Dynamic authentication in alternate operating environment

US 10,193,888 B1
Filed: 07/10/2017
Issued: 01/29/2019
Est. Priority Date: 06/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

authenticating, by a hardware processor, a device to a network via a first authentication technique during an initial access request;

after successful authentication with the first authentication technique, storing, by the hardware processor, information related to the first authentication technique;

creating, by the hardware processor, a record of the device related to a second authentication technique, wherein the record includes at least the information related to the first authentication technique;

after the device changes state due to an activity that results in a re-authentication with the network, authenticating, by the hardware processor, the device to the network via the second authentication technique during a subsequent access request without re-authenticating with the first authentication technique, the second authentication technique does not rely on manual entry at the device; and

wherein the information related to the first and to the second authentication techniques are annotated and kept in the record of the device until a non-expiration-timing event prompts, by the hardware processor, removal, by the hardware processor, the information related to the first authentication technique and the record of the device related to the second authentication technique.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that employ dynamic credentials across distinct authentication standards can be used to reduce the burden associated with repeated re-authentication. A utility can be employed during logon in an alternate operating environment that stores information from the logon dynamically and generates a credential file that is employed to grant access to a resource without repeating the earlier logon procedure, even if the device changes its user state. After processes requiring resource access are complete, or when an allowed time expires, the granted access is revoked and the device returns to a default or standard authentication technique.

Citations

16 Claims

1. A method, comprising:
- authenticating, by a hardware processor, a device to a network via a first authentication technique during an initial access request;
  
  after successful authentication with the first authentication technique, storing, by the hardware processor, information related to the first authentication technique;
  
  creating, by the hardware processor, a record of the device related to a second authentication technique, wherein the record includes at least the information related to the first authentication technique;
  
  after the device changes state due to an activity that results in a re-authentication with the network, authenticating, by the hardware processor, the device to the network via the second authentication technique during a subsequent access request without re-authenticating with the first authentication technique, the second authentication technique does not rely on manual entry at the device; and
  
  wherein the information related to the first and to the second authentication techniques are annotated and kept in the record of the device until a non-expiration-timing event prompts, by the hardware processor, removal, by the hardware processor, the information related to the first authentication technique and the record of the device related to the second authentication technique.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprises creating, by the hardware processor, a trusted path between the device and the second authentication technique, the trusted path comprises a bypass table in effect for until a non-expiration-timing event after the successful authentication with the first authentication technique.
  - 3. The method of claim 1, wherein the authenticating the device to the network via the second authentication technique comprises authenticating the device at least in part by recognizing a network identifier associated with the device based on the record.
  - 4. The method of claim 1, further comprising:
    - changing, by the hardware processor, an authentication status of the device; and
      
      authenticating, by the hardware processor, the device via the second authentication technique.
  - 5. The method of claim 1, further comprising imaging, by the hardware processor, the device.
  - 6. The method of claim 5, further comprising:
    - removing, by the hardware processor, the information related to the first authentication technique; and
      
      removing, by the hardware processor, the record of the device related to the second authentication technique.
  - 7. The method of claim 1, further comprising providing, by the hardware processor, compatibility between the device and the network.
  - 8. The method of claim 1, further comprising modifying, by the hardware processor, an image to be applied to the device based on at least one of the information related to the first authentication technique and a network identifier associated with the device.

9. A system for imaging a device, comprising:
- a hardware processor that executes the following executable components stored in a memory;
  
  a first access control implementing a first authentication technique that authenticates the device to a network during a first authentication attempt;
  
  a database storing information related to the first authentication technique and creating a record of the device related to a second authentication technique, wherein the record includes at least the information related to the first authentication technique;
  
  a second access control implementing the second authentication technique after a state of the device changes based on an activity that results in a re-authentication with the network, the second authentication technique is based upon successful authentication of the device to the network by the first access control during the first authentication attempt and authenticates the device to the network on a second authentication attempt without the use of the first access control and without input from the device; and
  
  wherein the database storing information related to the first and to the second authentication techniques annotates the record of the device until a non-expiration-timing event prompts, by the hardware processor, removal, by the hardware processor, the information related to the first authentication technique and the record of the device related to the second authentication technique.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the second access control creates a trusted path between the device and the second authentication technique, the trusted path comprises a bypass table effective for until a non-expiration-timing event after the successful authentication during the first authentication attempt.
  - 11. The system of claim 9, wherein the record permits the second authentication technique to authenticate the device at least in part by recognizing a network identifier associated with the device.
  - 12. The system of claim 9, wherein the first access control changes an authentication status of the device, and the second access control authenticates the device via the second authentication technique.
  - 13. The system of claim 9, wherein the executable components further comprise an imaging processor that images the device.
  - 14. The system of claim 13, wherein the database removes the information related to the first authentication technique and the record of the device related to the second authentication technique.
  - 15. The system of claim 9, wherein the executable components further comprise:
    - a compatibility processor providing compatibility between the device and the network.
  - 16. The system of claim 9, wherein the executable components further comprise:
    - the hardware processor modifying an image to be applied to the device based on at least one of the information related to the first authentication technique and a network identifier associated with the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Belton, Jr., Lawrence T., Benskin, Ryan Bernard, Gabel, Jon, Grove, Michael, Morris, Timothy H., Russell, Jonathan D., Yelton, Jr., Robert Glenn, Rodgers, Douglas S.
Primary Examiner(s)
Patel, Haresh N

Application Number

US15/644,966
Time in Patent Office

568 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/45   Structures or tools for the...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

Dynamic authentication in alternate operating environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic authentication in alternate operating environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links