System and method for verifying status of an authentication device

US 9,455,988 B2
Filed: 04/11/2016
Issued: 09/27/2016
Est. Priority Date: 02/22/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first digital fingerprint and associating the first digital fingerprint with a first application instance, operable on a first electronic device, the first application instance assigned as an authentication factor of a first account, wherein the first digital fingerprint is indicative of characteristics of the first electronic device;

receiving a request from a second application instance, the second application instance operable on a second electronic device;

wherein receiving the request comprises receiving a second digital fingerprint associated with the second application instance;

wherein the second digital fingerprint is indicative of characteristics of the second electronic device;

wherein the request is associated with the first account;

generating a comparison of the first digital fingerprint and the second digital fingerprint;

wherein generating the comparison comprises evaluating a match between the first digital fingerprint and the second digital fingerprint; and

processing the request according to the comparison of the first digital fingerprint and the second digital fingerprint.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that includes receiving a first device profile and associating the first device profile with a first application instance that is assigned as an authentication device of a first account; receiving a second device profile for a second application instance, wherein the second application instance is making a request on behalf of the first account; comparing the second device profile to the first device profile; and completing the request of the second application instance according to results of comparing the second device profile and the first device profile.

123 Citations

37 Claims

1. A method comprising:
- receiving a first digital fingerprint and associating the first digital fingerprint with a first application instance, operable on a first electronic device, the first application instance assigned as an authentication factor of a first account, wherein the first digital fingerprint is indicative of characteristics of the first electronic device;
  
  receiving a request from a second application instance, the second application instance operable on a second electronic device;
  
  wherein receiving the request comprises receiving a second digital fingerprint associated with the second application instance;
  
  wherein the second digital fingerprint is indicative of characteristics of the second electronic device;
  
  wherein the request is associated with the first account;
  
  generating a comparison of the first digital fingerprint and the second digital fingerprint;
  
  wherein generating the comparison comprises evaluating a match between the first digital fingerprint and the second digital fingerprint; and
  
  processing the request according to the comparison of the first digital fingerprint and the second digital fingerprint.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1,wherein evaluating the match results in the match failing to satisfy a match threshold;
    - wherein processing the request further comprises;
      
      collecting supplemental digital fingerprint information indicative of supplemental characteristics of the second electronic device, the supplemental characteristics distinct from and in addition to the characteristics of the second electronic device;
      
      updating the second digital fingerprint with the supplemental digital fingerprint information, thereby generating an updated second digital fingerprint;
      
      generating a comparison of the updated second digital fingerprint and the first digital fingerprint; and
      
      further processing the request according to the comparison of the updated second digital fingerprint and the first digital fingerprint.
  - 3. The method of claim 2, further comprising:
    - receiving additional digital fingerprint information indicative of the characteristics of the first electronic device;
      
      detecting that the additional digital fingerprint information is more up-to-date than at least a subset of information contained within the first digital fingerprint; and
      
      in response to detecting that the additional digital fingerprint information is more up-to-date than at least the subset of information contained within the first digital fingerprint, updating the first digital fingerprint with the additional digital fingerprint information;
      
      wherein generating the comparison of the updated second digital fingerprint and the first digital fingerprint comprises generating a comparison of the updated second digital fingerprint and the additional digital fingerprint information.
  - 4. The method of claim 1, further comprising:
    - receiving additional digital fingerprint information indicative of the characteristics of the first electronic device;
      
      detecting that the additional digital fingerprint information is more up-to-date than at least a subset of information contained within the first digital fingerprint; and
      
      in response to detecting that the additional digital fingerprint information is more up-to-date than at least the subset of information contained within the first digital fingerprint, updating the first digital fingerprint with the additional digital fingerprint information;
      
      wherein generating the comparison of the first digital fingerprint and the second digital fingerprint comprises generating a comparison of the second digital fingerprint and the additional digital fingerprint information.
  - 5. The method of claim 1, further comprising:
    - collecting second electronic device information at the second application instance, the collecting comprising;
      
      generating a comparison of a first operating system type of the first electronic device and a second operating system type of the second operating system type,determining one or more types of device profile information to be collected based on the comparison of the first operating system type and the second operating system type; and
      
      collecting the second electronic device information according to the determined types of device profile information; and
      
      generating, at the second application instance, the second digital fingerprint from the second electronic device information.
  - 6. The method of claim 5, wherein determining the one or more types of device profile information to be collected comprises determining that the one or more types of device profile information include application version numbers in response to the comparison of the first and second operating system types indicating identical operating system types.
  - 7. The method of claim 5, wherein the first and the second digital fingerprints each comprise intrinsic device information and device usage information, and wherein generating the comparison of the first digital fingerprint and the second digital fingerprint comprises:
    - assigning a greater weight to the device usage information if the comparison of the first and the second operating system types indicates distinct operating systems, wherein evaluating the match comprises evaluating the match based on the greater weight.
  - 8. The method of claim 1, further comprising:
    - assigning the first application instance as an authentication factor of a second account;
      
      receiving a second account request from the second application instance;
      
      wherein receiving the second account request comprises receiving a third digital fingerprint of the second application instance;
      
      generating a comparison of the third digital fingerprint and the first digital fingerprint; and
      
      processing the second account request according to the comparison of the third digital fingerprint and the first digital fingerprint.
  - 9. The method of claim 1, further comprising:
    - receiving a digital fingerprint match policy, the policy specified by an administrator of a service provider, wherein the first account is an account of the service provider,wherein evaluating the match between the first digital fingerprint and the second digital fingerprint comprises evaluating the match according to the digital fingerprint match policy.
  - 10. The method of claim 1, wherein the request is a request to authenticate a user of the first account.
  - 12. The method of claim 10, wherein receiving the request and receiving the second digital fingerprint are in response to a failed login attempt to the first account.
  - 13. The method of claim 1, wherein the request is an authentication request, the method further comprising:
    - receiving a user-submitted username and password for the first account; and
      
      comparing the user-submitted username and password to a stored username and password associated with the first account;
      
      wherein receiving the second digital fingerprint comprises receiving the second digital fingerprint in response to successfully comparing the user-submitted username and password and the stored username and password;
      
      wherein the comparison of the first and the second digital fingerprints is independent of and in addition to comparison of the user-submitted username and password and the stored username and password.
  - 14. The method of claim 13, wherein evaluating the match results in the match failing to satisfy a match threshold, and wherein processing the request comprises performing additional authentication steps in addition to both of comparing the first and the second digital fingerprints and comparing the user-submitted username and password and the stored username and password.
  - 15. The method of claim 1, wherein evaluating the match between the first and the second digital fingerprints comprises calculating a probability of a digital fingerprint match, and wherein the match is a successful digital fingerprint match upon the probability exceeding a match threshold.
  - 16. The method of claim 15, further comprising:
    - receiving a digital fingerprint match policy from an administrator of a service provider, wherein the digital fingerprint match policy specifies a preferred match threshold, and wherein the first account is an account of the service provider; and
      
      updating the match threshold to the preferred match threshold.
  - 17. The method of claim 1, further comprising:
    - establishing, at the first application instance, a first set of authentication credentials for a set of accounts;
      
      wherein the request from the second application instance is to enroll the second application instance as an authentication application of the first account; and
      
      wherein processing the request comprises establishing a second set of authentication credentials for the set of accounts on the second application instance in response to a successful digital fingerprint match.
  - 18. The method of claim 17, wherein the first electronic device is distinct from the second electronic device.
  - 19. The method of claim 1, wherein the request from the second application instance is a request to verify multi-factor authentication of the first account;
    - and wherein processing the request of the second application instance verifying multi-factor authentication of a user associated with the first account in response to a successful digital fingerprint match.
  - 20. The method of claim 19, wherein the first application instance is the second application instance.
  - 21. The method of claim 1, further comprising:
    - accessing intrinsic device information of the first electronic device; and
      
      compiling the intrinsic device information into the first digital fingerprint;
      
      wherein intrinsic device information comprises one of an international mobile subscriber identity (IMSI) and an international mobile station equipment identity (IMEI);
      
      wherein comparison of the second digital fingerprint to the first digital fingerprint is dependent on the intrinsic device information.
  - 22. The method of claim 1, further comprising:
    - accessing device usage information of the first electronic device; and
      
      compiling the device usage information into the first digital fingerprint, wherein the comparison of the second digital fingerprint to the first digital fingerprint is dependent on the device usage information.
  - 23. The method of claim 22, wherein accessing the device usage information comprises accessing usage configuration data.
  - 24. The method of claim 23, wherein accessing the usage configuration data comprises retrieving a set of stored media files.
  - 25. The method of claim 22, wherein accessing the device usage information comprises tracking device usage over time.
  - 26. The method of claim 25, wherein the tracking device usage comprises tracking location, application usage, and communication patterns.
  - 27. The method of claim 22, further comprising:
    - accessing intrinsic device information of the first electronic device; and
      
      compiling the intrinsic device information into the first digital fingerprint;
      
      wherein comparison of the second digital fingerprint to the first digital fingerprint is further dependent on the intrinsic device information.

11. The method of 10, further comprising classifying the first account as a flagged first account requiring increased security, wherein receiving the request and receiving the second digital fingerprint are in response to a login attempt to the flagged first account.

28. A method comprising:
- receiving a first digital fingerprint comprising a first set of digital fingerprint vectors;
  
  associating the first digital fingerprint with a first application instance, operable on a first electronic device, the first application instance assigned as an authentication factor of a first account;
  
  receiving a request from a second application instance, the second application instance operable on a second electronic device;
  
  wherein receiving the request comprises receiving a second digital fingerprint associated with the second application instance;
  
  wherein the request is associated with the first account;
  
  generating a comparison of the first digital fingerprint and the second digital fingerprint;
  
  wherein generating the comparison comprises evaluating a match between the first set of digital fingerprint vectors and the second set of digital fingerprint vectors; and
  
  processing the request according to the comparison of the first digital fingerprint and the second digital fingerprint.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 29. The method of claim 28, wherein each of the first set of digital fingerprint vectors is of a user customization vector type, a device usage vector type, or an intrinsic device vector type, and wherein each of the second set of digital fingerprint vectors is of the user customization vector type, a device usage vector type, or the intrinsic device vector type.
  - 30. The method of claim 29, wherein evaluating the match between the first and the second sets of digital fingerprint vectors comprises:
    - assigning weights for each vector of the first and the second set of digital fingerprint vectors based on whether the vector is of the user customization vector type, the device usage vector type, or the intrinsic device vector type, wherein the match is based on the weights, and wherein processing the request comprises processing the request according to the match.
  - 31. The method of claim 30, further comprising:
    - generating a comparison of a first device type of the first electronic device and a second device type of the second electronic device;
      
      wherein assigning weights comprises assigning an increased weight for the device usage vector type if the comparison of the first and the second device types indicates distinct device types;
      
      wherein the match is based on the increased weight.
  - 32. The method of claim 29, wherein the device usage vector type comprises a location characteristic based on monitoring location of an electronic device over time.
  - 33. The method of claim 29, wherein the user customization vector type comprises a contact list characteristic of an electronic device.
  - 34. The method of claim 29, wherein the intrinsic device vector comprises operating system type and operating system version.
  - 35. The method of claim 28, wherein the second set of digital fingerprint vectors includes fewer digital fingerprint vectors than the first set of digital fingerprint vectors, and wherein comparing the second set of digital fingerprint vectors to the first set of digital fingerprint vectors comprises comparing the second set of digital fingerprint vectors to a subset of the first set of digital fingerprint vectors.
  - 36. The method of claim 28, wherein evaluating a match between the first and the second sets of digital fingerprint vectors comprises evaluating the match through pattern matching, wherein the pattern matching does not rely on exact matches between digital fingerprint vectors.
  - 37. The method of claim 36, wherein evaluating the match through pattern matching comprises calculating a probability of a digital fingerprint match, and wherein the match is a successful digital fingerprint match upon the probability exceeding a digital fingerprint match threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Douglas
Primary Examiner(s)
ZHAO, DON GORDON

Application Number

US15/095,498
Publication Number

US 20160226872A1
Time in Patent Office

169 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

G06F 21/45   Structures or tools for the...

G06F 2221/2131   Lost password, e.g. recover...

H04L 63/0876   based on the identity of th...

H04L 9/3247   involving digital signatures

System and method for verifying status of an authentication device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for verifying status of an authentication device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links