SECURE MOBILE DEVICE TWO-FACTOR AUTHENTICATION
First Claim
1. A computing appliance for performing multi-factor authentication, the appliance comprising:
- one or more processors;
a computer-readable memory; and
an authentication program comprising executable instructions stored in the computer-readable memory, wherein the executable instructions direct the one or more processors to at least;
obtain a set of user credentials from a client computer, wherein the set of user credentials are associated with a user identity;
access a database containing a set of reference user credentials;
verify the user identity by comparing the set of user credentials with the set of reference user credentials;
determine a mobile device associated with the user identity;
generate a shared secret;
transmit the shared secret to the client computer to be displayed on the client computer;
transmit an authentication request to the mobile device, wherein the authentication request is configured to be accessed by an application on the mobile device in order to obtain a user-supplied secret;
obtain an authentication response from the mobile device;
upon obtaining the authentication response, verify the user-supplied secret matches the shared secret; and
upon verifying that the user-supplied secret matches the shared secret, provide the client computer access to a protected resource.
4 Assignments
0 Petitions
Accused Products
Abstract
A user of a computer seeking to access a protected resource must first authenticate with an authentication appliance. The user provides credentials to the authentication appliance for verification and for use in determining a mobile device associated with the user. The authentication appliance then dynamically generates a reference shared secret, such as an image, pattern, or key, which is also displayed to the user on the computer. The authentication appliance sends an authentication request to an application on the mobile device associated with the user. The application provides an interface in which the user may select, enter, draw, or reproduce the earlier-viewed shared secret on the mobile device. The user-provided secret is then compared to the reference shared secret. If the user-provided secret matches the reference shared secret, then the authentication appliance may provide the user or the computer access to the protected resource.
83 Citations
20 Claims
-
1. A computing appliance for performing multi-factor authentication, the appliance comprising:
-
one or more processors; a computer-readable memory; and an authentication program comprising executable instructions stored in the computer-readable memory, wherein the executable instructions direct the one or more processors to at least; obtain a set of user credentials from a client computer, wherein the set of user credentials are associated with a user identity; access a database containing a set of reference user credentials; verify the user identity by comparing the set of user credentials with the set of reference user credentials; determine a mobile device associated with the user identity; generate a shared secret; transmit the shared secret to the client computer to be displayed on the client computer; transmit an authentication request to the mobile device, wherein the authentication request is configured to be accessed by an application on the mobile device in order to obtain a user-supplied secret; obtain an authentication response from the mobile device; upon obtaining the authentication response, verify the user-supplied secret matches the shared secret; and upon verifying that the user-supplied secret matches the shared secret, provide the client computer access to a protected resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computerized method for performing multi-factor authentication, the method comprising:
by one or more hardware processors executing computing instructions; receiving a set of user credentials from a client computer, wherein the set of user credentials are associated with a user identity; accessing a database containing a set of reference user credentials; verifying the user identity by comparing the set of user credentials with the set of reference user credentials; determining a mobile device associated with the user identity; generating a shared secret; transmitting the shared secret to the client computer to be displayed on the client computer; transmitting an authentication request to the mobile device, wherein the authentication request is configured to be accessed by an application on the mobile device in order to obtain a user-supplied secret; receiving an authentication response from the mobile device; upon receiving the authentication response, verifying the user-supplied secret matches the shared secret; and upon verifying that the user-supplied secret matches the shared secret, providing the client computer access to a protected resource. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
16. A non-transitory computer storage medium which stores a mobile client application comprising executable code that directs a mobile device to perform a process comprising:
-
accessing an authentication request transmitted from an authentication appliance, wherein the authentication appliance is configured to; obtain a set of user credentials from a client computer, wherein the set of user credentials are associated with a user identity; access a database containing a set of reference user credentials; verify the user identity by comparing the set of user credentials with the set of reference user credentials; determine the mobile device, wherein the mobile device is associated with the user identity; generate a shared secret; transmit the shared secret to the client computer to be displayed on the client computer; transmit the authentication request to the mobile device, wherein the authentication request is configured to be accessed by the application in order to obtain a user-supplied secret; obtain an authentication response from the mobile device; upon obtaining the authentication response, verify the user-supplied secret matches the shared secret; and upon verifying that the user-supplied secret matches the shared secret, provide the client computer access to a protected resource; and generating an interactive authentication interface configured to allow a user of the mobile device to provide the user-supplied secret, wherein the user is associated with the user identity; obtaining, through the interactive authentication interface, the user-supplied secret from the user; and upon obtaining the user-supplied secret, sending the authentication response to the authentication appliance. - View Dependent Claims (17, 18, 19, 20)
-
Specification