Multifactor authentication as a network service
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
monitor a new session at a firewall, wherein the firewall filters inbound traffic by applying a set of rules or policies to prevent unwanted outside traffic from accessing protected resources;
perform a user identification look-up at the firewall based on an IP address associated with the new session to generate the IP address and user binding;
apply an authentication profile based on the new session, wherein the authentication profile is selected by the firewall based on the session and the user identification, and wherein the authentication profile is enforced by the firewall; and
perform an action based on the authentication profile including enforcing a configurable first cache timeout since a last successful authentication for a first factor authentication based on the IP address and user binding, and enforcing a configurable second cache timeout since a last successful authentication for a second factor authentication based on the IP address and user binding, wherein the firewall performs multifactor authentication using the first factor authentication and the second factor authentication to prevent unwanted outside traffic from accessing the protected resources; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for multifactor authentication as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for multifactor authentication as a network service includes monitoring a session at a firewall, applying an authentication profile based on the new session, and performing an action based on the authentication profile.
41 Citations
21 Claims
-
1. A system, comprising:
-
a processor configured to; monitor a new session at a firewall, wherein the firewall filters inbound traffic by applying a set of rules or policies to prevent unwanted outside traffic from accessing protected resources; perform a user identification look-up at the firewall based on an IP address associated with the new session to generate the IP address and user binding; apply an authentication profile based on the new session, wherein the authentication profile is selected by the firewall based on the session and the user identification, and wherein the authentication profile is enforced by the firewall; and perform an action based on the authentication profile including enforcing a configurable first cache timeout since a last successful authentication for a first factor authentication based on the IP address and user binding, and enforcing a configurable second cache timeout since a last successful authentication for a second factor authentication based on the IP address and user binding, wherein the firewall performs multifactor authentication using the first factor authentication and the second factor authentication to prevent unwanted outside traffic from accessing the protected resources; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
monitoring a new session at a firewall, wherein the firewall filters inbound traffic by applying a set of rules or policies to prevent unwanted outside traffic from accessing protected resources; performing a user identification look-up at the firewall based on an IP address associated with the new session to generate the IP address and user binding; applying an authentication profile based on the new session, wherein the authentication profile is selected by the firewall based on the session and the user identification, and wherein the authentication profile is enforced by the firewall; and performing an action based on the authentication profile including enforcing a configurable first cache timeout since a last successful authentication for a first factor authentication based on the IP address and user binding, and enforcing a configurable second cache timeout since a last successful authentication for a second factor authentication based on the IP address and user binding, wherein the firewall performs multifactor authentication using the first factor authentication and the second factor authentication to prevent unwanted outside traffic from accessing the protected resources. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
monitoring a new session at a firewall, wherein the firewall filters inbound traffic by applying a set of rules or policies to prevent unwanted outside traffic from accessing protected resources; performing a user identification look-up at the firewall based on an IP address associated with the new session to generate the IP address and user binding; applying an authentication profile based on the new session, wherein the authentication profile is selected by the firewall based on the session and the user identification, and wherein the authentication profile is enforced by the firewall; and performing an action based on the authentication profile including enforcing a configurable first cache timeout since a last successful authentication for a first factor authentication based on the IP address and user binding, and enforcing a configurable second cache timeout since a last successful authentication for a second factor authentication based on the IP address and user binding, wherein the firewall performs multifactor authentication using the first factor authentication and the second factor authentication to prevent unwanted outside traffic from accessing the protected resources. - View Dependent Claims (18, 19, 20, 21)
-
Specification