Apparatus and method for managing use of secure tokens
US-2015100788-A1 · Apr 9, 2015 · US
Authentication using device ID
US9378345B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9378345-B2 |
| Application number | US-201414264682-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 29, 2014 |
| Priority date | Apr 29, 2014 |
| Publication date | Jun 28, 2016 |
| Grant date | Jun 28, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system for authenticating a customer is disclosed. The customer may attempt to access protected resources located at an authentication server. The customer may log in to the authentication server's website, thereby submitting an authentication request. The authentication request may comprise attributes of the device the customer uses to log in. The authentication server may generate a device ID using the received device attributes and generate an authentication token that is signed with the device ID. The authentication server may transmit the authentication token to the client device. Subsequent requests to access protected resources from the client device may include the authentication token that is signed with the device ID.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving, by an authentication server and from a user device, an authentication request, wherein the authentication request comprises device attributes of the user device and wherein the authentication request further includes login information of a user; determine, by the authentication server, whether the login information is valid; responsive to determining that the login information is valid, generating, by the authentication server, a first device identifier identifying the user device from which the authentication request was received using the device attributes of the user device from which the authentication request was received, the first device identifier includes randomly generated characters that uniquely identify the user device from which the authentication request was received and the first device identifier is generated based on the device attributes that uniquely identify the user device from which the authentication request was received; creating, by the authentication server, an authentication token, wherein the authentication token is signed with the first device identifier; transmitting, by the authentication server and to the user device from which the authentication request was received, the authentication token; receiving, by the authentication server, a request to access protected resources from a user device, wherein the request comprises the authentication token and device attributes of the user device from which the request to access protected resources was received; generating, by the authentication server, a second, comparison device identifier identifying the user device from which the request to access protected resources was received, the second, comparison device identifier being based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources, the second, comparison device identifier including randomly generated characters that uniquely identify the user device from which the request to access protected resources was received and the second, comparison device identifier is generated based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources that uniquely identify the user device from which the request to access protected resources was received; decrypting, by the authentication server, the received authentication token; retrieving, by the authentication server, the first device identifier accessed from the decrypted authentication token; validating, by the authentication server, the authentication token, wherein the validating comprises determining whether the first device identifier matches the second, comparison device identifier; and outputting, by the authentication server, a response. 2. The method of claim 1 , wherein the response comprises the protected resources if the first device identifier matches the second, comparison device identifier. 3. The method of claim 1 , wherein the response comprises an authentication landing page if the first device identifier does not match the second, comparison device identifier. 4. The method of claim 1 , wherein the device attributes are received using a client-side software development kit. 5. The method of claim 1 , wherein the device attributes are received using a script. 6. The method of claim 1 , wherein the device attributes comprise at least one of a device operating system, a device type, and a device serial number. 7. The method of claim 1 , wherein the login information of the user includes a username and password. 8. A non-transitory computer-readable storage medium having computer-executable program instructions stored thereon that, when executed by a processor, cause the processor to: receive, from a user device, an authentication request, wherein the authentication request comprises device attributes of the user device and wherein the authentication request includes login information of the user; determine whether the login information is valid; responsive to determining that the login information is valid, generate a first device identifier identifying the user device from which the authentication request was received using the device attributes of the user device from which the authentication request was received, the first device identifier includes randomly generated characters that uniquely identify the user device from which the authentication request was received and the first device identifier is generated based on the device attributes that uniquely identify the user device from which the authentication request was received; create an authentication token, wherein the authentication token is signed with the first device identifier; transmit, to the user device from which the authentication request was received, the authentication token; receive a request to access protected resources from a user device, wherein the request comprises the authentication token and device attributes of the user device from which the request to access protected resources was received; generate a second, comparison device identifier identifying the user device from which the request to access protected resources was received, the second, comparison device identifier being based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources, the second, comparison device identifier including randomly generated characters that uniquely identify the user device from which the request to access protected resources was received and the second, comparison device identifier is generated based on the device attributes of the user device from which the request to access protected resources was received and included in the request to access protected resources that uniquely identifying the user device from which the request to access protected resources was received; decrypt the received authentication token; retrieve the first device identifier accessed from the decrypted authentication token; validate the authentication token, wherein the validating comprises determining whether the first device identifier matches the second, comparison device identifier; and output a response. 9. The non-transitory computer-readable storage medium of claim 8 , wherein the response comprises the protected resources if the first device identifier matches the second, comparison device identifier. 10. The non-transitory computer-readable storage medium of claim 8 , wherein the response comprises an authentication landing page if the first device identifier does not match the second, comparison device identifier. 11. The non-transitory computer-readable storage medium of claim 8 , wherein the device attributes are received using a client-side software development kit. 12. The non-transitory computer-readable storage medium of claim 8 , wherein the device attributes are received using a script. 13. The non-transitory computer-readable storage medium of claim 8 , wherein the device attributes comprise at least one of a device operating system, a device type, and a device serial number. 14. An apparatus comprising: a memory; a processor, wherein the processor executes computer-executable program instructions which cause the processor to: receive, by an authentication server and from a user device, an authentication request, wherein the authentication request comprises device attributes of the user devi
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9378345B2 cover?
- A system for authenticating a customer is disclosed. The customer may attempt to access protected resources located at an authentication server. The customer may log in to the authentication server's website, thereby submitting an authentication request. The authentication request may comprise attributes of the device the customer uses to log in. The authentication server may generate a device …
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification G06F21/31. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 28 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).