Enhanced multi factor authentication
First Claim
1. An authentication computer system comprising:
- one or more processors; and
one or more computer-readable hardware storage devices having stored thereon computer-executable instructions that are executable by the one or more processors and that cause the authentication computer system to authenticate a resource access request by causing the authentication computer system to;
receive, from a first client device associated with a user, a request to access one or more resources, wherein the request is received at the authentication computer system via a first communication channel, the request including a username and password;
search a credential data file to determine whether the received username and password are authorized credentials, wherein the username is associated with multiple different passwords in the data file, and wherein each of the multiple different passwords is associated with a different resource;
determine that the received username and password correspond to the requested one or more resources such that the received username and password are authorized credentials for the requested one or more resources;
issue a system-initiated authentication request from the authentication computer system, wherein the system-initiated authentication request is transmitted to a second client device of the user via a second communication channel, and wherein the system-initiated authentication request includes a customized communication;
receive, from the second client device via the second communication channel, a response to the system-initiated authentication request, the response corresponding to the customized communication, wherein the response includes a set of user-provided authentication information, the set of user-provided authentication information including an oral message that was recorded personally by the user and that is associated with the customized communication;
based at least on a determination that the set of user-provided authentication information is valid, grant the first client device access to the one or more resources; and
based at least on a detection of a failure relating to (1) the request to access the one or more resources or (2) the response to the system-initiated authentication request, deny access to the one or more resources and transmit an error message to both the first client device via the first communication channel and the second client device via the second communication channel.
3 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.
135 Citations
20 Claims
-
1. An authentication computer system comprising:
-
one or more processors; and one or more computer-readable hardware storage devices having stored thereon computer-executable instructions that are executable by the one or more processors and that cause the authentication computer system to authenticate a resource access request by causing the authentication computer system to; receive, from a first client device associated with a user, a request to access one or more resources, wherein the request is received at the authentication computer system via a first communication channel, the request including a username and password; search a credential data file to determine whether the received username and password are authorized credentials, wherein the username is associated with multiple different passwords in the data file, and wherein each of the multiple different passwords is associated with a different resource; determine that the received username and password correspond to the requested one or more resources such that the received username and password are authorized credentials for the requested one or more resources; issue a system-initiated authentication request from the authentication computer system, wherein the system-initiated authentication request is transmitted to a second client device of the user via a second communication channel, and wherein the system-initiated authentication request includes a customized communication; receive, from the second client device via the second communication channel, a response to the system-initiated authentication request, the response corresponding to the customized communication, wherein the response includes a set of user-provided authentication information, the set of user-provided authentication information including an oral message that was recorded personally by the user and that is associated with the customized communication; based at least on a determination that the set of user-provided authentication information is valid, grant the first client device access to the one or more resources; and based at least on a detection of a failure relating to (1) the request to access the one or more resources or (2) the response to the system-initiated authentication request, deny access to the one or more resources and transmit an error message to both the first client device via the first communication channel and the second client device via the second communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, implemented at a computer system that includes one or more processors, for authenticating a resource access request, the method comprising:
-
receiving, from a first client device associated with a user, a request to access one or more resources, wherein the request is received at the computer system via a first communication channel, the request including a username and password; searching a credential data file to determine whether the received username and password are authorized credentials, wherein the username is associated with multiple different passwords in the data file, and wherein each of the multiple different passwords is associated with a different resource; issuing a system-initiated authentication request from the computer system, wherein the system-initiated authentication request is transmitted to a second client device of the user via a second communication channel, and wherein the system-initiated authentication request includes a customized communication; receiving, from the second client device via the second communication channel, a response to the system-initiated authentication request, the response corresponding to the customized communication, wherein the response includes a set of user-provided authentication information, the set of user-provided authentication information including an oral message that was recorded personally by the user and that is associated with the customized communication; based at least on a determination that the set of user-provided authentication information is valid, granting the first client device access to the one or more resources; and based at least on a detection of a failure relating to (1) the request to access the one or more resources or (2) the response to the system-initiated authentication request, denying access to the one or more resources and transmit an error message to both the first client device via the first communication channel and the second client device via the second communication channel. - View Dependent Claims (12, 13, 14, 15)
-
-
16. One or more hardware storage devices having stored thereon computer-executable instructions that are executable by one or more processors of a computer system and that cause the computer system to authenticate a resource access request by causing the computer system to:
-
receive, from a first client device associated with a user, a request to access one or more resources, wherein the request is received at the computer system via a first communication channel, the request including a username and password; search a credential data file to determine whether the received username and password are authorized credentials, wherein the username is associated with multiple different passwords in the data file, and wherein each of the multiple different passwords is associated with a different resource; determine that the received username and password correspond to the requested one or more resources such that the received username and password are authorized credentials for the requested one or more resources; issue a system-initiated authentication request from the computer system, wherein the system-initiated authentication request is transmitted to a second client device of the user via a second communication channel, and wherein the system-initiated authentication request includes a customized communication; receive, from the second client device via the second communication channel, a response to the system-initiated authentication request, the response corresponding to the customized communication, wherein the response includes a set of user-provided authentication information, the set of user-provided authentication information including an oral message that was recorded personally by the user and that is associated with the customized communication; based at least on a determination that the set of user-provided authentication information is valid, grant the first client device access to the one or more resources; and based at least on a detection of a failure relating to (1) the request to access the one or more resources or (2) the response to the system-initiated authentication request, deny access to the one or more resources and transmit an error message to both the first client device via the first communication channel and the second client device via the second communication channel. - View Dependent Claims (17, 18, 19, 20)
-
Specification