Transparent two-factor authentication via mobile communication device
First Claim
Patent Images
1. A method implemented at least in part by a computing system, the method comprising:
- from a mobile communication device, receiving a service access request via a first channel, wherein the service access request comprises a delivery destination proof and a cost proof, the delivery destination proof comprising an obfuscated destination, and the cost proof comprising a digital certificate establishing that the mobile communication device is maintained by a paying subscriber of a second channel that is different from the first channel;
authenticating the delivery destination proof;
matching the obfuscated destination to a stored obfuscated destination;
authenticating the cost proof;
responsive to authenticating the delivery destination proof and the cost proof, sending an authentication code message to the matched destination via the second channel, wherein the authentication code message comprises an indicator to denote the authentication code message is to be transparently intercepted by a recipient device by causing the recipient device to automatically send a response to the authentication code message while suppressing ordinary message notification for the authentication code message;
receiving the response to the authentication code message; and
responsive to receiving the response to the authentication code message, sending an authorization token message to the mobile communication device.
2 Assignments
0 Petitions
Accused Products
Abstract
Two-factor authentication can be provided transparently to a user by virtue of proof information available at a mobile communication device. For example, after an access request for a service is sent, an authentication code can be intercepted from a responsive incoming message. The technologies can incorporate a cost proof as part of a cost optimization. Other features such as obfuscation and separate channels can be incorporated into the technologies to provide a superior user experience while implementing superior security.
27 Citations
17 Claims
-
1. A method implemented at least in part by a computing system, the method comprising:
-
from a mobile communication device, receiving a service access request via a first channel, wherein the service access request comprises a delivery destination proof and a cost proof, the delivery destination proof comprising an obfuscated destination, and the cost proof comprising a digital certificate establishing that the mobile communication device is maintained by a paying subscriber of a second channel that is different from the first channel; authenticating the delivery destination proof; matching the obfuscated destination to a stored obfuscated destination; authenticating the cost proof; responsive to authenticating the delivery destination proof and the cost proof, sending an authentication code message to the matched destination via the second channel, wherein the authentication code message comprises an indicator to denote the authentication code message is to be transparently intercepted by a recipient device by causing the recipient device to automatically send a response to the authentication code message while suppressing ordinary message notification for the authentication code message; receiving the response to the authentication code message; and responsive to receiving the response to the authentication code message, sending an authorization token message to the mobile communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more computer-readable storage devices comprising computer-executable instructions causing a computing system to perform a method comprising:
-
from a mobile communication device, receiving a service access request via a first channel, wherein the service access request comprises a delivery destination proof and a cost proof, the cost proof comprising a digital certificate establishing that the mobile communication device is maintained by a paying subscriber of a second channel that is different from the first channel, and a delivery destination proof comprising an obfuscated destination; authenticating the delivery destination proof; matching the obfuscated destination to a stored obfuscated destination; authenticating the cost proof; responsive to authenticating the delivery destination proof and the cost proof, sending an authentication code message to the destination via a channel different from the first channel, wherein the authentication code message comprises an indicator causing the recipient device to automatically send a response to the authentication code message and suppress message notification for the authentication code message so that the response is provided without action by a user of the recipient device; receiving the response to the authentication code message; and responsive to receiving the response to the authentication code message, sending an authorization token message to the mobile communication device.
-
-
10. A mobile communication device comprising:
-
one or more processors coupled to memory; a stored cost proof, the stored cost proof comprising a digital certificate establishing that the mobile communication device is associated with an account for a channel for receiving authentication code messages; a stored delivery destination proof comprising an obfuscated destination, the destination associated with the mobile communication device; a watch list indicating one or more outstanding authentication code messages being watched for; a service access request orchestrator configured to send a request for access to a service, wherein the request comprises the stored cost proof and the stored delivery destination proof and is added to the watch list; an intercept component configured to transparently intercept an incoming authentication code message received responsive to the request for access to the service and configured to, when the watch list indicates the authentication code message is outstanding, suppress message notification for the authentication code message and automatically respond thereto with a message comprising an authentication code and further configured to receive an authorization token sent in response to the message comprising the authentication code; and an authorization token sending component configured to send the authorization token in conjunction with a request for a service protected by two-factor authentication. - View Dependent Claims (11, 12, 13, 14)
-
-
15. In a mobile communication device, one or more computer-readable storage devices comprising:
-
a digital certificate establishing that the mobile communication device is associated with a paying account associated with a second channel; a delivery destination proof derived from a delivery destination monitored by the mobile communication device, wherein the delivery destination comprises a telephone number of the mobile communication device; and computer-executable instructions causing the mobile communication device to perform a method comprising; via a first channel, sending a service access request for a protected service, wherein the request comprises a username, password, the digital certificate, and the delivery destination proof; transparently intercepting a message received via the second channel responsive to sending the service access request for the protected service via the first channel, wherein transparently intercepting comprises monitoring a watch list for a response to the service access request receivable via the delivery destination and suppressing message notification for the message; from the message received via the second channel, deriving an authentication code; sending an automatic response to the message received via the second channel, wherein the automatic response comprises the authentication code derived from the message that was received responsive to sending the service access request and the digital certificate and the mobile communication device thereby serves as a second factor in a transparent two-factor authentication process protecting the protected service associated with the service access request; and receiving an authorization token in response to the automatic response that comprises the authentication code derived from the message and the digital certificate; whereby transparent two-factor authentication is performed transparently for the mobile communication device and it is established that the service access request is originating from a device associated with the paying account associated with the second channel. - View Dependent Claims (16, 17)
-
Specification