Method and apparatus for token-based re-authentication

US 8,572,683 B2
Filed: 08/15/2011
Issued: 10/29/2013
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory operable to store a plurality of tokens that indicate a user is using a device to access a resource over a network; and

a processor operable to;

detect at least one token indicating a change associated with at least one of the device, the network, or the resource, wherein the change poses a risk to a current authentication of the user;

block the user from accessing the resource in response to the change;

determine whether to re-authenticate the user in response to the change and in response to the determination to re-authenticate the user;

request generation of a first password, wherein the first password is generated using a combination of personal information associated with the user;

receive a re-authentication token comprising the first password;

request, from the user, a second password, the request for the second password comprising a message instructing the user how to for the second password to match the first password;

receive a response comprising the second password;

determine that the second password matches the first password; and

re-authenticate the user in response to the determination that the second password matches the password.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of tokens that indicate a user is using a device to access a resource over a network. The apparatus may detect at least one token indicating a change associated with at least one of the device, the network, or the resource. The apparatus may then determine to re-authenticate the user in response to the change. The apparatus may then request a password generated using personal information of the user, and receive a re-authentication token comprising the password generated using personal information of the user. The apparatus may then request, from the user, a second password. The request for the second password may include instructions on how to form the second password. The apparatus may receive a response comprising the second password and determine that the second password matches the password. The apparatus may then re-authenticate the user.

50 Citations

View as Search Results

24 Claims

1. An apparatus comprising:
- a memory operable to store a plurality of tokens that indicate a user is using a device to access a resource over a network; and
  
  a processor operable to;
  
  detect at least one token indicating a change associated with at least one of the device, the network, or the resource, wherein the change poses a risk to a current authentication of the user;
  
  block the user from accessing the resource in response to the change;
  
  determine whether to re-authenticate the user in response to the change and in response to the determination to re-authenticate the user;
  
  request generation of a first password, wherein the first password is generated using a combination of personal information associated with the user;
  
  receive a re-authentication token comprising the first password;
  
  request, from the user, a second password, the request for the second password comprising a message instructing the user how to for the second password to match the first password;
  
  receive a response comprising the second password;
  
  determine that the second password matches the first password; and
  
  re-authenticate the user in response to the determination that the second password matches the password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the change is jitter in the network.
  - 3. The apparatus of claim 1, wherein the change is a change in the access requirements of the resource.
  - 4. The apparatus of claim 1, wherein the personal information comprises at least one of the user'"'"'s age, number of children, and spouse'"'"'s age.
  - 5. The apparatus of claim 1, wherein a subsequently generated re-authentication token is different from a previously generated re-authentication token.
  - 6. The apparatus of claim 1, wherein a subsequent generation of the password uses a different combination of personal information of the user than a previous generation of the password.
  - 7. The apparatus of claim 1, the processor further operable to store a plurality of token-based rules, wherein a token-based rule facilitates the generation of a re-authentication token.
  - 8. The apparatus of claim 1, wherein the determination to re-authenticate the user is based on a token-based rule and the plurality of tokens.

9. A method for re-authenticating a user comprising:
- storing a plurality of tokens that indicate a user is using a device to access a resource over a network;
  
  detecting, by a processor, at least one token indicating a change associated with at least one of the device, the network, or the resource, wherein the change poses a risk to a current authentication of the user;
  
  blocking, by the processor, the user from accessing the resource in response to the change;
  
  determining, by the processor, whether to re-authenticate the user in response to the change and in response to the determination to re-authenticate the user;
  
  requesting generation of a first password, wherein the first password is generated using a combination of personal information associated with the user;
  
  receiving a re-authentication token comprising the first password;
  
  requesting, from the user, a second password, the request for the second password comprising a message instructing the user how to form the second password to match the first password;
  
  receiving a response comprising the second password;
  
  determining, by the processor, that the second password matches the first password; and
  
  re-authenticating the user in response to the determination that the second password matches the password.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the change is jitter in the network.
  - 11. The method of claim 9, wherein the change is a change in the access requirements of the resource.
  - 12. The method of claim 9, wherein the personal information comprises at least one of the user'"'"'s age, number of children, and spouse'"'"'s age.
  - 13. The method of claim 9, wherein a subsequently generated re-authentication token is different from a previously generated re-authentication token.
  - 14. The method of claim 9, wherein a subsequent generation of the password uses a different combination of personal information of the user than a previous generation of the password.
  - 15. The method of claim 9, further comprising storing a plurality of token-based rules, wherein a token-based rule facilitates the generation of a re-authentication token.
  - 16. The method of claim 9, wherein the determination to re-authenticate the user is based on a token-based rule and the plurality of tokens.

17. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of tokens that indicate a user is using a device to access a resource over a network;
  
  detect at least one token indicating a change associated with at least one of the device, the network, or the resource, wherein the change poses a risk to a current authentication of the user;
  
  block the user from accessing the resource in response to the change;
  
  determine to re-authenticate the user in response to the change and in response to the determination to re-authenticate the user;
  
  request generation of a first password, wherein the first password is generated using a combination of personal information associated with the user;
  
  receive a re-authentication token comprising the first password;
  
  request, from the user, a second password, the request for the second password comprising a message instructing the user how to form the second password to match the first password;
  
  receive a response comprising the second password;
  
  determine that the second password matches the first password; and
  
  re-authenticate the user in response to the determination that the second password matches the password.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The media of claim 17, wherein the change is jitter in the network.
  - 19. The media of claim 17, wherein the change is a change in the access requirements of the resource.
  - 20. The media of claim 17, wherein the personal information comprises at least one of the user'"'"'s age, number of children, and spouse'"'"'s age.
  - 21. The media of claim 17, wherein a subsequently generated re-authentication token is different from a previously generated re-authentication token.
  - 22. The media of claim 17, wherein a subsequent generation of the password uses a different combination of personal information of the user than a previous generation of the password.
  - 23. The media of claim 17 embodying software further operable to store a plurality of token-based rules, wherein a token-based rule facilitates the generation of a re-authentication token.
  - 24. The media of claim 17, wherein the determination to re-authenticate the user is based on a token-based rule and the plurality of tokens.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
Abedin, Shanto M

Application Number

US13/210,289
Publication Number

US 20130047226A1
Time in Patent Office

806 Days
Field of Search

726 1- 7, 726/21, 726/10, 726/22, 726/27, 713/175, 713/182, 713/185
US Class Current

726/2
CPC Class Codes

G06F 21/33 using certificates

Method and apparatus for token-based re-authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for token-based re-authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links