Intercept-based multifactor authentication enrollment of clients as a network service

US 10,225,243 B2
Filed: 09/30/2016
Issued: 03/05/2019
Est. Priority Date: 09/30/2016
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor configured to;

monitor a session at a firewall;

intercept a request for access to a resource while monitoring the session at the firewall;

determine that a user associated with the session is not enrolled for multifactor authentication;

initiate enrollment of the user for the multifactor authentication; and

allow access to the resource prior to completing the enrollment of the user for the multifactor authentication, wherein the user is allowed access to the resource for a predetermined period of time prior to being required to complete the enrollment of the user for the multifactor authentication; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for intercept-based multifactor authentication client enrollment as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for intercept-based multifactor authentication client enrollment as a network service includes monitoring a session at a firewall, intercepting a request for access to a resource while monitoring the session at the firewall, determining that a user associated with the session is not enrolled for multifactor authentication, and initiating enrollment of the user for the multifactor authentication.

Citations

17 Claims

1. A system, comprising:
- a processor configured to;
  
  monitor a session at a firewall;
  
  intercept a request for access to a resource while monitoring the session at the firewall;
  
  determine that a user associated with the session is not enrolled for multifactor authentication;
  
  initiate enrollment of the user for the multifactor authentication; and
  
  allow access to the resource prior to completing the enrollment of the user for the multifactor authentication, wherein the user is allowed access to the resource for a predetermined period of time prior to being required to complete the enrollment of the user for the multifactor authentication; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system recited in claim 1, wherein the firewall performs the multifactor authentication as a network service.
  - 3. The system recited in claim 1, wherein the resource is associated with an authentication profile, and wherein the authentication profile is for a first authentication factor.
  - 4. The system recited in claim 1, wherein the resource is associated with an authentication profile, and wherein the authentication profile is for a first authentication factor and a second authentication factor.
  - 5. The system recited in claim 1, wherein the resource is associated with an authentication profile, and wherein the authentication profile is for a plurality of authentication factors for performing the multifactor authentication.
  - 6. The system recited in claim 1, wherein the resource is associated with an authentication profile, and wherein the authentication profile is a multifactor authentication profile.
  - 7. The system recited in claim 1, wherein the processor is further configured to:
    - complete the enrollment of the user for the multifactor authentication.
  - 8. The system recited in claim 1, wherein the processor is further configured to:
    - complete the enrollment of the user for the multifactor authentication; and
      
      allow access to the resource after completing the enrollment of the user for the multifactor authentication.
  - 9. The system recited in claim 1, wherein the processor is further configured to:
    - block access to the resource prior to completing the enrollment of the user for the multifactor authentication if the predetermined period of time has expired.

10. A method, comprising:
- monitoring a session at a firewall;
  
  intercepting a request for access to a resource while monitoring the session at the firewall;
  
  determining that a user associated with the session is not enrolled for multifactor authentication; and
  
  initiating enrollment of the user for the multifactor authentication; and
  
  allowing access to the resource prior to completing the enrollment of the user for the multifactor authentication, wherein the user is allowed access to the resource for a predetermined period of time prior to being required to complete the enrollment of the user for the multifactor authentication.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, further comprising:
    - completing the enrollment of the user for the multifactor authentication.
  - 12. The method of claim 10, further comprising:
    - completing the enrollment of the user for the multifactor authentication; and
      
      allowing access to the resource after completing the enrollment of the user for the multifactor authentication.
  - 13. The method of claim 10, further comprising:
    - blocking access to the resource prior to completing the enrollment of the user for the multifactor authentication if the predetermined period of time has expired.

14. A computer program product, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for:
- monitoring a session at a firewall;
  
  intercepting a request for access to a resource while monitoring the session at the firewall;
  
  determining that a user associated with the session is not enrolled for multifactor authentication;
  
  initiating enrollment of the user for the multifactor authentication; and
  
  allowing access to the resource prior to completing the enrollment of the user for the multifactor authentication, wherein the user is allowed access to the resource for a predetermined period of time prior to being required to complete the enrollment of the user for the multifactor authentication.
- View Dependent Claims (15, 16, 17)
- - 15. The computer program product recited in claim 14, further comprising computer instructions for:
    - completing the enrollment of the user for the multifactor authentication.
  - 16. The computer program product recited in claim 14, further comprising computer instructions for:
    - completing the enrollment of the user for the multifactor authentication; and
      
      allowing access to the resource after completing the enrollment of the user for the multifactor authentication.
  - 17. The computer program product recited in claim 14, further comprising computer instructions for:
    - blocking access to the resource prior to completing the enrollment of the user for the multifactor authentication if the predetermined period of time has expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Murthy, Ashwath Sreenivasa
Primary Examiner(s)
Su, Sarah

Application Number

US15/281,929
Publication Number

US 20180097788A1
Time in Patent Office

886 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 2463/121   Timestamp

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

Intercept-based multifactor authentication enrollment of clients as a network service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Intercept-based multifactor authentication enrollment of clients as a network service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links