Possession of synchronized data as authentication factor in online services
First Claim
1. A computer-implemented method for user authentication, comprising:
- storing on a non-transitory computer-readable storage medium server data synchronized with client data on one or more client devices associated with a user;
receiving an authentication request for authenticating the user;
identifying a level of authentication associated with the authentication request from a plurality of levels of authentication;
transmitting a data request to the one or more client devices, the data request requesting attributes of the client data, the requested attributes of the client data determined responsive to the level of authentication associated with the authentication request;
receiving from the one or more client devices the requested attributes of the client data;
verifying the received attributes of the client data based on the stored server data to determine whether the received attributes meet the level of authentication associated with the authentication request;
responsive to the received attributes meeting the level of authentication associated with the authentication request, determining that the user is successfully authenticated; and
responsive to the received attributes not meeting the level of authentication associated with the authentication request, requesting additional attributes of the client data for verification.
5 Assignments
0 Petitions
Accused Products
Abstract
A user'"'"'s possession of synchronized data is used as an authentication factor. When the user requests an authentication configuration change, an authentication server requests the user to prove possession of synchronized data for that user. The user launches an authentication module on a client device hosting a local copy of the synchronized data. The authentication module creates a hash of the local copy and transmits the hash to the authorization server. Upon successfully verifying the received hash using a server copy of the synchronized data, the authentication server considers the user authorized and thus allows the user to make the authorization configuration change.
37 Citations
20 Claims
-
1. A computer-implemented method for user authentication, comprising:
-
storing on a non-transitory computer-readable storage medium server data synchronized with client data on one or more client devices associated with a user; receiving an authentication request for authenticating the user; identifying a level of authentication associated with the authentication request from a plurality of levels of authentication; transmitting a data request to the one or more client devices, the data request requesting attributes of the client data, the requested attributes of the client data determined responsive to the level of authentication associated with the authentication request; receiving from the one or more client devices the requested attributes of the client data; verifying the received attributes of the client data based on the stored server data to determine whether the received attributes meet the level of authentication associated with the authentication request; responsive to the received attributes meeting the level of authentication associated with the authentication request, determining that the user is successfully authenticated; and responsive to the received attributes not meeting the level of authentication associated with the authentication request, requesting additional attributes of the client data for verification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for user authentication, comprising:
-
transmitting to an authentication server first client data retrieved from a non-transitory computer-readable storage medium in a client device associated with a user, the authentication server configured to store server data synchronized with client data received from one or more client devices associated with the user; transmitting to the authentication server an authentication request for authenticating the user, the authentication server configured to identify a level of authentication associated with the authentication request from a plurality of levels of authentication and to transmit a data request to the one or more client devices associated with the user, the data request requesting attributes of the client data, the requested attributes of the client data determined responsive to the level of authentication associated with the authentication request; responsive to receiving the data request, applying a cryptographic hash function to the first client data to generate a hash value; and transmitting the generated hash value to the authentication server, the authentication server configured to; verify the generated hash value and any other attributes of client data received from other client devices to determine whether the received attributes meet the level of authentication associated with the authentication request; responsive to the received attributes meeting the level of authentication associated with the authentication request, determine that the user is successfully authenticated; and responsive to the received attributes not meeting the level of authentication associated with the authentication request, requesting additional attributes of the client data for verification. - View Dependent Claims (10, 11, 12)
-
-
13. A computer system for user authentication, comprising:
a non-transitory computer-readable storage medium storing executable computer program code, the computer program code comprising program code for; storing server data synchronized with client data on one or more client devices associated with a user; receiving an authentication request for authenticating the user; identifying a level of authentication associated with the authentication request from a plurality of levels of authentication; transmitting a data request to the one or more client devices, the data request requesting attributes of the client data, the requested attributes of the client data determined responsive to the level of authentication associated with the authentication request; receiving from the one or more client devices the requested attributes of the client data; verifying the received attributes of the client data based on the stored server data to determine whether the received attributes meet the level of authentication associated with the authentication request; responsive to the received attributes meeting the level of authentication associated with the authentication request, determining that the user is successfully authenticated; and responsive to the received attributes not meeting the level of authentication associated with the authentication request, requesting additional attributes of the client data for verification. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
Specification