Multifactor Contextual Authentication and Entropy from Device or Device Input or Gesture Authentication

US 20160337346A1
Filed: 05/10/2016
Published: 11/17/2016
Est. Priority Date: 05/12/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

making available, by a first user device, a public key of the first user device to devices of a device mesh, wherein the first user device is in the device mesh;

receiving, at the first user device and from a user, a request to access one or more resources via the first user device;

in response to receiving the request to access the one or more resources, determining a second user device in the device mesh having access to the public key of the first user device;

sending, from the first user device to the second user device in the device mesh, a request for user input of a credential at the second user device;

receiving, at the first user device, the credential from the second user device; and

authenticating, by the first user device, the user based on the credential received from the second user device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

Citations

20 Claims

1. A method comprising:
- making available, by a first user device, a public key of the first user device to devices of a device mesh, wherein the first user device is in the device mesh;
  
  receiving, at the first user device and from a user, a request to access one or more resources via the first user device;
  
  in response to receiving the request to access the one or more resources, determining a second user device in the device mesh having access to the public key of the first user device;
  
  sending, from the first user device to the second user device in the device mesh, a request for user input of a credential at the second user device;
  
  receiving, at the first user device, the credential from the second user device; and
  
  authenticating, by the first user device, the user based on the credential received from the second user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the second user device comprises a mouse or a smartwatch, and wherein the credential is configured to be input at the mouse or the smartwatch by one or more of a wheel or buttons of the mouse or the smartwatch.
  - 3. The method of claim 1, further comprising:
    - in response to a determination that a display of the second user device is unavailable, emulating one or more credential input buttons of the second user device for display on a display of the first user device.
  - 4. The method of claim 3, wherein the one or more credential input buttons of the second user device comprises one or more of a scroll wheel or an on-screen slider.
  - 5. The method of claim 1, further comprising:
    - registering the first user device with the device mesh by providing an identifier for the first user device to the device mesh and correlating the identifier with the public key of the first user device.
  - 6. The method of claim 1, further comprising:
    - signing, by the first user device, the request using a private key of the first user device to generate a signed request,wherein sending the request comprises sending the signed request, and wherein the public key of the first user device is available to the second user device for verifying the signed request.
  - 7. The method of claim 1, wherein receiving the credential comprises receiving the credential encrypted using the public key of the first user device.
  - 8. The method of claim 1, wherein receiving the credential from the second user device is based on one or more of a geographical location of the second user device or a proximity of the second user device to the first user device.
  - 9. The method of claim 1, wherein the second user device comprises a mouse having a scroll wheel, and wherein the mouse is configured to receive input of the credential from the user via the scroll wheel.
  - 10. The method of claim 9, wherein receiving the credential at the first user device comprises receiving a scrolling input via the scroll wheel of the mouse, the method further comprising:
    - in response to receiving the scrolling input via the scroll wheel of the mouse, generating for display on a display of the first user device a graphical user interface comprising a pointer, an arm, or a highlighted segment corresponding to the scrolling input.
  - 11. The method of claim 1, wherein authenticating the user comprises authenticating the user based on the credential received from the second user device and entropy from one or more of the second user device and an authentication server.
  - 12. The method of claim 1, further comprising:
    - after authenticating the user by the first user device, sending, from the first user device and to a third user device, a request for the third user device to authenticate the user.

13. A method comprising:
- receiving, from a first user device and at a second user device, a request to authenticate a user requesting access to one or more resources via the first user device;
  
  in response to receiving the request to authenticate the user, generating for display on a display of the second user device or a display of the first user device a prompt for user input of a credential at the second user device;
  
  receiving, at the second user device, input of the credential from the user;
  
  authenticating, by the second user device, the user based on the input of the credential received from the user; and
  
  in response to authenticating the user, sending, from the second user device to the first user device, an indication of a successful authentication.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the second user device comprises a mouse, wherein the prompt is generated for display on the display of the first user device, and wherein the mouse has a scroll wheel and buttons for input of the credential.
  - 15. The method of claim 13, wherein the second user device comprises a smartwatch, and wherein the prompt for user input of the credential is generated for display on the display of the smartwatch.
  - 16. The method of claim 13, wherein the request to authenticate the user is signed by a private key of the first user device, the method further comprising:
    - accessing, by the second user device, a public key of the first user device from a device mesh; and
      
      verifying the request to authenticate the user signed by the private key using the public key of the first user device.
  - 17. The method of claim 13, further comprising:
    - in response to authenticating the user, accessing, by the second user device, a public key of the first user device from a device mesh; and
      
      encrypting, by the second user device, the indication of the successful authentication using the public key of the first user device, wherein sending the indication of the successful authentication comprises sending the indication of the successful authentication encrypted using the public key of the first user device.

18. A method comprising:
- authenticating, at a first user device, a user requesting to access one or more resources via the first user device;
  
  in response to authenticating the user, initiating a session for the user on the first user device and generating state information for the session;
  
  in response to a determination that a second user device is in a same device mesh as the first user device, granting access to the session via the second user device by transferring the state information for the session to the second user device.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the state information for the session comprises one or more of an authentication token or an inactivity timer for the session.
  - 20. The method of claim 18, further comprising performing one or more of the following:
    - determining that the first user device is within a proximity of the second user device, wherein granting access to the session via the second user device is performed in response to determining that the first user device is within the proximity of the second user device;
      
      ordetermining that the user issued, via the first user device, a command to pair the first user device with the second user device, wherein granting access to the session via the second user device is performed in response to determining that the user issued the command to pair the first user device with the second user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Pavlou, Chris, Momchilov, Georgy, Nordstrom, Ola, Wade, Christopher

Granted Patent

US 10,122,709 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

G06F 21/83   input devices, e.g. keyboar...

G06F 2221/2139   Recurrent verification

H04L 63/0272   Virtual private networks

H04L 63/0815   providing single-sign-on or...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 63/0884   by delegation of authentica...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/3247   involving digital signatures

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/43   using shared identity modul...

Multifactor Contextual Authentication and Entropy from Device or Device Input or Gesture Authentication

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multifactor Contextual Authentication and Entropy from Device or Device Input or Gesture Authentication

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links