Systems and methods for multi-factor authentication
First Claim
Patent Images
1. A method for according access to secure resources using a multi-factor authentication policy, the method comprising:
- receiving, at a first access-control system controlling access to a first secure resource, a first request from a user to access the first secure resource, the first request comprising a first user authentication credential;
receiving, at a second access-control system (i) different from the first access-control system and (ii) controlling access to a second secure resource different from the first secure resource, a second request from the user to access the second secure resource, the second request comprising a second user authentication credential different from the first user credential; and
in accordance with the multi-factor authentication policy, determining whether to accord the user access to the second resource based on at least (a) the second user credential and (b) whether the first access-control system accorded the user access to the first secure resource based on the first user authentication credential.
7 Assignments
0 Petitions
Accused Products
Abstract
Requests to gain access to secure resources are adjudicated according to authentication policies that include rules based on user-states derived from multiple heterogeneous access-control systems. Comprehensive user authentication and access control based on rules and policies that encompass a user'"'"'s status in multiple access-control systems, including both logical access (e.g., Active Directory, RADIUS, Virtual Private Network, etc.) as well as physical access (e.g., card-based) control systems, may be realized.
76 Citations
18 Claims
-
1. A method for according access to secure resources using a multi-factor authentication policy, the method comprising:
-
receiving, at a first access-control system controlling access to a first secure resource, a first request from a user to access the first secure resource, the first request comprising a first user authentication credential; receiving, at a second access-control system (i) different from the first access-control system and (ii) controlling access to a second secure resource different from the first secure resource, a second request from the user to access the second secure resource, the second request comprising a second user authentication credential different from the first user credential; and in accordance with the multi-factor authentication policy, determining whether to accord the user access to the second resource based on at least (a) the second user credential and (b) whether the first access-control system accorded the user access to the first secure resource based on the first user authentication credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18)
-
-
10. An authentication system comprising:
-
a first access-control system controlling access to a first secure resource; a second access-control system (i) different from the first access-control system and (ii) controlling access to a second secure resource different from the first secure resource; and a global access server configured to; (i) provide user access policies based on rules associated with a plurality of access control systems; (ii) receive a first request from a user to access the first secure resource, the first request comprising a first user authentication credential presented to the first access-control system; (iii) receive a second request from the user to access the second secure resource, the second request comprising a second user authentication credential different from the first user credential and presented to the second access-control system; and (iv) in accordance an access policy for the user, determine whether to accord the user access to the second resource based on at least (a) the second user credential and (b) whether the first access-control system accorded the user access to the first secure resource based on the first user authentication credential. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification