Protection against end user account locking denial of service (dos)
US-2017126733-A1 · May 4, 2017 · US
Password-less authentication for access management
US10158489B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10158489-B2 |
| Application number | US-201615299950-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 21, 2016 |
| Priority date | Oct 23, 2015 |
| Publication date | Dec 18, 2018 |
| Grant date | Dec 18, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An access management system is disclosed that can provide access to resources by password-less authentication. The access management system can provide multiple layers of security for authentication taking into account risk factors (e.g., device, location, etc.) to ensure authentication without compromising access. Contextual details of a user based on a mobile device can be used for authentication based on possession of a device. Password-less authentication of a user may be enabled by registration of devices and/or a location (e.g., a geographic location) as trusted. Security data embedded with encrypted data can be sent to a first device for password-less authentication of a user at the device. A second device registered with the user can obtain the security data from the first device. The second device can decrypts the data and send the decrypted data to the access management system for verification to enable password-less authentication at the first device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by a computer system of an access management system, from a first device, a request by a user for access to a resource, wherein the first device is a second computer system; based on the request, determining, by the computer system, that the first device is registered for the user based on an authentication of the user at the first device prior to the request; generating, by the computer system, security data for determining authentication of the user to access the resource using the first device, wherein the security data includes first data that is based on information related to the user, and wherein the first data is encrypted based on an encryption key; sending, by the computer system, the encryption key to a second device that the user has registered with the access management system, wherein the second device is a mobile device separate from the first device; sending, by the computer system, the security data to the first device, wherein the security data includes a quick response (QR) code that is displayed at the first device for presentation to the second device; receiving, by the computer system, from the second device, second data that is generated by the second device based on decryption of the first data included in the security data, wherein the decryption of the first data is performed by the second device using the encryption key sent to the second device, and wherein the security data is obtained by the second device from the QR code displayed at the first device; determining whether the second data includes the information that is included in the first data; and based on determining that the second data includes the information, enabling the first device to access the resource. 2. The method of claim 1 , wherein the first data included in the security data is embedded in the QR code. 3. The method of claim 1 , further comprising: identifying the first device as being registered for the user based on one or more authentication processes for determining the authentication of the user at the first device, and wherein the encryption key is sent to the second device upon identifying the second device as being registered for the user. 4. The method of claim 3 , wherein the second device, based on authenticating the user for access at the second device, enables the user to operate the second device to obtain the security data from the QR code displayed at the first device. 5. The method of claim 4 , wherein the authenticating the user for access at the second device includes performing biometric authentication of the user based on previous biometric input provided for registration of the user. 6. The method of claim 1 , wherein the request includes information identifying the first device, and wherein the computer system identifies the first device as being registered for the user based on the authentication of the user being associated with the information identifying the first device. 7. The method of claim 1 , wherein the authentication of the user is determined based on one or more authentication processes including a first authentication process and a second authentication process, wherein the second authentication process is different from the first authentication process, and wherein the method further comprises: prior to the request: performing the first authentication process, wherein the first authentication process includes verifying credential information of the user received from the first device; sending temporary access information to the second device; receiving the temporary access information from the first device; and performing a second authentication process, wherein the second authentication process includes determining that the received temporary access information matches the temporary access information sent to the second device. 8. The method of claim 7 , wherein the temporary access information is a personal identification number associated with a time period for which the temporary access information is valid for the second authentication process. 9. The method of claim 1 , further comprising: sending, to the first device, a message indicating that access to the resource is enabled, wherein the first device generates a graphical interface to enable access to the resource at the first device. 10. A system comprising: one or more processors; and a memory accessible to the one or more processors, the memory storing one or more instructions that, upon execution by the one or more processors, cause the one or more processors to: receive, by an access management system, from a first device, a request by a user for access to a resource, wherein the first device is a second computer system; based on the request, determine that the first device is registered for the user based on an authentication of the user at the first device prior to the request; generate security data for determining authentication of the user to access the resource using the first device, wherein the security data includes first data that is based on information related to the user, and wherein the first data is encrypted based on an encryption key; send the encryption key to a second device that the user has registered with the access management system, wherein the second device is a mobile device separate from the first device; send the security data to the first device, wherein the security data includes a quick response (QR) code that is displayed at the first device for presentation to the second device; receive from the second device, second data that is generated by the second device based on decryption of the first data included in the security data, wherein the decryption of the first data is performed by the second device using the encryption key sent to the second device, and wherein the security data is obtained by the second device from the QR code displayed at the first device; determine whether the second data includes the information that is included in the first data; and based on determining that the second data includes the information, enable the first device to access the resource. 11. The system of claim 10 , wherein the one or more processors and the memory are included in the access management system. 12. The system of claim 10 , wherein the first data included in the security data is embedded in the QR code. 13. The system of claim 10 , wherein the one or more instructions, upon the execution by the one or more processors, further cause the one or more processors to: identify the first device as being registered for the user based on one or more authentication processes for determining the authentication of the user at the first device, and wherein the encryption key is sent to the second device upon identifying the second device as being registered for the user. 14. The system of claim 10 , wherein the authentication of the user is determined based on one or more authentication processes including a first authentication process and a second authentication process, wherein the second authentication process is different from the first authentication process; and wherein the one or more instructions, upon the execution by the one or more processors, further cause the one or more processors to: prior to the request: perform the first authentication process, wherein the first authentication process includes verifying credential information of the user received from the first device; send temporary access information to the second device; receive the temporary access information from the first device; and perform a second a
Assignees
Inventors
Classifications
by graphic or iconic representation · CPC title
{Cryptographic mechanisms or cryptographic} arrangements for secret or secure communications; Network security protocols · CPC title
involving public key infrastructure [PKI] trust models (network architecture or network communication protocol for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
- G06F21/32Primary
using biometric data, e.g. fingerprints, iris scans or voiceprints · CPC title
using a plurality of keys or algorithms · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10158489B2 cover?
- An access management system is disclosed that can provide access to resources by password-less authentication. The access management system can provide multiple layers of security for authentication taking into account risk factors (e.g., device, location, etc.) to ensure authentication without compromising access. Contextual details of a user based on a mobile device can be used for authentica…
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/32. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 18 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).