US 11,657,396 B1
System and method for bluetooth proximity enforced authentication
Nahal Shahidzadeh, Portland, OR (US); and Haitham Akkary, Portland, OR (US)
Filed by SecureAuth Corporation, Irvine, CA (US)
Filed on May 2, 2022, as Appl. No. 17/734,224.
Application 17/734,224 is a continuation of application No. 16/798,428, filed on Feb. 24, 2020, granted, now 11,321,712.
Application 16/798,428 is a continuation of application No. 15/700,153, filed on Sep. 10, 2017, granted, now 10,572,874.
Application 15/700,153 is a continuation of application No. 14/672,098, filed on Mar. 28, 2015, granted, now 10,325,259.
Claims priority of provisional application 61/972,245, filed on Mar. 29, 2014.
This patent is subject to a terminal disclaimer.
Int. Cl. G06Q 20/40 (2012.01); H04L 9/40 (2022.01); H04W 12/68 (2021.01); H04W 12/06 (2021.01)
CPC G06Q 20/40 (2013.01) [H04L 63/08 (2013.01); H04L 63/0807 (2013.01); H04L 63/0861 (2013.01); H04L 63/20 (2013.01); H04W 12/06 (2013.01); H04W 12/68 (2021.01)] 20 Claims
OG exemplary drawing
 
1. A method for authorizing a Client Device requested access, the method comprising:
forming a proximity enforced Bluetooth binded communication link between the Client Device and a Level of Assurance (LOA) Provider;
providing a screen to a user entity at the Client Device from a Relying Party Services;
receiving authentication information from the user entity;
obtaining identity of the user entity on the LOA Provider using contextual and behavioral information of the user entity;
performing during an active session an out of band authentication over secure communication channels using a secure communication protocol by sending the contextual and behavioral information and challenge and response information to an LOA Server from the LOA Provider to determine the level of assurance;
identifying the user entity at the LOA Server using the contextual and behavioral information and challenge and response information to determine whether to authorize access to the Relying Party Services; and
granting by the LOA Server an authentication token which can be validated.