Approaches for providing multi-factor authentication credentials

US 9,864,852 B2
Filed: 07/27/2015
Issued: 01/09/2018
Est. Priority Date: 07/27/2015
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a first application and a second application executable in at least one computing device, wherein when executed the first application and the second application cause the at least one computing device to at least:

determine that the first application has requested an authentication;

cause a first user interface to be rendered by the second application, the first user interface eliciting a user approval of the authentication;

generate a one-time password by the second application;

automatically transfer the one-time password to the first application in response to receiving the user approval;

cause a second user interface to be rendered by the first application, the second user interface including a first form field prepopulated with the one-time password and a second form field configured to receive a user-specified security credential;

submit the user-specified security credential to a first authentication service; and

submit the one-time password to a second authentication service and not directly to the first authentication service, the second authentication service acting as a proxy for the first authentication service, wherein the first authentication service is configured to perform the authentication using the one-time password received from the second authentication service and the user-specified security credential received from the at least one computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for providing multi-factor authentication credentials. For example, a first application may send an authentication request to a first authentication service, where the request specifies a first authentication factor. A second application may generate a user interface upon a display, where the user interface facilitates entry of a user approval. In response to receiving the user approval, the second application may send a second authentication factor to a second authentication service that acts as a proxy for the first authentication service. In some embodiments, an application may be configured to automatically transfer a one-time password or other authentication factor to a recipient in response to receiving a user approval.

68 Citations

View as Search Results

20 Claims

1. A non-transitory computer-readable medium embodying a first application and a second application executable in at least one computing device, wherein when executed the first application and the second application cause the at least one computing device to at least:
- determine that the first application has requested an authentication;
  
  cause a first user interface to be rendered by the second application, the first user interface eliciting a user approval of the authentication;
  
  generate a one-time password by the second application;
  
  automatically transfer the one-time password to the first application in response to receiving the user approval;
  
  cause a second user interface to be rendered by the first application, the second user interface including a first form field prepopulated with the one-time password and a second form field configured to receive a user-specified security credential;
  
  submit the user-specified security credential to a first authentication service; and
  
  submit the one-time password to a second authentication service and not directly to the first authentication service, the second authentication service acting as a proxy for the first authentication service, wherein the first authentication service is configured to perform the authentication using the one-time password received from the second authentication service and the user-specified security credential received from the at least one computing device.
- View Dependent Claims (2)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the at least one computing device does not submit the user-specified security credential to the second authentication service.

3. A system, comprising:
- at least one computing device;
  
  a first application executable in the at least one computing device, wherein when executed the first application causes the at least one computing device to at least;
  
  send an authentication request to a first authentication service, the authentication request specifying a first authentication factor; and
  
  a second application executable in the at least one computing device, wherein when executed the second application causes the at least one computing device to at least;
  
  generate a user interface on a display of the at least one computing device, the user interface facilitating entry of a user approval; and
  
  in response to receiving the user approval, send a second authentication factor to a second authentication service and not directly to the first authentication service, wherein the second authentication service operates as a proxy for the first authentication service, and the first authentication service is configured to perform an authentication in response to the authentication request using the second authentication factor received from the second authentication service and the first authentication factor received from the first application.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
- - 4. The system of claim 3, wherein the first authentication service and the second authentication service are operated by different entities.
  - 5. The system of claim 3, wherein the second authentication service is incapable of validating the second authentication factor.
  - 6. The system of claim 3, wherein the user interface is generated in response to a request from the second authentication service.
  - 7. The system of claim 3, wherein the user interface is generated in response to a request from the first application.
  - 8. The system of claim 3, wherein the at least one computing device comprises a first computing device and a second computing device, the first application is executed in the first computing device, and the second application is executed in the second computing device.
  - 9. The system of claim 3, wherein the first authentication service is configured to verify that the first application and second application are executed in different computing devices.
  - 10. The system of claim 3, wherein the at least one computing device comprises a single computing device, and both the first application and the second application are executed in the single computing device.
  - 11. The system of claim 3, wherein the user interface comprises a notification in a notification area.

12. A method, comprising:
- determining, via at least one of one or more computing devices, that a first application has requested an authentication;
  
  causing, via at least one of the one or more computing devices, a user interface to be rendered by a second application, the user interface eliciting a user approval;
  
  receiving, via at least one of the one or more computing devices, the user approval by the second application;
  
  automatically transferring, via at least one of the one or more computing devices, a first authentication factor to a first authentication service in response to the user approval; and
  
  automatically transferring, via at least one of the one or more computing devices, a second authentication factor to a second authentication service and not to the first authentication service in response to the user approval, wherein the first authentication factor and the second authentication factor correspond to a plurality of authentication factors used to perform the authentication, the second authentication service acts as a proxy for the first authentication service, and the first authentication service is configured to perform the authentication using the second authentication factor received from the second authentication service and the first authentication factor received from the one or more computing devices.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein the first authentication factor is transferred to the first authentication service via a uniform resource locator (URL) that includes a scheme name registered to the first authentication service.
  - 14. The method of claim 12, wherein the second authentication factor corresponds to a one-time password.
  - 15. The method of claim 14, wherein the first authentication factor corresponds to a user-provided password.
  - 16. The method of claim 14, further comprising generating, by the second application, the one-time password.
  - 17. The method of claim 14, further comprising receiving, by the second application, the one-time password from another computing device via a network.
  - 18. The method of claim 14, wherein the second authentication service is incapable of verifying the second authentication factor.
  - 19. The method of claim 14, wherein the first authentication service and the second authentication service are operated by different entities.
  - 20. The method of claim 14, wherein the first authentication factor is not transferred to the second authentication service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Johansson, Jesper Mikael, Canavor, Darren Ernest, Hitchcock, Daniel Wade, Bhimanaik, Bharath Kumar
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US14/809,762
Publication Number

US 20170032111A1
Time in Patent Office

897 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

H04L 2463/082   applying multi-factor authe...

H04L 63/0838   using one-time-passwords

H04L 63/0884   by delegation of authentica...

Approaches for providing multi-factor authentication credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

68 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Approaches for providing multi-factor authentication credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others