Deauthentication in multi-device user environments

US 9,614,829 B1
Filed: 03/27/2015
Issued: 04/04/2017
Est. Priority Date: 03/27/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing secure communications with at least a subset of a plurality of user devices associated with a particular user;

generating an exclusive authentication token for utilization by each of the plurality of user devices to unlock secure functionality associated with that device;

providing the exclusive authentication token to only a subset of the plurality of user devices at a given time; and

forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token;

wherein the establishing, generating, providing and forcing are performed by a deauthentication server implemented by at least one processing device comprising a processor coupled to a memory;

wherein the deauthentication server in conjunction with forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token causes each such user device to perform a lock operation that limits subsequent access to that user device by unauthenticated users; and

wherein providing the exclusive authentication token to only a subset of the plurality of user devices at a given time comprises;

retrieving the exclusive authentication token from one of the user devices; and

providing the exclusive authentication token to another of the user devices.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing device comprises a processor coupled to a memory and is configured to establish secure communications with a plurality of user devices associated with a particular user, to generate an exclusive authentication token for utilization by each of the plurality of user devices in unlocking of secure functionality associated with that device, to provide the exclusive authentication token to only a subset of the plurality of user devices at a given time, and to force deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token. These operations in some embodiments are performed by a deauthentication server implemented by the processing device. The processing device implementing the deauthentication server may comprise, for example, a remote server accessible to the plurality of user devices over a network, a smart watch or other wearable device of the user, or a user device.

Citations

20 Claims

1. A method comprising:
- establishing secure communications with at least a subset of a plurality of user devices associated with a particular user;
  
  generating an exclusive authentication token for utilization by each of the plurality of user devices to unlock secure functionality associated with that device;
  
  providing the exclusive authentication token to only a subset of the plurality of user devices at a given time; and
  
  forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token;
  
  wherein the establishing, generating, providing and forcing are performed by a deauthentication server implemented by at least one processing device comprising a processor coupled to a memory;
  
  wherein the deauthentication server in conjunction with forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token causes each such user device to perform a lock operation that limits subsequent access to that user device by unauthenticated users; and
  
  wherein providing the exclusive authentication token to only a subset of the plurality of user devices at a given time comprises;
  
  retrieving the exclusive authentication token from one of the user devices; and
  
  providing the exclusive authentication token to another of the user devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein providing the exclusive authentication token to only a subset of the plurality of user devices at a given time comprises providing the exclusive authentication token to only one of the plurality of user devices at a given time.
  - 3. The method of claim 1 wherein providing the exclusive authentication token to only a subset of the plurality of user devices at a given time comprises:
    - receiving a request for the exclusive authentication token from a first one of the user devices;
      
      determining if the exclusive authentication token is available;
      
      if the exclusive authentication token is available, providing the exclusive authentication token to the first user device;
      
      receiving a request for the exclusive authentication token from a second one of the plurality of user devices;
      
      retrieving the exclusive authentication token from the first user device; and
      
      providing the exclusive authentication token to the second user device.
  - 4. The method of claim 3 wherein in conjunction with retrieval of the exclusive authentication token from the first user device the first user device is controlled so as to perform one or more deauthentication tasks in order to lock the secure functionality associated with that device.
  - 5. The method of claim 4 wherein the one or more deauthentication tasks comprise at least one of:
    - displaying a notification on the first user device;
      
      locking a credential manager on the first user device;
      
      preventing entry of one or more different types of input on the first user device;
      
      modifying a display screen of the first user device; and
      
      logging out the user on the first user device.
  - 6. The method of claim 1 wherein the processing device implementing the deauthentication server comprises one of:
    - a remote server accessible to the plurality of user devices over a network;
      
      a wearable device of the user;
      
      a given one of the plurality of user devices; and
      
      an additional user device.
  - 7. The method of claim 1 wherein the plurality of user devices comprises two or more of a desktop computer, a laptop computer, a tablet computer, a mobile telephone, a wearable device and an automobile.
  - 8. The method of claim 1 wherein the exclusive authentication token is utilizable by only a single one of the plurality of user devices at a given time such that when the secure functionality of any one of the user devices is unlocked the secure functionality of each of the other ones of the plurality of user devices is locked.
  - 9. The method of claim 1 wherein providing the exclusive authentication token to only a subset of the plurality of user devices at a given time comprises:
    - receiving a request for the exclusive authentication token from a first one of the user devices;
      
      if the exclusive authentication token is already in use by a second one of the user devices, and there is a policy in place that conflicts with the request from the first user device, denying the request.

10. A method comprising:
- establishing secure communications with at least a subset of a plurality of user devices associated with a particular user;
  
  generating an exclusive authentication token for utilization by each of the plurality of user devices to unlock secure functionality associated with that device;
  
  providing the exclusive authentication token to only a subset of the plurality of user devices at a given time; and
  
  forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token;
  
  wherein one of the user devices comprises an automobile and wherein a request for the exclusive authentication token is initiated by the automobile in conjunction with starting of its engine;
  
  wherein the forced deauthentication of one or more of the user devices other than the automobile is controlled by retrieving the exclusive authentication token from one of said one or more of the user devices other than the automobile and providing the exclusive authentication token to the automobile; and
  
  wherein the establishing, generating, providing and forcing are performed by at least one processing device comprising a processor coupled to a memory.

11. A method comprising:
- establishing secure communications with at least a subset of a plurality of user devices associated with a particular user;
  
  generating an exclusive authentication token for utilization by each of the plurality of user devices to unlock secure functionality associated with that device;
  
  providing the exclusive authentication token to only a subset of the plurality of user devices at a given time; and
  
  forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token;
  
  wherein the establishing, generating, providing and forcing are performed by at least one processing device comprising a processor coupled to a memory;
  
  wherein said establishing, generating, providing and forcing are performed at least in part by a deauthentication server implemented by said at least one processing device;
  
  wherein the forced deauthentication of one or more of the user devices is controlled by retrieving the exclusive authentication token from one of the user devices and providing the exclusive authentication token to another of the user devices;
  
  wherein the processing device implementing the deauthentication server comprises a wearable device of the user; and
  
  wherein the wearable device comprises a smart watch.

12. A non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device causes a deauthentication server implemented by said at least one processing device:
- to establish secure communications with at least a subset of a plurality of user devices associated with a particular user;
  
  to generate an exclusive authentication token for utilization by each of the plurality of user devices in unlocking secure functionality associated with that device;
  
  to provide the exclusive authentication token to only a subset of the plurality of user devices at a given time; and
  
  to force deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token;
  
  wherein the deauthentication server in conjunction with forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token causes each such user device to perform a lock operation that limits subsequent access to that user device by unauthenticated users; and
  
  wherein the deauthentication server in providing the exclusive authentication token to only a subset of the plurality of user devices at a given time is configured;
  
  to retrieve the exclusive authentication token from one of the user devices; and
  
  to provide the exclusive authentication token to another of the user devices.
- View Dependent Claims (13, 14, 15)
- - 13. The processor-readable storage medium of claim 12 wherein the storage medium comprises at least one of an electronic memory and a storage disk.
  - 14. The processor-readable storage medium of claim 12 wherein the program code when executed by at least one processing device further causes the deauthentication server implemented by said processing device:
    - to receive a request for the exclusive authentication token from a first one of the user devices;
      
      to determine if the exclusive authentication token is available;
      
      if the exclusive authentication token is available, to provide the exclusive authentication token to the first user device;
      
      to receive a request for the exclusive authentication token from a second one of the plurality of user devices;
      
      to retrieve the exclusive authentication token from the first user device; and
      
      to provide the exclusive authentication token to the second user device.
  - 15. The processor-readable storage medium of claim 12 wherein the exclusive authentication token is utilizable by only a single one of the plurality of user devices at a given time such that when the secure functionality of any one of the user devices is unlocked the secure functionality of each of the other ones of the plurality of user devices is locked.

16. An apparatus comprising:
- at least one processing device comprising a processor coupled to a memory;
  
  said at least one processing device being configured;
  
  to establish secure communications with at least a subset of a plurality of user devices associated with a particular user;
  
  to generate an exclusive authentication token for utilization by each of the plurality of user devices in unlocking secure functionality associated with that device;
  
  to provide the exclusive authentication token to only a subset of the plurality of user devices at a given time; and
  
  to force deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token;
  
  wherein said establish, generate, provide and force operations are performed by a deauthentication server implemented by said at least one processing device;
  
  wherein the deauthentication server in conjunction with forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication token causes each such user device to perform a lock operation that limits subsequent access to that user device by unauthenticated users; and
  
  wherein the deauthentication server in providing the exclusive authentication token to only a subset of the plurality of user devices at a given time is configured;
  
  to retrieve the exclusive authentication token from one of the user devices; and
  
  to provide the exclusive authentication token to another of the user devices.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16 wherein the processing device implementing the deauthentication server comprises one of:
    - a remote server accessible to the plurality of user devices over a network;
      
      a wearable device of the user;
      
      a given one of the plurality of user devices; and
      
      an additional user device.
  - 18. The apparatus of claim 17 wherein the processing device implementing the deauthentication server comprises the wearable device of the user and wherein the wearable device comprises a smart watch.
  - 19. The apparatus of claim 16 wherein the exclusive authentication token is utilizable by only a single one of the plurality of user devices at a given time such that when the secure functionality of any one of the user devices is unlocked the secure functionality of each of the other ones of the plurality of user devices is locked.
  - 20. The apparatus of claim 16 wherein one of the user devices comprises an automobile and wherein a request for the exclusive authentication token is initiated by the automobile in conjunction with starting of its engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Molina-Markham, Andres D., Bowers, Kevin D.
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US14/670,718
Time in Patent Office

739 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/105   Arrangements for software l...

G06F 21/121   Restricting unauthorised ex...

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/6218   to a system of files or obj...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

H04L 9/3234   involving additional secure...

H04M 1/72412   using two-way short-range w...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 12/33   using wearable devices, e.g...

Deauthentication in multi-device user environments

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Deauthentication in multi-device user environments

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links