Methods and apparatus for rules-based multi-factor verification

US 9,426,132 B1
Filed: 09/12/2013
Issued: 08/23/2016
Est. Priority Date: 09/12/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a verification platform from a first device, a verification request, the verification platform being adapted for communication with a verification application running on the first device;

identifying, at the verification platform, one or more verification rules previously established by a user of the first device for processing of the verification request;

sending, from the verification platform to the first device, a notification regarding said one or more verification rules;

receiving, at the verification platform from the first device, verification input responsive to the notification;

granting or denying the verification request, at the verification platform, based at least in part on the received verification input;

wherein said one or more verification rules specify multiple distinct types of verification selected by the user and a sequence in which the selected types of verification are to be applied in processing the verification request;

permitting the user via the verification application to designate one or more additional applications on the first device as protected applications;

permitting the user via the verification application to designate respective distinct sets of one or more verification rules to be applied before access is granted to the protected applications;

generating the verification request in conjunction with an attempted launch of a given one of the protected applications on the first device; and

applying the sequence of the selected types of verification, the sequence comprising multiple security levels in which each such level requires satisfaction of at least one of the selected types of verification;

wherein a given one of the security levels comprises a primary type of verification and at least one fallback type of verification to be used in the event that the primary type of verification fails, the at least one fallback type of verification involving utilization of a second device distinct from the first device.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a verification platform is adapted for communication with at least a first device. The verification platform receives a verification request from the first device, identifies one or more verification rules previously established by a user of the first device for processing of the verification request, sends a notification regarding the one or more verification rules, receives verification input responsive to the notification, and grants or denies the verification request based at least in part on the received verification input. The verification rule or rules specify multiple distinct types of verification selected by the user, and a sequence in which the selected verification types are to be applied in processing the verification request. The verification request may be generated in conjunction with an attempted launch of a designated application on the first device. The first device may comprise a mobile telephone, a computer or another type of device.

210 Citations

20 Claims

1. A method comprising:
- receiving, at a verification platform from a first device, a verification request, the verification platform being adapted for communication with a verification application running on the first device;
  
  identifying, at the verification platform, one or more verification rules previously established by a user of the first device for processing of the verification request;
  
  sending, from the verification platform to the first device, a notification regarding said one or more verification rules;
  
  receiving, at the verification platform from the first device, verification input responsive to the notification;
  
  granting or denying the verification request, at the verification platform, based at least in part on the received verification input;
  
  wherein said one or more verification rules specify multiple distinct types of verification selected by the user and a sequence in which the selected types of verification are to be applied in processing the verification request;
  
  permitting the user via the verification application to designate one or more additional applications on the first device as protected applications;
  
  permitting the user via the verification application to designate respective distinct sets of one or more verification rules to be applied before access is granted to the protected applications;
  
  generating the verification request in conjunction with an attempted launch of a given one of the protected applications on the first device; and
  
  applying the sequence of the selected types of verification, the sequence comprising multiple security levels in which each such level requires satisfaction of at least one of the selected types of verification;
  
  wherein a given one of the security levels comprises a primary type of verification and at least one fallback type of verification to be used in the event that the primary type of verification fails, the at least one fallback type of verification involving utilization of a second device distinct from the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein sending a notification regarding said one or more verification rules comprises sending the notification to the first device and wherein receiving verification input responsive to the notification comprises receiving the verification input from the first device.
  - 3. The method of claim 1 further comprising:
    - receiving information characterizing said one or more verification rules from the verification application on the first device; and
      
      storing said information in a memory of the verification platform external to the first device.
  - 4. The method of claim 1 wherein the notification identifies particular verification input to be provided in accordance with at least one of the selected types of verification specified by said one or more verification rules.
  - 5. The method of claim 1 wherein the multiple distinct types of verification comprise two or more of voice verification, face verification, location verification, motion verification and third party verification.
  - 6. The method of claim 1 wherein the given security level is configured so as to require satisfaction of only one of a corresponding plurality of the selected types of verification associated with that level.
  - 7. The method of claim 1 wherein user access to the given protected application on the first device is controlled responsive to the granting or denying of the verification request.
  - 8. The method of claim 7 further comprising sending a notification of the granting or denying of the verification request to a verification agent running on the first device wherein the verification agent controls user access to the given protected application on the first device responsive to said notification of the granting or denying.
  - 9. The method of claim 1 wherein sending a notification regarding said one or more verification rules comprises sending the notification to the second device and wherein receiving verification input responsive to the notification comprises receiving at least a portion of the verification input from the second device.
  - 10. The method of claim 1 wherein the given security level comprises two or more fallback types of verification to be used in the event that the primary type of verification fails, the two or more fallback types of verification each involving utilization of the second device distinct from the first device.
  - 11. The method of claim 1 wherein said at least one fallback type of verification comprises a remote verification that directs a communication to the second device via a phone number different than a phone number associated with the first device.
  - 12. The method of claim 11 wherein the communication to the second device comprises one of a short message service (SMS) link and a SMS token code.
  - 13. The method of claim 1 wherein said at least one fallback type of verification comprises a local verification that directs a communication to the second device via a short-range wireless protocol through which the first device and the second device are connected.

14. An article of manufacture comprising a non-transitory processor-readable storage medium having embodied therein one or more software programs, wherein the one or more software programs when executed by at least one processing device cause the at least one processing device:
- to receive, at a verification platform from a first device, a verification request, the verification platform being adapted for communication with a verification application running on the first device;
  
  to identify, at the verification platform, one or more verification rules previously established by a user of the first device for processing of the verification request;
  
  to send, from the verification platform to the first device, a notification regarding said one or more verification rules;
  
  to receive, at the verification platform from the first device, verification input responsive to the notification;
  
  to grant or deny the verification request, at the verification platform, based at least in part on the received verification input;
  
  wherein said one or more verification rules specify multiple distinct types of verification selected by the user and a sequence in which the selected types of verification are to be applied in processing the verification request;
  
  to permit the user via the verification application to designate one or more additional applications on the first device as protected applications;
  
  to permit the user via the verification application to designate respective distinct sets of one or more verification rules to be applied before access is granted to the protected applications;
  
  to generate the verification request in conjunction with an attempted launch of a given one of the protected applications on the first device; and
  
  to apply the sequence of the selected types of verification, the sequence comprising multiple security levels in which each such level requires satisfaction of at least one of the selected types of verification;
  
  wherein a given one of the security levels comprises a primary type of verification and at least one fallback type of verification to be used in the event that the primary type of verification fails, the at least one fallback type of verification involving utilization of a second device distinct from the first device.
- View Dependent Claims (15)
- - 15. The article of manufacture of claim 14 wherein the given security level comprises two or more fallback types of verification to be used in the event that the primary type of verification fails, the two or more fallback types of verification each involving utilization of the second device distinct from the first device.

16. An apparatus comprising:
- a verification platform comprising at least one processing device having a processor coupled to a memory, the verification platform being adapted for communication with a verification application on a first device;
  
  wherein the verification platform is configured;
  
  to receive a verification request from the verification application on the first device;
  
  to identify one or more verification rules previously established by a user of the first device for processing of the verification request;
  
  to send, to the first device, a notification regarding said one or more verification rules;
  
  to receive, from the first device, verification input responsive to the notification; and
  
  to grant or deny the verification request based at least in part on the received verification input;
  
  wherein said one or more verification rules specify multiple distinct types of verification selected by the user and a sequence in which the selected types of verification are to be applied in processing the verification request;
  
  wherein the verification platform is further configured;
  
  to permit the user via the verification application to designate one or more additional applications on the first device as protected applications;
  
  to permit the user via the verification application to designate respective distinct sets of one or more verification rules to be applied before access is granted to the protected applications;
  
  to generate the verification request in conjunction with an attempted launch of a given one of the protected applications on the first device; and
  
  to apply the sequence of the selected types of verification, the sequence comprising multiple security levels in which each such level requires satisfaction of at least one of the selected types of verification;
  
  wherein a given one of the security levels comprises a primary type of verification and at least one fallback type of verification to be used in the event that the primary type of verification fails, the at least one fallback type of verification involving utilization of a second device distinct from the first device.
- View Dependent Claims (17, 18, 19)
- - 17. The apparatus of claim 16 wherein the verification platform comprises:
    - an application programming interface adapted for communication with a verification agent implemented on the first device; and
      
      a server coupled to the application programming interface.
  - 18. The apparatus of claim 17 wherein the server is configured:
    - to identify the one or more verification rules in a first server session invoked by the application programming interface responsive to receipt of the verification request; and
      
      to grant or deny the verification request in a second server session invoked by the application programming interface responsive to receipt of the verification input.
  - 19. The apparatus of claim 16 wherein the verification platform is part of a communication system comprising a plurality of user devices including the first device and the second device.

20. A method comprising:
- sending, from a first device to a verification platform external to the first device, information characterizing one or more verification rules, said one or more verification rules being established by a user of the first device, the verification platform being adapted for communication with a verification application on the first device;
  
  sending, from the first device to the verification platform, a verification request;
  
  receiving, at the first device from the verification platform, a notification regarding said one or more verification rules;
  
  sending, from the first device to the verification platform, verification input responsive to the notification;
  
  wherein the verification platform grants or denies the verification request based at least in part on the verification input;
  
  wherein said one or more verification rules specify multiple distinct types of verification selected by a user and a sequence in which the selected types of verification are to be applied in processing the verification request;
  
  permitting the user via the verification application to designate one or more additional applications on the first device as protected applications;
  
  permitting the user via the verification application to designate respective distinct sets of one or more verification rules to be applied before access is granted to the protected applications;
  
  generating the verification request in conjunction with an attempted launch of a given one of the protected applications on the first device; and
  
  applying the sequence of the selected types of verification, the sequence comprising multiple security levels in which each such level requires satisfaction of at least one of the selected types of verification;
  
  wherein a given one of the security levels comprises a primary type of verification and at least one fallback type of verification to be used in the event that the primary type of verification fails, the at least one fallback type of verification involving utilization of a second device distinct from the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Alikhani, Kayvan
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US14/025,377
Time in Patent Office

1,076 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

H04L 63/061   for key exchange, e.g. in p...

Methods and apparatus for rules-based multi-factor verification

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

210 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for rules-based multi-factor verification

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

210 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others