Event driven second factor credential authentication

US 9,769,161 B2
Filed: 07/12/2011
Issued: 09/19/2017
Est. Priority Date: 07/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprisingdetecting, at a reader, a credential within a read range of the reader;

receiving, at the reader, credential data from the credential;

detecting, at the reader, user input related to a sequence of multiple events controlled by the reader to count time, wherein the sequence of multiple events controlled by the reader to count time is selected from a group of possible events including;

(i) a plurality of light flashes;

(ii) a plurality of illuminated light sources;

(iii) a pattern of illuminated versus non-illuminated light sources;

(iv) a color of a light source; and

(v) a plurality of beeps emitted by the reader;

analyzing the event-based user input, wherein the event-based user input corresponds to a single user action detected at a particular time during the sequence of multiple events controlled by the reader to count time;

based on a successful authentication of the event-based user input, releasing the credential data from the reader; and

upon determining that the credential data and the event-based user input are both valid, permitting user access to an asset protected by the reader.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A reader configured to perform dual-factor authentication is provided. The reader is configured to analyze credential data as well as event-based user inputs. The event-based user inputs are received in response to the reader presenting one or more events to a user and monitoring the user'"'"'s reaction thereto. Utilization of an event-based user input enables the reader to perform dual-factor authentication without necessarily being provided with a keyboard or other advanced user input device.

Citations

19 Claims

1. A method, comprisingdetecting, at a reader, a credential within a read range of the reader;
- receiving, at the reader, credential data from the credential;
  
  detecting, at the reader, user input related to a sequence of multiple events controlled by the reader to count time, wherein the sequence of multiple events controlled by the reader to count time is selected from a group of possible events including;
  
  (i) a plurality of light flashes;
  
  (ii) a plurality of illuminated light sources;
  
  (iii) a pattern of illuminated versus non-illuminated light sources;
  
  (iv) a color of a light source; and
  
  (v) a plurality of beeps emitted by the reader;
  
  analyzing the event-based user input, wherein the event-based user input corresponds to a single user action detected at a particular time during the sequence of multiple events controlled by the reader to count time;
  
  based on a successful authentication of the event-based user input, releasing the credential data from the reader; and
  
  upon determining that the credential data and the event-based user input are both valid, permitting user access to an asset protected by the reader.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - analyzing the credential data at the reader.
  - 3. The method of claim 2, wherein the credential data is split across a plurality of credentials and wherein the credential data is determined to be valid when each of the plurality of credentials are presented in a predetermined order.
  - 4. The method of claim 1, wherein the sequence of multiple events controlled by the reader comprise at least one of flashing a light and beeping a buzzer a plurality of times.
  - 5. The method of claim 1, wherein the event-based user input comprises monitoring and detecting a user action that occurs at a predetermined time during presentation of the sequence of multiple events controlled by the reader.
  - 6. The method of claim 1, wherein a valid event-based user input comprises an N-digit PIN that is specific to the user and wherein the event-based user input is detected by monitoring an amount of time that a credential is selectively presented and not presented to the reader during presentation of the sequence of events controlled by the reader.

7. A reader, comprising:
- a network interface that enables the reader to communicate with a networked device;
  
  a credential interface that enables the reader to communicate with a credential carried by a user and receive information from the credential describing a sequence of multiple events to be performed by the reader in connection with proving the user'"'"'s knowledge of a secret;
  
  a user interface configured to present the sequence of multiple events to the user as a count of time;
  
  a processor; and
  
  computer memory coupled with the processor, the computer memory comprising instructions that enable the processor to perform the following functions;
  
  monitor user reactions to the sequence of events, the user reactions including moving a credential closer to or further away from the reader at a particular time during a display of the sequence of multiple events; and
  
  determine, based on the user reaction, whether the user has provided a valid event-based user input that proves the secret is known by the user;
  
  wherein the reader forwards credential data to a networked device for analysis only in response to the processor determining that the event-based user input is valid.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The reader of claim 7, wherein the user interface does not include a user input device.
  - 9. The reader of claim 7, wherein the user interface comprises at least one Light Emitting Diode (LED).
  - 10. The reader of claim 7, wherein the user interface comprises at least one of a buzzer and speaker.
  - 11. The reader of claim 7, wherein the instructions, when executed by the processor, further enable the processor to determine whether a credential presented by the user is within a read range of the reader as a part of monitoring the user reaction to the sequence of events.
  - 12. The reader of claim 11, wherein the reader further retrieves credential data from the credential presented by the user.

13. A method of performing dual-factor authentication, comprising:
- receiving, at a reader, credential data from a credential;
  
  analyzing the credential data;
  
  upon determining that the credential data is valid, presenting to a user of the credential a sequence of multiple events controlled by the reader to count time, wherein the sequence of multiple events controlled by the reader to count time is selected from a group of possible events including;
  
  (i) a number of light flashes;
  
  (ii) a number of illuminated light sources;
  
  (iii) a pattern of illuminated versus non-illuminated light sources;
  
  (iv) a color of a light source; and
  
  (v) a number of beeps emitted by the reader;
  
  receiving, at the reader, user input related to the sequence of events controlled by the reader to count time;
  
  analyzing the event-based user input, wherein the event-based user input corresponds to a single user action detected at a particular time during the sequence of multiple events controlled by the reader to count time; and
  
  based on a successful authentication of the event-based user input and determination that the credential data is valid, permitting the user access to an asset protected by the reader.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein the user input includes moving the credential closer to or further away from the reader during the presentation of the sequence of events.
  - 15. The method of claim 13, wherein the reader forwards the credential data to a networked device for analysis only in response to determining that the event-based user input is valid.
  - 16. The method of claim 13, wherein a valid event-based user input comprises an N-digit PIN.
  - 17. The method of claim 13, wherein the credential data includes information that is used by the reader to select the sequence of multiple events from the group of possible events.
  - 18. The method of claim 17, wherein the information that is used by the reader to select the sequence of multiple events from the group of possible events changes over time.
  - 19. The method of claim 13, wherein the credential data is split across a plurality of credentials and wherein the credential data is determined to be valid when each of the plurality of credentials are presented in a predetermined order.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Masha Leah Davis
Original Assignee
Assa Abloy AB
Inventors
Davis, Masha Leah, Robinton, Mark, Klammer, Peter F.
Primary Examiner(s)
CHANG, KENNETH W

Application Number

US14/131,854
Publication Number

US 20140331286A1
Time in Patent Office

2,261 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/3821   Electronic credentials

G06Q 20/40   Authorisation, e.g. identif...

G07C 9/22   in combination with an iden...

G07F 17/14   for fastenings for doors of...

G07F 5/18   specially adapted for contr...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 9/3215   using a plurality of channe...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Event driven second factor credential authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Event driven second factor credential authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links