User-defined identity verification system

US 9,294,476 B1
Filed: 02/18/2015
Issued: 03/22/2016
Est. Priority Date: 02/18/2015
Status: Active Grant

First Claim

Patent Images

1. A user authentication system comprising:

one or more processors;

one or more storage memories; and

,a user authentication module comprising instructions for causing the one or more processors to execute a method of a user authentication application for providing authentication of a user, the method comprising;

receiving, by the one or more processors of the user authentication application, a primary log in factor to be associated with a user;

receiving from a server a request verification of one or more smart devices to be associated with the user after the user has been verified by the one or more smart devices;

determining a user identification list of one or more smart devices being verified by the server with a device authenticator, wherein the user authentication application receives the device authenticator sent from the one or more smart devices for server verification;

receiving a request for authentication of the user;

determining if one or more of the verified smart devices on the user identification list are within a defined vicinity of the user; and

,providing a user authentication if the primary log in factor provided with the request for authentication matches the primary log in factor associated with the user and one or more of the verified smart devices on the user identification list are within a defined vicinity of the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and application for providing a user authentication or verification of a user identity are provided. A primary log in factor is created by a user. In addition, one or more smart devices associated with the user are verified by the user to create a list of user authentication devices. Upon a request for user authentication, a combination of the correct primary log in factor and a determination that the user is within the vicinity of at least one of the user authentication devices on the list are used to determine the authenticity of the user. A user authentication may be used to unlock a secured application on a user device or to authenticate a transaction with a third party. Methods and machine-readable medium for user authentication are also provided.

114 Citations

32 Claims

1. A user authentication system comprising:
- one or more processors;
  
  one or more storage memories; and
  
  ,a user authentication module comprising instructions for causing the one or more processors to execute a method of a user authentication application for providing authentication of a user, the method comprising;
  
  receiving, by the one or more processors of the user authentication application, a primary log in factor to be associated with a user;
  
  receiving from a server a request verification of one or more smart devices to be associated with the user after the user has been verified by the one or more smart devices;
  
  determining a user identification list of one or more smart devices being verified by the server with a device authenticator, wherein the user authentication application receives the device authenticator sent from the one or more smart devices for server verification;
  
  receiving a request for authentication of the user;
  
  determining if one or more of the verified smart devices on the user identification list are within a defined vicinity of the user; and
  
  ,providing a user authentication if the primary log in factor provided with the request for authentication matches the primary log in factor associated with the user and one or more of the verified smart devices on the user identification list are within a defined vicinity of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, further comprising:
    - receiving, by one or more processors, a biometric factor to be associated with the user; and
      
      ,providing the user authentication if a biometric factor provided with the request for authentication matches the biometric factor associated with the user in addition to the primary log in factor matching and one or more of the smart devices being within the defined vicinity of the user.
  - 3. The system of claim 1, wherein verification of a new smart device comprises:
    - receiving, by the user authentication application, a request to enable a new smart device;
      
      receiving, by the user authentication application, a code from the server;
      
      receiving, by the user authentication application, a device authenticator from the new smart device after the user has been verified by the new smart device;
      
      receiving, by the user authentication application, confirmation from the server that a two factor authentication is complete; and
      
      ,saving, by the user authentication application, the device authenticator.
  - 4. The system of claim 3, wherein the device authenticator is a device token.
  - 5. The system of claim 3, wherein the device authenticator is a time-based one-time password (TOTP) code.
  - 6. The system of claim 1, wherein the user identification list comprises a plurality of verified smart devices located within a plurality of geographic locations.
  - 7. The system of claim 1, further comprising:
    - providing, by one or more processors, access to a secured application based on receiving the user authentication.
  - 8. The system of claim 1, further comprising:
    - providing, by one or more processors, confirmation of the user authentication to a third party.
  - 9. The system of claim 1, wherein verification of a new smart device comprises:
    - enabling a trusted device;
      
      scanning for device beacons;
      
      selecting the trusted device from a list of devices found by the scan;
      
      confirming the selected trusted device is trusted; and
      
      ,adding the trusted device to the user identification list.
  - 10. The system of claim 1, further comprising:
    - receiving, by one or more processors, a listing of approved locations; and
      
      ,not providing the user authentication if the request for authentication originates from a location not on the approved location listing.
  - 11. The system of claim 1, further comprising:
    - receiving, by one or more processors, a listing of approved Wi-Fi networks; and
      
      ,not providing the user authentication if the request for authentication originates from a network not on the approved Wi-Fi networks listing.
  - 12. The system of claim 1, further comprising:
    - providing, by one or more processors, an alternative authentication method if no smart devices on the user identification list are determined to be within the defined vicinity of the user.
  - 13. The system of claim 12, wherein the alternative authentication method comprises:
    - sending, by one or more processors, an authentication code to the user by one of a text message, a voice call, or a vendor authentication device;
      
      receiving, by one or more processors, a code from the user; and
      
      providing, by one or more processors, a user authentication if the primary log in factor provided with the request for authentication matches the primary log in factor associated with the user and the code received from the user matches the authentication code.

14. A user authentication system comprising:
- a user authentication server;
  
  a user device;
  
  a user authentication device; and
  
  ,a user authentication application comprising instructions for causing the server, the user device and the one or more authentication devices to execute a method for providing authentication of a user, the method comprising;
  
  inputting, on the user device, a log in request and a primary log in factor;
  
  sending, from the user device, the log in request and primary log in factor to the user authentication server;
  
  sending, from the user authentication server, a push notification with a device token to the user authentication device, which is separate from the user device, for requesting verification of the user authentication device, the user device receiving the device token sent from the user authentication device for server verification;
  
  sending, from the user device, the device token to the user authentication server after the user is verified by the user authentication device; and
  
  ,sending, by the user authentication server, a user authentication if the primary loci in factor and the device token are acceptable to the user device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 15. The system of claim 14, wherein the primary log in factor is a password.
  - 16. The system of claim 14, wherein the primary log in factor is a biometric factor associated with the user.
  - 17. The system of claim 14, further comprising verification of a new user authentication device by:
    - receiving, by the user authentication application, a request to enable a new user authentication device;
      
      receiving, by the user authentication application, a code from the server;
      
      receiving, by the user authentication application, a device authenticator from the new user authentication device after the user has verified the new user authentication device;
      
      receiving, by the user authentication application, confirmation from the server that a two factor authentication is complete; and
      
      ,saving, by the user authentication application, the device authenticator.
  - 18. The system of claim 17, wherein the device authenticator is a device token.
  - 19. The system of claim 17, wherein the device authenticator is a time-based one-time password (TOTP) code.
  - 20. The system of claim 14, further comprisinga plurality of user authentication devices located within a plurality of geographic locations.
  - 21. The system of claim 14, further comprising:
    - providing confirmation of the user authentication to a third party.
  - 22. The system of claim 14, further comprising verification of a new user authentication device by:
    - enabling a trusted device;
      
      scanning for device beacons;
      
      selecting the trusted device from a list of devices found by the scan;
      
      confirming the selected trusted device is trusted; and
      
      ,adding the trusted device to a list of user authentication devices associated with a user.
  - 23. The system of claim 14, further comprising:
    - receiving a listing of approved locations; and
      
      ,not providing the user authentication if the log in request originates from a location not on the approved location listing.
  - 24. The system of claim 14, further comprising:
    - receiving a listing of approved Wi-Fi networks; and
      
      ,not providing the user authentication if the log in request originates from a network not on the approved Wi-Fi networks listing.
  - 25. The system of claim 14, further comprising:
    - providing an alternative authentication method if the token is not acceptable.
  - 26. The system of claim 25, wherein the alternative authentication method comprises:
    - sending an authentication code to a user by one of a text message, a voice call, or a vendor authentication device;
      
      receiving a code from the user; and
      
      providing a user authentication if the primary log in factor provided with the log in request matches a primary log in factor associated with the user and the code received from the user matches the authentication code.
  - 27. The post transaction order modification system of claim 14, wherein the user authentication is sent to the user device and further comprising:
    - providing, on the user device, access to a secured application.

28. A non-transitory machine-readable storage medium comprising machine readable instructions for causing a processor to execute a method for providing authentication of a user, the method comprising:
- receiving, by the processor, a request for authentication of the user from a user device;
  
  determining if a password provided with the request for authentication matches the master password associated with the user;
  
  sending a push notification with a device token to a user authentication device, which is separate from the user device, for requesting verification of the user authentication device, the user device receiving the device token sent from the user authentication device for server verification, a user authentication server receiving the device token from the user device after the user is verified by the user authentication device;
  
  determining if the user authentication device is within a defined vicinity of the user;
  
  providing a user authentication if the password provided with the request for authentication matches the master password associated with the user and the user authentication device associated with the user is within a defined vicinity of the user; and
  
  ,providing, on a display of the user device, an access screen of a secured application.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The non-transitory machine-readable storage medium of claim 28, further comprising machine readable instructions for:
    - associating an additional authentication device with the user by;
      
      providing, on the display, a selector for adding an authentication device;
      
      receiving, by the processor, a code;
      
      providing, on the additional authentication device, a verification selector;
      
      receiving, by the processor, a device authenticator from the additional authentication device after the user has activated the verification selector on the additional authentication device; and
      
      ,saving, in a memory, the device authenticator in association with the user.
  - 30. The non-transitory machine-readable storage medium of claim 28, further comprising machine readable instructions for:
    - associating an additional authentication device with the user by;
      
      enabling a device associated with the user;
      
      scanning for device beacons in the vicinity of the user;
      
      selecting the device associated with the user from a list of devices found by the scan;
      
      confirming the selected device is a trusted device; and
      
      ,adding the trusted device to a list of authentication devices associated with the user.
  - 31. The non-transitory machine-readable storage medium of claim 28, further comprising machine readable instructions for:
    - providing the user authentication only if the request for authentication originates from a location on a user approved location listing.
  - 32. The non-transitory machine-readable storage medium of claim 28, further comprising machine readable instructions for:
    - providing the user authentication only if the request for authentication originates from a network on a user approved Wi-Fi networks listing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Keeper Security, Inc.
Original Assignee
Keeper Security, Inc.
Inventors
Lurey, Craig, Guccione, Darren
Primary Examiner(s)
Chai, Longbit

Application Number

US14/625,021
Time in Patent Office

398 Days
Field of Search

713/172
US Class Current

1/1
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04W 12/06   Authentication

H04W 12/33   using wearable devices, e.g...

H04W 12/64   using geofenced areas

H04W 4/80   Services using short range ...

User-defined identity verification system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

114 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

User-defined identity verification system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links