Controlling user access to protected resource based on outcome of one-time passcode authentication token and predefined access policy
First Claim
1. A method, comprising:
- providing an authentication passcode derived from a secret seed and generated by a token associated with a user to at least one authentication processing device, wherein said user is attempting to access a protected resource;
receiving an authentication outcome from said at least one authentication processing device, said authentication outcome comprising an acceptance outcome of the received authentication passcode and at least one of an acceptance outcome with respect to one or more of two different signals, wherein said at least one authentication processing device detects a loss of privacy of said secret seed by extracting and processing a silent alarm signal embedded in said received authentication passcode from said received authentication passcode, and wherein said silent alarm signal indicates an anomalous event detected by said token; and
controlling access of said user to said protected resource based on said authentication outcome and a predefined access policy invoked when said silent alarm signal has a predefined state indicating said detection of said anomalous event.
13 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for controlling user access to a protected resource based on an outcome of a one-time passcode authentication token and one or more predefined access policies. An exemplary method comprises the steps of: providing an authentication passcode generated by a token associated with a user to at least one authentication processing device, wherein the user is attempting to access a protected resource; receiving an authentication outcome from the at least one authentication processing device, the authentication outcome comprising an acceptance outcome of the received authentication passcode and at least one of an acceptance outcome with respect to one or more different signals, such as a silent alarm and an acceptance outcome with respect to a drifting key; and providing access of the user to the protected resource based on the authentication outcome and a predefined access policy. Predefined access policies that are specific to silent alarm alerts and drifting key alerts are also provided.
45 Citations
23 Claims
-
1. A method, comprising:
-
providing an authentication passcode derived from a secret seed and generated by a token associated with a user to at least one authentication processing device, wherein said user is attempting to access a protected resource; receiving an authentication outcome from said at least one authentication processing device, said authentication outcome comprising an acceptance outcome of the received authentication passcode and at least one of an acceptance outcome with respect to one or more of two different signals, wherein said at least one authentication processing device detects a loss of privacy of said secret seed by extracting and processing a silent alarm signal embedded in said received authentication passcode from said received authentication passcode, and wherein said silent alarm signal indicates an anomalous event detected by said token; and controlling access of said user to said protected resource based on said authentication outcome and a predefined access policy invoked when said silent alarm signal has a predefined state indicating said detection of said anomalous event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus, the apparatus comprising:
-
a memory; and at least one hardware device, coupled to the memory, operative to; provide an authentication passcode derived from a secret seed and generated by a token associated with a user to at least one authentication processing device, wherein said user is attempting to access a protected resource; receive an authentication outcome from said at least one authentication processing device, said authentication outcome comprising an acceptance outcome of the received authentication passcode and at least one of an acceptance outcome with respect to one or more of two different signals, wherein said at least one authentication processing device detects a loss of privacy of said secret seed by extracting and processing a silent alarm signal embedded in said received authentication passcode from said received authentication passcode, and wherein said silent alarm signal indicates an anomalous event detected by said token; and control access of said user to said protected resource based on said authentication outcome and a predefined access policy invoked when said silent alarm signal has a predefined state indicating said detection of said anomalous event. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An article of manufacture, comprising a non-transitory machine readable recordable medium containing one or more programs which, when executed, implement the steps of:
-
providing an authentication passcode derived from a secret seed and generated by a token associated with a user to at least one authentication processing device, wherein said user is attempting to access a protected resource; receiving an authentication outcome from said at least one authentication processing device, said authentication outcome comprising an acceptance outcome of the received authentication passcode and at least one of an acceptance outcome with respect to one or more of two different signals, wherein said at least one authentication processing device detects a loss of privacy of said secret seed by extracting and processing a silent alarm signal embedded in said received authentication passcode from said received authentication passcode, and wherein said silent alarm signal indicates an anomalous event detected by said token; and controlling access of said user to said protected resource based on said authentication outcome and a predefined access policy invoked when said silent alarm signal has a predefined state indicating said detection of said anomalous event.
-
Specification