Security device provisioning

US 9,338,155 B2
Filed: 08/12/2013
Issued: 05/10/2016
Est. Priority Date: 02/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning a security token for a user, the method comprising:

receiving a security token provisioning request from a mobile device over a network;

in response to receiving the security token provisioning request, transmitting, to the mobile device over the network, an authentication request configured to prompt a user of the mobile device to provide authentication information related to a user identity;

receiving, from the mobile device over the network, the authentication information related to the user identity;

authenticating the user identity against an enterprise data store using the authentication information by comparing the authentication information with reference authentication information in the data store without the use of a unique token identifier from the security token;

initiating the extraction of the unique token identifier from the security token without intervention from the user in response to a successful authentication of the user identity, wherein initiating the extraction of the unique token identifier comprises transmitting instructions to a web enabled application for initiating a security application running on the mobile device to read the unique token identifier from the security token;

receiving, from the mobile device over the network, the extracted unique token identifier sent by the mobile device in response to a successful extraction of the unique token identifier;

in response to receiving the extracted unique token identifier from the mobile device, associating the unique token identifier with the user identity in the data store by storing the unique token identifier in the data store in association with the user identity; and

authenticating the user for access to a computing resource based at least partially upon a subsequent validation of the security token against the unique token identifier retrieved from the data store.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

30 Citations

View as Search Results

20 Claims

1. A method for provisioning a security token for a user, the method comprising:
- receiving a security token provisioning request from a mobile device over a network;
  
  in response to receiving the security token provisioning request, transmitting, to the mobile device over the network, an authentication request configured to prompt a user of the mobile device to provide authentication information related to a user identity;
  
  receiving, from the mobile device over the network, the authentication information related to the user identity;
  
  authenticating the user identity against an enterprise data store using the authentication information by comparing the authentication information with reference authentication information in the data store without the use of a unique token identifier from the security token;
  
  initiating the extraction of the unique token identifier from the security token without intervention from the user in response to a successful authentication of the user identity, wherein initiating the extraction of the unique token identifier comprises transmitting instructions to a web enabled application for initiating a security application running on the mobile device to read the unique token identifier from the security token;
  
  receiving, from the mobile device over the network, the extracted unique token identifier sent by the mobile device in response to a successful extraction of the unique token identifier;
  
  in response to receiving the extracted unique token identifier from the mobile device, associating the unique token identifier with the user identity in the data store by storing the unique token identifier in the data store in association with the user identity; and
  
  authenticating the user for access to a computing resource based at least partially upon a subsequent validation of the security token against the unique token identifier retrieved from the data store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - removing the association of the unique token identifier with the user identity in the data store;
      
      wherein the user is excluded from access to the computing resource based at least partially upon a failed validation of the security token against the unique token identifier retrieved from the data store.
  - 3. The method of claim 1, wherein the authentication request includes an authentication information entry form with form elements corresponding to the authentication information and receptive to user input thereof from the user on the mobile device.
  - 4. The method of claim 3, wherein authenticating the user identity against the enterprise data store includes:
    - receiving the authentication information entered into the authentication information entry form.
  - 5. The method of claim 3, wherein the authentication information entry form is a web page rendered by a browser application on the mobile device.
  - 6. The method of claim 1, wherein the data store is independent of the computing resource.
  - 7. The method of claim 1, wherein the authentication information is selected from a group consisting of:
    - a username identifier, a password, an out-of-band security token delivered via short message service (SMS), an out-of-band security token delivered via telephone, a static personal identification number, a knowledge-based answer, and a digital certificate.
  - 8. The method of claim 1, wherein an extended scheme attribute is used to associate the unique token identifier with the user identity in the data store.
  - 9. The method of claim 1, wherein the security application running on the mobile device is executed in an environment that is not a third party run-time environment.
  - 10. The method of claim 1, wherein the security application running on the mobile device is executed in a third party run-time environment.
  - 11. The method of claim 1, wherein the security token is a UmiKey device.
  - 12. The method of claim 1, wherein the security token is a Universal Serial Bus (USB) data storage device connectible to a corresponding USB port of the mobile device.

13. An article of manufacture comprising a non-transitory program storage medium readable by a data processing apparatus, the medium tangibly embodying one or more programs of instructions executable by the data processing apparatus to perform a method for provisioning a security token for a user for accessing a computing resource through a mobile device, the method comprising:
- receiving a security token provisioning request from the mobile device over a network;
  
  in response to receiving the security token provisioning request, transmitting, to the mobile device over the network, an authentication request configured to prompt the user of the mobile device to provide authentication information related to a user identity;
  
  receiving, from the mobile device over the network, the authentication information related to the user identity;
  
  authenticating the user identity against an enterprise data store using the authentication information by comparing the authentication information with reference authentication information in the data store without the use of a unique token identifier from the security token;
  
  initiating the extraction of the unique token identifier from the security token without intervention from the user in response to a successful authentication of the user identity, wherein initiating the extraction of the unique token identifier comprises transmitting instructions to a web enabled application for initiating a security application running on the mobile device to read the unique token identifier from the security token;
  
  receiving, from the mobile device over the network, the extracted unique token identifier sent by the mobile device in response to a successful extraction of the unique token identifier;
  
  in response to receiving the extracted unique token identifier from the mobile device, associating the unique token identifier with the user identity in the data store by storing the unique token identifier in the data store in association with the user identity; and
  
  authenticating the user for access to the computing resource based at least partially upon a subsequent validation of the security token against the unique token identifier retrieved from the data store.
- View Dependent Claims (14, 15, 16)
- - 14. The article of manufacture of claim 13, wherein the method further comprises:
    - removing the association of the unique token identifier with the user identity in the data store;
      
      wherein the user is excluded from access to the computing resource based at least partially upon a failed validation of the security token against the unique token identifier retrieved from the data store.
  - 15. The article of manufacture of claim 13, wherein the security application running on the mobile device is executed in a third party run-time environment.
  - 16. The article of manufacture of claim 13, wherein the security token is a Universal Serial Bus (USB) data storage device connectible to a corresponding USB port of the mobile device.

17. A computing system for provisioning a security token to a user for accessing a computing resource through a mobile device, the system comprising:
- one or more computer readable storage devices configured to store;
  
  a plurality of computer executable instructions;
  
  one or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the computing system to;
  
  receive a security token provisioning request from the mobile device over a network for the security token interfacing with the mobile device;
  
  in response to receiving the security token provisioning request, transmit, to the mobile device over the network, an authentication request configured to prompt a user of the mobile device to provide authentication information related to a user identity;
  
  receive, from the mobile device over the network, the authentication information related to the user identity;
  
  authenticate the user identity against an enterprise data store using the authentication information by comparing the authentication information with reference authentication information in the data store without the use of a unique token identifier from the security token;
  
  initiate the extraction of the unique token identifier from the security token without intervention from the user in response to a successful authentication of the user identity, wherein initiating the extraction of the unique token identifier comprises transmitting instructions to a web enabled application for initiating a security application running on the mobile device to read the unique token identifier from the security token;
  
  receive, from the mobile device over the network, the extracted unique token identifier in response to a successful extraction of the unique token identifier;
  
  in response to receiving the extracted unique token identifier from the mobile device, associate the unique token identifier with the user identity in the data store by storing the unique token identifier in the data store in association with the user identity; and
  
  authenticate the user for access to the computing resource based at least partially upon a subsequent validation of the security token against the unique token identifier retrieved from the data store.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the one or more hardware processors are further configured to execute the plurality of computer executable instructions in order to cause the computing system to:
    - remove the association of the unique token identifier with the user identity in the data store;
      
      wherein the user is excluded from access to the computing resource based at least partially upon a failed validation of the security token against the unique token identifier retrieved from the data store.
  - 19. The system of claim 17, wherein the security application running on the mobile device is executed in a third party run-time environment.
  - 20. The system of claim 17, wherein the security token is a Universal Serial Bus (USB) data storage device connectible to a corresponding USB port of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureAuth Incorporated
Original Assignee
SecureAuth Incorporated
Inventors
Quach, Allen Yu, Lo, Jeffrey Chiwai, Grajek, Garret Florian, Lambiase, Mark V.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US13/964,615
Publication Number

US 20130333013A1
Time in Patent Office

1,002 Days
Field of Search

726/4, 726/5, 726/6, 726/7, 713/201, 713/155, 713/186, 713/168
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 67/01   Protocols

H04L 9/3215   using a plurality of channe...

H04L 9/3228   One-time or temporary data,...

Security device provisioning

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security device provisioning

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links