Method and apparatus for token-based re-authentication
First Claim
1. An apparatus comprising:
- a memory operable to store a plurality of tokens that indicate a user is using a device to access a resource over a network; and
a processor operable to;
detect at least one token indicating a change associated with at least one of the device, the network, or the resource, wherein the change poses a risk to a current authentication of the user;
block the user from accessing the resource in response to the change;
determine whether to re-authenticate the user in response to the change and in response to the determination to re-authenticate the user;
request generation of a first password, wherein the first password is generated using a combination of personal information associated with the user;
receive a re-authentication token comprising the first password;
request, from the user, a second password, the request for the second password comprising a message instructing the user how to for the second password to match the first password;
receive a response comprising the second password;
determine that the second password matches the first password; and
re-authenticate the user in response to the determination that the second password matches the password.
2 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, an apparatus may store a plurality of tokens that indicate a user is using a device to access a resource over a network. The apparatus may detect at least one token indicating a change associated with at least one of the device, the network, or the resource. The apparatus may then determine to re-authenticate the user in response to the change. The apparatus may then request a password generated using personal information of the user, and receive a re-authentication token comprising the password generated using personal information of the user. The apparatus may then request, from the user, a second password. The request for the second password may include instructions on how to form the second password. The apparatus may receive a response comprising the second password and determine that the second password matches the password. The apparatus may then re-authenticate the user.
50 Citations
24 Claims
-
1. An apparatus comprising:
-
a memory operable to store a plurality of tokens that indicate a user is using a device to access a resource over a network; and a processor operable to; detect at least one token indicating a change associated with at least one of the device, the network, or the resource, wherein the change poses a risk to a current authentication of the user; block the user from accessing the resource in response to the change; determine whether to re-authenticate the user in response to the change and in response to the determination to re-authenticate the user; request generation of a first password, wherein the first password is generated using a combination of personal information associated with the user; receive a re-authentication token comprising the first password; request, from the user, a second password, the request for the second password comprising a message instructing the user how to for the second password to match the first password; receive a response comprising the second password; determine that the second password matches the first password; and re-authenticate the user in response to the determination that the second password matches the password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for re-authenticating a user comprising:
-
storing a plurality of tokens that indicate a user is using a device to access a resource over a network; detecting, by a processor, at least one token indicating a change associated with at least one of the device, the network, or the resource, wherein the change poses a risk to a current authentication of the user; blocking, by the processor, the user from accessing the resource in response to the change; determining, by the processor, whether to re-authenticate the user in response to the change and in response to the determination to re-authenticate the user; requesting generation of a first password, wherein the first password is generated using a combination of personal information associated with the user; receiving a re-authentication token comprising the first password; requesting, from the user, a second password, the request for the second password comprising a message instructing the user how to form the second password to match the first password; receiving a response comprising the second password; determining, by the processor, that the second password matches the first password; and re-authenticating the user in response to the determination that the second password matches the password. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
-
store a plurality of tokens that indicate a user is using a device to access a resource over a network; detect at least one token indicating a change associated with at least one of the device, the network, or the resource, wherein the change poses a risk to a current authentication of the user; block the user from accessing the resource in response to the change; determine to re-authenticate the user in response to the change and in response to the determination to re-authenticate the user; request generation of a first password, wherein the first password is generated using a combination of personal information associated with the user; receive a re-authentication token comprising the first password; request, from the user, a second password, the request for the second password comprising a message instructing the user how to form the second password to match the first password; receive a response comprising the second password; determine that the second password matches the first password; and re-authenticate the user in response to the determination that the second password matches the password. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification