Two-factor authentication systems and methods

US 9,210,150 B2
Filed: 11/04/2013
Issued: 12/08/2015
Est. Priority Date: 10/25/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

sending, by authorization server, a first permission request to a mobile device associated with a user, wherein the permission request is to perform an action, and wherein the mobile device includes a memory having stored thereon instructions that are capable of causing the mobile device to display a message that permits a user to select whether to automate a response for future permission requests for the same action if at least one automation criterion is satisfied;

subsequently sending, by the authorization server, a second permission request to the mobile device to perform the same action; and

receiving, at the authorization server, a response to the second permission request that is automatically generated by the mobile device based on user input received at the mobile device in response to the message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authenticating defined user actions over a computer network. An authentication service receives an authentication request from an authenticating service to perform an action on behalf of a user. The authentication service then sends a permission request to a mobile device associated with the user, asking the user whether or not the action should be allowed. The user sends a permission response via the mobile device to the authentication service, granting or denying the action. The user may automate future similar responses so long as at least one automation criterion is met (e.g., the physical location of the mobile device), eliminating the need to manually provide a response to future permission requests. Information necessary to determine whether the automation criterion is met is stored locally on the mobile device.

Citations

21 Claims

1. A method, comprising:
- sending, by authorization server, a first permission request to a mobile device associated with a user, wherein the permission request is to perform an action, and wherein the mobile device includes a memory having stored thereon instructions that are capable of causing the mobile device to display a message that permits a user to select whether to automate a response for future permission requests for the same action if at least one automation criterion is satisfied;
  
  subsequently sending, by the authorization server, a second permission request to the mobile device to perform the same action; and
  
  receiving, at the authorization server, a response to the second permission request that is automatically generated by the mobile device based on user input received at the mobile device in response to the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the at least one automation criterion is based on a geographic location of the mobile device.
  - 3. The method of claim 1, wherein the at least one automation criterion is based on biometric information associated with said user.
  - 4. The method of claim 1, wherein the at least one automation criterion is based on a digital fingerprint of said user.
  - 5. The method of claim 1, wherein the at least one automation criterion is based on recognition of a voice of said user.
  - 6. The method of claim 1, wherein the at least one automation criterion is based on a combination of geographic location, biometric information, and/or contextual information.
  - 7. The method of claim 1, wherein the first permission request requests information corresponding to a gesture-based response from the user.
  - 8. The method of claim 1, wherein the permission request is sent from an on-premise installation.

9. A non-transitory computer-readable medium having computer instructions stored thereon that are capable of causing a mobile device to perform operations comprising:
- receiving a first permission request to perform an action from an authorization server;
  
  causing display of a message that permits a user to select whether to automate a response for future permission requests for the same action if at least one automation criterion is satisfied;
  
  receiving first user input responsive to the message;
  
  after receiving the first user input, receiving a second permission request from the authorization server to perform the same action;
  
  determining that the at least one automation criterion is met for the second permission request; and
  
  in response to the determining, automatically responding to the second permission request based on the first user input without requesting additional user input indicating whether to grant or deny the second permission request.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The non-transitory computer-readable medium of claim 9, wherein the at least one automation criterion includes a criterion that the mobile device is physically located within a geographic area in which the user selected the automated response.
  - 11. The non-transitory computer-readable medium of claim 9, wherein the at least one automation criterion includes a criterion that the permission request and the second permission request each specify the same:
    - authorization service, user account, action, and device requesting the action.
  - 12. The non-transitory computer-readable medium of claim 9, wherein the permission request is received as a subsequent factor to an initial factor in a multifactor authorization procedure for the action.
  - 13. The non-transitory computer-readable medium of claim 9, wherein the action is requested via a computing device that is different than the mobile device.
  - 14. The non-transitory computer-readable medium of claim 9, wherein the operations further comprise:
    - transmitting a pre-seeded automatic response to a device associated with the permission requests in response to detecting a change in at least one automation criterion.
  - 15. The non-transitory computer-readable medium of claim 9, wherein the action is an authentication action.

16. A method, comprising:
- a mobile device receiving, from an authorization server, a permission request to perform an action;
  
  the mobile device causing display of a message that permits a user to select whether to automate a response for future permission requests for the same action if at least one automation criterion is satisfied;
  
  the mobile device receiving first user input responsive to the message;
  
  the mobile device, after receiving the first user input, receiving a second permission request from the authorization server to perform the same action;
  
  the mobile device determining that the at least one automation criterion is met for the second permission request; and
  
  in response to the determining, the mobile device automatically responding to the second permission request based on the first user input without requesting user input indicating whether to grant or deny the second permission request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the at least one automation criterion includes a criterion that the permission request and the second permission request each specify the same:
    - authorization service, user account, action, and device requesting the action.
  - 18. The method of claim 16, wherein the permission request is received from an authorization service and wherein the mobile device is paired with the authorization service.
  - 19. The method of claim 16, wherein the at least one automation criterion includes a criterion associated with:
    - biometric information for the user or a digital fingerprint of the user.
  - 20. The method of claim 16, wherein the action is an access to a physical area or object.

21. A mobile device, comprising:
- at least one antenna;
  
  one or more processing elements coupled to the at least one antenna;
  
  one or more memories having program instructions stored thereon that are capable of causing the mobile device to;
  
  receive, from an authorization server, a permission request to perform an action;
  
  display an option to select an automated response for future permission requests for the same action, based on at least one automation criterion;
  
  receive user input selecting an automated response;
  
  receive a subsequent permission request to perform an action for the user;
  
  determine that the at least one automation criterion is met for the subsequent permission request; and
  
  in response to the determining, automatically respond to the subsequent permission request, without receiving user input indicating to grant or deny the subsequent permission request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Grim, Evan Tyler, Alexander, Josh
Primary Examiner(s)
Chai, Longbit

Application Number

US14/071,637
Publication Number

US 20140068723A1
Time in Patent Office

764 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/68   Gesture-dependent or behavi...

Two-factor authentication systems and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Two-factor authentication systems and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links