Transparent two-factor authentication via mobile communication device

US 9,690,924 B2
Filed: 05/15/2014
Issued: 06/27/2017
Est. Priority Date: 05/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method implemented at least in part by a computing system, the method comprising:

from a mobile communication device, receiving a service access request via a first channel, wherein the service access request comprises a delivery destination proof and a cost proof, the delivery destination proof comprising an obfuscated destination, and the cost proof comprising a digital certificate establishing that the mobile communication device is maintained by a paying subscriber of a second channel that is different from the first channel;

authenticating the delivery destination proof;

matching the obfuscated destination to a stored obfuscated destination;

authenticating the cost proof;

responsive to authenticating the delivery destination proof and the cost proof, sending an authentication code message to the matched destination via the second channel, wherein the authentication code message comprises an indicator to denote the authentication code message is to be transparently intercepted by a recipient device by causing the recipient device to automatically send a response to the authentication code message while suppressing ordinary message notification for the authentication code message;

receiving the response to the authentication code message; and

responsive to receiving the response to the authentication code message, sending an authorization token message to the mobile communication device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Two-factor authentication can be provided transparently to a user by virtue of proof information available at a mobile communication device. For example, after an access request for a service is sent, an authentication code can be intercepted from a responsive incoming message. The technologies can incorporate a cost proof as part of a cost optimization. Other features such as obfuscation and separate channels can be incorporated into the technologies to provide a superior user experience while implementing superior security.

27 Citations

View as Search Results

17 Claims

1. A method implemented at least in part by a computing system, the method comprising:
- from a mobile communication device, receiving a service access request via a first channel, wherein the service access request comprises a delivery destination proof and a cost proof, the delivery destination proof comprising an obfuscated destination, and the cost proof comprising a digital certificate establishing that the mobile communication device is maintained by a paying subscriber of a second channel that is different from the first channel;
  
  authenticating the delivery destination proof;
  
  matching the obfuscated destination to a stored obfuscated destination;
  
  authenticating the cost proof;
  
  responsive to authenticating the delivery destination proof and the cost proof, sending an authentication code message to the matched destination via the second channel, wherein the authentication code message comprises an indicator to denote the authentication code message is to be transparently intercepted by a recipient device by causing the recipient device to automatically send a response to the authentication code message while suppressing ordinary message notification for the authentication code message;
  
  receiving the response to the authentication code message; and
  
  responsive to receiving the response to the authentication code message, sending an authorization token message to the mobile communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - sending the cost proof to the mobile communication device during activation of the mobile communication device.
  - 3. The method of claim 1 wherein:
    - the delivery destination proof indicates a destination correlated with the mobile communication device; and
      
      the authentication code message is sent to the destination.
  - 4. The method of claim 1 wherein the delivery destination proof comprises:
    - a phone number of the mobile communication device;
      
      ora user name of an account accessible with the mobile communication device.
  - 5. The method of claim 1 wherein:
    - the authorization token message comprises a hyperlink incorporating an authorization token.
  - 6. The method of claim 1 wherein:
    - the authorization token message comprises a one-time access code and a submission location for the one-time access code.
  - 7. The method of claim 6 further comprising:
    - receiving the one-time access code; and
      
      responsive to receiving the one-time access code, providing access to a protected service.
  - 8. The method of claim 6 wherein:
    - the one-time access code is for a third-party service; and
      
      the submission location indicates a location at which the third-party service can be accessed via the one-time access code.

9. One or more computer-readable storage devices comprising computer-executable instructions causing a computing system to perform a method comprising:
- from a mobile communication device, receiving a service access request via a first channel, wherein the service access request comprises a delivery destination proof and a cost proof, the cost proof comprising a digital certificate establishing that the mobile communication device is maintained by a paying subscriber of a second channel that is different from the first channel, and a delivery destination proof comprising an obfuscated destination;
  
  authenticating the delivery destination proof;
  
  matching the obfuscated destination to a stored obfuscated destination;
  
  authenticating the cost proof;
  
  responsive to authenticating the delivery destination proof and the cost proof, sending an authentication code message to the destination via a channel different from the first channel, wherein the authentication code message comprises an indicator causing the recipient device to automatically send a response to the authentication code message and suppress message notification for the authentication code message so that the response is provided without action by a user of the recipient device;
  
  receiving the response to the authentication code message; and
  
  responsive to receiving the response to the authentication code message, sending an authorization token message to the mobile communication device.

10. A mobile communication device comprising:
- one or more processors coupled to memory;
  
  a stored cost proof, the stored cost proof comprising a digital certificate establishing that the mobile communication device is associated with an account for a channel for receiving authentication code messages;
  
  a stored delivery destination proof comprising an obfuscated destination, the destination associated with the mobile communication device;
  
  a watch list indicating one or more outstanding authentication code messages being watched for;
  
  a service access request orchestrator configured to send a request for access to a service, wherein the request comprises the stored cost proof and the stored delivery destination proof and is added to the watch list;
  
  an intercept component configured to transparently intercept an incoming authentication code message received responsive to the request for access to the service and configured to, when the watch list indicates the authentication code message is outstanding, suppress message notification for the authentication code message and automatically respond thereto with a message comprising an authentication code and further configured to receive an authorization token sent in response to the message comprising the authentication code; and
  
  an authorization token sending component configured to send the authorization token in conjunction with a request for a service protected by two-factor authentication.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The mobile communication device of claim 10 further comprising:
    - an activation component configured to obtain the stored cost proof as part of an activation process for the mobile communication device.
  - 12. The mobile communication device of claim 10 wherein:
    - the intercept component is configured to extract the authentication code from an incoming text message.
  - 13. The mobile communication device of claim 12 wherein:
    - the incoming text message comprises a location at which access to a protected service can be obtained.
  - 14. The mobile communication device of claim 13 wherein:
    - the authorization token sending component is configured to send the authorization token to the location indicated in the incoming text message.

15. In a mobile communication device, one or more computer-readable storage devices comprising:
- a digital certificate establishing that the mobile communication device is associated with a paying account associated with a second channel;
  
  a delivery destination proof derived from a delivery destination monitored by the mobile communication device, wherein the delivery destination comprises a telephone number of the mobile communication device; and
  
  computer-executable instructions causing the mobile communication device to perform a method comprising;
  
  via a first channel, sending a service access request for a protected service, wherein the request comprises a username, password, the digital certificate, and the delivery destination proof;
  
  transparently intercepting a message received via the second channel responsive to sending the service access request for the protected service via the first channel, wherein transparently intercepting comprises monitoring a watch list for a response to the service access request receivable via the delivery destination and suppressing message notification for the message;
  
  from the message received via the second channel, deriving an authentication code;
  
  sending an automatic response to the message received via the second channel, wherein the automatic response comprises the authentication code derived from the message that was received responsive to sending the service access request and the digital certificate and the mobile communication device thereby serves as a second factor in a transparent two-factor authentication process protecting the protected service associated with the service access request; and
  
  receiving an authorization token in response to the automatic response that comprises the authentication code derived from the message and the digital certificate;
  
  whereby transparent two-factor authentication is performed transparently for the mobile communication device and it is established that the service access request is originating from a device associated with the paying account associated with the second channel.
- View Dependent Claims (16, 17)
- - 16. The one or more computer-readable storage devices of claim 15 wherein the intercepting further comprises:
    - suppressing an ordinary message notification for the message received via the second channel.
  - 17. The one or more computer-readable storage devices of claim 16 wherein:
    - the message received via the second channel comprises a short message service message; and
      
      suppressing comprises suppressing an ordinary short message service alert.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Michaely, Ran, Vincent, Benjamin, McClure, Marc, Olsen, Geir
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US14/279,010
Publication Number

US 20150334564A1
Time in Patent Office

1,139 Days
Field of Search

726 2, 726 5, 726 9, 726 7, 726 10, 455410, 455411
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/43   wireless channels

H04L 63/18   using different networks or...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 4/14   Short messaging services, e...

Transparent two-factor authentication via mobile communication device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Transparent two-factor authentication via mobile communication device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links