Methods and apparatus for authenticating a user multiple times during a session
First Claim
1. A method for controlling access of a user to a protected resource during a session, the method comprising the steps of:
- issuing an authentication information request responsive to an access request from the user to access the protected resource;
receiving user-supplied authentication information from the user responsive to the authentication information request;
authenticating the user based upon verification of the received authentication information; and
repeating one or more of the issuing, receiving and authenticating steps during the session to re-authenticate the user using at least a portion of the user-supplied authentication information that is different from a corresponding portion of the user-supplied authentication information used during the first authenticating step, wherein said user-supplied authentication information received during an initial authentication and said user-supplied authentication information received during said re-authentication are based on a variable tokencode generated by a security token, wherein at least one of said issuing, receiving and authenticating steps is performed by at least one hardware device.
10 Assignments
0 Petitions
Accused Products
Abstract
Access of a user to a protected resource during a session is controlled by issuing an authentication information request and receiving authentication information from the user responsive to the authentication information request. The user is authenticated based upon verification of the received authentication information. One or more of the issuing, receiving and authenticating steps are repeated during the session to re-authenticate the user. At least a portion of the authentication information that is used during the re-authentication is different from a corresponding portion of the authentication information that was used during the initial authentication. A secure channel is optionally established between the user and the protected resource responsive to the initial verification. The secure channel can optionally be re-established with the re-authentication using the different portion of the authentication information.
-
Citations
28 Claims
-
1. A method for controlling access of a user to a protected resource during a session, the method comprising the steps of:
-
issuing an authentication information request responsive to an access request from the user to access the protected resource; receiving user-supplied authentication information from the user responsive to the authentication information request; authenticating the user based upon verification of the received authentication information; and repeating one or more of the issuing, receiving and authenticating steps during the session to re-authenticate the user using at least a portion of the user-supplied authentication information that is different from a corresponding portion of the user-supplied authentication information used during the first authenticating step, wherein said user-supplied authentication information received during an initial authentication and said user-supplied authentication information received during said re-authentication are based on a variable tokencode generated by a security token, wherein at least one of said issuing, receiving and authenticating steps is performed by at least one hardware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for controlling access of a user to a protected resource during a session, the apparatus comprising:
-
a memory; and at least one processor, coupled to the memory, operative to implement the following steps; issuing an authentication information request responsive to an access request from the user to access the protected resource; receiving user-supplied authentication information from the user responsive to the authentication information request; authenticating the user based upon verification of the received authentication information; and repeating one or more of the issuing, receiving and authenticating steps during the session to re-authenticate the user using at least a portion of the user-supplied authentication information that is different from a corresponding portion of the user-supplied authentication information used during the first authenticating step, wherein said user-supplied authentication information received during an initial authentication and said user-supplied authentication information received during said re-authentication are based on a variable tokencode generated by a security token. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification