US 12,407,531 B2
Transparent short-range wireless device factor in a multi-factor authentication system
Stephen Woodward Lind, El Cerrito, CA (US); Bidan Sinha, Milpitas, CA (US); Karthik Bhat, Saratoga, CA (US); Naveen Kumar Keerthy, San Jose, CA (US); Jintai He, San Mateo, CA (US); and Kavitha Chandramohan, Maple (CA)
Filed by OKTA, INC., San Francisco, CA (US)
Filed on Jan. 26, 2024, as Appl. No. 18/424,361.
Application 18/424,361 is a continuation of application No. 17/589,719, filed on Jan. 31, 2022, granted, now 11,917,087.
Prior Publication US 2024/0163117 A1, May 16, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/32 (2006.01); H04W 12/0431 (2021.01); H04W 12/069 (2021.01); H04W 12/63 (2021.01); H04W 4/80 (2018.01)
CPC H04L 9/3273 (2013.01) [H04W 12/0431 (2021.01); H04W 12/069 (2021.01); H04W 12/63 (2021.01); H04W 4/80 (2018.02)] 19 Claims
OG exemplary drawing
 
1. A computer-implemented method for secure, automated multi-factor authentication (MFA) login to a resource performed by an MFA device, the computer-implemented method comprising:
enrolling with an authentication system, the enrolling comprising:
pairing with a login device to establish data for an encrypted communication channel between the MFA device and the login device over a short-range wireless connection;
providing, to the authentication system, a public key of the MFA device and metadata describing the MFA device;
receiving, over the short-range wireless connection, authentication challenge metadata sent to the login device by the authentication system in response to a request by the login device to access a resource for which authentication is required;
generating MFA metadata to establish that the MFA device shares a physical presence with the login device; and
sending the MFA metadata to the authentication system, wherein responsive to verifying the MFA metadata using the metadata provided to the authentication system during the enrolling, the authentication system authenticates the login device.