Protected resource access control utilizing credentials based on message authentication codes and hash chain values
First Claim
1. A method comprising:
- receiving authentication information from a user;
generating a message authentication code based at least in part on the received authentication information;
associating intermediate values of a hash chain with respective ones of a plurality of access control intervals;
generating a credential for a particular one of the plurality of access control intervals based at least in part on the message authentication code and the intermediate value of the hash chain associated with the particular access control interval; and
providing the credential to a user in order to allow the user to access a protected resource in the particular access control interval;
wherein the receiving, generating, associating and providing are performed by at least one processing device of an information processing system.
18 Assignments
0 Petitions
Accused Products
Abstract
A processing device comprises a processor coupled to a memory and is configured to receive authentication information from a user, to generate a message authentication code based at least in part on the received authentication information, to generate a credential for a particular access control interval based at least in part on the message authentication code and an intermediate value of a hash chain, and to provide the credential to a user in order to allow the user to access a protected resource in the particular access control interval. The message authentication code may be generated over a message payload that includes a password provided by the user. The credential may comprise a combination of the message authentication code and the intermediate value of the hash chain.
342 Citations
28 Claims
-
1. A method comprising:
-
receiving authentication information from a user; generating a message authentication code based at least in part on the received authentication information; associating intermediate values of a hash chain with respective ones of a plurality of access control intervals; generating a credential for a particular one of the plurality of access control intervals based at least in part on the message authentication code and the intermediate value of the hash chain associated with the particular access control interval; and providing the credential to a user in order to allow the user to access a protected resource in the particular access control interval; wherein the receiving, generating, associating and providing are performed by at least one processing device of an information processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus comprising:
-
at least one processing device comprising a processor coupled to a memory; the processing device being configured to receive authentication information from a user, to generate a message authentication code based at least in part on the received authentication information, to associate intermediate values of a hash chain with respective ones of a plurality of access control intervals, to generate a credential for a particular one of the plurality of access control intervals based at least in part on the message authentication code and the intermediate value of the hash chain associated with the particular access control interval, and to provide the credential to a user in order to allow the user to access a protected resource in the particular access control interval. - View Dependent Claims (20)
-
-
21. A method comprising:
-
receiving a credential from a user attempting to access a protected resource in a particular one of a plurality of access control intervals; generating a message authentication code based at least in part on the credential; utilizing the generated message authentication code to identify an intermediate value of a hash chain in the credential; and if the identified intermediate value of the hash chain matches an expected intermediate value of the hash chain associated with the particular access control interval, granting the user access to the protected resource in the particular access control interval; wherein intermediate values of the hash chain are associated with respective ones of the plurality of access control intervals; and wherein the receiving, generating, utilizing and granting are performed by at least one processing device of an information processing system. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. An apparatus comprising:
-
at least one processing device comprising a processor coupled to a memory; the processing device being configured to receive a credential from a user attempting to access a protected resource in a particular one of a plurality of access control intervals, to generate a message authentication code based at least in part on the credential, to utilize the generated message authentication code to identify an intermediate value of a hash chain in the credential, and if the identified intermediate value of the hash chain matches an expected intermediate value of the hash chain associated with the particular access control interval, granting the user access to the protected resource in the particular access control interval, wherein intermediate values of the hash chain are associated with respective ones of the plurality of access control intervals. - View Dependent Claims (28)
-
Specification