Automated device discovery of pairing-eligible devices for authentication

US 9,942,223 B2
Filed: 11/25/2015
Issued: 04/10/2018
Est. Priority Date: 11/25/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for discovering pairing-eligible devices for authenticating a user on a computing device, comprising:

via the computing device of the user, generating and sending an interrogation request to a network resource for identifying one or more pairing-eligible devices connected to the network resource or one or more pairing-eligible device users associated with an event stored on the network resource;

in response to the interrogation request, receiving at least one encrypted token, wherein the at least one encrypted token comprises a unique identifier associated with at least one pairing-eligible device of the one or more pairing-eligible devices connected to the network resource or a unique identifier associated with at least one pairing-eligible device user of the one or more pairing-eligible device users associated with the event stored on the network resource;

identifying one or more pairing-eligible devices associated with the at least one encrypted token by decrypting the at least one encrypted token and querying an authentication directory for a list of pairing eligible devices associated with the at least one pairing-eligible device user, wherein querying the authentication directory for the list of pairing-eligible devices associated with the at least one pairing-eligible device user comprises querying the authentication directory for predetermined device types;

wherein the list of pairing eligible devices comprises at least one pairing eligible device having the predetermined device types;

generating the list of pairing-eligible devices associated with the at least one encrypted token;

displaying a user interface comprising the list of pairing-eligible devices;

receiving a selection of a pairing-eligible device from the list of pairing-eligible devices;

sending a notification to a selected pairing-eligible device, wherein the notification comprises an authentication challenge, receiving an authentication challenge response and making a determination as to whether the authentication challenge response matches an expected response; and

in response to a positive determination as to whether the authentication challenge response matches the expected response, completing authentication for the user and sending a signed token to the computing device enabling the user access to authorized resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automated device discovery of pairing-eligible devices for authenticating an unidentified user of a computing device is provided. When the user initiates a login on the computing device on which the user'"'"'s identity is not known, an automated pairing-eligible device discovery authentication system interrogates a resource (e.g., subnetwork router, calendaring server) for identifying pairing-eligible devices that may be used as a second factor for authentication. A list of the pairing-eligible devices is presented to the user on the computing device. Upon selection of a pairing-eligible device to use as a second factor to verify the user'"'"'s identity, the user'"'"'s identity is determined, and a notification is sent to the selected pairing-eligible device for enabling the user to verify his/her identity using a second factor. Upon completion of an authentication challenge on the selected pairing-eligible device, authentication of the user is completed, and a signed token is sent to the computing device.

Citations

14 Claims

1. A computer-implemented method for discovering pairing-eligible devices for authenticating a user on a computing device, comprising:
- via the computing device of the user, generating and sending an interrogation request to a network resource for identifying one or more pairing-eligible devices connected to the network resource or one or more pairing-eligible device users associated with an event stored on the network resource;
  
  in response to the interrogation request, receiving at least one encrypted token, wherein the at least one encrypted token comprises a unique identifier associated with at least one pairing-eligible device of the one or more pairing-eligible devices connected to the network resource or a unique identifier associated with at least one pairing-eligible device user of the one or more pairing-eligible device users associated with the event stored on the network resource;
  
  identifying one or more pairing-eligible devices associated with the at least one encrypted token by decrypting the at least one encrypted token and querying an authentication directory for a list of pairing eligible devices associated with the at least one pairing-eligible device user, wherein querying the authentication directory for the list of pairing-eligible devices associated with the at least one pairing-eligible device user comprises querying the authentication directory for predetermined device types;
  
  wherein the list of pairing eligible devices comprises at least one pairing eligible device having the predetermined device types;
  
  generating the list of pairing-eligible devices associated with the at least one encrypted token;
  
  displaying a user interface comprising the list of pairing-eligible devices;
  
  receiving a selection of a pairing-eligible device from the list of pairing-eligible devices;
  
  sending a notification to a selected pairing-eligible device, wherein the notification comprises an authentication challenge, receiving an authentication challenge response and making a determination as to whether the authentication challenge response matches an expected response; and
  
  in response to a positive determination as to whether the authentication challenge response matches the expected response, completing authentication for the user and sending a signed token to the computing device enabling the user access to authorized resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein generating and sending the interrogation request to the network resource comprises generating and sending the interrogation request to a router associated with a subnetwork to which the computing device is connected.
  - 3. The computer-implemented method of claim 2, wherein identifying the one or more pairing-eligible devices connected to the network resource comprises identifying one or more computing devices connected to the router associated with the subnetwork.
  - 4. The computer-implemented method of claim 1, wherein generating and sending the interrogation request to the network resource comprises generating and sending the interrogation request to a calendaring server.
  - 5. The computer-implemented method of claim 4, wherein identifying the one or more pairing-eligible device users associated with the event stored on the network resource comprising identifying one or more invited attendees associated with a calendaring event stored on the calendaring server, wherein the computing device is a resource associated with the calendaring event.
  - 6. The computer-implemented method of claim 1, wherein identifying the one or more pairing-eligible devices associated with the at least one encrypted token further comprises:
    - identifying the at least one pairing-eligible device user encoded in the at least one encrypted token.
  - 7. The computer-implemented method of claim 6, wherein identifying the one or more pairing-eligible devices associated with the at least one encrypted token further comprises:
    - making a determination as to whether a number of pairing-eligible devices associated with the at least one encrypted token exceeds a predetermined threshold value; and
      
      in response to a positive determination as to whether the number of pairing-eligible devices associated with the at least one encrypted token exceeds the predetermined threshold value, requesting an identity of the user.
  - 8. The computer-implemented method of claim 1, further comprising pairing the selected pairing-eligible device with the computing device as a secondary device on which the user is enabled to verify an identity of the user.

9. A system for discovering pairing-eligible devices for authentication, comprising:
- one or more hardware processors for executing programmed instructions;
  
  memory, coupled to the one or more hardware processors, for storing program instruction steps for execution by the one or more hardware processors;
  
  an authentication client, implemented by the one or more hardware processors operative to;
  
  via a device of a user, generate and send an interrogation request to a network resource for identifying one or more pairing-eligible devices connected to the network resource or one or more pairing-eligible device users associated with an event stored on the network resource;
  
  in response to the interrogation request, receive at least one encrypted token, wherein the at least one encrypted token comprises a unique identifier associated with at least one pairing-eligible device of the one or more pairing-eligible devices connected to the network resource or a unique identifier associated with at least one pairing-eligible device user of the one or more pairing-eligible device users associated with the event stored on the network resource; and
  
  an authentication service, implemented by the one or more hardware processors operative to;
  
  identify the one or more pairing-eligible devices associated with the at least one encrypted token by decrypting the at least one encrypted token and querying an authentication directory for a list of pairing eligible devices associated with the at least one pairing-eligible device user, wherein querying the authentication directory for the list of pairing-eligible devices associated with the at least one pairing-eligible device user comprises querying the authentication directory for predetermined device types;
  
  wherein the list of pairing eligible devices comprises at least one pairing eligible device having the predetermined device types;
  
  generate the list of pairing-eligible devices associated with the at least one encrypted token;
  
  receive a selection of a pairing-eligible device from the list of pairing-eligible devices;
  
  send a notification to a selected pairing-eligible device, wherein the notification comprises an authentication challenge, receiving an authentication challenge response and making a determination as to whether the authentication challenge response matches an expected response; and
  
  in response to a positive determination as to whether the authentication challenge response matches the expected response, complete authentication for the user and send a signed token to the computing device enabling the user access to authorized resources.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein in generating and sending the interrogation request to the network resource for identifying the one or more pairing-eligible devices connected to the network resource, the authentication client is operative to generate and send the interrogation request to a router associated with a subnetwork to which the computing device is connected for identifying one or more computing devices connected to the router associated with the subnetwork.
  - 11. The system of claim 9, wherein in generating and sending the interrogation request to the network resource for the one or more pairing-eligible device users associated with the event stored on the network resource, the authentication client is operative to generate and send the interrogation request to a calendaring server for identifying one or more invited attendees associated with a calendaring event stored on the calendaring server, wherein the computing device is a resource associated with the calendaring event.
  - 12. The system of claim 9, wherein in identifying the one or more pairing-eligible devices associated with the at least one encrypted token, the authentication service, implemented by the one or more hardware processors further comprises:
    - a token decryptor operative to;
      
      identify the at least one pairing-eligible device user encoded in the at least one encrypted token.
  - 13. The system of claim 9, wherein in identifying the one or more pairing-eligible devices associated with the at least one encrypted token, the authentication service implemented by the one or more hardware processors, further comprises a pairing-eligible device discovery engine is operative to:
    - make a determination as to whether a number of pairing-eligible devices associated with the at least one encrypted token exceeds a predetermined threshold value; and
      
      in response to a positive determination as to whether the number of pairing-eligible devices associated with the at least one encrypted token exceeds the predetermined threshold value, request an identity of the user.

14. A device for discovering pairing-eligible devices for authentication, the device comprising one or more hardware processors, the device operative to:
- via a computing device of a user, generate and send an interrogation request to a network resource for identifying one or more pairing-eligible devices connected to the network resource or one or more pairing-eligible device users associated with an event stored on the network resource;
  
  in response to the interrogation request, receive at least one encrypted token, wherein the at least one encrypted token comprises a unique identifier associated with at least one pairing-eligible device of the one or more pairing-eligible devices connected to the network resource or a unique identifier associated with at least one pairing-eligible device user of the one or more pairing-eligible device users associated with the event stored on the network resource;
  
  identifying the one or more pairing-eligible devices associated with the at least one encrypted token by decrypting the at least one encrypted token and querying an authentication directory for a list of pairing eligible devices associated with the at least one pairing-eligible device user, wherein querying the authentication directory for the list of pairing-eligible devices associated with the at least one pairing-eligible device user comprises querying the authentication directory for predetermined device types;
  
  wherein the list of pairing eligible devices comprises at least one pairing eligible device having predetermined device types;
  
  display a user interface comprising the list of pairing-eligible devices; and
  
  receive a selection of a pairing-eligible device from the list of pairing-eligible devices;
  
  send a notification to a selected pairing-eligible device, wherein the notification comprises an authentication challenge, receiving an authentication challenge response and making a determination as to whether the authentication challenge response matches an expected response; and
  
  in response to a positive determination as to whether the authentication challenge response matches the expected response, complete authentication for the user and send a signed token to the computing device enabling the user access to authorized resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Vincent, Benjamin Richard, Gopalakrishnan, Venkatesh, Fluegel, Jay
Primary Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US14/952,180
Publication Number

US 20170149771A1
Time in Patent Office

867 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 10/1095   Meeting or appointment

H04L 63/0853   using an additional device,...

H04W 12/06   Authentication

H04W 48/16   Discovering, processing acc...

H04W 76/14   Direct-mode setup

H04W 8/005   Discovery of network device...

Automated device discovery of pairing-eligible devices for authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Automated device discovery of pairing-eligible devices for authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links