Systems and methods for flexible, extensible authentication subsystem that enabled enhance security for applications
US-2016381080-A1 · Dec 29, 2016 · US
Systems and methods for scalable-factor authentication
US9819684B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9819684-B2 |
| Application number | US-201615367862-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 2, 2016 |
| Priority date | Dec 4, 2015 |
| Publication date | Nov 14, 2017 |
| Grant date | Nov 14, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Authentication systems and methods can selectively authenticate a request to access a resource data store storing access rights associated with a user device. The systems and methods can scalably execute challenges workflows as part of the authentication process. For example, a request to access one or more access rights stored in the data store can be received from the user device. The user device can be authenticated using challenge workflows selected based on a device identifier of the user device. The selected challenge workflows can be executed to determine whether or not to grant access to the access rights stored in the resource data store.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for scalable authentication of access to resource data using challenge workflows, the system comprising: a resource data store that stores resource data corresponding to a plurality of access rights to a resource, each of the plurality of access rights being indicative of access to the resource during a defined time period; and an authentication system, including one or more processor devices, that: receives a first communication from a user device, the first communication corresponding to a request for access to one or more access rights assigned to the user device, and the one or more access rights being included in the plurality of access rights stored in the resource data store; extracts a device identifier of the user device from the first communication, the device identifier characterizing an attribute of the user device; accesses a set of challenge workflows, each challenge workflow of the set of challenge workflows being a process that is executed to authenticate user devices requesting access to the resource data store; generates a parameter for each challenge workflow of the set of challenge workflows, the generation of the parameter for each challenge workflow being based on the device identifier of the user device; selects a subset of challenge workflows from the set of challenge workflows, the selection of the subset being performed using a comparison of each parameter and a threshold condition, wherein selecting the subset includes: determining, for each challenge workflow of the set of challenge workflows, whether the parameter associated with the challenge workflow satisfies the threshold condition, the threshold condition corresponding to a value, and for each parameter that satisfies the threshold condition, including the associated challenge workflow in the subset of challenge workflows; executes each challenge workflow of the subset of challenge workflows, the execution of a challenge workflow from the subset including performing an authentication test to be satisfied before access to the one or more access rights is granted; receives one or more second communications, each of the one or more second communications corresponding to a response to an authentication test associated with execution of a challenge workflow; determines, for each challenge workflow of the subset of challenge workflows, whether the corresponding second communication satisfies the associated authentication test; and establishes a communication link between the user device and the resource data store to grant access to the one or more access rights when the corresponding authentication test for each challenge workflow of the subset of challenge workflows is satisfied. 2. The system for scalable authentication of access to resource data using challenge workflows, as recited in claim 1 , wherein executing each challenge workflow of the subset of challenge workflows further comprises: transmitting a communication trigger that initiates transmission of a third communication to the user device using a communication channel, and the third communication including a selectable interactive element; receiving a fourth communication including an additional device identifier identifying an electronic device on which the selectable interactive element was selected, the selection of the selectable interactive element causing the fourth communication to be transmitted; comparing the device identifier and the additional device identifier; and establishing the communication link between the user device and the resource data store to facilitate access to the one or more access rights when the device identifier corresponds to the additional device identifier. 3. The system for scalable authentication of access to resource data using challenge workflows, as recited in claim 1 , wherein the request includes the device identifier, and wherein the device identifier includes data representing a type of computing device of the user device. 4. The system for scalable authentication of access to resource data using challenge workflows, as recited in claim 1 , wherein when the device identifier identifies that the user device is a mobile computing device, the subset of challenge workflows selected is smaller than when the device identifier identifies that the user device is a server. 5. The system for scalable authentication of access to resource data using challenge workflows, as recited in claim 1 , wherein establishing the communication link between the user device and the resource data store further comprises: authorizing the user device to interact with the one or more access rights assigned to the user device and stored in the resource data store, wherein interacting with the one or more access rights includes initiating a request to reassign the one or more access rights to another user or initiating a printing operation corresponding to the one or more access rights. 6. The system for scalable authentication of access to resource data using challenge workflows, as recited in claim 1 , wherein the authentication system further: determines whether or not to initiate an authentication process, the determination of whether or not to initiate the authentication process being based on information included in the first communication, and the authentication process corresponding to execution of one or more challenge workflows, wherein: when the determination is not to initiate the authentication process, the user device is granted access to the one or more access rights without execution of a challenge workflow, and when the determination is to initiate the authentication process, each of the subset of challenge workflows are executed. 7. A computer-implemented method for scalable authentication of access to resource data using challenge workflows, comprising: receiving a first communication from a user device, the first communication corresponding to a request for access to one or more access rights assigned to the user device, and the one or more access rights being included in a plurality of access rights stored in a resource data store; extracting a device identifier of the user device from the first communication, the device identifier characterizing an attribute of the user device; accessing a set of challenge workflows, each challenge workflow of the set of challenge workflows being a process that is performed to authenticate user devices requesting access to the resource data store; generating a parameter for each challenge workflow of the set of challenge workflows, the generation of the parameter for each challenge workflow being based on the device identifier of the user device; selecting a subset of challenge workflows from the set of challenge workflows, the selection of the subset being performed using a comparison of each parameter and a threshold condition, wherein selecting the subset includes: determining, for each challenge workflow of the set of challenge workflows, whether the parameter associated with the challenge workflow satisfies the threshold condition, the threshold condition corresponding to a value, and for each parameter that satisfies the threshold condition, including the associated challenge workflow in the subset of challenge workflows: executing each challenge workflow of the subset of challenge workflows, the execution of a challenge workflow from the subset including performing an authentication test to be satisfied before access to the one or more access rights is granted; receiving one or more second communications, each of the one or more second communications corresponding to a response to an authentication test associated with execution of a challenge workflow; determining, for each challenge workflow of the su
Assignees
Inventors
Classifications
User authentication · CPC title
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
applying multi-factor authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9819684B2 cover?
- Authentication systems and methods can selectively authenticate a request to access a resource data store storing access rights associated with a user device. The systems and methods can scalably execute challenges workflows as part of the authentication process. For example, a request to access one or more access rights stored in the data store can be received from the user device. The user de…
- Who is the assignee on this patent?
- Live Nation Entertainment Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 14 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).