What technology area does this patent fall under?

Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jun 21 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Multi-factor authentication and comprehensive login system for client-server networks

US9374369B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9374369-B2
Application number	US-201313837321-A
Country	US
Kind code	B2
Filing date	Mar 15, 2013
Priority date	Dec 28, 2012
Publication date	Jun 21, 2016
Grant date	Jun 21, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments are directed to a system and method for authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, determining one or more items of context information related to at least one of the user, the request, and the client computer, and determining a disposition of the request based on the reply and the one or more items of context information. The reply includes a user password and may be provided by an authorizing client device.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for processing a request to access a target server over a network from a user operating a client computer, the method comprising: receiving, at an authentication server, a request to access the target server from the user operating the client computer, wherein the target server is separate from the authentication server and wherein the target server is accessible to the user executing a web browser on the client computer; causing, by the authentication server, user input fields to be displayed on the client computer to prompt the user for entry of user credentials through the web browser; issuing, by the authentication server, a challenge to an authorizing client device requiring validation of an identity of the user in response to the request to access the target server; sending, from the authentication server, a command to the authorizing client device to prompt the user to input a response to the challenge into the authorizing client device; receiving, at the authentication server, verification from the authorizing client device that the response to the challenge is valid; evaluating, by the authentication server, at least one item of context information related to the client computer being operated by the user, the at least one item of context information including at least one of a location of the client computer, characteristics of a network to which the client computer is connected, security risk data associated with an application operating on the target server for which the user requests access, an identification of accounts common to both the client computer and the authorizing client device, and an identification of usage anomalies, wherein the at least one item of context information is provided by the client computer to the authentication server separate from the request to access the network resource and separate from the user credentials; determining, at the authentication server, a disposition of the request to access the target server based on the verification from the authorizing client device and the evaluation of the at least one item of context information; and releasing, by the authentication server, user credentials to a client desktop extension on the client computer when the determined disposition is to grant access, the released user credentials being used by the client computer to obtain access to the target server. 2. The method of claim 1 wherein the disposition of the request to access the target server includes one of granting the request by the user to access the target server or denying the request by the user to access the target server, and the method further comprising transmitting, by the server, the disposition information in a message to the authorizing client device to cause the authorizing client device to display the disposition. 3. The method of claim 1 wherein the target server provides access to a network resource from the group consisting of: a web site, a service provided by the target server, a hardware device coupled to the network, access to physical facilities controlled by the target server, an executable application, and a product sold by an operator of the target server. 4. The method of claim 1 wherein the authorizing client device comprises a mobile communications device coupled to the client computer over a network link, wherein the network link is at least one of: cellular link, Bluetooth link, WIFI link, and near field communication link. 5. The method of claim 4 further comprising causing, by the authentication server, a display of a device selection field on the client computer to allow the user to select a specific type and model of mobile communications device from a selection of mobile communications devices. 6. The method of claim 1 wherein the response to the challenge is a universal password. 7. The method of claim 1 wherein the at least one item of context information is the location of the client computer. 8. The method of claim 1 wherein the at least one item of context information is the characteristics of a network to which the client computer is connected. 9. The method of claim 1 wherein the at least one item of context information is the security risk data associated with the network resource to which the user requests access. 10. The method of claim 1 wherein the at least one item of context information is the identification of common accounts. 11. The method of claim 1 wherein the at least one item of context information is the identification of usage anomalies. 12. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising: receiving, at an authentication server, a request to access a target server from the user operating a client computer, wherein the target server is separate from the authentication server and wherein the target server is accessible to the user executing a web browser on the client computer; causing, by the authentication server, user input fields to be displayed on the client computer to prompt the user for entry of user credentials through the web browser; issuing, by the authentication server, a challenge to an authorizing client device requiring validation of an identity of the user in response to the request to access the target server; sending, from the authentication server, a command to the authorizing client device to prompt the user to input a response to the challenge into the authorizing client device; receiving, at the authentication server, verification from the authorizing client device that the response to the challenge is valid; evaluating, by the authentication server, at least one item of context information related to the client computer being operated by the user, the at least one item of context information including at least one of a location of the client computer, characteristics of a network to which the client computer is connected, security risk data associated with an application operating on the target server for which the user requests access, an identification of accounts common to both the client computer and the authorizing client device, and an identification of usage anomalies, wherein the at least one item of context information is provided by the client computer to the authentication server separate from the request to access the network resource and separate from the user credentials; determining, at the authentication server, a disposition of the request to access the target server based on the verification from the authorizing client device and the evaluation of the at least one item of context information; and releasing, by the authentication server, user credentials to a client desktop extension on the client computer when the determined disposition is to grant access, the released user credentials being used by the client computer to obtain access to the target server. 13. The non-transitory computer-readable medium of claim 12 wherein the disposition of the request to access the target server includes one of granting the request by the user to access the target server or denying the request by the user to access the target server, and the non-transitory computer-readable medium further comprising instructions to cause the processor to perform a method comprising transmitting, by the server, the disposition information in a message to the authorizing client device to cause the authorizing client device to display the disposition. 14. The non-transitory computer-readable medium of claim 12 wherein the target server provides access to a network

Assignees

Lookout Inc

Inventors

Classifications

H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
G06F21/6245
Protecting personal data, e.g. for financial or medical purposes · CPC title
G06F21/45
Structures or tools for the administration of authentication · CPC title
G06F21/31
User authentication · CPC title

Patent family

Related publications grouped by family.

View patent family 51018962

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9374369B2 cover?: Embodiments are directed to a system and method for authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, determining one or more items of context informatio…
Who is the assignee on this patent?: Lookout Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jun 21 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).