Techniques for implementing a data storage device as a security device for managing access to resources
First Claim
1. A computer implemented method comprising:
- determining that a user is not authenticated to access a resource requested at a device associated with the user, wherein access to the resource is controlled by an access management system;
identifying, at the device, a storage device that is connected to the device, wherein the storage device is identified to verify registration of the storage device as a security device for authentication of the user;
determining that device information about the storage device is stored at a first location on the storage device, wherein the device information includes an identifier of the storage device;
generating, using a hashing process, an access key for verifying registration of the storage device, wherein the access key is generated based at least in part on the device information;
generating key data based on a first decryption, using the access key, of security data stored at a second location on the storage device, wherein the key data includes a private key and a public key;
transmitting a message to request the access management system to verify registration of the storage device as the security device, wherein the message is encrypted using the private key, and wherein the message includes user information about the user and the device information;
receiving, from an access management system, a response to the request to verify registration of the storage device, wherein the response includes access data to enable access to the resource requested at the device, wherein the access data is generated based on verifying that the storage device is registered with the access management system for the user, and wherein the access data is encrypted using a public key associated with registration of the storage device for the user at the access management system;
generating decrypted access data based on a second decryption of the access data using the private key; and
enabling the device to access the resource using the decrypted access data.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for implementation of a data storage device as a security device for managing access to resources. These techniques can be implemented for multi-factor authentication (MFA) to provide multiple layers of security for managing access to resources in an enterprise and/or a cloud computing environments. As a security device, a storage device can be used a portable device to provide a point of trust for multi-factor authentication across any client application or device operated to access resources. A storage device may be configured with security data for authentication with an access management system. After configuration, a portable storage device may be used for authentication of a user without credential information at any client device based on accessibility of the device to the portable storage device. A storage device configured as a security device can ensure that legitimate users have an easy way to authenticate and access the resources.
-
Citations
20 Claims
-
1. A computer implemented method comprising:
-
determining that a user is not authenticated to access a resource requested at a device associated with the user, wherein access to the resource is controlled by an access management system; identifying, at the device, a storage device that is connected to the device, wherein the storage device is identified to verify registration of the storage device as a security device for authentication of the user; determining that device information about the storage device is stored at a first location on the storage device, wherein the device information includes an identifier of the storage device; generating, using a hashing process, an access key for verifying registration of the storage device, wherein the access key is generated based at least in part on the device information; generating key data based on a first decryption, using the access key, of security data stored at a second location on the storage device, wherein the key data includes a private key and a public key; transmitting a message to request the access management system to verify registration of the storage device as the security device, wherein the message is encrypted using the private key, and wherein the message includes user information about the user and the device information; receiving, from an access management system, a response to the request to verify registration of the storage device, wherein the response includes access data to enable access to the resource requested at the device, wherein the access data is generated based on verifying that the storage device is registered with the access management system for the user, and wherein the access data is encrypted using a public key associated with registration of the storage device for the user at the access management system; generating decrypted access data based on a second decryption of the access data using the private key; and enabling the device to access the resource using the decrypted access data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
one or more processors; and a memory accessible to the one or more processors, the memory storing one or more instructions that, upon execution by the one or more processors, causes the one or more processors to; determine that a user associated with a device is not authenticated to access a resource requested at the device, wherein access to the resource is controlled by an access management system; identify a storage device that is connected to the device, wherein the storage device is identified to verify registration of the storage device as a security device for authentication of the user; determine that device information about the storage device is stored at a first location on the storage device, wherein the device information includes an identifier of the storage device; generate, using a hashing process, an access key for verifying registration of the storage device, wherein the access key is generated based at least in part on the device information; generate key data based on a first decryption, using the access key, of security data stored at a second location on the storage device, wherein the key data includes a private key; transmit a message to request the access management system to verify registration of the storage device as the security device, wherein the message is encrypted using the private key, and wherein the message includes user information about the user and the device information; receive, from an access management system, a response to the request to verify registration of the storage device, wherein the response includes access data to enable access to the resource requested at the device, wherein the access data is generated based on verifying that the storage device is registered with the access management system for the user, and wherein the access data is encrypted using a public key associated with registration of the storage device for the user at the access management system; generate decrypted access data based on a second decryption of the access data using the private key; and enable access the resource using the decrypted access data. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer implemented method comprising:
-
identifying, at a device associated with a user, one or more storage devices that are connected to the device; generating a graphical interface that is displayed at the device, wherein the graphical interface displays information about each of the one or more storage devices that are identified as connected to the device, and wherein the graphical interface includes an element that is interactive to select at least one of the one or more storage devices for registration as a security device; receiving an input for an interaction with the element, wherein the input corresponds to a selection of a storage device from the one or more storage devices to register as the security device associated with a user; identifying device information about the storage device corresponding to the selection, wherein the device information includes an identifier of the storage device; generating key data for the storage device, wherein the key data includes a private key and a public key; generating, using a hashing process, an access key for configuring the storage device, wherein the access key is generated based at least in part on the device information; generating encrypted key data by encryption of the key data using the access key; storing the encrypted key data at a first location on the storage device; storing the device information at a second location on the storage device; transmitting, to an access management system, a request to register the storage device for the user, the request including the public key and device information, wherein based on the request, the public key and device information are stored at the access management system in association with user information about the user for registration of the storage device; and receiving, from the access management system, a response indicating registration of the storage device as the security device for the user, wherein the response includes access data to enable access to one or more resources requested at the device by the user. - View Dependent Claims (17, 18, 19, 20)
-
Specification