SYSTEM AND METHOD FOR APPLYING DIGITAL FINGERPRINTS IN MULTI-FACTOR AUTHENTICATION

US 20160164866A1
Filed: 12/01/2015
Published: 06/09/2016
Est. Priority Date: 12/09/2014
Status: Active Grant

First Claim

Patent Images

1. A method for multi-factor authentication with a first client operating on a first client device, comprising:

receiving a login request, the login request associated with a first user account, from the first client;

in response to receiving the login request, initiating an authentication transaction;

generating a first client digital fingerprint from a set of first client properties collected from the first client;

identifying a second client, the second client operating on a second client device, from data associated with the first user account;

analyzing the first client digital fingerprint based on a first set of stored digital fingerprints;

generating a concern metric based on analysis of the first client digital fingerprint; and

in response to the concern metric exceeding a threshold concern metric, notifying a user that the login request may have originated from an unauthorized source;

wherein notifying the user comprises notifying the user at the second client device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for multi-factor authentication with a first client includes receiving a request associated with the first client, initiating an authentication transaction, generating a digital fingerprint based on a set of client properties collected in association with the first client, identifying a second client from data associated with the authentication transaction, analyzing a digital fingerprint based on a set of stored digital fingerprints; generating a concern metric based on the analysis; and notifying an entity that the login request may have originated from an unauthorized source.

75 Citations

View as Search Results

22 Claims

1. A method for multi-factor authentication with a first client operating on a first client device, comprising:
- receiving a login request, the login request associated with a first user account, from the first client;
  
  in response to receiving the login request, initiating an authentication transaction;
  
  generating a first client digital fingerprint from a set of first client properties collected from the first client;
  
  identifying a second client, the second client operating on a second client device, from data associated with the first user account;
  
  analyzing the first client digital fingerprint based on a first set of stored digital fingerprints;
  
  generating a concern metric based on analysis of the first client digital fingerprint; and
  
  in response to the concern metric exceeding a threshold concern metric, notifying a user that the login request may have originated from an unauthorized source;
  
  wherein notifying the user comprises notifying the user at the second client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein notifying the user comprises presenting the concern metric to the user at the second client device.
  - 3. The method of claim 2, wherein the concern metric comprises a probability that the login request is unauthorized.
  - 4. The method of claim 1, further comprising:
    - in response to the concern metric exceeding the threshold concern metric, presenting the user with a prompt to authorize the login request;
      
      receiving a user response to the prompt, wherein the user response comprises an authorization of the login request; and
      
      updating the first set of stored digital fingerprints to include the first client digital fingerprint.
  - 5. The method of claim 1, wherein analyzing the first client digital fingerprint comprises comparing the first client digital fingerprint to the first set of stored digital fingerprints;
    - wherein generating the concern metric comprises generating the concern metric based on similarity between the first client digital fingerprint and stored digital fingerprints of the first set of stored digital fingerprints.
  - 6. The method of claim 1, wherein analyzing the first client digital fingerprint comprises generating a model from the first set of stored digital fingerprints, and comparing the first client digital fingerprints to the model.
  - 7. The method of claim 6, wherein generating the model comprises:
    - identifying a second set of stored digital fingerprints associated with a second user account;
      
      wherein the second set of stored digital fingerprints and the first set of stored digital fingerprints have no shared elements, andgenerating the model from both of the first set and the second set of stored digital fingerprints.
  - 8. The method of claim 7, further comprising identifying the first user account as one of a set of user accounts associated with an organization;
    - and selecting the second user account from the set of user accounts associated with the organization.
  - 9. The method of claim 6, wherein the first set of stored digital fingerprints comprises digital fingerprints stored from previous authentication transactions associated with the first user account.
  - 10. The method of claim 6, further comprising:
    - in response to the concern metric exceeding the threshold concern metric, presenting the user with a prompt to authorize the login request;
      
      receiving a user response to the prompt, wherein the user response comprises an authorization of the login request; and
      
      updating the model based on the user response and the first client digital fingerprint.
  - 11. The method of claim 6, further comprising:
    - in response to the concern metric exceeding the threshold concern metric, presenting the user with a prompt to authorize the login request;
      
      receiving a user response to the prompt, wherein the user response comprises a refusal to authorize the login request; and
      
      updating the model based on the user response and the first client digital fingerprint.
  - 12. The method of claim 1, further comprising receiving authentication policy configuration data from the user;
    - wherein the threshold concern metric is set according to the authentication policy configuration data.
  - 13. The method of claim 1, wherein analyzing the first client digital fingerprint comprises analyzing device usage tracked over time, wherein analyzing device usage comprises analyzing at least one of:
    - application usage, communication patterns, and location.
  - 14. The method of claim 1, wherein analyzing the first client digital fingerprint comprises analyzing device operation, wherein analyzing device operation comprises analyzing at least one of:
    - a browser version, an operating system version, and a plugin version.
  - 15. The method of claim 1, further comprising comparing the set of first client properties to a set of second client properties collected from the second client;
    - wherein generating the concern metric comprises generating the concern metric based on the comparison between the set of first client properties and the set of second client properties.
  - 16. The method of claim 1, wherein generating the concern metric comprises:
    - generating a first check metric based on the analysis of the first client digital fingerprint;
      
      in response to the first check metric being below a first check metric threshold, comparing the set of first client properties to a set of second client properties collected from the second client; and
      
      generating the concern metric based on both of the analysis of the first client digital fingerprint and the comparison between the set of first client properties and the set of second client properties.
  - 17. The method of claim 1, further comprising presenting the user, at the second client device, with at least one of:
    - an option to reset authentication credentials associated with the first user account, an option to lock the first user account, and a notify option to notify a third party of attempted unauthorized account access.

18. A method for multi-factor authentication with a first client operating on a first client device, comprising:
- receiving a login request, the login request associated with a first user account, from the first client;
  
  in response to receiving the login request, initiating an authentication transaction;
  
  identifying a second client, the second client operating on a second client device, from data associated with the first user account;
  
  generating a first client digital fingerprint from a set of first client properties collected from the first client;
  
  generating a second client digital fingerprint from a set of second client properties collected from the second client;
  
  comparing the first client digital fingerprint to the second client digital fingerprint;
  
  generating a concern metric based on the comparison of the first client digital fingerprint and the second client digital fingerprint; and
  
  in response to the concern metric exceeding a threshold concern metric, notifying a user that the login request may have originated from an unauthorized source;
  
  wherein notifying the user comprises notifying the user at the second client device.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, wherein notifying the user comprises displaying the concern metric to the user at the second device.
  - 20. The method of claim 19, wherein the concern metric comprises a probability that the login request is unauthorized.
  - 21. The method of claim 18, wherein comparing the first client digital fingerprint to the second client digital fingerprint comprises comparing at least one of:
    - browser version, operating system version, and plugin version.
  - 22. The method of claim 18, further comprising presenting the user, at the second client device, with at least one of:
    - an option to reset authentication credentials associated with the first user account, an option to lock the first user account, and a notify option to notify a third party of attempted unauthorized account access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Douglas

Granted Patent

US 10,440,016 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR APPLYING DIGITAL FINGERPRINTS IN MULTI-FACTOR AUTHENTICATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR APPLYING DIGITAL FINGERPRINTS IN MULTI-FACTOR AUTHENTICATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links