System and method for second factor authentication services
First Claim
Patent Images
1. A method, comprising:
- receiving a request to perform a second factor authentication from a firstauthentication server subsequent to a successful first factor authentication of a user computer by the first authentication server; and
responsive to receiving the request, performing, by a second authentication server that is separate from the first authentication server, the second factor authentication of the user computer subsequent to the successful first factor authentication by the first authentication server, the second factor authentication comprising;
outputting a challenge to the user computer, the challenge being a type of challenge selected by the first authentication server from a plurality of types of challenges that the second authentication server is configured to output, wherein outputting the challenge to the user computer comprises establishing a direct communication channel between the second authentication server and the user computer;
receiving a response from the user computer to the challenge; and
performing at least one of;
responsive to determining the response from the user computer to the challenge is correct, outputting an indication to the first authentication server that the user computer passed the second factor authentication, orresponsive to determining the response from the user computer to the challenge is incorrect, outputting an indication to the first authentication server that the user computer failed the second factor authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
A customer server receives a client request to access protected resources over the Internet. First factor authentication is performed and if it is successful a vendor authentication engine is invoked to undertake second factor authentication. The results of the second factor authentication are returned to the customer server, which grants access only if both first and second factor authentication succeeds.
-
Citations
12 Claims
-
1. A method, comprising:
-
receiving a request to perform a second factor authentication from a first authentication server subsequent to a successful first factor authentication of a user computer by the first authentication server; and responsive to receiving the request, performing, by a second authentication server that is separate from the first authentication server, the second factor authentication of the user computer subsequent to the successful first factor authentication by the first authentication server, the second factor authentication comprising; outputting a challenge to the user computer, the challenge being a type of challenge selected by the first authentication server from a plurality of types of challenges that the second authentication server is configured to output, wherein outputting the challenge to the user computer comprises establishing a direct communication channel between the second authentication server and the user computer; receiving a response from the user computer to the challenge; and performing at least one of; responsive to determining the response from the user computer to the challenge is correct, outputting an indication to the first authentication server that the user computer passed the second factor authentication, or responsive to determining the response from the user computer to the challenge is incorrect, outputting an indication to the first authentication server that the user computer failed the second factor authentication. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A customer server comprising:
-
at least one processor; at least one tangible computer readable medium accessible by the at least one processor and having instructions embodying logic that when executed by the at least one processor are configured to cause the customer server to; receive from a user computer a request to access information on the customer server, the request comprising a user name and a password for a user; respond to the user name and the password not matching data stored for the user by denying the user computer access to the information on the customer server; respond to the user name and the password matching data stored for the user by outputting a command to a Vendor authentication server to perform a second factor authentication of the user using a type of challenge selected by the customer server from a plurality of types of challenges that the vendor authentication server is configured to perform, wherein performing the second factor authentication comprises establishing a direct communication channel between the vendor authentication server and the user computer; respond to receiving from the vendor authentication server an indication that the user failed the second factor authentication by denying the user computer access to the information on the customer server; and respond to receiving from the vendor authentication server an indication that the user passed the second factor authentication by granting the user computer access to the information on the customer server. - View Dependent Claims (7)
-
-
8. A second authentication server device, comprising:
-
a tangible computer-readable media having code stored thereon; and at least one processor configured for executing the code to cause the second authentication server device to; receive a request to perform a second factor authentication from a first authentication server device subsequent to a successful first factor authentication of a user computer by the first authentication server device, wherein the second authentication server device is separate from the first authentication server device; and perform the second factor authentication of the user computer responsive to receiving the request and subsequent to the successful first factor authentication by the first authentication server device, wherein the second factor authentication comprises; outputting a challenge to the seer computer, the challenge being a type of challenge selected by the first authentication server device from a plurality of types of challenges that the second authentication server device is configured to output, wherein outputting the challenge to the user computer comprises establishing a direct communication channel between the second authentication server device and the user computer; responsive to determining the response from the user computer to the challenge is correct, outputting an indication to the first authentication server device that the user computer passed the second factor authentication; and responsive to determining the response from the user computer to the challenge is incorrect, outputting an indication to the first authentication server device that the user computer failed the second factor authentication. - View Dependent Claims (9, 10, 11, 12)
-
Specification