TWO-FACTOR AUTHENTICATION

US 20140208406A1
Filed: 01/23/2013
Published: 07/24/2014
Est. Priority Date: 01/23/2013
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for providing two-factor authentication for a secured system in an infrastructure operating environment, the method comprising:

i. receiving, from a user, a request to access the secured system, wherein the request comprises a first authentication information and a second authentication information;

ii. authenticating, using a two-factor authentication protocol, the user based on the first and second authentication information;

iii. in response to a positive authentication result, configuring a firewall gateway to allow access by the user to the secured system; and

iv. in response to a negative authentication result, configuring the firewall gateway to prevent access by the user to the secured system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and processes for providing two-factor authentication to systems capable of implementing varying levels of access control are disclosed. The system may include an authentication and access control system that selectively grants access to a secured system or network. The authentication and access control system implements a two-factor authentication routine and may configure a firewall gateway to grant or deny access to the secured system or network based on the results of the two-factor authentication. A user may connect to the authentication and access control system via a VPN. By separating the user from the secured system or network, the authentication and access control system can provide two-factor authentication for the secured system regardless of the secured system'"'"'s own cyber security capabilities. This is particularly useful for legacy systems in infrastructure operating environments that are incapable of implementing a more sophisticated access control protocol, such as two-factor authentication.

22 Citations

View as Search Results

26 Claims

1. A computer-implemented method for providing two-factor authentication for a secured system in an infrastructure operating environment, the method comprising:
- i. receiving, from a user, a request to access the secured system, wherein the request comprises a first authentication information and a second authentication information;
  
  ii. authenticating, using a two-factor authentication protocol, the user based on the first and second authentication information;
  
  iii. in response to a positive authentication result, configuring a firewall gateway to allow access by the user to the secured system; and
  
  iv. in response to a negative authentication result, configuring the firewall gateway to prevent access by the user to the secured system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein the request from the user is received through a virtual private network.
  - 3. The computer-implemented method of claim 2, wherein the firewall gateway provides access control between the virtual private network and the secured system.
  - 4. The computer-implemented method of claim 2, wherein the virtual private network is one of a point-to-point tunneling protocol (PPTP), layer 2 tunneling protocol (L2TP), secure sockets layer (SSL), and Internet Protocol security (IP Sec) virtual private network.
  - 5. The computer-implemented method of claim 1, wherein at least a portion of the two-factor authentication protocol is performed using an active directory or lightweight directory access protocol authentication server.
  - 6. The computer-implemented method of claim 1, wherein the first authentication information comprises a login identification and a password.
  - 7. The computer-implemented method of claim 1, wherein the second authentication information comprises a passcode generated from a nondeterministic random sequence of numbers.
  - 8. The computer-implemented method of claim 1, wherein the secured system is associated with a utility, transportation, or oil and gas facility.
  - 9. The computer-implemented method of claim 1, wherein the secured system comprises one or more networked devices that are incapable of implementing access control.
  - 10. The computer-implemented method of claim 1, wherein the secured system comprises one or more networked devices that are incapable of implementing two-factor authentication.
  - 11. The computer-implemented method of claim 1, wherein the firewall gateway is a firewall of the secured system.

12. A system for providing two-factor authentication to a secured system in an infrastructure operating environment, the system comprising:
- one or more electronic assets; and
  
  a unified threat management device for controlling access to the one or more electronic assets, wherein the unified threat management device is configured to;
  
  receive, from a user, a request to access an electronic asset of the one or more electronic assets, wherein the request comprises a first authentication information and a second authentication information;
  
  authenticate, using a two-factor authentication protocol, the user based on the first and second authentication information;
  
  in response to a positive authentication result, configure a firewall gateway to allow access by the user to the electronic asset of the one or more electronic assets; and
  
  in response to a negative authentication result, configure the firewall gateway to prevent access by the user to the electronic asset of the one or more electronic assets.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein the request from the user is received through a virtual private network.
  - 14. The system of claim 13, wherein the firewall gateway provides access control between the virtual private network and the one or more electronic assets.
  - 15. The system of claim 12 further comprising an active directory or lightweight directory access protocol authentication server, wherein at least a portion of the two-factor authentication protocol is performed using the active directory or lightweight directory access protocol authentication server.
  - 16. The system of claim 12, wherein the one or more electronic assets are associated with a utility, transportation, or oil and gas facility.
  - 17. The system of claim 16, wherein the one or more assets comprise one or more of a supervisory control and data acquisition (SCADA) Control System Computer, Remote Terminal Unit (RTU), Intelligent Electronic Devices (IED), or a protection relay at a substation.
  - 18. The system of claim 12, wherein the secured system comprises one or more networked devices that are incapable of implementing access control.
  - 19. The system of claim 12, wherein the secured system comprises one or more networked devices that are incapable of implementing two-factor authentication.
  - 20. The system of claim 12, wherein the firewall gateway is a firewall function of the unified threat management device.

21. A non-transitory computer-readable storage medium comprising program code for providing two-factor authentication for a secured system in an infrastructure operating environment, the program code for:
- i. receiving, from a user, a request to access the secured system, wherein the request comprises a first authentication information and a second authentication information;
  
  ii. authenticating, using a two-factor authentication protocol, the user based on the first and second authentication information;
  
  iii. in response to a positive authentication result, configuring a firewall gateway to allow access by the user to the secured system; and
  
  iv. in response to a negative authentication result, configuring the firewall gateway to prevent access by the user to the secured system.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The non-transitory computer-readable storage medium of claim 21, wherein the request from the user is received through a virtual private network.
  - 23. The non-transitory computer-readable storage medium of claim 22, wherein the firewall gateway provides access control between the virtual private network and the secured system.
  - 24. The non-transitory computer-readable storage medium of claim 21, wherein the secured system is associated with a utility, transportation, or oil and gas facility.
  - 25. The non-transitory computer-readable storage medium of claim 21, wherein the secured system comprises one or more networked devices that are incapable of implementing two-factor authentication.
  - 26. The computer-implemented method of claim 21, wherein the firewall gateway is a firewall of the secured, system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
N-Dimension Solutions, Inc. (IPKeys Power Partners, LLC)
Original Assignee
N-Dimension Solutions, Inc. (IPKeys Power Partners, LLC)
Inventors
AUSTIN, Charles Frederick, WAN, Xingsheng, WRIGHT, Andrew

Application Number

US13/748,153
Publication Number

US 20140208406A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/02   for separating internal fro...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

Y04S 40/20   Information technology spec...

TWO-FACTOR AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

TWO-FACTOR AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links