Provisioning a device to be an authentication device

US 9,628,875 B1
Filed: 06/14/2011
Issued: 04/18/2017
Est. Priority Date: 06/14/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more processors;

memory with instructions that, when executed by the one or more processors, cause the system to;

receive a request, at an authentication module of the system, to provision a mobile device to be an authentication device;

provide, to the mobile device, an authentication application that causes the mobile device to generate a one-time passcode usable for authentication,cause an image to be displayed on a computing device, wherein the image enables the mobile device to determine first key information by at least analyzing the image displayed on the computing device;

receive, at the authentication module of the system, the first key information, the received first key information obtained from the mobile device over a network;

determine, at the authentication module, that the first key information matches key information included in the image;

in response to the determination, send a seed to the mobile device, the seed useable to generate the one-time passcode useable for authentication;

obtain, from the computing device, the one-time passcode generated by the mobile device using the seed; and

allow access to the computing device as a result of receiving the one-time passcode.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

100 Citations

View as Search Results

29 Claims

1. A system comprising:
- one or more processors;
  
  memory with instructions that, when executed by the one or more processors, cause the system to;
  
  receive a request, at an authentication module of the system, to provision a mobile device to be an authentication device;
  
  provide, to the mobile device, an authentication application that causes the mobile device to generate a one-time passcode usable for authentication,cause an image to be displayed on a computing device, wherein the image enables the mobile device to determine first key information by at least analyzing the image displayed on the computing device;
  
  receive, at the authentication module of the system, the first key information, the received first key information obtained from the mobile device over a network;
  
  determine, at the authentication module, that the first key information matches key information included in the image;
  
  in response to the determination, send a seed to the mobile device, the seed useable to generate the one-time passcode useable for authentication;
  
  obtain, from the computing device, the one-time passcode generated by the mobile device using the seed; and
  
  allow access to the computing device as a result of receiving the one-time passcode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to:
    - send a challenge code to the mobile device to allow the mobile device to generate a one-time passcode using the challenge code and the seed.
  - 3. The system of claim 1, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to:
    - cause to be displayed on the computing device a next image communicating a challenge code, the next image allowing the mobile device to extract the challenge code in order to calculate a response using the challenge code and the seed.
  - 4. The system of claim 1, wherein the image further comprises at least one of the following:
    - a graphical code;
      
      a digital watermark; and
      
      a one or more frames.
  - 5. The system of claim 1, wherein the image encodes a one-time use key.
  - 6. The system of claim 1, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to:
    - encode the image with a key; and
      
      extract the first key information from the image.
  - 7. The system of claim 1, wherein obtaining the one-time passcode further comprises obtaining, from the computing device and over a second network distinct from the network, the one-time passcode.
  - 8. The system of claim 1, wherein obtaining the one-time passcode further comprises obtaining the one-time passcode from the computing device as a result of user input.

9. A computer-implemented method comprising:
- receiving, by one or more processing units, a request to provision a mobile device to be an authentication device that generates one or more one-time passcodes;
  
  initiating, by the one or more processing units, display of an image on a computing device so that the image communicates authentication information, wherein the image allows the mobile device to extract key information from the authentication information communicated by the image, wherein the key information allows the mobile device to obtain, from an authentication module of a server computer system, a seed for an application of the mobile device to provision the mobile device as the authentication device that can generate the one or more one-time passcodes, and wherein the one or more one-time passcodes enables the mobile device to be used as the authentication device;
  
  receiving, from the mobile device, the key information;
  
  determining, by the authentication module, validity of the key information;
  
  providing to the mobile device the seed; and
  
  allowing access based at least in part on receiving, from the computing device, a valid one-time passcode generated based at least in part on the seed.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The method of claim 9, wherein the computer-implemented method further includes:
    - receiving a signature from the mobile device, the signature generated from the key information;
      
      determining that the signature is valid; and
      
      sending the seed to the device in response to the determination.
  - 11. The method of claim 9, wherein the computer-implemented method further includes:
    - sending the seed encrypted under the key information to the mobile device.
  - 12. The method of claim 9, wherein the computer-implemented method further includes:
    - initiating display of a next image on the computing device, the next image communicating a challenge code to allow the mobile device to extract the challenge code from the next image in order to calculate a response using the challenge code and the seed.
  - 13. The method of claim 12, wherein the computer-implemented method further includes:
    - receiving a response calculated by the mobile device using the challenge code and the seed; and
      
      allowing access based at least in part on the response.
  - 14. The method of claim 9, wherein the image is further communicating at least one of the following:
    - an account identifier;
      
      a site identifier; and
      
      one or more instructions for contacting the server computer system.
  - 15. The method of claim 9, wherein the computer-implemented method further includes:
    - initiating display on the computing device a next image communicating a challenge code to allow the mobile device to capture the next image and to extract the challenge code from the next image in order to calculate a response using the challenge code and the seed, the next image communicating an account identifier, a site identifier, or one or more instructions for contacting the server computer system.
  - 16. The method of claim 9, wherein the computer-implemented method further includes:
    - transmitting a next image communicating a challenge code to allow the mobile device to extract the challenge code from the next image, the next image communicating an account identifier, a site identifier, or one or more instructions for contacting the server computer system;
      
      receiving a response calculated by the device using the challenge code and the seed; and
      
      allowing access based on the response.
  - 17. The method of claim 9, wherein the image comprises at least one of the following:
    - a graphical code;
      
      a digital watermark; and
      
      a one or more frames.
  - 18. The method of claim 9, wherein the authentication information encodes a key and the key information is derived based at least in part on the key.
  - 19. The method of claim 9, wherein the computer-implemented method further includes:
    - receiving, from the computing device, a one-time passcode derived based at least in part on the seed; and
      
      causing the authentication module to determine validity of the one-time passcode.

20. One or more non-transitory computer-readable media comprising logic that, as a result of execution by one or more processing units, cause operations to be performed comprising:
- sending a request to provision a mobile device to be an authentication device;
  
  the mobile device capturing an image that communicates information that enables the image to be analyzed to determine a key;
  
  the mobile device determining, by at least analyzing the image, key information using the key;
  
  the mobile device transmitting the key information to an authentication module of a computer system to enable the key to be validated;
  
  receiving, from the authentication module of the computer systems, a seed;
  
  calculating a one-time passcode based at least in part on the seed; and
  
  providing the one-time passcode to a computing device to enable the mobile device to be the authentication device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The one or more non-transitory computer-readable media of claim 20, wherein the obtaining a seed using the key information comprises:
    - generating a signature from the key information; and
      
      sending the signature to the authentication module of the computer system to obtain the seed.
  - 22. The one or more non-transitory computer-readable media of claim 20, wherein the determining the seed using the key information comprises:
    - receiving the seed from the authentication module of the computer system, the seed being encrypted; and
      
      decrypting the seed using the key information.
  - 23. The one or more non-transitory computer-readable media of claim 20, wherein the operations further comprise:
    - receiving a challenge code; and
      
      generating a one-time passcode using the challenge code and the seed.
  - 24. The one or more non-transitory computer-readable media of claim 20, wherein the operations further comprise:
    - capturing a next image communicating a challenge code; and
      
      generating a one-time passcode using the challenge code and the seed.
  - 25. The one or more non-transitory computer-readable media of claim 20, wherein the image comprises at least one of the following:
    - a graphical code;
      
      a digital watermark; and
      
      a one or more frames.
  - 26. The one or more non-transitory computer-readable media of claim 20, wherein the key further includes a one-time use key.
  - 27. The one or more non-transitory computer-readable media of claim 20, wherein the operations further comprise:
    - capturing a next image communicating a challenge code; and
      
      calculating a response to the challenge code according to a physical location of the mobile device.
  - 28. The one or more non-transitory computer-readable media of claim 20, wherein the operations further comprise:
    - capturing a next image communicating a challenge code; and
      
      calculating a response to the challenge code according to a physical feature associated with the mobile device.
  - 29. The one or more non-transitory computer-readable media of claim 20, wherein the image communicating the key includes encoding the key in the image and the key information is derived based at least in part on the key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory B., Fitch, Nathan R., Baer, Graeme D.
Primary Examiner(s)
Eskandarnia, Arvin
Assistant Examiner(s)
Desai, Margishi

Application Number

US13/159,711
Time in Patent Office

2,135 Days
Field of Search

380279, 726 5, 713159, 713176
US Class Current
CPC Class Codes

G06F 15/173   using an interconnection ne...

G06F 21/35   communicating wirelessly

G06F 21/36   by graphic or iconic repres...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04L 9/3268   using certificate validatio...

H04Q 5/22   the subordinate centre not ...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/35   Protecting application or s...

H04W 12/77   Graphical identity

H04W 88/02   Terminal devices

Provisioning a device to be an authentication device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

100 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning a device to be an authentication device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links