the mobile device to generate or obtain a private cryptographic key;
      
      obtaining a public cryptographic key that corresponds to the private cryptographic key;
      
      where authenticating the mobile device further comprises;
      
      receiving a communication from the mobile device,the communication including the digital certificate; and
      
      verifying the digital certificate using the public cryptographic key.
  - 19. The method of claim 18, further comprising:
    - receiving an indication to revoke the digital certificate; and
      
      delete the public cryptographic key based on receiving the indication to revoke the digital certificate.
  - 20. The method of claim 15, further comprising:
    - receiving information that identifies a service type of the service; and
      
      where generating the access notification further comprises;
      
      generating the access notification based on the service type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
KHALIL, Manah M., Challa, Vijaya R.

Granted Patent

US 9,537,661 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/18   using different networks or...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

PASSWORD-LESS AUTHENTICATION SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PASSWORD-LESS AUTHENTICATION SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links