US2017353442A1PendingUtilityA1

Proximity-based authentication

50
Assignee: NETIQ CORPPriority: Jan 30, 2014Filed: Jul 31, 2017Published: Dec 7, 2017
Est. expiryJan 30, 2034(~7.6 yrs left)· nominal 20-yr term from priority
H04L 63/0853H04L 63/08H04L 63/18H04W 12/06H04W 12/069H04W 12/65
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A first device requests a protected resource (managed by a second device). A first authentication is performed by the second device upon receipt of the request. The second device provides an audio message back to the first device, which plays the audio message over a speaker. A third device captures the audio message as audio and uses the audio message to request a second authentication from the second device. The second device provides an authenticated session handle back to the first device for accessing the protected resource when both the first and second authentications are successful.

Claims

exact text as granted — not AI-modified
1 . (canceled) 
     
     
         2 . A method, comprising:
 capturing, by a microphone of a first device, an audio message being played over speakers of a second device;   generating, by the first device, a response message for the captured audio message; and   providing, by the first device, the response message to the second device as an authentication message for accessing a resource controlled by the first device.   
     
     
         3 . The method of  claim 2 , wherein capturing further includes capturing by the microphone the audio message as the second devices plays the audio message over the speakers. 
     
     
         4 . The method of  claim 2 , wherein generating further includes prompting a user that is operating the first device to input a personal identification number and using the personal identification number when generating the response message. 
     
     
         5 . The method of  claim 2 , wherein generating further includes generating the response message by signing the audio message with a key. 
     
     
         6 . The method of  claim 5 , wherein generating further includes encrypting the signed audio message for producing the response message. 
     
     
         7 . The method of  claim 2 , wherein providing further includes sending the response message from the first device to the second device over a network connection between the first device and the second device. 
     
     
         8 . The method of  claim 2 , wherein providing further includes communicating the response message to the second device by the first device playing the response message as audio over first device speakers for being captured by a second device microphone. 
     
     
         9 . The method of  claim 2 , wherein capturing further includes identifying a user identifier for a user operating the first device and a challenge string. 
     
     
         10 . The method of  claim 9 , wherein generating further includes prompting the user to provide a response to the challenge string when generating the response message. 
     
     
         11 . The method of  claim 2 , wherein capturing further includes identifying from the audio message that a user has already performed a first factor authentication for accessing the resource and the response message is processed by the second device as a second factor authentication for the user to gain access to the resource. 
     
     
         12 . The method of  claim 2 , wherein providing further includes sending the response message to a server and the server providing a modified response message to the second device indicating that the first device is authenticated for accessing the resource of the second device. 
     
     
         13 . A method, comprising:
 registering a mobile device operated by a user with a server for multifactor audio authentication for the user to access a resource controlled by a second device;   performing, by the server, a first factor authentication on the user when the user accesses a link to the resource while operating the second device;   generating, by the server, a string and appending a user identifier acquired from the user during the first factor authentication to create an audio message and providing the audio message to the second device;   playing, by the second device, the audio message over a speaker of the second device;   capturing by a microphone of the mobile device the audio message;   signing, by the mobile device, the audio message;   playing, by the mobile device, the signed audio message over mobile device speakers;   capturing, by a second device microphone, the signed audio message;   providing, by the second device, the signed audio message to the server;   performing, by the server, a second factor authentication using a public key provided for the mobile device during registration for verifying the signed audio message; and   permitting, by the second device, access to the resource when the signed audio message is verified successfully by the server based on a validation message provided from the server to the second device.   
     
     
         14 . The method of  claim 13 , wherein performing the first factor authentication further includes redirecting the link to the server; 
     
     
         15 . The method of  claim 14 , wherein redirecting further includes obtaining the user identifier and a password that are supplied by the user in response to the server presenting a login screen rendered to the second device for entry by the user. 
     
     
         16 . The method of  claim 15 , wherein obtaining the user identifier further includes authenticating the user identifier and the password against an account registered with the server for the user. 
     
     
         17 . The method of  claim 16 , wherein generating further includes randomly generating the string ensuring the string is unique to the user attempting to access the resource on the second device. 
     
     
         18 . The method of  claim 13 , wherein providing the signed audio string further includes providing, by the second device, the signed audio string in a demodulated format. 
     
     
         19 . The method of  claim 13 , wherein providing the signed audio string further includes providing, by the second device, the signed audio string in an audio format. 
     
     
         20 . A system, comprising:
 a server;   a mobile device; and   a second device;   wherein a user operates the mobile device and the second device, and wherein the second device is configured to control access to a protected resource, wherein when the user attempts to access the protected resources from the second device, the user is redirected to a login screen of the server for the server to perform a first factor authentication, and the server further configured to generate an audio message that is provided to the second device when the user successfully authenticates for the first factor authentication, and wherein the second device is configured to play the audio message over speakers, and the mobile device configured to: capture the audio message from a microphone, sign the audio message with a key to produce a response audio message, and play the response audio message over a mobile device speaker, the second device configured to: capture the response audio message from a second device microphone, and send the response audio message to the server, the server is configured to: perform a second factor authentication by verifying a signature provided by the mobile device that is present in the response audio message and provide an authentication response back to the second device, and the second device is further configured to provide the user access from the second device to the protected resource when the authentication response indicates the user was authenticated during the second factor authentication by the server.   
     
     
         21 . The system of  claim 20 , wherein the mobile device is one of: a smart phone, a tablet, a laptop, and a wearable processing device, and wherein the server is part of a cloud processing environment, and the second device is one of: a desktop, a laptop, and a tablet.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.