Authentication translation

US 10,929,512 B1
Filed: 01/27/2020
Issued: 02/23/2021
Est. Priority Date: 12/09/2011
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A system, comprising:

a first processor of a first device, wherein the first processor is configured to;

based at least in part on a request associated with a user to access an external resource, establish a secure connection with the external resource; and

communicate with a second processor using a restricted interface, wherein the second processor is configured to;

receive a biometric input from a sensor, wherein the biometric input corresponds to at least one of a fingerprint, a feature usable for facial recognition, a voiceprint, a feature usable for a retina scan, or a typing feature; and

access a record stored in a secure storage, wherein the record is associated at least with the external resource;

retrieve, from the record, at least one of a password, a cookie, or a cryptographic key;

perform a cryptographic operation;

in response to determining that there is a match between the biometric input and a stored biometric template accessed by the second processor, facilitate a login of the user to the external resource at least in part by transmitting, via the established connection, output based at least in part on the at least one of the password, the cryptographic key, or the cookie retrieved from the record, and wherein the user is logged in to the external resource based at least in part on the output; and

perform a secure backup of the record to a storage service, wherein a second device associated with the user is registered with the storage service, and wherein the record is downloaded from the storage service by the second device; and

a memory coupled to the first processor and configured to provide the first processor with instructions.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

2 Petitions

Accused Products

Abstract

Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.

24 Citations

21 Claims

1. A system, comprising:
- a first processor of a first device, wherein the first processor is configured to;
  
  based at least in part on a request associated with a user to access an external resource, establish a secure connection with the external resource; and
  
  communicate with a second processor using a restricted interface, wherein the second processor is configured to;
  
  receive a biometric input from a sensor, wherein the biometric input corresponds to at least one of a fingerprint, a feature usable for facial recognition, a voiceprint, a feature usable for a retina scan, or a typing feature; and
  
  access a record stored in a secure storage, wherein the record is associated at least with the external resource;
  
  retrieve, from the record, at least one of a password, a cookie, or a cryptographic key;
  
  perform a cryptographic operation;
  
  in response to determining that there is a match between the biometric input and a stored biometric template accessed by the second processor, facilitate a login of the user to the external resource at least in part by transmitting, via the established connection, output based at least in part on the at least one of the password, the cryptographic key, or the cookie retrieved from the record, and wherein the user is logged in to the external resource based at least in part on the output; and
  
  perform a secure backup of the record to a storage service, wherein a second device associated with the user is registered with the storage service, and wherein the record is downloaded from the storage service by the second device; and
  
  a memory coupled to the first processor and configured to provide the first processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system recited in claim 1, wherein the storage service comprises a cloud storage service.
  - 3. The system recited in claim 1 wherein the second device is registered with the storage service at least in part by:
    - connecting to the storage service; and
      
      providing at least one of a user identifier or a credential to the storage service, wherein the user identifier comprises at least one of a username or an account number.
  - 4. The system recited in claim 1, wherein the record downloaded by the second device is encrypted.
  - 5. The system recited in claim 4, wherein the encrypted record is stored to an insecure storage associated with the second device.
  - 6. The system recited in claim 4, wherein the second device is configured to decrypt the downloaded record and store the decrypted record to a secure storage associated with the second device.
  - 7. The system recited in claim 6, wherein the downloaded record is decrypted by the second device using a decryption key that is generated based at least in part on information associated with the user.
  - 8. The system recited in claim 6, wherein the downloaded record is decrypted by the second device using a decryption key that is generated based at least in part on biometric data.
  - 9. The system recited in claim 6, wherein the downloaded record is decrypted by the second device using a decryption key generated using one or more features extracted from fingerprinting.
  - 10. The system recited in claim 1, wherein performing the cryptographic operation comprises decrypting the record.

11. A method, comprising:
- based at least in part on a request associated with a user to access an external resource, establishing, by a first processor of a first device, a secure connection with the external resource; and
  
  communicating with a second processor using a restricted interface, wherein the second processor is configured to;
  
  receive a biometric input from a sensor, wherein the biometric input corresponds to at least one of a fingerprint, a feature usable for facial recognition, a voiceprint, a feature usable for a retina scan, or a typing feature; and
  
  access a record stored in a secure storage, wherein the record is associated at least with the external resource;
  
  retrieve, from the record, at least one of a password, a cookie, or a cryptographic key;
  
  perform a cryptographic operation;
  
  in response to determining that there is a match between the biometric input and a stored biometric template accessed by the second processor, facilitate a login of the user to the external resource at least in part by transmitting, via the established connection, output based at least in part on the at least one of the password, the cryptographic key, or the cookie retrieved from the record, and wherein the user is logged in to the external resource based at least in part on the output; and
  
  perform a secure backup of the record to a storage service, wherein a second device associated with the user is registered with the storage service, and wherein the record is downloaded from the storage service by the second device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the storage service comprises a cloud storage service.
  - 13. The method of claim 11, wherein the second device is registered with the storage service at least in part by:
    - connecting to the storage service; and
      
      providing at least one of a user identifier or a credential to the storage service, wherein the user identifier comprises at least one of a username or an account number.
  - 14. The method of claim 11, wherein the record downloaded by the second device is encrypted.
  - 15. The method of claim 14, wherein the second device is configured to decrypt the downloaded record and store the decrypted record to a secure storage associated with the second device.
  - 16. The method of claim 14, wherein the encrypted record is stored to an insecure storage associated with the second device.
  - 17. The method of claim 15, wherein the downloaded record is decrypted by the second device using a decryption key that is generated based at least in part on information associated with the user.
  - 18. The method of claim 15, wherein the downloaded record is decrypted by the second device using a decryption key that is generated based at least in part on biometric data.
  - 19. The method of claim 15, wherein the downloaded record is decrypted by the second device using a decryption key generated using one or more features extracted from fingerprinting.
  - 20. The method of claim 11, wherein performing the cryptographic operation comprises decrypting the record.

21. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
- based at least in part on a request associated with a user to access an external resource, establishing, by a first processor of a first device, a secure connection with the external resource; and
  
  communicating with a second processor using a restricted interface, wherein the second processor is configured to;
  
  receive a biometric input from a sensor, wherein the biometric input corresponds to at least one of a fingerprint, a feature usable for facial recognition, a voiceprint, a feature usable for a retina scan, or a typing feature; and
  
  access a record stored in a secure storage, wherein the record is associated at least with the external resource;
  
  retrieve, from the record, at least one of a password, a cookie, or a cryptographic key;
  
  perform a cryptographic operation;
  
  in response to determining that there is a match between the biometric input and a stored biometric template accessed by the second processor, facilitate a login of the user to the external resource at least in part by transmitting, via the established connection, output based at least in part on the at least one of the password, the cryptographic key, or the cookie retrieved from the record, and wherein the user is logged in to the external resource based at least in part on the output; and
  
  perform a secure backup of the record to a storage service, wherein a second device associated with the user is registered with the storage service, and wherein the record is downloaded from the storage service by the second device.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Carbyne Biometrics, LLC (Bjorn Markus Jakobsson)
Original Assignee
RightQuestion LLC (Bjorn Markus Jakobsson)
Inventors
Jakobsson, Bjorn Markus
Primary Examiner(s)
Steinle, Andrew J

Application Number

US16/773,767
Time in Patent Office

393 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/121   Restricting unauthorised ex...

G06F 21/128   involving web programs, i.e...

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/44   Program or device authentic...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/0869   for achieving mutual authen...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Authentication translation

First Claim

2 Assignments

Litigations

2 Petitions

Accused Products

Abstract

24 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication translation

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links