AUTOMATED DEVICE DISCOVERY OF PAIRING-ELIGIBLE DEVICES FOR AUTHENTICATION

US 20170149771A1
Filed: 11/25/2015
Published: 05/25/2017
Est. Priority Date: 11/25/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for discovering pairing-eligible devices for authenticating a user on a computing device, comprising:

generating and sending an interrogation request to a network resource for identifying one or more pairing-eligible devices actively connected to the network resource or one or more pairing-eligible device users associated with an event stored on the network resource;

in response to the interrogation request, receiving at least one encrypted token, wherein the at least one encrypted token comprises a unique identifier associated with a pairing-eligible device of the one or more pairing-eligible devices actively connected to the network resource or a unique identifier associated with a pairing-eligible device user of the one or more pairing-eligible device users associated with an event stored on the network resource;

identifying pairing-eligible devices associated with the at least one encrypted token;

generating a list of pairing-eligible devices associated with the at least one encrypted token;

displaying a user interface comprising the list of pairing-eligible devices;

receiving a selection of a pairing-eligible device from the list of pairing-eligible devices; and

inferring an identity of the user from the selected pairing-eligible device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automated device discovery of pairing-eligible devices for authenticating an unidentified user of a computing device is provided. When the user initiates a login on the computing device on which the user'"'"'s identity is not known, an automated pairing-eligible device discovery authentication system interrogates a resource (e.g., subnetwork router, calendaring server) for identifying pairing-eligible devices that may be used as a second factor for authentication. A list of the pairing-eligible devices is presented to the user on the computing device. Upon selection of a pairing-eligible device to use as a second factor to verify the user'"'"'s identity, the user'"'"'s identity is determined, and a notification is sent to the selected pairing-eligible device for enabling the user to verify his/her identity using a second factor. Upon completion of an authentication challenge on the selected pairing-eligible device, authentication of the user is completed, and a signed token is sent to the computing device.

35 Citations

View as Search Results

20 Claims

1. A computer-implemented method for discovering pairing-eligible devices for authenticating a user on a computing device, comprising:
- generating and sending an interrogation request to a network resource for identifying one or more pairing-eligible devices actively connected to the network resource or one or more pairing-eligible device users associated with an event stored on the network resource;
  
  in response to the interrogation request, receiving at least one encrypted token, wherein the at least one encrypted token comprises a unique identifier associated with a pairing-eligible device of the one or more pairing-eligible devices actively connected to the network resource or a unique identifier associated with a pairing-eligible device user of the one or more pairing-eligible device users associated with an event stored on the network resource;
  
  identifying pairing-eligible devices associated with the at least one encrypted token;
  
  generating a list of pairing-eligible devices associated with the at least one encrypted token;
  
  displaying a user interface comprising the list of pairing-eligible devices;
  
  receiving a selection of a pairing-eligible device from the list of pairing-eligible devices; and
  
  inferring an identity of the user from the selected pairing-eligible device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein generating and sending an interrogation request to a network resource comprises generating and sending an interrogation request to a router associated with a subnetwork to which the computing device is actively connected.
  - 3. The computer-implemented method of claim 2, wherein identifying one or more pairing-eligible devices actively connected to the network resource comprises identifying one or more computing devices actively connected to the router associated with the subnetwork.
  - 4. The computer-implemented method of claim 1, wherein generating and sending an interrogation request to a network resource comprises generating and sending an interrogation request to a calendaring server.
  - 5. The computer-implemented method of claim 4, wherein identifying one or more pairing-eligible device users associated with an event stored on the network resource comprising identifying one or more invited attendees associated with a calendaring event stored on the calendaring server, wherein the computing device is a resource associated with the calendaring event.
  - 6. The computer-implemented method of claim 1, wherein identifying pairing-eligible devices associated with the at least one encrypted token comprises:
    - decrypting the at least one encrypted token;
      
      identifying at least one pairing-eligible device user encoded in the at least one encrypted token; and
      
      querying an authentication directory for pairing-eligible devices associated with the at least one pairing-eligible device user.
  - 7. The computer-implemented method of claim 6, wherein querying an authentication directory for pairing-eligible devices associated with the at least one pairing-eligible device user comprises querying the authentication directory for predetermined device types.
  - 8. The computer-implemented method of claim 6, wherein generating a list of pairing-eligible devices associated with the at least one encrypted token comprises including predetermined device types in the list of pairing-eligible devices.
  - 9. The computer-implemented method of claim 1, wherein identifying pairing-eligible devices associated with the at least one encrypted token comprises:
    - making a determination as to whether a number of pairing-eligible devices associated with the at least one encrypted token exceeds a predetermined threshold value; and
      
      in response to a positive determination, requesting the identity of the user.
  - 10. The computer-implemented method of claim 1, further comprising:
    - sending a notification to the selected pairing-eligible device, wherein the notification comprises an authentication challenge;
      
      receiving an authentication challenge response;
      
      making a determination as to whether the authentication challenge response matches an expected response;
      
      in response to a positive determination, completing authentication for the user; and
      
      sending a signed token to the computing device enabling the user access to authorized resources.
  - 11. The computer-implemented method of claim 10, further comprising pairing the selected pairing-eligible device with the computing device as a secondary device on which the user is enabled to verify the user'"'"'s identity.

12. A system for discovering pairing-eligible devices for authentication, comprising:
- one or more processors for executing programmed instructions;
  
  memory, coupled to the one or more processors, for storing program instruction steps for execution by the computer processor;
  
  an authentication client operative to;
  
  generate and send an interrogation request to a network resource for identifying one or more pairing-eligible devices actively connected to the network resource or one or more pairing-eligible device users associated with an event stored on the network resource;
  
  in response to the interrogation request, receive at least one encrypted token, wherein the at least one encrypted token comprises a unique identifier associated with a pairing-eligible device of the one or more pairing-eligible devices actively connected to the network resource or a unique identifier associated with a pairing-eligible device user of the one or more pairing-eligible device users associated with an event stored on the network resource; and
  
  an authentication service operative to;
  
  identify pairing-eligible devices associated with the at least one encrypted token;
  
  generate a list of pairing-eligible devices associated with the at least one encrypted token;
  
  receive an indication of a selection of a pairing-eligible device from the list of pairing-eligible devices; and
  
  infer an identity of the user from the selected pairing-eligible device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein in generating and sending an interrogation request to a network resource for identifying one or more pairing-eligible devices actively connected to the network resource, the authentication client is operative to generate and send an interrogation request to a router associated with a subnetwork to which the computing device is actively connected for identifying one or more computing devices actively connected to the router associated with the subnetwork.
  - 14. The system of claim 12, wherein in generating and sending an interrogation request to a network resource for one or more pairing-eligible device users associated with an event stored on the network resource, the authentication client is operative to generate and send an interrogation request to a calendaring server for identifying one or more invited attendees associated with a calendaring event stored on the calendaring server, wherein the computing device is a resource associated with the calendaring event.
  - 15. The system of claim 12, wherein in identifying pairing-eligible devices associated with the at least one encrypted token, the authentication service comprises:
    - a token decryptor operative to;
      
      decrypt the at least one encrypted token; and
      
      identify at least one pairing-eligible device user encoded in the at least one encrypted token; and
      
      a pairing-eligible device discovery engine operative to query an authentication directory for pairing-eligible devices associated with the at least one pairing-eligible device user.
  - 16. The system of claim 15, wherein in querying an authentication directory for pairing-eligible devices associated with the at least one pairing-eligible device user, the pairing-eligible device discovery engine is operative to query the authentication directory for predetermined device types.
  - 17. The system of claim 15, wherein in generating a list of pairing-eligible devices associated with the at least one encrypted token, the pairing-eligible device discovery engine is operative to remove device types from the list of pairing-eligible devices that the user is not likely to have in possession during authentication.
  - 18. The system of claim 12, wherein in identifying pairing-eligible devices associated with the at least one encrypted token, the pairing-eligible device discovery engine is operative to:
    - make a determination as to whether a number of pairing-eligible devices associated with the at least one encrypted token exceeds a predetermined threshold value; and
      
      in response to a positive determination, request the identity of the user.
  - 19. The system of claim 12, wherein the authentication service further comprises an authentication engine operative to:
    - send a notification to the selected pairing-eligible device, wherein the notification comprises an authentication challenge;
      
      receive an authentication challenge response;
      
      make a determination as to whether the authentication challenge response matches an expected response;
      
      in response to a positive determination, complete authentication for the user; and
      
      send a signed token to the computing device enabling the user access to authorized resources.

20. A device for discovering pairing-eligible devices for authentication, the device operative to:
- generate and send an interrogation request to a network resource for identifying one or more pairing-eligible devices actively connected to the network resource or one or more pairing-eligible device users associated with an event stored on the network resource;
  
  in response to the interrogation request, receive at least one encrypted token, wherein the at least one encrypted token comprises a unique identifier associated with a pairing-eligible device of the one or more pairing-eligible devices actively connected to the network resource or a unique identifier associated with a pairing-eligible device user of the one or more pairing-eligible device users associated with an event stored on the network resource;
  
  generate a pairing device discovery request comprising the at least one encrypted token;
  
  send the pairing device discovery request to an authentication service for identifying pairing-eligible devices associated with the at least one encrypted token;
  
  receive a list of pairing-eligible devices associated with the at least one encrypted token;
  
  display a user interface comprising the list of pairing-eligible devices; and
  
  receive a selection of a pairing-eligible device from the list of pairing-eligible devices, wherein an identity of the user is inferred from the selected pairing-eligible device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Vincent, Benjamin Richard, Gopalakrishnan, Venkatesh, Fluegel, Jay

Granted Patent

US 9,942,223 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06Q 10/1095   Meeting or appointment

H04L 63/0853   using an additional device,...

H04W 12/06   Authentication

H04W 48/16   Discovering, processing acc...

H04W 76/14   Direct-mode setup

H04W 8/005   Discovery of network device...

AUTOMATED DEVICE DISCOVERY OF PAIRING-ELIGIBLE DEVICES FOR AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATED DEVICE DISCOVERY OF PAIRING-ELIGIBLE DEVICES FOR AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links