TWO FACTOR AUTHENTICATION WITH AUTHENTICATION OBJECTS

US 20190312858A1
Filed: 06/25/2019
Published: 10/10/2019
Est. Priority Date: 06/26/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

providing a graphical user interface that makes an authentication object available for selection, the graphical user interface including graphical representations of sets of actions for authenticating by corresponding service provider systems, including a graphical representation that represents a set of actions for authenticating an identity by a service provider system;

receiving user input indicating selection of the authentication object; and

in response to the receiving the user input indicating selection of the authentication object, performing the set of actions for authenticating the identity by the service provider system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.

Citations

20 Claims

1. A computer-implemented method, comprising:
- providing a graphical user interface that makes an authentication object available for selection, the graphical user interface including graphical representations of sets of actions for authenticating by corresponding service provider systems, including a graphical representation that represents a set of actions for authenticating an identity by a service provider system;
  
  receiving user input indicating selection of the authentication object; and
  
  in response to the receiving the user input indicating selection of the authentication object, performing the set of actions for authenticating the identity by the service provider system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, further comprising obtaining a request to authenticate the identity from a first device.
  - 3. The computer-implemented method of claim 2, wherein the graphical user interface that makes the authentication object available for selection is provided on a second device that is separate from the first device.
  - 4. The computer-implemented method of claim 3, wherein the user input indicating selection of the authentication object is received from the second device.
  - 5. The computer-implemented method of claim 1, wherein the authentication object encodes:
    - a set of credentials usable to authenticate the identity; and
      
      an access policy that specifies a permitted use or a restriction on use of the authentication object.
  - 6. The computer-implemented method of claim 1, wherein the authentication object is associated with a set of actions for authenticating the identity.
  - 7. The computer-implemented method of claim 1, wherein performing the set of actions comprises:
    - obtaining an authentication claim generated based at least in part on a request from a first device to authenticate the identity from the first device and a set of credentials encoded in the authentication object selected from a second device; and
      
      causing, at least in part by providing the authentication claim to a computing resource service provider system, the authentication claim to be used to authenticate the identity.

8. A system, comprising:
- one or more computing devices including one or more processors and memory, the memory including executable instructions that, as a result of execution by the one or more processors, cause the system to;
  
  receive an authentication object usable to authenticate an identity to a service provider system, the authentication object selected via a graphic interface including graphical representations of sets of actions for authenticating by corresponding systems including the service provider system; and
  
  provide an authentication claim to the service provider system to facilitate performance of an operation involving interaction with the service provider system, the authentication claim generated based on the authentication object.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the authentication object encodes a policy that specifies a type of access associated with the authentication object.
  - 10. The system of claim 8, wherein the authentication object encodes a set of credentials sufficient to authenticate an identity to a service provider system.
  - 11. The system of claim 10, wherein the executable instructions further cause the system to generate an authentication claim based at least in part on the set of credentials encoded in the authentication object.
  - 12. The system of claim 11, wherein the authentication claim corresponds to a request from a first computing device to authenticate an identity.
  - 13. The system of claim 12, wherein the authentication object usable to authenticate the identity to the service provider system is received from a second computing device that is separate from the first computing device.

14. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a first computer system, cause the first computer system to at least:
- cause, as a result of an attempt by the first computer system to access a resource of a service provider, a graphical user interface to be displayed on a second computer system, the graphical user interface including a plurality of graphical representations including a graphical representation that represents a set of actions for authenticating an identity by a service provider system, andgenerate, based at least in part on a set of credentials received as a result of a selection from the plurality of graphical representations made via the second computer system, an authentication claim sufficient to authenticate with the service provider.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein at least a portion of the plurality of graphical representations are associated with a set of actions for authenticating the identity with a service provider.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein at least a portion of the plurality of graphical representations are associated with a set of policies specifying permitted uses or restrictions associated with the plurality of graphical representations.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein at least a portion of the plurality of graphical representations are associated with a set of credentials usable to authenticate the identity with the service provider.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the executable instructions further comprise instructions that cause the first computer system to access the resource of the service provider at least in part by providing the authentication claim to the service provider for authentication.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the executable instructions further comprise instructions that cause the first computer system to:
    - provide additional authentication information in response to a request by at least displaying an indication of one or more user actions to perform in order to confirm an operation of the second computer system; and
      
      obtain an indication that at least one user action of the one or more user actions has been performed.
  - 20. The non-transitory computer-readable storage medium of claim 14, wherein the executable instructions further comprise instructions that cause the first computer system to determine a state of the second computer system based at least in part on:
    - biometric information obtained using one or more sensors of the second computer system; and
      
      network information obtained using the one or more sensors of the second computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Johansson, Jesper Mikael, Roth, Gregory Branchek

Granted Patent

US 11,451,528 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/45   Structures or tools for the...

G09C 1/00   Apparatus or methods whereb...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 9/3215   using a plurality of channe...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3278   using physically unclonable...

TWO FACTOR AUTHENTICATION WITH AUTHENTICATION OBJECTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TWO FACTOR AUTHENTICATION WITH AUTHENTICATION OBJECTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links