Security information caching on authentication token
First Claim
1. A method of conducting a multi-factor authentication, the method comprising:
- monitoring a continuous user custody of a token having an identifier of the token representing a possession factor, wherein the token comprises two sub-tokens including a first sub-token and a second sub-token, wherein monitoring the continuous user custody comprises confirming the continuous user custody by monitoring continual proximity between the first sub-token and the second sub-token;
during a period of continuous user custody determined based on the monitoring of the continuous user custody, maintaining a knowledge factor in a memory of the token; and
during the period of continuous user custody determined based on the monitoring of the continuous user custody, and in response to an authentication request received from a security system separate and distinct from the token,(a) presenting the identifier of the token to the security system verifying the identifier of the token, thereby satisfying a possession factor authentication, and(b) automatically retrieving the knowledge factor from the memory of the token and presenting the knowledge factor to the security system verifying the knowledge factor, thereby satisfying a knowledge factor authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of operating a security token to authenticate a user in a multi-factor authentication system is disclosed. The method includes: monitoring user custody of the token, the token having an identifying characteristic representing a possession factor for use through possession factor authentication; during a period of continuous user custody of the token based on the monitoring, obtaining a knowledge factor from a user having the continuous user custody; caching the knowledge factor in a memory of the token; and in response to a second authentication request, retrieving the knowledge factor from the memory to demonstrate to an authentication system knowledge of the knowledge factor, during the period of continuous user custody.
20 Citations
29 Claims
-
1. A method of conducting a multi-factor authentication, the method comprising:
-
monitoring a continuous user custody of a token having an identifier of the token representing a possession factor, wherein the token comprises two sub-tokens including a first sub-token and a second sub-token, wherein monitoring the continuous user custody comprises confirming the continuous user custody by monitoring continual proximity between the first sub-token and the second sub-token; during a period of continuous user custody determined based on the monitoring of the continuous user custody, maintaining a knowledge factor in a memory of the token; and during the period of continuous user custody determined based on the monitoring of the continuous user custody, and in response to an authentication request received from a security system separate and distinct from the token, (a) presenting the identifier of the token to the security system verifying the identifier of the token, thereby satisfying a possession factor authentication, and (b) automatically retrieving the knowledge factor from the memory of the token and presenting the knowledge factor to the security system verifying the knowledge factor, thereby satisfying a knowledge factor authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus acting as a token to conduct a multi-factor authentication, the apparatus comprising:
-
a sensor to take measurements indicative of continuous user custody of the token, wherein the token comprises two sub-tokens including a first sub-token and a second sub-token, wherein monitoring the continuous user custody comprises confirming the continuous user custody by monitoring continual proximity between the first sub-token and the second sub-token; a controller configured to monitor the measurements to determine a period of continuous user custody of the token; a memory to cache a knowledge factor, the knowledge factor available during the period of continuous user custody; an interface to receive authentication requests from a security system, wherein the security system is separate and distinct from the apparatus; and an identifier of the token representing a possession factor satisfying possession factor authentication on the security system, wherein the knowledge factor is different from the identifier of the token representing the possession factor; wherein, the controller is configured to automatically retrieve the identifier of the token of the token to demonstrate possession of the possession factor to the security system, in response to receiving an authentication request; wherein, during the period of continuous user custody of the token, the controller is configured to retrieve the knowledge factor from the memory to demonstrate knowledge of the knowledge factor to the security system, in response to receiving the authentication request at the interface. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An apparatus comprising:
-
a sensor to take measurements indicative of continuous user custody of the apparatus, wherein the apparatus comprises two sub-apparatuses including a first sub-apparatus and a second sub-apparatus, wherein monitoring the continuous user custody comprises confirming the continuous user custody by monitoring continual proximity between the first sub-apparatus and the second sub-apparatus; a controller configured to monitor the measurements to determine a period of continuous user custody of the apparatus; an identifier of the apparatus representing a possession factor of the apparatus, the possession factor of the apparatus satisfying possession factor authentication on a security system, wherein the identifier of the apparatus is adapted to be readable by the security system, and wherein the security system is separate and distinct from the apparatus; a memory to cache a knowledge factor to satisfy knowledge factor authentication on the security system, wherein the knowledge factor is different from the identifier of the apparatus representing the possession factor; an output component to automatically demonstrate the knowledge factor to the security system during the period of continuous user custody according to the period of continuous user custody; and wherein the knowledge factor is removed from the memory or prevented from being accessed when the period of continuous user custody ends. - View Dependent Claims (29)
-
Specification