Multi factor user authentication on multiple devices

US 9,686,272 B2
Filed: 02/24/2015
Issued: 06/20/2017
Est. Priority Date: 02/24/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

at least one processor executing software instructions within a memory of a server computing device coupled to a network, the software instructions causing the server computing device to;

transmit, to a first client computer coupled to the network, a software module configured for installation on the first client computer;

receive, from the software module installed on the first client computer;

a public key from a public/private key pair generated by the software module on the first client computer; and

a biometric data input, by a user, into the first client computer using the software module;

store, within a database coupled to the network, the public key and the biometric data;

generate an authentication challenge user interface comprising a request for an authentication credential from the user;

transmit the authentication challenge user interface to a second client computer coupled to the network;

responsive to receiving the authentication credential from the second client computer;

verify an identity of the user via a match, within the database, to the authentication credential;

generate a notification requesting a biometric input from the user; and

transmit the notification, for display on the software module;

receive, from the first client computer, the biometric input, digitally signed using a private key from the public/private key pair;

decrypt the biometric input using the public key; and

responsive to a determination that the biometric input matches the biometric data stored in the database, authenticate the user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of the present invention provide for a first and second client computer configured to receive and transmit an authentication credential and at least one additional authentication credential respectively. The authentication credentials may be selected from authentication credentials known only to a user, identifying a client computer and/or identifying a characteristic unique to the user. A server computer communicatively coupled to the network may be configured to receive the authentication credentials and verify the identity of the user via a match, in a database, of a first authentication credential, a second authentication credential and a third authentication credential.

33 Citations

View as Search Results

20 Claims

1. A system, comprising:
- at least one processor executing software instructions within a memory of a server computing device coupled to a network, the software instructions causing the server computing device to;
  
  transmit, to a first client computer coupled to the network, a software module configured for installation on the first client computer;
  
  receive, from the software module installed on the first client computer;
  
  a public key from a public/private key pair generated by the software module on the first client computer; and
  
  a biometric data input, by a user, into the first client computer using the software module;
  
  store, within a database coupled to the network, the public key and the biometric data;
  
  generate an authentication challenge user interface comprising a request for an authentication credential from the user;
  
  transmit the authentication challenge user interface to a second client computer coupled to the network;
  
  responsive to receiving the authentication credential from the second client computer;
  
  verify an identity of the user via a match, within the database, to the authentication credential;
  
  generate a notification requesting a biometric input from the user; and
  
  transmit the notification, for display on the software module;
  
  receive, from the first client computer, the biometric input, digitally signed using a private key from the public/private key pair;
  
  decrypt the biometric input using the public key; and
  
  responsive to a determination that the biometric input matches the biometric data stored in the database, authenticate the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the authentication credential comprises a time-based one time password or a tap code.
  - 3. The system of claim 1, wherein the software instructions further cause the server computing device, responsive to a determination that a response received within the authentication challenge user interface is not correct, or that the biometric input does not match the biometric data, to generate an alert to be displayed on the first client computer or the second client computer an alert.
  - 4. The system of claim 1, wherein the public key and the biometric data are stored in at least one data record in the database in association with a user identifier for the user.
  - 5. The system of claim 4, wherein the private key and the public key bind a first software code on the first client computer with a second software code on the server computing device via an exclusive encryption channel between the first client computer and the server computing device.
  - 6. The system of claim 1, wherein the software instructions further cause the server computing device, responsive to a determination that the first client computer and the second client computer are the same device, to generate an alert to be displayed on the first client computer or the second client computer.
  - 7. The system of claim 1, wherein the authentication of the user authorizes the user to access a domain name administration software, a bank account, a retail website, or at least one private health record.
  - 8. The system of claim 7, wherein the first client computer is configured to:
    - store the biometric data; and
      
      responsive to receiving the notification, and without user input;
      
      encrypt the biometric data using the private key; and
      
      transmit the biometric data to the server computing device.
  - 9. The system of claim 8, wherein, upon authentication of the user, the server computing device is configured to perform a requested action for which the authentication is required.
  - 10. The system of claim 1, wherein the biometric data comprises a finger or thumb print, a capillary distribution, or a software identification of the user'"'"'s face, voice, retina, or DNA.

11. A method, comprising the steps of:
- transmitting, by a server computing device coupled to a network and comprising at least one processor executing software instructions within a memory, a software module configured for installation on a first client computer coupled to the network;
  
  receiving, by the server computing device, from the software module installed on the first client computer;
  
  a public key from a public/private key pair generated by the software module on the first client computer; and
  
  a biometric data input, by a user, into the first client computer using the software module;
  
  storing, by the server computing device, within a database coupled to the network, the public key and the biometric data;
  
  generating, by the server computing device, an authentication challenge user interface comprising a request for an authentication credential from the user;
  
  transmitting, by the server computing device, the authentication challenge user interface to a second client computer coupled to the network;
  
  responsive to receiving the authentication credential from the second client computer;
  
  verifying, by the server computing device, an identity of the user via a match, within the database, to the authentication credential;
  
  generating, by the server computing device, a notification requesting a biometric input from the user; and
  
  transmitting, by the server computing device, the notification, for display on the software module;
  
  receiving, by the server computing device, from the first client computer, the biometric input, digitally signed using a private key from the public/private key pair;
  
  decrypting, by the server computing device, the biometric input using the public key;
  
  responsive to a determination that the biometric input matches the biometric data stored in the database, authenticating, by the server computing device, the user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the authentication credential comprises a time-based one time password or a tap code.
  - 13. The method of claim 11, further comprising the step of, responsive to a determination that a response received within the authentication challenge user interface is not correct, or that the biometric input does not match the biometric data, generating, by the server computing device, an alert to be displayed on the first client computer or the second client computer.
  - 14. The method of claim 11, wherein the public key and the biometric data are stored in at least one data record in the database in association with a user identifier for the user.
  - 15. The method of claim 14, wherein the public key and the private key bind a first software code on the server computing device with a second software code on the first client computer via an exclusive encryption channel between the server computing device and the first client computer.
  - 16. The method of claim 11, further comprising the step of:
    - responsive to a determination that the first client computer and the second client computer are the same device, generating, by the server computing device an alert to be displayed on the first client computer or the second client computer.
  - 17. The method of claim 11, wherein the authentication of the user authorizes the user to access a domain name administration software, a bank account, a retail website, or at least one private health record.
  - 18. The method of claim 17, wherein the first client computer is configured to:
    - store the biometric data; and
      
      responsive to receiving the notification, and without user input;
      
      encrypt the biometric data using the private key; and
      
      transmit the biometric data to the server computing device.
  - 19. The method of claim 18, wherein, upon authentication of the user, the server computing device is configured to perform a requested action for which the authentication is required.
  - 20. The method of claim 11, wherein the biometric data comprises a finger or thumb print, a capillary distribution, or a software identification of the user'"'"'s face, voice, retina, or DNA.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Go Daddy Operating Company LLC (GoDaddy, Inc.)
Original Assignee
Go Daddy Operating Company LLC (GoDaddy, Inc.)
Inventors
Blinn, Arnold Neil
Primary Examiner(s)
DOAN, TRANG T

Application Number

US14/630,363
Publication Number

US 20160248752A1
Time in Patent Office

847 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2463/082   applying multi-factor authe...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

Multi factor user authentication on multiple devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi factor user authentication on multiple devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links