Fallback identity authentication techniques
First Claim
1. A system for authorizing access of a user device to a service provider (SP) server, comprising:
- an authentication server computer device including at least one computer processor operatively connected to a computer memory and configured to;
responsive to a request to authenticate an identity of a user attempting to access the SP server via a first user device (UD), transmit a notification request to a notification server to cause the notification server to send a notification, including a token, to a second UD such that upon receipt of the notification the second UD sends data indicative of the token to the authentication server computer device, the notification server being physically distinct from the authentication server computer device;
responsive to a failure to receive the data indicative of the token from the second UD within a timeout limit, send instructions to the first UD to make the second UD ready for communicating with the authentication server computer device;
responsive to receiving information from the first UD indicating that the second UD is unavailable for communicating with the authentication server computer device, send instructions to the first UD such that the first UD displays instructions related to an authentication operation using a colleague UD and not including the second UD;
initiate the authentication operation, the authentication operation including a challenge presented on the colleague UD to be completed by the user to be granted access to the SP server;
determine an authorization-recommendation at least partly based on a response to the authentication operation received from the colleague UD; and
provide the authorization-recommendation to the SP server.
15 Assignments
0 Petitions
Accused Products
Abstract
The presently disclosed subject matter includes a system, a method and a non-transitory program storage device configured for authorizing access of a user device to a service provider server. Responsive to a request to authenticate the identity of a user attempting to access an SP server via a user device (UD), an authentication server is configured to initiate at least one authentication operation using a second UD; in the event of a failure to receive a response to the at least one authentication operation from the second UD, the authentication server is configured to proceed according to an alternative authentication method which does not involve the second UD.
-
Citations
32 Claims
-
1. A system for authorizing access of a user device to a service provider (SP) server, comprising:
-
an authentication server computer device including at least one computer processor operatively connected to a computer memory and configured to; responsive to a request to authenticate an identity of a user attempting to access the SP server via a first user device (UD), transmit a notification request to a notification server to cause the notification server to send a notification, including a token, to a second UD such that upon receipt of the notification the second UD sends data indicative of the token to the authentication server computer device, the notification server being physically distinct from the authentication server computer device; responsive to a failure to receive the data indicative of the token from the second UD within a timeout limit, send instructions to the first UD to make the second UD ready for communicating with the authentication server computer device; responsive to receiving information from the first UD indicating that the second UD is unavailable for communicating with the authentication server computer device, send instructions to the first UD such that the first UD displays instructions related to an authentication operation using a colleague UD and not including the second UD; initiate the authentication operation, the authentication operation including a challenge presented on the colleague UD to be completed by the user to be granted access to the SP server; determine an authorization-recommendation at least partly based on a response to the authentication operation received from the colleague UD; and provide the authorization-recommendation to the SP server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computerized method of authorizing access of a first user device to a service provider (SP) server, comprising:
-
at an authentication server computer device; responsive to a request to authenticate the identity of a user attempting to access the SP server via the first user device (UD), transmit a notification request to a notification server to cause the notification server to send a notification, including a token, via a first communication channel to a second UD such that upon receipt of the notification the second UD sends data indicative of the token to the authentication server computer device via a second communication channel, the first communication channel being distinct from the second communication channel, the second communication channel excluding the notification server; in response to a failure to receive the data indicative of the token from the second UD within a timeout limit, performing at least the following operations; sending instructions to the first UD to make the second UD ready to communicate with the authentication server computer device, and responsive to receiving information from the first UD indicating that the second UD is unavailable to communicate with the authentication server computer device, sending instructions to the first UD such that the first UD displays instructions related to an authentication operation using a colleague UD and method not including the second UD; initiating the authentication operation, the authentication operation including a challenge presented on the colleague UD to be completed by the user to be granted access to the SP server; determining an authorization-recommendation at least partly based on a response to the authentication operation received from the colleague UD; and providing the authorization-recommendation to the SP server. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An apparatus, comprising:
-
an authentication server (1) including at least one computer processor operatively connected to a computer memory, and (2) configured to; responsive to (1) a request to authenticate an identity of a user attempting to access the SP server via the first user device (UD), (2) a failure to receive data indicative of a token from a second UD within a timeout limit, (3) and receiving an indication from the first UD indicating that a second UD is unavailable for communicating with the authentication server, transmit (1) information to the first UD such that the first UD displays information related to an authentication operating using a colleague UD, and (2) a notification request to a notification server to cause the notification server to send a notification, including the token, to the colleague UD such that the colleague UD, upon receipt of the notification, sends data indicative of the token to the authentication server, the notification server being physically distinct from the authentication server; responsive to receiving from the colleague UD the data indicative of the token, sending a challenge to the colleague UD; receive from the colleague UD a response to the challenge; determine an authorization-recommendation at least partly based on the response to the challenge from the colleague UD; and provide the authorization-recommendation to the SP server.
-
Specification