SYSTEM AND METHODS FOR AUTHENTICATION USING MULTIPLE DEVICES

US 20160180072A1
Filed: 04/22/2015
Published: 06/23/2016
Est. Priority Date: 12/22/2014
Status: Active Grant

First Claim

Patent Images

1. A method of authentication using at least two user devices, the method comprising:

registering each user device of a plurality of user devices with an authenticator computing device, wherein each of the plurality of user devices are registered to at least one user;

receiving, at the authenticator computing device, a request to access a resource from one user device of the plurality of user devices registered with the authenticator computing device;

generating an authentication challenge at the authenticator computing device in response to the request;

transmitting the authentication challenge to a subset of user devices of the plurality of user devices registered with the authenticator computing device, wherein the subset of user devices comprises at least one device other than the one user device requesting access to the resource and wherein the one user device requesting access to the resource has not been authenticated by the authenticator computing device;

generating at least one response to the authentication challenge at one or more user devices of the subset of user devices;

transmitting the at least one response to the authenticator computing device;

determining, at the authenticator computing device, if the at least one response constitutes a valid response to the authentication challenge; and

granting at least one user device of the plurality of user devices registered with the authenticator computing device access to the resource if the at least one response received at the authenticator computing device constitutes a valid response to the authentication challenge.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of authentication using an authenticator computing device and at least two registered user devices is described. In operation, the authenticator computing device receives a request to access a resource from one of a plurality of user devices registered to a user. The authenticator computing device generates an authentication challenge in response to the request and the authentication challenge is then transmitted to a subset of the plurality of user devices. One or more of the user devices then subsequently generates and transmits a response to the authentication challenge to the authenticator computing device. The authenticator computing device then determines whether the responses received from the one or more user devices in the subset constitutes a valid response and then grants one or more of the user devices access to the resource if the responses received from the user devices constitutes a valid response to the authentication challenge.

61 Citations

View as Search Results

29 Claims

1. A method of authentication using at least two user devices, the method comprising:
- registering each user device of a plurality of user devices with an authenticator computing device, wherein each of the plurality of user devices are registered to at least one user;
  
  receiving, at the authenticator computing device, a request to access a resource from one user device of the plurality of user devices registered with the authenticator computing device;
  
  generating an authentication challenge at the authenticator computing device in response to the request;
  
  transmitting the authentication challenge to a subset of user devices of the plurality of user devices registered with the authenticator computing device, wherein the subset of user devices comprises at least one device other than the one user device requesting access to the resource and wherein the one user device requesting access to the resource has not been authenticated by the authenticator computing device;
  
  generating at least one response to the authentication challenge at one or more user devices of the subset of user devices;
  
  transmitting the at least one response to the authenticator computing device;
  
  determining, at the authenticator computing device, if the at least one response constitutes a valid response to the authentication challenge; and
  
  granting at least one user device of the plurality of user devices registered with the authenticator computing device access to the resource if the at least one response received at the authenticator computing device constitutes a valid response to the authentication challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein registering each user device of the plurality of user devices with an authenticator computing device further comprises, storing at least one user credential and at least one verified device identifier from each of the plurality of user devices at the authenticator computing device.
  - 3. The method of claim 1, wherein transmitting the authentication challenge to a subset of user devices of the plurality of user devices further comprises, transmitting the authentication challenge from the authenticator computing device to the subset of user devices according to a forwarding policy of the authenticator computing device.
  - 4. The method of claim 1, wherein transmitting the authentication challenge to a subset of user devices of the plurality of user devices further comprises, transmitting the authentication challenge from the authenticator computing device to the user device requesting access to the resource and the user device requesting access to the resource subsequently transmitting the authentication challenge to the other user devices of the subset of user devices according to a forwarding policy of the user device requesting access to the resource.
  - 5. The method of claim 1, wherein generating at least one response to the authentication challenge at one or more user devices of the subset of user devices further comprises, generating a response to the authentication challenge at each of the user devices of the subset of user devices according to a response policy of each of the user devices of the subset of user devices.
  - 6. The method of claim 5 further comprising, transmitting the response to the authentication challenge generated at each of the user devices of the subset of user devices to the authenticator computing device.
  - 7. The method of claim 6, wherein determining, at the authenticator computing device, if the at least one response constitutes a valid response to the authentication challenge further comprises, determining if each response to the authentication challenge generated at each of the users devices of the subset of user devices constitutes a valid response.
  - 8. The method of claim 6, wherein determining, at the authenticator computing device, if the at least one response constitutes a valid response to the authentication challenge further comprises, determining if each response to the authentication challenge generated at each of user devices of the subset of user devices constitutes a valid response according to a validation policy of the authenticator computing device.
  - 9. The method of claim 1, wherein the authentication challenge is an encrypted or cryptographically signed authentication challenge.
  - 10. The method of claim 1, wherein the authentication challenge comprises a Message Authentication Code (MAC).
  - 11. The method of claim 1, wherein the authentication challenge comprises a timestamp.
  - 12. The method of claim 1, wherein a transmission technique for the authentication challenge is selected from the group consisting of a QR code, a sound wave, a light wave, an infrared signal, an NFC, a Bluetooth signal, a radio signal, an image, a state of a memory device and a vibration.
  - 13. The method of claim 1, wherein the resource is selected from the group consisting of an application, a file, a process, a port, a service, a network bandwidth, a device, a memory and a processor time.

14. One or more non-transitory computer-readable media having computer-executable instructions for performing a method of running a software program on a computing device, the method including issuing instructions from the software program, the instructions comprising:
- registering each user device of a plurality of user devices with an authenticator computing device, wherein each of the plurality of user devices are registered to at least one user;
  
  receiving, at an authenticator computing device, a request to access a resource from one user device of a plurality of user devices registered with the authenticator computing device;
  
  generating an authentication challenge at the authenticator computing device in response to the request;
  
  transmitting the authentication challenge to a subset of user devices of the plurality of user devices registered with the authenticator computing device, wherein the subset of user devices comprises at least one device other than the one user device requesting access to the resource and wherein the one user device requesting access to the resource has not been authenticated by the authenticator computing device;
  
  generating at least one response to the authentication challenge at one or more user devices of the subset of user devices;
  
  transmitting the at least one response to the authenticator computing device;
  
  determining, at the authenticator computing device, if the at least one response constitutes a valid response to the authentication challenge; and
  
  granting at least one user device of the plurality of user devices registered with the authenticator computing device access to the resource if the at least one response received at the authenticator computing device constitutes a valid response to e authentication challenge.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The media of claim 14, wherein the instructions for registering each user device of a plurality of user devices with an authenticator computing device, wherein each of the plurality of user devices are registered to at least one user, further comprising instructions for registering each of the plurality of user devices by storing at least one user credential and at least one verified device identifier from each of the plurality of user devices at the authenticator computing device.
  - 16. The media of claim 14, further comprising instructions for transmitting the authentication challenge from the authenticator computing device to the subset of user devices according to a forwarding policy of the authenticator computing device.
  - 17. The media of claim 14, further comprising instructions for transmitting the authentication challenge from the authenticator computing device to the user device requesting access to the resource and subsequently transmitting the authentication challenge from the user device requesting access to the resource to the other user devices of the subset of user devices according to forwarding policy of each of the user device requesting access to the resource.
  - 18. The media of claim 14, further comprising instructions for generating a response to the authentication challenge at each of the user devices of the subset of user devices according to a response policy of each of the user devices of the subset of user devices.
  - 19. The media of claim 18, further comprising instructions for transmitting the response to the authentication challenge generated at each of the user devices of the subset of user devices to the authenticator computing device.
  - 20. The media of claim 19, further comprising instructions for determining if each response to the authentication challenge generated at each of the users devices of the subset of user devices constitutes a valid response.
  - 21. The media of claim 19, further comprising instructions for determining if each response to the authentication challenge generated at each of user devices of the subset of user devices constitutes a valid response according to a validation policy of the authenticator computing device.
  - 22. The media of claim 14, wherein the authentication challenge is an encrypted or cryptographically signed authentication challenge.
  - 23. The media of claim 14, wherein the authentication challenge comprises a Message Authentication Code (MAC).
  - 24. The media of claim 14, wherein the authentication challenge comprises a timestamp.
  - 25. The media of claim 14, wherein a transmission technique for the authentication challenge is selected from the group consisting of a QR code, a sound wave, a light wave, an infrared signal, an NFC, a Bluetooth signal, a radio signal, an image, a state of a memory device and a vibration.
  - 26. The media of claim 14, wherein the resource is selected from the group consisting of an application, a file, a process, a port, a service, a network bandwidth, a device, a memory and a processor time.

27. An authentication system comprising:
- an authenticator computing device configured to register each user device of a plurality of user devices with the authenticator computing device, wherein each of the plurality of user devices is registered to at least one user, the authenticator computing device further configured to receive a request to access a resource from one user device of a plurality of user devices registered with the authenticator computing device, the authenticator computing device further configured to generate an authentication challenge in response to the request, to transmit the authentication challenge to a subset of user devices of the plurality of user devices registered with the authenticator computing device, wherein the subset of user devices comprises at least one device other than the one user device requesting access to the resource and wherein the one user device requesting access to the resource has not been authenticated by the authenticator computing device, or, the authenticator computing device configured to transmit the authentication challenge to the user device requesting access to a resource for subsequent transmission of the authentication challenge from the user device requesting access to a resource to the other user device(s) of the subset, the authenticator computing device further configured to receive at least one response to the authentication challenge from one or more user devices of the subset of user devices, the authenticator computing device further configured to determine if the at least one response constitutes a valid response to the authentication challenge and to grant at least one user device of the plurality of user devices registered with the authenticator computing device access to the resource if the at least one response received constitutes a valid response to the authentication challenge.
- View Dependent Claims (28, 29)
- - 28. The authentication system of claim 27, wherein the authenticator computing device is further configured to register each of the plurality of user devices with the authenticator computing device by storing at least one user credential and at least one verified device identifier from each of the plurality of user devices at the authenticator computing device.
  - 29. The authentication system of claim 27, wherein the plurality of user devices are selected from the group consisting of a laptop computer, a personal digital assistant, a cellular telephone, a smart phone, a smart watch, a smart ring, a smart wearable device, a smart lock, a music player, a web pads, a tablet computer system, a game device, an electronic book reader, or other device with like capability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of South Florida (State University System of Florida)
Original Assignee
University of South Florida (State University System of Florida)
Inventors
Ligatti, Jarred Adam, Goldgof, Dmitry, Cetin, Cagri, Subils, Jean-Baptiste

Granted Patent

US 9,659,160 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/42   using separate channels for...

G06F 2221/2103   Challenge-response

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/0853   using an additional device,...

SYSTEM AND METHODS FOR AUTHENTICATION USING MULTIPLE DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHODS FOR AUTHENTICATION USING MULTIPLE DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links