	US 12,483,549 B2
	Authentication delegation to support initiation of a secure user workflow from an unsecure device
Saurabh Bansal, Woodinville, WA (US); Kyle Marsh, Redmond, WA (US); Ibrahim Mohamed Esmat, Cedar Park, TX (US); and Jimmy Yu Wu, Bellevue, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Feb. 28, 2024, as Appl. No. 18/590,394.
Claims priority of provisional application 63/604,951, filed on Dec. 1, 2023.
Prior Publication US 2025/0184322 A1, Jun. 5, 2025
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/083 (2013.01) [H04L 63/10 (2013.01)]

20 Claims

1. A method, performed by a delegated authenticator, that allows an unsecure device to initialize a user workflow that requires access to a permission-controlled resource, the method comprising:

receiving, from the unsecure device, a delegation instruction including:

a first token associated with a first entity registered with a cloud service platform;

a request to execute an operation on the permission-controlled resource, the execution of the operation being contingent upon receipt and verification of an access credential of a second entity registered with the cloud service platform; and

a user identifier for the second entity;

in response to receipt of the delegation instruction, identify a user account associated with the user identifier and transmit a notification to a storage location associated with the user account, the notification including an instruction that a user can follow to provide the access credential associated with the permission-controlled resource; and

in response to receiving, from a secure device, a second token generated in response to verification of the access credential, executing the operation on the permission-controlled resource without providing the unsecure device with the access credential or with access to the permission-controlled resource.