Systems and methods for secure location-based document viewing
US-2016182529-A1 · Jun 23, 2016 · US
System and method for multi-factor authentication
US2016337353A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016337353-A1 |
| Application number | US-201514708933-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 11, 2015 |
| Priority date | May 11, 2015 |
| Publication date | Nov 17, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method are presented for multi-factor authentication comprising the authentication of users, physical locations, and schedules. A combination of the physical location of a user and user devices can be utilized to bypass multi-factor authentication. Devices may be GPS-enabled and/or network connected in order to determine the location of the device and if the device and the credentials are within the authorized location. Scheduling factors may also be considered such that if a user is not within a particular space-time region, multi-factor authentication may not be by-passed. Time intervals may be approved based on authorized schedules for a location, authorized schedules for a device, and authorized schedules for the credentials.
First claim
Opening claim text (preview).
1 . A method for authenticating a user in a system comprising at least a user, a user device, a secured resource, an authentication service, and a user datastore, the method comprising the steps of: a. obtaining, by the secured resource from the user, credentials that assert an identity of the user; b. sending, by the secured resource to the authentication service, the credentials from the device; c. providing, by the user datastore to the authentication service, an encrypted version of credentials associated with the user in the system and validating, by the authentication service, the credentials that have been entered with the encrypted version of credentials; d. providing, by the user datastore to the authentication service, previously selected attributes for the user; e. verifying, by the authentication service, that the user meets criteria of the previously selected attributes, wherein, i. if the user meets criteria of the previously selected attributes, bypassing further authentication, and ii. if the user is not within the meets criteria of the previously selected attributes, invoking further authentication. 2 . The method of claim 1 , wherein the further authentication comprises the steps of: a. obtaining, by the authentication service from the user datastore, a profile of the user, wherein said profile comprises an endpoint for communication delivery; b. generating, by the authentication service, an authentication token and persisting the authentication token to the user datastore; and c. sending, by the authentication service to the endpoint, the authentication token to the user for entry into the secured resource; d. sending, by the secured resource to the authentication service, the authentication token entered by the user; e. retrieving, by the authentication service from the user datastore, the persisted authentication token and validating the persisted authentication token with the user entered authentication token. 3 . The method of claim 2 , wherein said endpoint comprises at least one of: an e-mail address and a phone number. 4 . The method of claim 2 , wherein said authentication token has been generated randomly. 5 . The method of claim 1 , wherein the selected attributes comprise one or more of authorized locations and authorized schedules. 6 . The method of claim 5 , wherein the authorized locations comprise at least one of: authorized locations for the device and authorized locations for the credentials. 7 . The method of claim 5 , wherein the authorized schedules comprise authorized schedules for the location, authorized schedules for the device, and authorized schedules for the credentials. 8 . The method of claim 5 , wherein the device is GPS-enabled. 9 . The method of claim 5 , wherein the device is network-connected. 10 . The method of claim 5 , wherein the device comprises one of: a mobile device, a laptop, a smartphone, and a PDA. 11 . The method of claim 5 , wherein the selected attributes identify eligibility of a user to bypass further authentication. 12 . A method for authenticating a user in a system comprising at least a user, a device, a secured resource, an authentication service, a user datastore, and a transmitter, the method comprising the steps of: a. obtaining, by the secured resource from the user, credentials that assert an identity of the user; b. sending, by the secured resource to the authentication service, the credentials from the device; c. providing, by the user datastore to the authentication service, an encrypted version of credentials associated with the user and validating, by the authentication service, the credentials that have been entered with the encrypted version of credentials; d. providing, by the user datastore to the authentication service, attributes for the user; e. verifying, by the authentication service with the transmitter, the attributes for the user, wherein, i. if the user meets criteria for the attributes, bypassing further authentication, and ii. if the user does not meet criteria for the attributes, invoking further authentication. 13 . The method of claim 12 , wherein the further authentication comprises the steps of: a. obtaining, by the authentication service from the user datastore, a profile of the user, wherein said profile comprises an endpoint for communication delivery; b. generating, by the authentication service, an authentication token and persisting the authentication token to the user datastore; and c. sending, by the authentication service to the endpoint, the authentication token to the user for entry into the secured resource; d. sending, by the secured resource to the authentication service, the authentication token entered by the user; e. retrieving, by the authentication service from the user datastore, the persisted authentication token and validating the persisted authentication token with the user entered authentication token. 14 . The method of claim 13 , wherein said endpoint comprises at least one of: an e-mail address and a phone number. 15 . The method of claim 13 , wherein said authentication token has been generated randomly. 16 . The method of claim 12 , wherein the transmitter comprises geometric triangulation determination. 17 . The method of claim 14 , wherein the attributes for the user comprise at least one of: authorized locations and authorized location schedules. 18 . The method of claim 17 , wherein the selected attributes identify eligibility of a user to bypass further authentication. 19 . The method of claim 17 , wherein the authorized locations comprise authorized locations for the device and authorized locations for the credentials. 20 . The method of claim 17 , wherein the authorized schedules comprise authorized schedules for the location, authorized schedules for the device, and authorized schedules for the credentials. 21 . The method of claim 12 , wherein the transmitter comprises near-field, high-resolution point-radius determination. 22 . The method of claim 20 , wherein the device comprises a mobile device. 23 . The method of claim 19 , wherein the device comprises a portable computing device. 24 . The method of claim 12 , wherein the transmitter comprises at least one of: IP address-driven geolocation and Wi-Fi Access Point identification. 25 . The method of claim 24 , wherein the device comprises a portable computing device. 26 . The method of claim 24 , wherein the device comprises a desktop computing device.
Assignees
Inventors
Classifications
User authentication · CPC title
- H04W12/06Primary
Authentication · CPC title
- H04L63/0884Primary
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
User registration · CPC title
using certificates · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016337353A1 cover?
- A system and method are presented for multi-factor authentication comprising the authentication of users, physical locations, and schedules. A combination of the physical location of a user and user devices can be utilized to bypass multi-factor authentication. Devices may be GPS-enabled and/or network connected in order to determine the location of the device and if the device and the credenti…
- Who is the assignee on this patent?
- Interactive Intelligence Group Inc
- What technology area does this patent fall under?
- Primary CPC classification H04W12/06. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).