Mobile security fob

US 9,124,582 B2
Filed: 02/20/2013
Issued: 09/01/2015
Est. Priority Date: 02/20/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

causing, by one or more computer servers, initiation of a pairing process that occurs directly between a client computing system and a mobile security fob that is associated with a device identifier that uniquely identifies the mobile security fob;

receiving, from the client computing system by the one or more computer servers, a request to perform an action on the one or more computer servers, with the request comprising information identifying a user associated with the client computing system;

retrieving by the one or more computer servers a user profile of the user of the client computing system, with the user profile including the device identifier assigned to the mobile security fob that uniquely identifies the mobile security fob;

generating, by the one or more computer servers, an encrypted authentication token to authenticate that the user is authorized to perform the action;

causing by the one or more computer servers the authentication token to be transmitted, via the client computing system, to the mobile security fob that is already paired with the client computing system;

receiving, by the one or more computer servers, the encrypted authentication token and the device identifier;

determining by the one or more computer servers whether the mobile security fob paired with the client computing system sent the device identifier; and

performing, by the one or more computer servers, authentication when there are matches between the authentication token and the device identifierauthenticating by the one or more servers by using the device identifier to identify an association between the device identifier and a key;

decrypting the encrypted authentication token associated with device identifier using the key to produce a decrypted version of authentication token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method comprising: receiving, from a primary factor authentication device by one or more computer systems, a request to enroll a mobile device as a secondary factor authentication device; and

- enrolling by the one or more computer systems the mobile device as a first, secondary factor authentication device.

Citations

19 Claims

1. A computer-implemented method comprising:
- causing, by one or more computer servers, initiation of a pairing process that occurs directly between a client computing system and a mobile security fob that is associated with a device identifier that uniquely identifies the mobile security fob;
  
  receiving, from the client computing system by the one or more computer servers, a request to perform an action on the one or more computer servers, with the request comprising information identifying a user associated with the client computing system;
  
  retrieving by the one or more computer servers a user profile of the user of the client computing system, with the user profile including the device identifier assigned to the mobile security fob that uniquely identifies the mobile security fob;
  
  generating, by the one or more computer servers, an encrypted authentication token to authenticate that the user is authorized to perform the action;
  
  causing by the one or more computer servers the authentication token to be transmitted, via the client computing system, to the mobile security fob that is already paired with the client computing system;
  
  receiving, by the one or more computer servers, the encrypted authentication token and the device identifier;
  
  determining by the one or more computer servers whether the mobile security fob paired with the client computing system sent the device identifier; and
  
  performing, by the one or more computer servers, authentication when there are matches between the authentication token and the device identifierauthenticating by the one or more servers by using the device identifier to identify an association between the device identifier and a key;
  
  decrypting the encrypted authentication token associated with device identifier using the key to produce a decrypted version of authentication token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 19)
- - 2. The computer-implemented method of claim 1 wherein the device identifier is a first device identifier, the authentication token is a first authentication token and the method further comprises:
    - receiving, by the one or more computer servers, a second authentication token and a second device identifier;
      
      determining whether the mobile security fob paired with the client computing system sent the second device identifier, by determining whether the first authentication token that was transmitted to the mobile security fob paired with the client computing system matches the second authentication token and whether the second device identifier matches the device identifier of the mobile security fob paired with the client computing system included in the user profile; and
      
      performing, by the one or more computer servers, the requested action when there are matches between the first and second authentication tokens and the first and second device identifiers.
  - 3. The computer-implemented method of claim 1, wherein the client computing system is a primary factor authentication device, the mobile security fob is a secondary factor authentication device and wherein the method further comprises:
    - performing automatic secondary factor authentication independent of entry by the user of secondary factor authentication information, with the secondary factor authentication being based on the second authentication token.
  - 4. The computer-implemented method of claim 1, wherein at least one of the one or more computer servers include a business processing application, and wherein the method further comprises:
    - receiving, from the mobile security fob that is paired with the client computing system, an encrypted version of the authentication token and the device identifier of the mobile security fob;
      
      retrieving, based on the device identifier of the mobile security fob, the key associated with the device identifier of the mobile security fob;
      
      andtransmitting, to the business processing application, the decrypted version of the first authentication token and the first device identifier of the mobile security fob.
  - 5. The computer-implemented method of claim 1, further comprising:
    - based on the determined matches, confirming by one or more computer servers that the mobile security fob is in proximity to the client computing system, wherein the confirmation comprises secondary factor authentication that the user is authorized to request performance of the action.
  - 6. The computer-implemented method of claim 1, wherein the mobile security fob is enrolled ahead of time with the one or more computer servers as a secondary factor authentication device, to promote automatic secondary factor authentication.
  - 7. The computer-implemented method of claim 2, further comprising:
    - updating the user profile with information indicative of the first authentication token;
      
      in response to receiving the second authentication token and the second device identifier,accessing a user profile that is associated in a data repository with information corresponding to the second device identifier, with the accessed user profile corresponding to the updated user profile;
      
      analyzing contents of the accessed user profile; and
      
      based on analyzing, determining the matches.
  - 19. The computer-implemented method of claim 2, wherein the mobile security fob is a first mobile security fob, and wherein receiving the second authentication token and the second device identifier comprises:
    - receiving, from a second mobile security fob via one or more authentication servers, a decrypted version of the second authentication token.

8. A computer program product tangibly stored on a computer readable storage device, the computer program product comprising instructions for causing one or more computer servers to:
- cause transmission of a paring instruction to initiate a pairing process that occurs directly between a client computing system and a mobile security fob that is associated with a device identifier that uniquely identifies the mobile security fob;
  
  receive, from the client computing system, a request to perform an action on the one or more computer servers, with the request comprising information identifying a user associated with the client computing system;
  
  retrieve a user profile of the user of the client computing system, with the user profile including the device identifier assigned to the mobile security fob that uniquely identifies the mobile security fob;
  
  generate a encrypted authentication token to authenticate that the user is authorized to perform the action;
  
  cause the authentication token to be transmitted, via the client computing system, to the mobile security fob that is already paired with the client computing system;
  
  receive the authentication token and the device identifier;
  
  determine whether the mobile security fob paired with the client computing system sent the device identifierperform authentication when there are matches between the authentication token and the device identifier;
  
  authenticate using the device identifier to identify an association between the device identifier and a key;
  
  decrypt the authentication token associated with device identifier using the key to produce a decrypted version of authentication token.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, wherein the device identifier is a first device identifier, the authentication token is a first authentication token the instructions further cause the one or more computer servers to:
    - receive a second authentication token and a second device identifier;
      
      determine whether the mobile security fob paired with the client computing system sent the second device identifier, by determining whether the first authentication token that was transmitted to the mobile security fob paired with the client computing system matches the second authentication token and whether the second device identifier matches the first device identifier of the mobile security fob paired with the client computing system included in the user profile; and
      
      perform the requested action when there are matches between the first and second authentication tokens and the first and second device identifiers.
  - 10. The computer program product of claim 8, wherein the client computing system is a primary factor authentication device, the mobile security fob is a secondary factor authentication device, and wherein the instructions further cause the one or more computer servers to:
    - perform automatic secondary factor authentication independent of entry by the user of secondary factor authentication information, with the secondary factor authentication being based on the second authentication token.
  - 11. The computer program product of claim 8, wherein the one or more computer servers includes a business processing application, and wherein the instructions further cause the one or more computer servers to:
    - receive, from the mobile security fob that is paired with the client computing system, an encrypted version of the authentication token and the device identifier of the mobile security fob;
      
      retrieve, based on the device identifier of the mobile security fob, the key associated with the device identifier of the mobile security fob;
      
      andtransmit, to the business processing application, the decrypted version of the first authentication token and the first device identifier of the mobile security fob.
  - 12. The computer program product of claim 8, wherein the instructions further cause the one or more computer servers to:
    - based on the determined matches, confirm that the mobile security fob is in proximity to the client computing system, wherein the confirmation comprises secondary factor authentication that the user is authorized to request performance of the action.
  - 13. The computer program product of claim 9, wherein the instructions further cause the one or more computer servers to:
    - update the user profile with information indicative of the first authentication token;
      
      in response to receiving the second authentication token and the second device identifier,access a user profile that is associated in a data repository with information corresponding to the second device identifier, with the accessed user profile corresponding to the updated user profile;
      
      analyze contents of the accessed user profile; and
      
      based on the analysis, determine the matches.

14. An apparatus comprising:
- one or more server computers in communication, each server comprising;
  
  a processor;
  
  memory, coupled to the processor;
  
  with the one or more server computers configured tocause a pairing instruction to be sent to a client device to cause a direct pairing between the client computing system and a mobile security fob that is associated with a device identifier that uniquely identifies the mobile security fob;
  
  receive, from the client computing system, a request to perform an action on the one or more computer servers, with the request comprising information identifying a user associated with the client computing system;
  
  retrieve a user profile of the user of the client computing system, with the user profile including the device identifier assigned to the mobile security fob that uniquely identifies the mobile security fob;
  
  generate an encrypted authentication token to authenticate that the user is authorized to perform the action;
  
  cause the authentication token to be transmitted, via the client computing system, to the mobile security fob that is already paired with the client computing system;
  
  receive the authentication token and the device identifier;
  
  determine whether the mobile security fob paired with the client computing system sent the device identifier;
  
  perform authentication when there are matches between the authentication token and the device identifier;
  
  authenticate using the device identifier to identify an association between the device identifier and a key;
  
  decrypt an encrypted version of the authentication token associated with device identifier using the key to produce a decrypted version of authentication token.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The apparatus of claim 14, wherein the client computing system is a primary factor authentication device, the mobile security fob is a secondary factor authentication device, and wherein the instructions further cause the one or more computer servers to:
    - perform automatic secondary factor authentication independent of entry by the user of secondary factor authentication information, with the secondary factor authentication being based on the second authentication token.
  - 16. The apparatus of claim 14, wherein the processor includes one or more authentication servers and a business processing application, and wherein the instructions further cause the processor to:
    - receive, from the mobile security fob that is paired with the client computing system, an encrypted version of the authentication token and the device identifier of the mobile security fob;
      
      retrieve, based on the device identifier of the mobile security fob, the key associated with the device identifier of the mobile security fob;
      
      andtransmit, to the business processing application, the decrypted version of the first authentication token and the device identifier of the mobile security fob.
  - 17. The apparatus of claim 14, apparatus is further configured to:
    - based on the determined matches, confirm that the mobile security fob is in proximity to the client computing system, wherein the confirmation comprises secondary factor authentication that the user is authorized to request performance of the action.
  - 18. The apparatus of claim 14, wherein the apparatus is further configured to:
    - update the user profile with information indicative of the first authentication token;
      
      in response to receiving the second authentication token and the device identifier,access a user profile that is associated in a data repository with information corresponding to the device identifier, with the accessed user profile corresponding to the updated user profile;
      
      analyze contents of the accessed user profile; and
      
      based on the analysis, determine the matches.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FMR LLC
Original Assignee
FMR LLC
Inventors
Kalinichenko, Boris, Ferra, Joseph G.
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US13/771,193
Publication Number

US 20140237236A1
Time in Patent Office

923 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/43   wireless channels

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/18   using different networks or...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Mobile security fob

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile security fob

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links