Method and apparatus for multi-users registering home network supporting application based device
US-2016261600-A1 · Sep 8, 2016 · US
Service channel authentication token
US9836594B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9836594-B2 |
| Application number | US-201414280849-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 19, 2014 |
| Priority date | May 19, 2014 |
| Publication date | Dec 5, 2017 |
| Grant date | Dec 5, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system subsequently receives a service request with an authentication token and a plurality of device attributes for a protected resource from a user device, the computer system determines a derived device identification from some or all of the received device attributes. When a signed device identification of the authentication token and the derived device identification are equal, the apparatus continues processing the service request. Otherwise, the service request is rejected.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus comprising: at least one memory device; at least one processor coupled to the at least one memory device and configured to perform, based on instructions stored in the at least one memory device: receiving a service request for a protected resource from a first user device, wherein the service request includes a plurality of device attributes and an authentication token; selecting, based on a first attribute selection, a first attribute set from the plurality of device attributes contained in the service request, wherein at least one attribute in the plurality of device attributes is not included in the first attribute set and wherein the first attribute selection of the first user device is different from a second attribute selection for a second user device; determining a derived device identification from the first attribute set; when a signed device identification of the authentication token contained in the service request and the derived device identification are equal, continue processing the service request; when the signed device identification is not equal to the derived device identification, rejecting the service request; and replacing one attribute of the first attribute set with at least one other attribute from the plurality of device attributes to obtain a greater degree of security and preserving uniqueness of the derived device identification. 2. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: when the signed device identification and the derived device identification are equal, sending a challenge to the first user device for authentication information; and only when the authentication information is determined to be correct, servicing the service request. 3. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: when a signed device identification of the authentication token and the derived device identification are equal, challenging the first user device for authentication information until a degree of authentication is achieved. 4. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: extracting an extracted authentication level from the authentication token; and processing the service request based on the extracted authentication level. 5. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: receiving an expired authentication token with the service request; challenging the first user device for authentication information; and when the authentication is determined to be correct, determining a new expiration time; inserting the new expiration time in an updated authentication token; signing the updated authentication token with the signed device identification; and returning the updated authentication token to the first user device. 6. The apparatus of claim 1 , wherein the at least one processor is further configured to perform: when the signed device identification is not equal to the derived device identification, generating an notification about an authentication failure for the first user device. 7. The apparatus of claim 1 , wherein the first attribute set includes a browser attribute. 8. A computer-assisted method for authenticating a user device, the method comprising: receiving a service request for a protected resource from a user device, wherein the service request includes a plurality of device attributes and a received authentication token; selecting, based on a first attribute selection, an attribute set from the plurality of device attributes contained in the service request, wherein at least one attribute in the plurality of device attributes is not included in the attribute set and wherein the first attribute selection of the first user device is different from a second attribute selection for a second user device; determining a derived device identification from the attribute set contained in the plurality of device attributes; when a signed device identification of the received authentication token contained in the service request and the derived device identification are equal, continue processing the service request; and when the signed device identification is not equal to the derived device identification, rejecting the service request; and replacing one attribute of the first attribute set with at least one other attribute from the plurality of device attributes to obtain at least a same degree of security and preserving uniqueness of the derived device identification. 9. The method of claim 8 further comprising: when the signed device identification and the derived device identification are equal, sending a challenge to the user device for authentication information; and only when the authentication information is determined to be correct, servicing the service request. 10. The method of claim 8 further comprising: when a signed device identification of the received authentication token and the derived device identification are equal, challenging the user device for authentication information until a degree of authentication is achieved. 11. The method of claim 8 further comprising: extracting an extracted authentication level from the received authentication token; and processing the service request based on the extracted authentication level. 12. A non-transitory computer-readable storage medium storing computer-executable instructions that, when executed, cause a processor at least to perform operations comprising: receiving a service request for a protected resource from a user device, wherein the service request includes a plurality of device attributes and an authentication token; selecting, based on a first attribute selection, a first attribute set from the plurality of device attributes contained in the service request, wherein at least one attribute in the plurality of device attributes is not included in the attribute set and wherein the first attribute selection of the first user device is different from a second attribute selection for a second user device; determining a derived device identification from the first attribute set contained in the plurality of device attributes; when a signed device identification of the authentication token contained in the service request and the derived device identification are equal, continue processing the service request; when the signed device identification is not equal to the derived device identification, rejecting the service request; and replacing one attribute of the first attribute set with at least one other attribute from the plurality of device attributes to obtain at least a same degree of security and preserving uniqueness of the derived device identification.
Assignees
Inventors
Classifications
for controlling access to devices or network resources · CPC title
using one-time-passwords · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
Multiple levels of security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9836594B2 cover?
- A computer system receives an authentication request from a user device and determines a determined device identification from a set of received device attributes. When the device is properly authenticated, the computer system generates an authentication token that is signed by the determined device identification and returns the authentication token to the user device. When the computer system…
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification G06F21/44. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 05 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).