Systems and methods for completing multi-factor authentication via mobile devices

US 9,402,181 B1
Filed: 07/31/2014
Issued: 07/26/2016
Est. Priority Date: 07/31/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for completing multi-factor authentication via mobile devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying a request to communicate with a user'"'"'s mobile device to complete multi-factor authentication of the user to an online service;

determining that authentication notifications are disabled for attempts made by the user to login to the online service;

in response to determining that authentication notifications are disabled, preventing an authentication notification from being displayed on the user'"'"'s mobile device;

receiving an out-of-band authentication communication from the user'"'"'s mobile device that was prevented from displaying the authentication notification;

determining that the user'"'"'s mobile device that sent the out-of-band authentication communication is the same user'"'"'s mobile device that was prevented from displaying the authentication notification and is therefore trusted to complete the multi-factor authentication of the user to the online service;

in response to determining that the out-of-band authentication communication was received from a device trusted to complete the multi-factor authentication of the user to the online service, enabling the user to login to the online service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for completing multi-factor authentication via mobile devices may include (1) identifying a request to communicate with a user'"'"'s mobile device to complete multi-factor authentication of the user to an online service, (2) determining that authentication notifications are disabled for attempts made by the user to login to the online service, (3) preventing an authentication notification from being displayed on the user'"'"'s mobile device, (4) receiving an out-of-band authentication communication from a mobile device, (5) determining that the mobile device that sent the out-of-band authentication communication is the user'"'"'s mobile device and is therefore trusted to complete the multi-factor authentication of the user to the online service, and (6) enabling the user to login to the online service and automatically receive future notification. Various other methods, systems, and computer-readable media are also disclosed.

30 Citations

View as Search Results

20 Claims

1. A computer-implemented method for completing multi-factor authentication via mobile devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a request to communicate with a user'"'"'s mobile device to complete multi-factor authentication of the user to an online service;
  
  determining that authentication notifications are disabled for attempts made by the user to login to the online service;
  
  in response to determining that authentication notifications are disabled, preventing an authentication notification from being displayed on the user'"'"'s mobile device;
  
  receiving an out-of-band authentication communication from the user'"'"'s mobile device that was prevented from displaying the authentication notification;
  
  determining that the user'"'"'s mobile device that sent the out-of-band authentication communication is the same user'"'"'s mobile device that was prevented from displaying the authentication notification and is therefore trusted to complete the multi-factor authentication of the user to the online service;
  
  in response to determining that the out-of-band authentication communication was received from a device trusted to complete the multi-factor authentication of the user to the online service, enabling the user to login to the online service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein enabling the user to login to the online service comprises enabling authentication notifications for attempts made by the user to login to the online service.
  - 3. The computer-implemented method of claim 1, further comprising displaying, at a web browser used by the user to initiate the multifactor authentication, a message that indicates that authentication notifications are disabled for attempts made by the user to login to the online service and/or additional instructions for the user to initiate out-of-band authentication from a trusted device.
  - 4. The computer-implemented method of claim 1, wherein preventing the authentication notification from being displayed on the mobile device comprises queuing the authentication notification.
  - 5. The computer-implemented method of claim 4, further comprising expiring the queued authentication notification based on at least one of:
    - receiving an additional authentication notification from the online service;
      
      exceeding a predetermined time threshold for holding authentication notifications in the queue.
  - 6. The computer-implemented method of claim 1, further comprising enabling authentication notifications for attempts made by the user to login to the online service in response to receiving a request from the user via the user'"'"'s mobile device to enable authentication notifications.
  - 7. The computer-implemented method of claim 1, further comprising disabling authentication notifications for attempts made by the user to login to the online service in response to receiving a number of authentication requests from the online service that exceeds a predetermined threshold for authentication requests.
  - 8. The computer-implemented method of claim 1, further comprising disabling authentication notifications for attempts made by the user to login to the online service in response to receiving a request from the user'"'"'s mobile device to disable authentication notifications for the online service.
  - 9. The computer-implemented method of claim 1, further comprising:
    - identifying an additional request to communicate with the user'"'"'s mobile device to complete multi-factor authentication of the user to the online service;
      
      determining that authentication notifications are enabled for attempts made by the user to login to the online service;
      
      in response to determining that authentication notifications are enabled, sending an authentication notification to the user'"'"'s mobile device for display on the user'"'"'s mobile device;
      
      receiving an authentication communication from the user'"'"'s mobile device sent in response to the authentication notification;
      
      in response to determining that the authentication communication was sent in response to the authentication notification, enabling the user to login to the online service.
  - 10. The computer-implemented method of claim 1, wherein enabling the user to login to the online service comprises automatically completing the multi-factor authentication of the user to the online service in response to receiving the out-of-band authentication communication from the mobile device and determining that the out-of-band authentication communication was received from a device that is trusted to complete the multi-factor authentication.
  - 11. The computer-implemented method of claim 1, wherein:
    - the out-of-band authentication communication from the mobile device comprises a communication sent from an application on the mobile device that is associated with the multi-factor authentication of the user to the online service;
      
      the out-of-band authentication communication is sent in response to the user accessing the application on the mobile device.

12. A system for completing multi-factor authentication via mobile devices, the system comprising:
- an identification module, stored in memory, that identifies a request to communicate with a user'"'"'s mobile device to complete multi-factor authentication of the user to an online service;
  
  a notification determination module, stored in memory, that determines that authentication notifications are disabled for attempts made by the user to login to the online service;
  
  a prevention module, stored in memory, that prevents, in response to determining that authentication notifications are disabled, an authentication notification from being displayed on the user'"'"'s mobile device;
  
  a receiving module, stored in memory, that receives an out-of-band authentication communication from the user'"'"'s mobile device that was prevented from displaying the authentication notification;
  
  a device determination module, stored in memory, that determines that the mobile device that sent the out-of-band authentication communication is the same user'"'"'s mobile device that was prevented from displaying the authentication notification and is therefore trusted to complete the multi-factor authentication of the user to the online service;
  
  an enabling module, stored in memory, that, in response to determining that the out-of-band authentication communication was received from a device trusted to complete the multi-factor authentication of the user to the online service, enables the user to login to the online service;
  
  at least one physical processor configured to execute the identification module, the notification determination module, the prevention module, the receiving module, the device determination module, and the enabling module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the enabling module enables the user to login to the online service by enabling authentication notifications for attempts made by the user to login to the online service.
  - 14. The system of claim 12, further comprising a displaying module, stored in memory, that displays, at a web browser used by the user to initiate the multifactor authentication, a message that indicates that authentication notifications are disabled for attempts made by the user to login to the online service and/or instructions for the user to initiate out-of-band authentication from a trusted device.
  - 15. The system of claim 12, wherein the prevention module prevents the authentication notification from being displayed on the mobile device by queuing the authentication notification.
  - 16. The system of claim 15, further comprising an expiring module, stored in memory, that expires the queued authentication notification based on at least one of:
    - receiving an additional authentication notification from the online service;
      
      exceeding a predetermined time threshold for holding authentication notifications in the queue.
  - 17. The system of claim 12, the enabling module enables authentication notifications for attempts made by the user to login to the online service in response to receiving a request from the user via the user'"'"'s mobile device to enable authentication notifications.
  - 18. The system of claim 12, further comprising a disabling module, stored in memory, that disables authentication notifications for attempts made by the user to login to the online service in response to receiving a number of authentication requests from the online service that exceeds a predetermined threshold for authentication requests.
  - 19. The system of claim 12, further comprising a disabling module, stored in memory, that disables authentication notifications for attempts made by the user to login to the online service in response to receiving a request from the user'"'"'s mobile device to disable authentication notifications for the online service.

20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify a request to communicate with a user'"'"'s mobile device to complete multi-factor authentication of the user to an online service;
  
  determine that authentication notifications are disabled for attempts made by the user to login to the online service;
  
  in response to determining that authentication notifications are disabled, prevent an authentication notification from being displayed on the user'"'"'s mobile device;
  
  receive an out-of-band authentication communication from the user'"'"'s mobile device that was prevented from displaying the authentication notification;
  
  determine that the mobile device that sent the out-of-band authentication communication is the same user'"'"'s mobile device that was prevented from displaying the authentication notification and is therefore trusted to complete the multi-factor authentication of the user to the online service;
  
  in response to determining that the out-of-band authentication communication was received from a device trusted to complete the multi-factor authentication of the user to the online service, enable the user to login to the online service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Yi, Liyu, Pei, Mingliang
Primary Examiner(s)
Kincaid, Lester
Assistant Examiner(s)
Bassett, Daniel G

Application Number

US14/448,517
Time in Patent Office

726 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

Systems and methods for completing multi-factor authentication via mobile devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for completing multi-factor authentication via mobile devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links