Mobile Device Enabled Desktop Tethered And Tetherless Authentication

What is this patent about?

’941 is related to the field of digital authentication, specifically addressing the problem of securely logging into computing devices like laptops and desktops. Traditional methods often rely on passwords, which can be vulnerable to theft or compromise. Existing solutions using mobile device proximity have limitations, as unauthorized individuals could gain access if they obtain the mobile device.

The underlying idea behind ’941 is to leverage a mobile device as a second factor authentication mechanism for logging into a computer, even when the computer is offline. This involves a cloud-based service that links a user's mobile device to their identity, allowing the mobile device to verify the user's identity before granting access to the computer. The key insight is to use a combination of factors, including the mobile device's presence and user-specific data, to enhance security.

The claims of ’941 focus on a computer-implemented method performed by a cloud universal identification server . The server stores user and device identifying attributes, and registration information linking a mobile device to the user. During login, the server receives an authentication request from credential provider code on the computer, confirms the computer's identity, retrieves a communication protocol for the mobile device, transmits authentication factors to the mobile device, and upon successful authentication via the mobile device, transmits authentication data to the computer to complete the login.

In practice, the invention works by first requiring the user to register their mobile device with the cloud service. This registration process establishes a secure link between the mobile device and the user's identity. When a user attempts to log into their computer, the computer's credential provider sends a request to the cloud service. The cloud service then pushes authentication challenges to the user's registered mobile device, such as biometric scans or answering security questions. Once the user successfully completes these challenges on their mobile device, the cloud service sends a signal back to the computer, allowing the user to log in.

This approach differentiates itself from prior solutions by providing a more secure and convenient authentication method. Unlike simple proximity-based systems, it requires active user participation on the mobile device, making it more resistant to unauthorized access. Furthermore, the use of a cloud service allows for centralized management of user identities and authentication policies. The system also supports various communication protocols between the computer and the mobile device, including USB, Bluetooth, and Wi-Fi, providing flexibility in different usage scenarios. The credential provider on the computer is key to initiating and managing this process.