TRANSPARENT TWO-FACTOR AUTHENTICATION VIA MOBILE COMMUNICATION DEVICE

US 20150334564A1
Filed: 05/15/2014
Published: 11/19/2015
Est. Priority Date: 05/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method implemented at least in part by a computing system, the method comprising:

from a mobile communication device, receiving a service access request via a first channel, wherein the service access request comprises a delivery destination proof and a cost proof;

authenticating the delivery destination proof;

authenticating the cost proof;

responsive to authenticating the delivery destination proof and the cost proof, sending an authentication code message via a channel different from the first channel;

receiving a response to the authentication code message; and

responsive to receiving the response to the authentication code message, sending an authorization token message to the mobile communication device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Two-factor authentication can be provided transparently to a user by virtue of proof information available at a mobile communication device. For example, after an access request for a service is sent, an authentication code can be intercepted from a responsive incoming message. The technologies can incorporate a cost proof as part of a cost optimization. Other features such as obfuscation and separate channels can be incorporated into the technologies to provide a superior user experience while implementing superior security.

Citations

20 Claims

1. A method implemented at least in part by a computing system, the method comprising:
- from a mobile communication device, receiving a service access request via a first channel, wherein the service access request comprises a delivery destination proof and a cost proof;
  
  authenticating the delivery destination proof;
  
  authenticating the cost proof;
  
  responsive to authenticating the delivery destination proof and the cost proof, sending an authentication code message via a channel different from the first channel;
  
  receiving a response to the authentication code message; and
  
  responsive to receiving the response to the authentication code message, sending an authorization token message to the mobile communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. One or more computer-readable media comprising computer-executable instructions causing a computing system to perform the method of claim 1.
  - 3. The method of claim 1 wherein:
    - the cost proof establishes that the service access request is originating from a device maintained by a paying subscriber.
  - 4. The method of claim 1 further comprising:
    - sending the cost proof to the mobile communication device during activation of the mobile communication device.
  - 5. The method of claim 1 wherein:
    - the delivery destination proof indicates a destination correlated with the mobile communication device; and
      
      the authentication code message is sent to the destination.
  - 6. The method of claim 1 wherein:
    - the delivery destination proof comprises an obfuscated destination; and
      
      the authentication code message is sent to the destination.
  - 7. The method of claim 6 further comprising:
    - matching the obfuscated destination to a stored obfuscated destination associated with a clear text version of the obfuscated destination.
  - 8. The method of claim 1 wherein the delivery destination proof comprises:
    - a phone number of the mobile communication device;
      
      ora user name of an account accessible with the mobile communication device.
  - 9. The method of claim 1 wherein:
    - the authorization token message comprises a hyperlink incorporating an authorization token.
  - 10. The method of claim 1 wherein:
    - the authorization token message comprises a one-time access code and a submission location for the one-time access code.
  - 11. The method of claim 10 further comprising:
    - receiving the one-time access code; and
      
      responsive to receiving the one-time access code, providing access to a protected service.
  - 12. The method of claim 10 wherein:
    - the one-time access code is for a third-party service; and
      
      the submission location indicates a location at which the third-party service can be accessed via the one-time access code.

13. A mobile communication device comprising:
- one or more processors coupled to memory;
  
  a stored cost proof;
  
  a stored delivery destination proof;
  
  a service access request orchestrator configured to send a request for access to a service, wherein the request comprises the stored cost proof and the stored delivery destination proof;
  
  an intercept component configured to intercept an incoming authentication code message received responsive to the request for access to the service and configured to automatically respond thereto with a message comprising an authentication code and further configured to receive an authorization token sent in response to the message comprising the authentication code; and
  
  an authorization token sending component configured to send the authorization token in conjunction with a request for a service protected by two-factor authentication.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The mobile communication device of claim 13 wherein:
    - the stored cost proof establishes that the mobile communication device is associated with a paying account.
  - 15. The mobile communication device of claim 13 further comprising:
    - a watch list indicating one or more outstanding authentication code messages being watched for by the intercept component.
  - 16. The mobile communication device of claim 13 further comprising:
    - an activation component configured to obtain the stored cost proof as part of an activation process for the mobile communication device.
  - 17. The mobile communication device of claim 13 wherein:
    - the intercept component is configured to extract the authentication code from an incoming text message.
  - 18. The mobile communication device of claim 17 wherein:
    - the incoming text message comprises a location at which access to a protected service can be obtained.
  - 19. The mobile communication device of claim 18 wherein:
    - the authorization token sending component is configured to send the authorization token to the location indicated in the incoming text message.

20. In a mobile communication device, one or more computer-readable media comprising:
- a cost proof establishing that the mobile communication device is associated with a paying account;
  
  a delivery destination proof derived from a delivery destination monitored by the mobile communication device, wherein the delivery destination comprises a telephone number of the mobile communication device;
  
  computer-executable instructions causing the mobile communication device to perform a method comprising;
  
  via a first channel, sending a service access request for a protected service, wherein the request comprises a username, password, the cost proof, and the delivery destination proof;
  
  intercepting a message received via a second channel responsive to sending the service access request for the protected service via the first channel, wherein intercepting comprises watching for a response to the service request receivable via the delivery destination;
  
  from the message received via the second channel, deriving an authentication code;
  
  sending an automatic response to the message received via the second channel, wherein the automatic response comprises the authentication code and the cost proof; and
  
  receiving an authorization token in response to the automatic response;
  
  whereby transparent two-factor authentication is performed transparently for the mobile communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
McClure, Marc, Olsen, Geir, Michaely, Ran, Vincent, Benjamin

Granted Patent

US 9,690,924 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/43   wireless channels

H04L 63/18   using different networks or...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 4/14   Short messaging services, e...

TRANSPARENT TWO-FACTOR AUTHENTICATION VIA MOBILE COMMUNICATION DEVICE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TRANSPARENT TWO-FACTOR AUTHENTICATION VIA MOBILE COMMUNICATION DEVICE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links