Methods and systems for multifactor authentication
First Claim
Patent Images
1. A method comprising:
- intercepting an attempt by a first principal to access a second principal;
determining whether authentication credentials are available for authenticating the first principal, where the authentication credentials are defined by a policy;
passing select ones of the authentication credentials to the second principal giving access to the first principal if the authentication credentials are available, and wherein the second principal expects the select ones of the authentication credentials for access; and
redirecting the first principal to an identity service if the authentication credentials are unavailable.
3 Assignments
0 Petitions
Accused Products
Abstract
In various embodiments of the invention, techniques are presented for providing multifactor authentication. A first set of credentials are received, which are associated with a first principal, and at least one identifier also associated with the first principal is obtained from a second principal. Next, the first principal'"'"'s knowledge of the at least one identifier is verified and an authentication credential is generated for the first principal. The authentication credential permits the first principal to access the second principal.
-
Citations
26 Claims
-
1. A method comprising:
-
intercepting an attempt by a first principal to access a second principal;
determining whether authentication credentials are available for authenticating the first principal, where the authentication credentials are defined by a policy;
passing select ones of the authentication credentials to the second principal giving access to the first principal if the authentication credentials are available, and wherein the second principal expects the select ones of the authentication credentials for access; and
redirecting the first principal to an identity service if the authentication credentials are unavailable. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
receiving credentials associated with a first principal;
obtaining at least one identifier associated with the first principal from a second principal using at least one of the credentials and in response to a policy;
verifying the at least one identifier with the first principal; and
generating an authentication credential for the first principal, granting it access to the second principal in response to verifying. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
an identity service, wherein the identity service is to be in communication with a first and second principal, wherein at least one credential is to be received from the first principal, and at least one identifier associated with the first principal is to be obtained from the second principal using the at least one credential, and wherein, if the first principal verifies the at least one identifier via the identity service, an authentication credential is to be generated by the identity service for the first principal, the authentication credential is to be subsequently used by the first principal to gain access to the second principal, and wherein the at least one identifier is identified by the identity service pursuant to a policy. - View Dependent Claims (16, 17, 18, 19, 20)
-
21. A system, comprising:
a front-end service to a legacy service interposed between a requesting principal and a target principal, wherein requests from the requesting principal are directed to the target principal and are to be passed through the front-end service, and wherein the front-end service is to detect an authentication request from the target principal in response to the pass though and the front-end service is to determine whether an authentication credential associated with the requesting principal is available and if it is, the front-end service is to respond by forwarding select credentials to the target principal, and wherein if the authentication credential is unavailable the front-end service is to engage one or more third party services to obtain the authentication credential on behalf of the front-end service via interactions between the one or more third party services and the requesting principal and the target principal, and wherein information used to produce the authentication principal is defined by a policy. - View Dependent Claims (22, 23, 24, 25, 26)
Specification