Authentication based on path indicator from a server

US 9,231,942 B1
Filed: 10/18/2013
Issued: 01/05/2016
Est. Priority Date: 10/18/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

determining that a user account on a client device is to be authenticated;

determining whether an authentication token for the user account is stored locally on the client device;

transmitting a request for a path indicator to an authentication path server, the request comprising a user account identifier corresponding to the user account, the request indicating whether the authentication token is stored locally on the client device;

receiving the path indicator from the authentication path server,wherein the path indicator comprises a first path indicator for transmitting the authentication token if the request indicates the authentication token is stored locally on the client device;

wherein the path indicator comprises a second path indicator or a third path indicator if the request indicates no authentication token, the second path indicator corresponding to security challenges, the third path indicator corresponding to launching a new application;

selecting an authentication process based on the path indicator; and

performing the selected authentication process to authenticate the user account on the client device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and machine-readable media for selecting an authentication process are disclosed. A system is configured to determine whether a user account on a client device is to be authenticated. If the user account is to be authenticated, the system is configured to transmit a request for a path indicator to an authentication path server. The request includes a user account identifier corresponding to the user account. The authentication path server is configured to select the path indicator based on the user account identifier. The system is further configured to receive the path indicator from the authentication path server, select an authentication process based on the path indicator, and initiate the selected authentication process.

14 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- determining that a user account on a client device is to be authenticated;
  
  determining whether an authentication token for the user account is stored locally on the client device;
  
  transmitting a request for a path indicator to an authentication path server, the request comprising a user account identifier corresponding to the user account, the request indicating whether the authentication token is stored locally on the client device;
  
  receiving the path indicator from the authentication path server,wherein the path indicator comprises a first path indicator for transmitting the authentication token if the request indicates the authentication token is stored locally on the client device;
  
  wherein the path indicator comprises a second path indicator or a third path indicator if the request indicates no authentication token, the second path indicator corresponding to security challenges, the third path indicator corresponding to launching a new application;
  
  selecting an authentication process based on the path indicator; and
  
  performing the selected authentication process to authenticate the user account on the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-implemented method of claim 1, wherein the authentication process is selected from a predetermined number of possible authentication processes.
  - 3. The computer-implemented method of claim 1, wherein the selected authentication process based on the first path indicator comprises transmitting the locally stored authentication token corresponding to the user account to an identity server for authentication of the user account.
  - 4. The computer-implemented method of claim 3, wherein the authentication path server is separate from the identity server.
  - 5. The computer-implemented method of claim 1, wherein performing the selected authentication process based on the second path indicator comprises prompting a user to respond to a security challenge.
  - 6. The computer-implemented method of claim 5, wherein the security challenge is a “
    - Completely Automated Public Turing test to tell Computers and Humans Apart”
      
      (CAPTCHA) test.
  - 7. The computer-implemented method of claim 1, wherein performing the selected authentication process based on the third path indicator comprises launching the new application to continue the authentication process.
  - 8. The computer-implemented method of claim 1,wherein the request for the path indicator is transmitted to the authentication path server if the authentication token for the user account is stored locally on the client device.
  - 9. The computer-implemented method of claim 1, wherein the request further comprises at least one of a timestamp for the request, an application identifier for an application requesting authentication of the user account, and an identifier for the client device.
  - 10. The computer-implemented method of claim 1, wherein the request further comprises at least one of a current IP address for the client device, location coordinates of the client device, a network identifier for a network the client device is connected to, and a listing of visible wireless networks.
  - 11. The computer-implemented method of claim 1, wherein the authentication path server stores the request in a database.
  - 12. The computer-implemented method of claim 11, wherein the authentication path server accesses previously stored requests in the database and determine a path indicator for the request based on previously received requests for path indicators associated with the user account.

13. A system comprising:
- one or more processors; and
  
  a machine readable medium comprising instructions stored therein, which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  determining whether an authentication token for a user account to be authenticated is stored locally;
  
  transmitting a request for a path indicator to an authentication path server, the request comprising a user account identifier corresponding to the user account to be authenticated, the request indicating whether the authentication token is stored locally;
  
  receiving the path indicator from the authentication path server,wherein the path indicator comprises a first path indicator for transmitting the authentication token if the request indicates the authentication token is stored locally;
  
  wherein the path indicator comprises a second path indicator or a third path indicator if the request indicates no authentication token, the second path indicator corresponding to security challenges, the third path indicator corresponding to launching a new application;
  
  selecting an authentication process based on the path indicator; and
  
  performing the selected authentication process to authenticate the user account.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, where the selected authentication process based on the first path indicator comprises transmitting the locally stored authentication token corresponding to the user account to an identity server for authentication of the user account.
  - 15. The system of claim 13, wherein performing the selected authentication process based on the second path indicator comprises prompting a user on a client device to respond to a security challenge.
  - 16. The system of claim 13, wherein performing the selected authentication process based on the third path indicator comprises launching the new application on a client device to continue the authentication process.
  - 17. The system of claim 13, wherein the request for the path indicator is transmitted to the authentication path server if the authentication token for the user account is stored locally.

18. A non-transitory machine-readable medium comprising instructions stored therein, which when executed by a machine, cause the machine to perform operations comprising:
- transmitting a request for a path indicator to an authentication path server, the request comprising contextual information including an indication whether an authentication token for a user account to be authenticated is stored locally;
  
  receiving the path indicator from the authentication path server,wherein the path indicator corresponds to transmitting the authentication token if the contextual information indicates the authentication token is stored locally;
  
  wherein the path indicator corresponds to security challenges or launching a new application of the contextual information indicates no authentication token;
  
  selecting an authentication process based on the path indicator received from the authentication path server; and
  
  performing the selected authentication process to authenticate the user account.
- View Dependent Claims (19, 20)
- - 19. The non-transitory machine-readable medium of claim 18, wherein the authentication process is selected from a predetermined number of possible authentication processes.
  - 20. The non-transitory machine-readable medium of claim 18, wherein the operations further comprise determining whether the authentication token for the user account is stored locally, wherein the request for the path indicator is transmitted to the authentication path server based on the determination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Agarwal, Naveen, Pinkerton, Michael David
Primary Examiner(s)
Davis, Zachary A

Application Number

US14/058,151
Time in Patent Office

809 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/068   using time-dependent keys, ...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

Authentication based on path indicator from a server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication based on path indicator from a server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links