Secure authentication protocol systems and methods
First Claim
1. A system for transferring authentication protocols between a sensor and a platform, the system comprising:
- a first input device to, during a pre-boot session;
verify received data representative of a first authentication factor;
store the verified first authentication factor; and
store a credential logically associated with a prior session;
verify the prior session against a credential logically associated with an immediately previous post-boot environment that includes a defined change, alternation or modification including at least incrementing or decrementing the immediately previous post-boot environment by a defined value;
upon verifying the prior session, indicate the presence of the credential using a logical indicator;
at least one circuit communicably coupled to the first input device;
a data storage device communicably coupled to the at least one circuit, the data storage device including machine-readable instructions that, when executed by the at least one circuit, causes the at least one circuit to provide an authentication engine and causes the authentication engine to, during a current post-boot session;
communicate a challenge to the first input device;
receive a payload that includes the verified first authentication factor and the prior session credential from the first input device in response to the communicated challenge;
verify the prior session credential received from the first input device; and
generate a credential that is logically associated with the post-boot session, wherein the post-boot session credential includes a pseudorandom alphanumeric string of defined length.
1 Assignment
0 Petitions
Accused Products
Abstract
An input device of a secure authentication protocol system may receive at least one user authentication factor in a pre-boot session. The input device may verify the received authentication factors and may store the verified authentication factors. During a post-boot session, the input device may communicate the verified authentication factor and a stored post-boot session credential received during a prior post-boot session to an authentication engine executing in a trusted execution environment. The authentication engine verifies the received post-boot session credential is logically associated with an immediately preceding post-boot session. Upon successful verification of the received post-boot session credential, the verified authentication factors or data indicative of a successfully verified authentication factor received during the pre-boot session are used in the current post-boot session.
-
Citations
25 Claims
-
1. A system for transferring authentication protocols between a sensor and a platform, the system comprising:
-
a first input device to, during a pre-boot session; verify received data representative of a first authentication factor; store the verified first authentication factor; and store a credential logically associated with a prior session; verify the prior session against a credential logically associated with an immediately previous post-boot environment that includes a defined change, alternation or modification including at least incrementing or decrementing the immediately previous post-boot environment by a defined value; upon verifying the prior session, indicate the presence of the credential using a logical indicator; at least one circuit communicably coupled to the first input device; a data storage device communicably coupled to the at least one circuit, the data storage device including machine-readable instructions that, when executed by the at least one circuit, causes the at least one circuit to provide an authentication engine and causes the authentication engine to, during a current post-boot session; communicate a challenge to the first input device; receive a payload that includes the verified first authentication factor and the prior session credential from the first input device in response to the communicated challenge; verify the prior session credential received from the first input device; and generate a credential that is logically associated with the post-boot session, wherein the post-boot session credential includes a pseudorandom alphanumeric string of defined length. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An authentication method, comprising:
during a pre-boot session; verifying, by a first input device, a first authentication factor; storing, by the first input device, the verified first authentication factor; and storing, by the first input device, a credential logically associated with a prior post-boot session; verifying the prior session against a credential logically associated with an immediately previous post-boot environment that includes a defined change, alternation or modification including at least incrementing or decrementing the immediately previous post-boot environment by a defined value; upon verifying the prior session, indicating the presence of the credential using a logical indicator; during a current post-boot session; generating, by an authentication engine, a query; communicating, by the authentication engine, the query to the first input device; receiving, by the authentication engine, the verified first user authentication data and the prior post-boot session credential from the first input device in response to the communicated query; verifying, by the authentication engine, the received prior post-boot session credential; and generating a credential that is logically associated with the post-boot session, wherein the post-boot session credential includes a pseudorandom alphanumeric string of defined length. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
22. An authentication system, comprising:
during a pre-boot session; a means for verifying a first authentication factor; a means for storing the first authentication factor; and a means for storing a credential logically associated with a prior post-boot session; means for verifying the prior session against a credential logically associated with an immediately previous post-boot environment that includes a defined change, alternation or modification including at least incrementing or decrementing the immediately previous post-boot environment by a defined value; means for, upon verifying the prior session, indicating the presence of the credential using a logical indicator; during a current post-boot session; a means for generating a query; a means for communicating the generated query to a first input device; a means for receiving the verified first user authentication data and the prior post-boot session credential from the first input device in response to the communicated query; a means for verifying the received prior post-boot session credential; and means for generating a credential that is logically associated with the post-boot session, wherein the post-boot session credential includes a pseudorandom alphanumeric string of defined length. - View Dependent Claims (23)
-
24. A storage device that includes machine-readable instructions, that when executed by a circuit, cause the circuit to:
-
during a pre-boot session, cause a first input device to; verify a first authentication factor; store the first authentication factor; and store a credential logically associated with a prior post-boot session; verify the prior session against a credential logically associated with an immediately previous post-boot environment that includes a defined change, alternation or modification including at least incrementing or decrementing the immediately previous post-boot environment by a defined value; during a current post-boot session, cause an authentication engine to; generate a query; communicate the generated query to the first input device; receive the verified first user authentication data and the prior post-boot session credential from the first input device in response to the communicated query; verify the received prior post-boot session credential; and generate a credential that is logically associated with the post-boot session, wherein the post-boot session credential includes a pseudorandom alphanumeric string of defined length. - View Dependent Claims (25)
-
Specification