Multi-factor authentication with code rotation
US-10790992-B1 · Sep 29, 2020 · US
User authentication through registered device communications
US11991170B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11991170-B2 |
| Application number | US-202117342266-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 8, 2021 |
| Priority date | Jun 25, 2018 |
| Publication date | May 21, 2024 |
| Grant date | May 21, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various embodiments providing user authentication through registered device communications. An authentication request is received from a client device. A user is authenticated for access to a user account based at least in part on the client device providing the authentication token. The authentication token is generated by the client device or by one or more other computing devices and sent to the client device. The client device encrypts the authentication token based at least in part on a user authenticating factor and stores the encrypted authentication token on the client device.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A method, comprising: receiving, via at least one of one or more computing devices, an authentication request from a first client device; generating an authentication token; sending, via the at least one of the one or more computing devices, the authentication token to the first client device where the first client device encrypts the authentication token based at least in part on a user authenticating factor and stores the encrypted authentication token on the first client device; requesting, to at least the first client device and a second client device, one or more authentication tokens for a user to access a user account, wherein both the first client device and the second client device are registered to the same user account; and authenticating, via the at least one of the one or more computing devices, the user for access to the user account based at least in part on the first client device providing the authentication token and determining that at least the authentication token is valid. 2. The method of claim 1 , wherein the first client device stores the encrypted authentication token on the first client device embedded within a digital content item comprising at least one of: video content, audio content, or an electronic book. 3. The method of claim 1 , wherein the authentication token is embedded within a digital content item comprising at least one of: video content, audio content, or an electronic book. 4. The method of claim 1 , wherein the first client device stores the authentication token using a trusted platform module of the first client device. 5. The method of claim 1 , wherein the user authenticating factor comprises a biometric identifier of the user. 6. The method of claim 1 , wherein the user authenticating factor comprises location or position information of the first client device. 7. The method of claim 1 , further comprising: generating, via at least one of one or more computing devices, a second authentication token associated with the user account; sending, via at least one of the one or more computing devices, the other second authentication token to the second client device that is registered to the user account, wherein the second client device encrypts the second authentication token based at least in part on another user authenticating factor and stores the second authentication token on the second client device; and authenticating, via at least one of the one or more computing devices, the user for access to the user account based at least in part on the second client device providing the second authentication token. 8. A system, comprising: at least one computing device; and at least one service executable in the at least one computing device, wherein when executed the at least one service causes the at least one computing device to at least: generate an authentication token; send the authentication token to a first client device, wherein the first client device encrypts the authentication token based at least in part on a user authenticating factor and stores the encrypted authentication token on the first client device; receive an authentication request from the first client device; request, to at least the first client device and a second client device, one or more authentication tokens for a user to access a user account, wherein both the first client device and the second client device are registered to the same user account; and authenticate the user for access to the user account based at least in part on the first client device providing the authentication token. 9. The system of claim 8 , wherein the authentication token is sent to the first client device embedded in a digital content item comprising at least one of: video content into which the authentication token is embedded, or audio content into which the authentication token is embedded. 10. The system of claim 8 , wherein the first client device encrypts the authentication token using a trusted platform module of the first client device. 11. The system of claim 8 , wherein the user authenticating factor comprises at least one of: location or position information of the first client device, or a biometric identifier of the user. 12. The system of claim 8 , wherein when executed the at least one service further causes the at least one computing device to at least: generate a second authentication token associated with the user account; send the second authentication token to a second client device that is registered to the user account, wherein the second client device encrypts the second authentication token based at least in part on another user authenticating factor and stores the second authentication token on the second client device; and authenticate the user for access to the user account based at least in part on the second client device providing the second authentication token. 13. The system of claim 8 , wherein when executed the at least one service further causes the at least one computing device to at least: generate a second authentication token for the user account; cause a second client device registered to the user account to present the second authentication token by way of a sequence of illuminations of at least one light emitting diode (LED) on the second client device; and wherein the user is authenticated for access to the user account further based at least in part on the user providing information describing the sequence of illuminations. 14. The system of claim 8 , wherein when executed the at least one service further causes the at least one computing device to at least: generate a second authentication token for the user account; cause a second client device registered to the user account to present the second authentication token within a user interface; and wherein the user is authenticated for access to the user account further based at least in part on the user providing the second authentication token. 15. The system of claim 8 , wherein the authentication token is sent to the first client device before the authentication request is received. 16. The system of claim 8 , wherein the first client device is associated with a registration authentication token that identifies the first client device to the at least one service. 17. A method, comprising: generating a first authentication token associated with a user account; generating a second authentication token associated with the user account; sending, via the at least one of the one or more computing devices, the first authentication token to a first client device; sending, via the at least one of the one or more computing devices, the second authentication token to a second client device; receiving, via at least one of one or more computing devices, an authentication request from the first client device; requesting, to at least the first client device and a second client device, one or more authentication tokens for a user to access the user account, wherein both the first client device and the second client device are registered to the same user account; receiving, from at least one of a group of the first client device and the second client device, an authentication token, and authenticating, via the at least one of the one or more computing devices, the user for access to the user account based at least in part on the authentication token. 18. The method of claim 17 , wherein the authentication token is embedded within a digital content item comprising at least one of: video content, audi
Assignees
Inventors
Classifications
- H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
User authentication · CPC title
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11991170B2 cover?
- Disclosed are various embodiments providing user authentication through registered device communications. An authentication request is received from a client device. A user is authenticated for access to a user account based at least in part on the client device providing the authentication token. The authentication token is generated by the client device or by one or more other computing devic…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 21 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).