Systems and methods for multi-factor authentication
First Claim
Patent Images
1. A method for authenticating a user to a secure resource, the method comprising:
- receiving a request from a user to access the secure resource, the request comprising one or more user authentication credentials;
providing, in response to and based at least in part on the user authentication credentials, an access policy based on rules associated with a plurality of access-control systems;
receiving user states from each of the plurality of access-control systems;
determining whether any of the rules is satisfied, at least in part, on the received user states; and
adjudicating access to the secure resource based on the determination.
7 Assignments
0 Petitions
Accused Products
Abstract
Requests to gain access to secure resources are adjudicated according to authentication policies that include rules based on user-states derived from multiple heterogeneous access-control systems.
559 Citations
23 Claims
-
1. A method for authenticating a user to a secure resource, the method comprising:
-
receiving a request from a user to access the secure resource, the request comprising one or more user authentication credentials;
providing, in response to and based at least in part on the user authentication credentials, an access policy based on rules associated with a plurality of access-control systems;
receiving user states from each of the plurality of access-control systems;
determining whether any of the rules is satisfied, at least in part, on the received user states; and
adjudicating access to the secure resource based on the determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for authenticating a user to a secure resource, the system comprising:
-
a) an access control agent for intercepting a user request to access a secure resource, the request comprising one or more user authentication credentials; and
b) a global access server for;
(i) providing user access policies based on rules associated with a plurality of access control systems and specifying access criteria for granting the user access the secure resource;
(ii) determining if the one or more of the rules residing in the access control systems are met so as to satisfy the policies; and
(iii) adjudicating user requests based on the user access policies. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A global access server for controlling access to a secure resource, the server comprising:
-
a) an interface for communicating with an access-control agent and a plurality of access-control systems;
b) a database for storing access policies for granting access to the secure resource, the access policies being based on rules associated with the access-control systems; and
c) a policy engine responsive to the interface and in communication with the database, for (i) determining, in response to a user request received from the access-control agent and a user state received from at least one of the access-control systems, whether rules associated with the at least one user-state-providing access-control system are met so as to satisfy the policy associated therewith, and (ii) adjudicating the user request based on the determination.
-
-
23. An article of manufacture having computer-readable program portions embodied thereon for authenticating a user to a secure resource, the article comprising computer-readable instructions for:
-
receiving a request from a user to access the secure resource, the request comprising one or more user authentication credentials required to access the secure resource;
providing, in response to the user authentication credentials, a policy specifying criteria for granting the user access to the secure resource, the policy being based on rules associated with a plurality of access control systems;
initiating requests to each of the access control systems for respective user states according to each of the plurality of access control systems; and
determining if the policy is satisfied based, at least in part on the respective users states.
-
Specification