Authentication using device ID

US 9,378,345 B2
Filed: 04/29/2014
Issued: 06/28/2016
Est. Priority Date: 04/29/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by an authentication server and from a user device, an authentication request, wherein the authentication request comprises device attributes of the user device and wherein the authentication request further includes login information of a user;

determine, by the authentication server, whether the login information is valid;

responsive to determining that the login information is valid, generating, by the authentication server, a first device identifier identifying the user device from which the authentication request was received using the device attributes of the user device from which the authentication request was received, the first device identifier includes randomly generated characters that uniquely identify the user device from which the authentication request was received and the first device identifier is generated based on the device attributes that uniquely identify the user device from which the authentication request was received;

creating, by the authentication server, an authentication token, wherein the authentication token is signed with the first device identifier;

transmitting, by the authentication server and to the user device from which the authentication request was received, the authentication token;

receiving, by the authentication server, a request to access protected resources from a user device, wherein the request comprises the authentication token and device attributes of the user device from which the request to access protected resources was received;

generating, by the authentication server, a second, comparison device identifier identifying the user device from which the request to access protected resources was received, the second, comparison device identifier being based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources, the second, comparison device identifier including randomly generated characters that uniquely identify the user device from which the request to access protected resources was received and the second, comparison device identifier is generated based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources that uniquely identify the user device from which the request to access protected resources was received;

decrypting, by the authentication server, the received authentication token;

retrieving, by the authentication server, the first device identifier accessed from the decrypted authentication token;

validating, by the authentication server, the authentication token, wherein the validating comprises determining whether the first device identifier matches the second, comparison device identifier; and

outputting, by the authentication server, a response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authenticating a customer is disclosed. The customer may attempt to access protected resources located at an authentication server. The customer may log in to the authentication server'"'"'s website, thereby submitting an authentication request. The authentication request may comprise attributes of the device the customer uses to log in. The authentication server may generate a device ID using the received device attributes and generate an authentication token that is signed with the device ID. The authentication server may transmit the authentication token to the client device. Subsequent requests to access protected resources from the client device may include the authentication token that is signed with the device ID.

46 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by an authentication server and from a user device, an authentication request, wherein the authentication request comprises device attributes of the user device and wherein the authentication request further includes login information of a user;
  
  determine, by the authentication server, whether the login information is valid;
  
  responsive to determining that the login information is valid, generating, by the authentication server, a first device identifier identifying the user device from which the authentication request was received using the device attributes of the user device from which the authentication request was received, the first device identifier includes randomly generated characters that uniquely identify the user device from which the authentication request was received and the first device identifier is generated based on the device attributes that uniquely identify the user device from which the authentication request was received;
  
  creating, by the authentication server, an authentication token, wherein the authentication token is signed with the first device identifier;
  
  transmitting, by the authentication server and to the user device from which the authentication request was received, the authentication token;
  
  receiving, by the authentication server, a request to access protected resources from a user device, wherein the request comprises the authentication token and device attributes of the user device from which the request to access protected resources was received;
  
  generating, by the authentication server, a second, comparison device identifier identifying the user device from which the request to access protected resources was received, the second, comparison device identifier being based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources, the second, comparison device identifier including randomly generated characters that uniquely identify the user device from which the request to access protected resources was received and the second, comparison device identifier is generated based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources that uniquely identify the user device from which the request to access protected resources was received;
  
  decrypting, by the authentication server, the received authentication token;
  
  retrieving, by the authentication server, the first device identifier accessed from the decrypted authentication token;
  
  validating, by the authentication server, the authentication token, wherein the validating comprises determining whether the first device identifier matches the second, comparison device identifier; and
  
  outputting, by the authentication server, a response.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the response comprises the protected resources if the first device identifier matches the second, comparison device identifier.
  - 3. The method of claim 1, wherein the response comprises an authentication landing page if the first device identifier does not match the second, comparison device identifier.
  - 4. The method of claim 1, wherein the device attributes are received using a client-side software development kit.
  - 5. The method of claim 1, wherein the device attributes are received using a script.
  - 6. The method of claim 1, wherein the device attributes comprise at least one of a device operating system, a device type, and a device serial number.
  - 7. The method of claim 1, wherein the login information of the user includes a username and password.

8. A non-transitory computer-readable storage medium having computer-executable program instructions stored thereon that, when executed by a processor, cause the processor to:
- receive, from a user device, an authentication request, wherein the authentication request comprises device attributes of the user device and wherein the authentication request includes login information of the user;
  
  determine whether the login information is valid;
  
  responsive to determining that the login information is valid, generate a first device identifier identifying the user device from which the authentication request was received using the device attributes of the user device from which the authentication request was received, the first device identifier includes randomly generated characters that uniquely identify the user device from which the authentication request was received and the first device identifier is generated based on the device attributes that uniquely identify the user device from which the authentication request was received;
  
  create an authentication token, wherein the authentication token is signed with the first device identifier;
  
  transmit, to the user device from which the authentication request was received, the authentication token;
  
  receive a request to access protected resources from a user device, wherein the request comprises the authentication token and device attributes of the user device from which the request to access protected resources was received;
  
  generate a second, comparison device identifier identifying the user device from which the request to access protected resources was received, the second, comparison device identifier being based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources, the second, comparison device identifier including randomly generated characters that uniquely identify the user device from which the request to access protected resources was received and the second, comparison device identifier is generated based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources that uniquely identifying the user device from which the request to access protected resources was received;
  
  decrypt the received authentication token;
  
  retrieve the first device identifier accessed from the decrypted authentication token;
  
  validate the authentication token, wherein the validating comprises determining whether the first device identifier matches the second, comparison device identifier; and
  
  output a response.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The non-transitory computer-readable storage medium of claim 8, wherein the response comprises the protected resources if the first device identifier matches the second, comparison device identifier.
  - 10. The non-transitory computer-readable storage medium of claim 8, wherein the response comprises an authentication landing page if the first device identifier does not match the second, comparison device identifier.
  - 11. The non-transitory computer-readable storage medium of claim 8, wherein the device attributes are received using a client-side software development kit.
  - 12. The non-transitory computer-readable storage medium of claim 8, wherein the device attributes are received using a script.
  - 13. The non-transitory computer-readable storage medium of claim 8, wherein the device attributes comprise at least one of a device operating system, a device type, and a device serial number.

14. An apparatus comprising:
- a memory;
  
  a processor, wherein the processor executes computer-executable program instructions which cause the processor to;
  
  receive, by an authentication server and from a user device, an authentication request, wherein the authentication request comprises device attributes of the user device and wherein the authentication request further includes login information of a user;
  
  determine, by the authentication server, whether the login information is valid;
  
  responsive to determining that the login information is valid, generate, by the authentication server, a first device identifier identifying the user device from which the authentication request was received using the device attributes of the user device from which the authentication request was received, the first device identifier includes randomly generated characters that uniquely identify the user device from which the authentication request was received and the first device identifier is generated based on the device attributes that uniquely identify the user device from which the authentication request was received;
  
  create, by the authentication server, an authentication token, wherein the authentication token is signed with the first device identifier;
  
  transmit, by the authentication server and to the user device from which the authentication request was received, the authentication token;
  
  receive, by the authentication server, a request to access protected resources from a user device, wherein the request comprises the authentication token and device attributes of the user device from which the request to access protected resources was received;
  
  generate, by the authentication server, a second, comparison device identifier identifying the user device from which the request to access protected resources was received, the second, comparison device identifier being based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources, the second, comparison device identifier including randomly generated characters that uniquely identify the user device from which the request to access protected resources was received and the second, comparison device identifier is generated based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources that uniquely identifying the user device from which the request to access protected resources was received;
  
  decrypt, by the authentication server, the received authentication token;
  
  retrieve the first device identifier accessed from the decrypted authentication token;
  
  validate the authentication token, wherein the validating comprises determining whether the first device identifier matches the second, comparison device identifier; and
  
  output a response.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The apparatus of claim 14, wherein the response comprises the protected resources if the first device identifier matches the second, comparison device identifier.
  - 16. The apparatus of claim 14, wherein the response comprises an authentication landing page if the first device identifier does not match the second, comparison device identifier.
  - 17. The apparatus of claim 14, wherein the device attributes are received using a client-side software development kit.
  - 18. The apparatus of claim 14, wherein the device attributes are received using a script.
  - 19. The apparatus of claim 14, wherein the device attributes comprise at least one of a device operating system, a device type, and a device serial number.
  - 20. The apparatus of claim 14, wherein the login information of the user includes a username and password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Zhang, Xianhong, Keys, Andrew, Pruthi, Kapil
Primary Examiner(s)
Su, Sarah

Application Number

US14/264,682
Publication Number

US 20150310194A1
Time in Patent Office

791 Days
Field of Search

726/9, 726/2, 726/25, 726/26, 726/27, 726/28
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

H04L 63/10   for controlling access to d...

Authentication using device ID

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Authentication using device ID

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others