Strong authentication using authentication objects

US 10,049,202 B1
Filed: 03/25/2014
Issued: 08/14/2018
Est. Priority Date: 03/25/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

generating, based at least in part on data associated with a first user, a structured collection of information, the data being usable for at least one mode of authentication with a service provider system;

storing the structured collection such that the structured collection is usable at least in part to authenticate an identity of the first user with the service provider system as a result of selection, by a second user, of a graphical representation of the structured collection from a graphical user interface;

displaying the graphical user interface, the graphical user interface making available for selection a plurality of graphical representations of structured collections sufficient for authentication with service provider systems to which the plurality of graphical representations corresponds; and

in response to receiving the selection, by the second user, of the graphical representation from an input device, authenticating the identity of the first user by;

obtaining the structured collection; and

performing a set of actions associated with the structured collection that includes providing the data associated with the first user to the service provider system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information proving possession of a user of an item, such as a one-time password token or a physical trait. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers.

114 Citations

View as Search Results

25 Claims

1. A computer-implemented method, comprising:
- generating, based at least in part on data associated with a first user, a structured collection of information, the data being usable for at least one mode of authentication with a service provider system;
  
  storing the structured collection such that the structured collection is usable at least in part to authenticate an identity of the first user with the service provider system as a result of selection, by a second user, of a graphical representation of the structured collection from a graphical user interface;
  
  displaying the graphical user interface, the graphical user interface making available for selection a plurality of graphical representations of structured collections sufficient for authentication with service provider systems to which the plurality of graphical representations corresponds; and
  
  in response to receiving the selection, by the second user, of the graphical representation from an input device, authenticating the identity of the first user by;
  
  obtaining the structured collection; and
  
  performing a set of actions associated with the structured collection that includes providing the data associated with the first user to the service provider system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the data comprises a one-time password from a one-time password token device.
  - 3. The computer-implemented method of claim 1, wherein the data comprises biometric information from the first user.
  - 4. The computer-implemented method of claim 1, wherein the data is obtained after the user selection of the graphical representation.
  - 5. The computer-implemented method of claim 1, wherein:
    - the data is obtained from the first user by receiving the data from a device separate from the service provider system; and
      
      the data received comprises a digital signature generated based at least in part on a cryptographic key associated with the device.
  - 6. The computer-implemented method of claim 1, wherein the user selection corresponds to a drag and drop operation involving the graphical representation using the graphical user interface.

7. A system, comprising:
- one or more processors; and
  
  memory including executable instructions that, as a result of execution by the one or more processors, cause the system to;
  
  generate, based at least in part on data obtained from a first user, a structured collection of information, the data being usable for at least one mode of authentication with a service provider system;
  
  store the structured collection such that the structured collection is usable at least in part to authenticate an identity of the first user with the service provider system as a result of selection, by a second user, of a graphical representation of the structured collection from a graphical user interface;
  
  display the graphical user interface, the graphical user interface making available for selection a plurality of graphical representations of structured collections sufficient for authentication with service provider systems to which the plurality of graphical representations corresponds; and
  
  in response to receipt of the selection, by the second user, of the graphical representation from an input device, authenticate the identity of the first user to further cause the system to;
  
  obtain the structured collection; and
  
  perform a set of actions associated with the structured collection that includes providing the data obtained from the first user to the service provider system.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the set of actions includes obtaining proof of possession by a user of an item that is separate from the system.
  - 9. The system of claim 8, wherein the proof of possession comprises biometric information.
  - 10. The system of claim 8, wherein the proof comprises a proposed solution to a test configured to distinguish human operators from automated agents.
  - 11. The system of claim 8, wherein the item is a physical item.
  - 12. The system of claim 8, wherein the executable instructions cause the system to communicate with another system to obtain the proof.
  - 13. The system of claim 7, wherein the selection, by the second user, corresponds to a drag and drop operation involving the graphical representation using the graphical user interface.

14. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least:
- generate, based at least in part on data obtained from a first user, a structured collection of information, the data being usable for at least one mode of authentication with a service provider system;
  
  store the structured collection such that the structured collection is usable at least in part to authenticate an identity of the first user with the service provider system as a result of selection, by a second user, of a representation of the structured collection from a graphical user interface;
  
  display an interface, the graphical user interface making available for selection a plurality of representations of structured collections sufficient for authentication with service provider systems to which the plurality of representations corresponds; and
  
  in response to receipt of the selection, by the second user, of the representation from an input device, authenticate the identity of the first user, further causing the computer system to;
  
  obtain the structured collection; and
  
  perform a set of actions associated with the structured collection that includes providing the data obtained from the first user to the service provider system.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein:
    - the executable instructions further cause the computer system to receive input from the second user, through a user input device of the computer system to obtain second authentication information; and
      
      the executable instructions that generate the structured collection further generate the structured collection based at least in part on the second authentication information.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the second authentication information comprises a personal identification number of the second user.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the executable instructions further cause the computer system to obtain one or more sensor measurements to obtain the second authentication information.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the second authentication information comprises a username and a password for the second user.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein:
    - the representation comprises a graphical representation of the set of actions;
      
      the interface is a graphical user interface; and
      
      the user selection is indicated by manipulation of the graphical representation via the graphical user interface.
  - 20. The non-transitory computer-readable storage medium of claim 14, wherein the plurality of representations comprises individual representations corresponding to different service provider systems.
  - 21. The non-transitory computer-readable storage medium of claim 14, further comprising instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - receive input for provisioning the representation, the input for provisioning the representation defining, at least in part, the set of actions; and
      
      as a result of receiving the input for provisioning the representation, make the representation available for selection via the interface.
  - 22. The non-transitory computer-readable storage medium of claim 14, further comprising instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - receive, from another computer system, an instruction to remove the representation; and
      
      as a result of obtaining the data from the first user, making the representation unavailable for selection via the interface.
  - 23. The non-transitory computer-readable storage medium of claim 14, wherein:
    - the data further indicates a proper subset of a set of permissions associated with the at least one mode of authentication; and
      
      the structured collection is usable by another user for accessing at least one computing resource in accordance with the proper subset of the set of permissions indicated.
  - 24. The non-transitory computer-readable storage medium of claim 14, further comprising instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - receive, from another computer system, a revocation communication corresponding to at least the representation of the structured collection; and
      
      as a result of receiving the revocation communication, remove an ability to generate the structured collection.
  - 25. The non-transitory computer-readable storage medium of claim 14, further comprising instructions that, as a result of execution by the one or more processors, cause the computer system to:
    - receive, from another computer system, one or more communications indicating a change to the plurality of representations of the structured collections; and
      
      update the interface to modify the plurality of representations in accordance with the one or more communications received.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Johansson, Jesper Mikael, Roth, Gregory Branchek, Platz, David Matthew, Vippagunta, Rajendra Kumar
Primary Examiner(s)
Williams, Jeffery

Application Number

US14/225,320
Time in Patent Office

1,603 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 3/04817   using icons graphical or vi...

G06F 3/04842   Selection of displayed obje...

G06F 3/0486   Drag-and-drop

Strong authentication using authentication objects

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

114 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Strong authentication using authentication objects

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links