Techniques for facilitating secure, credential-free user access to resources
First Claim
1. A method of operating a credential management platform:
- receiving a request to access a protected resource from a first computing device, wherein the request comprises a modified secure shell (SSH) key;
identifying an authentication policy for the protected resource;
establishing a first secure session between the credential management platform and the first computing device;
authenticating the first computing device using authentication information specified by the authentication policy, wherein the authentication information is obtained from a zero-password login application installed on a second computing device;
upon authenticating the first computing device, providing the modified SSH key to the protected resource;
establishing a second secure session between the credential management platform and the protected resource; and
providing the first computing device with access to the protected resource by joining the first secure session and the second secure session.
6 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclose herein for facilitating secure user access to resources without user-provided credentials. More specifically, the techniques described herein eliminate the need for end users to remember and provide privileged resource authentication information (e.g., credentials) at the time of resource access. The system accepts and securely stores registration information for accessing privileged resources during a registration process. As discussed herein, the registration information can include identification and authentication information for each privileged resource. The authentication process can also include registration of one or more secondary authentication devices that are used to verify the identity of the end user in lieu of the end user providing credentials.
-
Citations
18 Claims
-
1. A method of operating a credential management platform:
-
receiving a request to access a protected resource from a first computing device, wherein the request comprises a modified secure shell (SSH) key; identifying an authentication policy for the protected resource; establishing a first secure session between the credential management platform and the first computing device; authenticating the first computing device using authentication information specified by the authentication policy, wherein the authentication information is obtained from a zero-password login application installed on a second computing device; upon authenticating the first computing device, providing the modified SSH key to the protected resource; establishing a second secure session between the credential management platform and the protected resource; and providing the first computing device with access to the protected resource by joining the first secure session and the second secure session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A credential management apparatus comprising:
-
one or more non-transitory computer readable media; one or more processors coupled to the one or more non-transitory computer readable media; and program instructions stored on the non-transitory computer readable media, wherein the program instructions direct the one or more processors to; receive a protected resource access request initiated on a first computing device, wherein the request comprises a modified (secure shell) SSH key that uniquely identifies a user; establish a first secure session between the first computing device and the credential management apparatus; authenticate the user according to an authentication policy associated with the protected resource, wherein authentication information specified by the authentication policy is obtained from a zero-password login application installed on a second computing device; provide the modified SSH key to the protected resource; establish a second secure session between the credential management apparatus and the protected resource; and provide user access to the protected resource by joining the first secure session and the second secure session. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
in a first computing device; receiving a request to access a protected resource; and sending the request to a credential management platform, wherein the request includes a modified secure shell (SSH) that uniquely identifies a user; in the credential management platform; receiving the request from the first computing device; identifying an authentication policy for the protected resource; establishing a first secure session between the first computing device and the credential management platform; and sending a request for authentication information to a second computing device associated with the user, wherein the second computing device has a zero-password login application installed thereon; in the second computing device; receiving the request for authentication information; obtaining the authentication information from the zero-password login application; and sending a response to the request to the credential management platform that includes the authentication information; and in the credential management platform; receiving the response to the request for authentication information; determining that the authentication policy is satisfied; providing the modified SSH key to the protected resource; establishing a second secure session between the credential management platform and the protected resource; and providing the first computing device access to the protected resource by joining the first second session and the second secure session. - View Dependent Claims (17, 18)
-
Specification