US Patent No. 10,461,939

SECURE DEVICE REGISTRATION FOR MULTI-FACTOR AUTHENTICATION


Patent No. 10,461,939
Issue Date October 29, 2019
Title Secure Device Registration For Multi-factor Authentication
Inventorship Dann M. Church, Islandia, NY (US)
Michael Moerk, Islandia, NY (US)
Doreen E. Collins, Islandia, NY (US)
Joanne Pelkey, Islandia, NY (US)
Jeff B. Frantz, Islandia, NY (US)
Assignee CA, Inc., Islandia, NY (US)

Claim of US Patent No. 10,461,939

1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:receiving, via a network, a request from a first computing device to register another computing device:
as a supplemental factor in a multi-factor authentication protocol, or
as an embedded system authorized to access a distributed computing application;
after receiving the request, sending to the first computing device, via a network, a registration code to be entered in a designated application executing on another computing device to demonstrate possession of the other computing device to be registered;
after sending the registration code to the first computing device, receiving the registration code, via a network, from a second computing device;
sending an instruction to the designated application executing on the second computing device instructing the designated application to send a value indicative of access to a cryptographic key stored in memory of the second computing device,
wherein cryptographic key is stored in a location or format accessible to the designated application but not to other untrusted applications executing on the second computing device;
receiving, via the network, from the designated application executing on the second computing device, the value indicative of access to the cryptographic key;
determining, based on the received value and a reference value stored in memory that the received registration code was sent by the designated application and not another untrusted application executing on the second computing device; and
based on the determination, registering in memory the second computing device as the supplemental factor or as authorized to access the distributed computing application, wherein:
sending the instruction to the designated application executing on the second computing device comprises sending a push message, and
the operations comprise:
receiving, via a network, a registration of the second computing device to receive push messages, the push messages being deliverable to the second computing device without the second computing device sending a pull request for the messages with a network communication that indicates a network address of the second computing device and port of the network address through which the second computing device is prepared to receive messages; and
causing the network address of the second computing device to be ascertained before sending the push message based on the registration.