TECHNIQUES FOR FACILITATING SECURE, CREDENTIAL-FREE USER ACCESS TO RESOURCES
First Claim
1. A cloud-based credential management apparatus comprising:
- one or more computer readable storage media; and
program instructions stored on the one or more computer readable storage media, wherein the program instructions, when executed by the one or more processors, direct the one or more processors to;
process a protected resource access request initiated by a resource access system to identify a user and a protected resource that the user is attempting to access;
identify a predetermined authentication policy associated with the protected resource;
generate a request for authentication information based on the authentication policy associated with the protected resource;
send the request for authentication information for delivery to a mobile device associated with the user;
process a response to the authentication request sent by the mobile device to determine that the authentication policy is satisfied; and
in response to determining that the policy is satisfied, generate a response to the protected resource access request including login credentials to access the protected resource.
6 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclose herein for facilitating secure user access to resources without user-provided credentials. More specifically, the techniques described herein eliminate the need for end users to remember and provide privileged resource authentication information (e.g., credentials) at the time of resource access. The system accepts and securely stores registration information for accessing privileged resources during a registration process. As discussed herein, the registration information can include identification and authentication information for each privileged resource. The authentication process can also include registration of one or more secondary authentication devices that are used to verify the identity of the end user in lieu of the end user providing credentials.
49 Citations
20 Claims
-
1. A cloud-based credential management apparatus comprising:
-
one or more computer readable storage media; and program instructions stored on the one or more computer readable storage media, wherein the program instructions, when executed by the one or more processors, direct the one or more processors to; process a protected resource access request initiated by a resource access system to identify a user and a protected resource that the user is attempting to access; identify a predetermined authentication policy associated with the protected resource; generate a request for authentication information based on the authentication policy associated with the protected resource; send the request for authentication information for delivery to a mobile device associated with the user; process a response to the authentication request sent by the mobile device to determine that the authentication policy is satisfied; and in response to determining that the policy is satisfied, generate a response to the protected resource access request including login credentials to access the protected resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-readable storage medium having a browser extension for operating with a web browser on an electronic computing device stored thereon, the browser extension including program instructions, which when executed by the one or more processors of the electronic computing device, cause the electronic computing device to:
-
detect an attempt initiated by a user of the electronic device to access a resource; determine that the resource is a protected resource; responsive to determining that the resource is a protected resource, generate a protected resource access request, wherein the protected resource access request identifies the user and the protected resource that the user is attempting to access; receive processing login credentials for accessing the resource; and populating a login form for the resource with the received login credentials without storing the login credentials.
-
-
14. The computer-readable storage medium 13, wherein the resource comprises a website and the resource access request comprises a request to access a URL associated with the website.
-
15. The computer-readable storage medium 13, wherein to determine that the resource is a protected resource, the electronic computing device looks up a hash value stored in the browser.
-
16. The computer-readable storage medium 15, wherein the hash value is periodically updated by an enterprise credential administrative system.
-
17. A method of operating a credential management system to provide a user with secure access to a resource without user-provided credentials, the method comprising:
-
receiving a protected resource access request initiated by a resource access system to identify a user and a protected resource that the user is attempting to access; identifying a predetermined authentication policy associated with the protected resource; generating a request for authentication information for delivery to a mobile device associated with the user, wherein the requested authentication information is determined based on the authentication policy associated with the protected resource; receiving a response to the authentication request sent by the mobile device; determining if the authentication policy is satisfied, wherein the authentication policy comprises a progressive multi-factor authentication; and if the authentication policy is satisfied, generating a response to the protected resource access request including login credentials to access the protected resource. - View Dependent Claims (18, 19, 20)
-
Specification