| 发明名称 |
USER-AUTHENTICATION-BASED APPROVAL OF A FIRST DEVICE VIA COMMUNICATION WITH A SECOND DEVICE |
| 摘要 |
User-authentication-based approval of a first device via communication with a second device over a channel (e.g., an insecure channel) is described. The first device receives a session ID and first user-observable information, or an identifier thereof, from an identity provider, presents the first user-observable information to a user, and sends the session ID to the second device. The second device sends the session ID to the identity provider to obtain therefrom second user-observable information, or an identifier thereof, and a security challenge. The second user-observable information bears a user-discernable relationship to the first user-observable information and is presented to the user by the second device. The second device is capable of generating a response to the security challenge for transmission to the identity provider based at least on input received from the user, the response to the security challenge being indicative of the suitability of the first device for approval. |
| 申请公布号 |
US2016150406(A1) |
申请公布日期 |
2016.05.26 |
| 申请号 |
US201414553708 |
申请日期 |
2014.11.25 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Vincent Benjamin R.;Kamel Tarek B.;Toews Sparky;Subotic Dejan;Zenzerovich Peter E.;Chou James Shang Kai |
| 分类号 |
H04W12/06;H04L9/08;H04L29/06 |
主分类号 |
H04W12/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A device, comprising:
a user interface operable to present information to a user and to receive input therefrom; and user-authentication-based approval logic operable to receive a session identifier (ID) from another device over an insecure channel and to perform the following in response to at least receiving the session ID from the other device:
send the session ID to an identity provider;receive from the identity provider first user-observable information, or an identifier thereof, and a security challenge, the first user-observable information bearing a user-discernable relationship to second user-observable information presented to a user by the other device;present the first user-observable information to the user via the user interface; andgenerate a response to the security challenge and transmit the response to the security challenge to the identity provider based at least on input received from the user via the user interface, the response to the security challenge being indicative of the suitability of the other device for user-authentication-based approval by the identity provider. |
| 地址 |
Redmond WA US |
