What technology area does this patent fall under?

Primary CPC classification G06Q30/0185. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jul 09 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Factor health assessment and selection for login at an identity provider

US12034722B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12034722-B2
Application number	US-202318310444-A
Country	US
Kind code	B2
Filing date	May 1, 2023
Priority date	Nov 13, 2020
Publication date	Jul 9, 2024
Grant date	Jul 9, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Users of an identity provider system may be authorized to use a variety of different types of factors from a variety of different factor providers. The identity provider system monitors and analyzes the “health” of the different possible factors available to a user, e.g., their availability relative to error rate. Using the results of the analysis, the identity provider can assess which factors are the most appropriate for a given user seeking authentication and can improve the user experience for the user by emphasizing those most appropriate factors to the user.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method performed by an identity provider system, the computer-implemented method comprising: receiving, by a computing device, a request to authenticate an identity of a first user; identifying, from a plurality of authentication factors associated with the first user, a first authentication factor as a current default authentication factor for the first user; selecting, based at least in part on determining that a health of the first authentication factor is below a threshold degree of health and that a health of a second authentication factor of the plurality of authentication factors is above the threshold degree of health, the second authentication factor as a new default authentication factor for the first user, wherein the health of the first authentication factor is based at least in part on a quantity of successful identity verifications using the first authentication factor relative to a quantity of unsuccessful identity verifications using the first authentication factor; outputting an authentication user interface in which the second authentication factor is the new default authentication factor; and authenticating, using a value received for the second authentication factor, the first user. 2. The computer-implemented method of claim 1 , wherein determining the health of the first authentication factor comprises determining a number of errors encountered when using the first authentication factor to authenticate identities of one or more users. 3. The computer-implemented method of claim 1 , wherein determining the health of the first authentication factor comprises: determining, based at least in part on contextual metadata associated with at least one of the first user or the identity provider system, the health of the first authentication factor. 4. The computer-implemented method of claim 3 , wherein the contextual metadata comprises at least one of: a version of an application of the identity provider system that is installed on a client device of the first user, a version of an operating system of the client device of the first user, an internet protocol (IP) address of the client device of the first user, or a geographical location of the client device of the first user. 5. The computer-implemented method of claim 1 , wherein the plurality of authentication factors comprise one or more of: a biometric reading, a push notification, an email, a voice message, or a one-time password provided over short message service (SMS). 6. The computer-implemented method of claim 1 , further comprising, based at least in part on determining that the first user is authenticated: identifying electronic services to which the first user has been granted access; identifying credentials of the first user for the identified electronic services; and automatically signing the first user in to the identified electronic services using the credentials. 7. The computer-implemented method of claim 1 , further comprising: omitting, based at least in part on determining that the first authentication factor is below the threshold degree of health, the first authentication factor from inclusion within the authentication user interface. 8. A computing device associated with an identity provider system, the computing device comprising: a processor; and memory storing instructions that, when executed by the processor, cause the computing device to: receive a request to authenticate an identity of a first user; identify, from a plurality of authentication factors associated with the first user, a first authentication factor as a current default authentication factor for the first user; select, based at least in part on a determination that a health of the first authentication factor is below a threshold degree of health and that a health of a second authentication factor of the plurality of authentication factors is above the threshold degree of health, the second authentication factor as a new default authentication factor for the first user, wherein the health of the first authentication factor is based at least in part on a quantity of successful identity verifications using the first authentication factor relative to a quantity of unsuccessful identity verifications using the first authentication factor; output an authentication user interface in which the second authentication factor is the new default authentication factor; and authenticate, using a value received for the second authentication factor, the first user. 9. The computing device of claim 8 , wherein to determine the health of the first authentication factor, the instructions, when executed by the processor, determine a number of errors encountered when using the first authentication factor to authenticate identities of one or more users. 10. The computing device of claim 8 , wherein to determine the health of the first authentication factor, the instructions, when executed by the processor: determine, based at least in part on contextual metadata associated with at least one of the first user or the identity provider system, the health of the first authentication factor. 11. The computing device of claim 10 , wherein the contextual metadata comprises at least one of: a version of an application of the identity provider system that is installed on a client device of the first user, a version of an operating system of the client device of the first user, an internet protocol (IP) address of the client device of the first user, or a geographical location of the client device of the first user. 12. The computing device of claim 8 , wherein the plurality of authentication factors comprise one or more of: a biometric reading, a push notification, an email, a voice message, or a one-time password provided over short message service (SMS). 13. The computing device of claim 8 , wherein the instructions, when executed by the processor, further cause the computing device to, based at least in part on a determination that the first user is authenticated: identify electronic services to which the first user has been granted access; identify credentials of the first user for the identified electronic services; and automatically sign the first user in to the identified electronic services using the credentials. 14. The computing device of claim 8 , wherein the instructions, when executed by the processor, further cause the computing device to: omit, based at least in part on determining that the first authentication factor is below the threshold degree of health, the first authentication factor from inclusion within the authentication user interface. 15. A non-transitory, computer-readable medium storing instructions that, when executed by a processor of a computing device associated with an identity provider system, perform actions comprising: receiving a request to authenticate an identity of a first user; identifying, from a plurality of authentication factors associated with the first user, a first authentication factor as a current default authentication factor for the first user; selecting, based at least in part on determining that a health of the first authentication factor is below a threshold degree of health and that a health of a second authentication factor of the plurality of authentication factors is above the threshold degree of health, the second authentication factor as a new default authentication factor for the first user, wherein the health of the first authentication factor is based at least in part on a quantity of successful identity verifications using the first authentication factor re

Assignees

Okta Inc

Inventors

Post Daniel Jeffrey

Classifications

G06Q30/0185Primary
Product, service or business identity fraud · CPC title
H04L63/102
Entity profiles · CPC title
H04L63/0838
using one-time-passwords · CPC title
H04L63/0861
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
H04L63/08
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title

Patent family

Related publications grouped by family.

View patent family 81586980

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12034722B2 cover?: Users of an identity provider system may be authorized to use a variety of different types of factors from a variety of different factor providers. The identity provider system monitors and analyzes the “health” of the different possible factors available to a user, e.g., their availability relative to error rate. Using the results of the analysis, the identity provider can assess which factors…
Who is the assignee on this patent?: Okta Inc
What technology area does this patent fall under?: Primary CPC classification G06Q30/0185. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jul 09 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).