System and method for converting one-time passcodes to app-based authentication

US 9,979,719 B2
Filed: 12/08/2015
Issued: 05/22/2018
Est. Priority Date: 01/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting, in response to a user access attempt on a first electronic device, a one-time passcode authentication event;

wherein detecting the event comprises detecting web content referencing a one-time passcode using a browser extension operating on the first electronic device;

wherein detecting the event further comprises detecting an identity of an outside service for which access is attempted;

identifying, using the outside service identity and a user identity, a second electronic device as an authenticating device;

wherein the user identity is associated with the browser extension;

transmitting a notification of the one-time password authentication event from the first electronic device to the authenticating device;

wherein the notification comprises OTP retrieval information, wherein;

transmitting, via one or more networks, the notification of the one-time password authentication event from the first electronic device to the authenticating device comprises transmitting, via the one or more networks, the notification from the first electronic device to a cloud relay and transmitting, via the one or more networks, the notification from the cloud relay to the authenticating device, wherein transmitting the one-time passcode from the authenticating device to the browser extension comprises transmitting the one-time passcode from the authenticating device to the cloud relay and transmitting, via the one or more networks, the one-time passcode from the cloud relay to the first electronic device, wherein identifying the second electronic device as the authenticating device comprises identifying the second electronic device at the cloud relay using a database accessible to the cloud relay;

retrieving, in response to the notification and according to the OTP retrieval information, a one-time passcode from the authenticating device;

requesting user approval input on the authenticating device;

transmitting the one-time passcode from the authenticating device to the browser extension operating on the first electronic device only after receiving the user approval input, wherein receiving the user approval input comprises;

displaying an approval interface on a display of the authenticating device, wherein the approval interface comprises information pertaining to the outside service identity and a selectable approval input indicator; and

detecting user selection of the selectable approval input indicator;

retrieving a set of stored primary credentials, the set associated with the user identity and the outside service identity;

transmitting the set of stored primary credentials to the browser extension; and

populating, using the browser extension, a one-time passcode entry form with the one-time passcode and at least one primary credential field with the set of stored primary credentials.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method comprising includes detecting, in response to a user access attempt on an electronic access device, a one-time passcode authentication event; receiving, at an electronic authenticating device, notification of the one-time passcode authentication event; retrieving, in response to the notification, a one-time passcode from the authenticating device; transmitting the one-time passcode from the authenticating device to a facilitator software instance operating on the access device; and enabling population, using the facilitator software instance, of a one-time passcode entry form with the one-time passcode.

193 Citations

17 Claims

1. A method comprising:
- detecting, in response to a user access attempt on a first electronic device, a one-time passcode authentication event;
  
  wherein detecting the event comprises detecting web content referencing a one-time passcode using a browser extension operating on the first electronic device;
  
  wherein detecting the event further comprises detecting an identity of an outside service for which access is attempted;
  
  identifying, using the outside service identity and a user identity, a second electronic device as an authenticating device;
  
  wherein the user identity is associated with the browser extension;
  
  transmitting a notification of the one-time password authentication event from the first electronic device to the authenticating device;
  
  wherein the notification comprises OTP retrieval information, wherein;
  
  transmitting, via one or more networks, the notification of the one-time password authentication event from the first electronic device to the authenticating device comprises transmitting, via the one or more networks, the notification from the first electronic device to a cloud relay and transmitting, via the one or more networks, the notification from the cloud relay to the authenticating device, wherein transmitting the one-time passcode from the authenticating device to the browser extension comprises transmitting the one-time passcode from the authenticating device to the cloud relay and transmitting, via the one or more networks, the one-time passcode from the cloud relay to the first electronic device, wherein identifying the second electronic device as the authenticating device comprises identifying the second electronic device at the cloud relay using a database accessible to the cloud relay;
  
  retrieving, in response to the notification and according to the OTP retrieval information, a one-time passcode from the authenticating device;
  
  requesting user approval input on the authenticating device;
  
  transmitting the one-time passcode from the authenticating device to the browser extension operating on the first electronic device only after receiving the user approval input, wherein receiving the user approval input comprises;
  
  displaying an approval interface on a display of the authenticating device, wherein the approval interface comprises information pertaining to the outside service identity and a selectable approval input indicator; and
  
  detecting user selection of the selectable approval input indicator;
  
  retrieving a set of stored primary credentials, the set associated with the user identity and the outside service identity;
  
  transmitting the set of stored primary credentials to the browser extension; and
  
  populating, using the browser extension, a one-time passcode entry form with the one-time passcode and at least one primary credential field with the set of stored primary credentials.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the OTP retrieval information comprises information enabling the generation of the one-time passcode;
    - the method further comprising, in response to receiving user approval input, generating the one-time passcode based on the OTP retrieval information.

3. A method comprising:
- detecting, in response to a user access attempt on an electronic access device, a one-time passcode authentication event;
  
  transmitting, via one or more networks, a notification of the one-time password authentication event from the electronic access device to an authenticating device, wherein the transmitting comprises transmitting, via the one or more networks, the notification from the electronic access device to a cloud relay and transmitting, via the one or more networks, the notification from the cloud relay to the authenticating device, wherein transmitting the one-time passcode from the authenticating device to a facilitator software instance comprises transmitting the one-time passcode from the authenticating device to the cloud relay and transmitting, via the one or more networks, the one-time passcode from the cloud relay to the electronic access device, wherein identifying the authenticating device comprises identifying the authentication device at the cloud relay using a database accessible to the cloud relay;
  
  receiving, at the authenticating device, the notification of the one-time passcode authentication event;
  
  retrieving, in response to the notification, the one-time passcode from the authenticating device;
  
  requesting user approval input on the authenticating device;
  
  transmitting the one-time passcode from the authenticating device to the facilitator software instance operating on the electronic access device only after receiving user approval input, wherein receiving user approval input comprises;
  
  displaying an approval interface on a display of the authenticating device, wherein the approval interface comprises information pertaining to the outside service identity and a selectable approval input indicator; and
  
  detecting user selection of the selectable approval input indicator;
  
  retrieving a set of stored primary credentials, the set associated with the user identity and the outside service identity;
  
  transmitting the set of stored primary credentials to the facilitator software instance; and
  
  enabling population, using the facilitator software instance, of a one-time passcode entry form with the one-time passcode and at least one primary credential field with the set of stored primary credentials.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 4. The method of claim 3, wherein the electronic access device comprises the authentication device.
  - 5. The method of claim 3, wherein detecting the one-time passcode authentication event comprises monitoring incoming communications at the authenticating device, analyzing the incoming communications at the authenticating device for OTP authentication information, and detecting the one-time passcode authentication event, at the authenticating device, from the OTP authentication information;
    - wherein the incoming messages are sent from an outside service.
  - 6. The method of claim 5, further comprising identifying the electronic access device based on at least one of an identity of the outside service and user input at the authenticating device.
  - 7. The method of claim 3, wherein detecting the one-time passcode authentication event comprises detecting, using the facilitator software instance, the one-time passcode authentication event at the electronic access device.
  - 8. The method of claim 7, wherein detecting the one-time passcode authentication event comprises monitoring user web browser usage;
    - analyzing web content; and
      
      identifying the one-time passcode authentication event based on the web content.
  - 9. The method of claim 7, wherein detecting the one-time passcode authentication event comprises receiving manual notification from a user that the one-time passcode authentication event has occurred.
  - 10. The method of claim 7, further comprising requesting user approval input on the authenticating device;
    - wherein transmitting the one-time passcode comprises transmitting the one-time passcode only after receiving the user approval input on the authenticating device.
  - 11. The method of claim 10, wherein receiving user approval input comprises receiving a biometric identifier of an authorized user of the authenticating device.
  - 12. The method of claim 7, further comprising generating, based on the notification, the one-time passcode at the authenticating device.
  - 13. The method of claim 7, wherein retrieving the one-time passcode comprises monitoring incoming communications at the authenticating device, analyzing the incoming communications at the authenticating device for the one-time passcode, and retrieving the one-time passcode from at least one of the incoming communications.
  - 14. The method of claim 7, wherein retrieving the one-time passcode comprises opening an OTP generating application and retrieving the one-time passcode from the OTP generating application.

15. The method of claim 7, wherein enabling population comprises storing the one-time passcode in a copy-paste clipboard of the electronic access device.

16. The method of claim 7, wherein enabling population comprises prompting a user of the electronic access device to select a field for OTP entry and in response to the selection of the field by the user, filling the field with the one-time passcode.

17. The method of claim 7, wherein enabling population comprises enabling population only after a user of the electronic access device has authenticated with the facilitator software instance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Goodman, Adam, Czub, Chris, Garrity, Patrick
Primary Examiner(s)
Dolly, Kendall

Application Number

US14/962,294
Publication Number

US 20160197914A1
Time in Patent Office

896 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/18   using different networks or...

H04W 12/04   Key management, e.g. using ...

System and method for converting one-time passcodes to app-based authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

193 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

System and method for converting one-time passcodes to app-based authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

193 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others