US 12,348,515 B2
Sponsor delegation for multi-factor authentication
Jerome Henry, Pittsboro, NC (US); Vinay Saini, Bangalore (IN); and Robert Edgar Barton, Richmond (CA)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Oct. 12, 2023, as Appl. No. 18/486,089.
Application 18/486,089 is a continuation of application No. 17/168,276, filed on Feb. 5, 2021, granted, now 11,811,762.
Prior Publication US 2024/0048562 A1, Feb. 8, 2024
Int. Cl. H04L 9/40 (2022.01); H04L 9/08 (2006.01)
CPC H04L 63/0884 (2013.01) [H04L 9/0866 (2013.01); H04L 9/0894 (2013.01); H04L 63/0861 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01); H04L 2463/082 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for using a sponsor device as a proxy for multi-factor authentication of a first user account for a first user to access an online resource when a primary multi-factor authentication mechanism is unavailable to the first user account, the method comprising:
associating the sponsor device with a sponsor policy that defines when use of the sponsor device is permitted, wherein the sponsor device is within a multi-factor authentication chain of trust associated with the first user account;
determining that a primary device used for verifying an identity of the first user during the primary multi-factor authentication mechanism is unavailable, wherein the primary device and the sponsor device are used for accessing the online resource are operated by different users;
after determining that the primary device is unavailable, requesting verification of the identity of the first user from the sponsor device;
receiving, from the sponsor device and via one or more inputs made on the sponsor device by a user that is different from the first user, a verification of the identity of the first user;
sending a registration request to a device via which the first user account is accessed;
receiving device credentials from the device;
onboarding the device based on the device credentials; and
granting access to a service to the first user account based on the sponsor policy and upon onboarding the device.