Systems and methods for multi-factor authentication

US 9,118,656 B2
Filed: 01/25/2007
Issued: 08/25/2015
Est. Priority Date: 01/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method for according access to secure resources using a multi-factor authentication policy, the method comprising:

receiving, at a first access-control system controlling access to a first secure resource, a first request from a user to access the first secure resource, the first request comprising a first user authentication credential;

receiving, at a second access-control system (i) different from the first access-control system and (ii) controlling access to a second secure resource different from the first secure resource, a second request from the user to access the second secure resource, the second request comprising a second user authentication credential different from the first user credential; and

in accordance with the multi-factor authentication policy, determining whether to accord the user access to the second resource based on at least (a) the second user credential and (b) whether the first access-control system accorded the user access to the first secure resource based on the first user authentication credential.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Requests to gain access to secure resources are adjudicated according to authentication policies that include rules based on user-states derived from multiple heterogeneous access-control systems. Comprehensive user authentication and access control based on rules and policies that encompass a user'"'"'s status in multiple access-control systems, including both logical access (e.g., Active Directory, RADIUS, Virtual Private Network, etc.) as well as physical access (e.g., card-based) control systems, may be realized.

76 Citations

View as Search Results

18 Claims

1. A method for according access to secure resources using a multi-factor authentication policy, the method comprising:
- receiving, at a first access-control system controlling access to a first secure resource, a first request from a user to access the first secure resource, the first request comprising a first user authentication credential;
  
  receiving, at a second access-control system (i) different from the first access-control system and (ii) controlling access to a second secure resource different from the first secure resource, a second request from the user to access the second secure resource, the second request comprising a second user authentication credential different from the first user credential; and
  
  in accordance with the multi-factor authentication policy, determining whether to accord the user access to the second resource based on at least (a) the second user credential and (b) whether the first access-control system accorded the user access to the first secure resource based on the first user authentication credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18)
- - 2. The method of claim 1, further comprising the step of determining whether to accord the user access to the first resource based on at least the first user credential.
  - 3. The method of claim 1, wherein the first access-control system controls physical access to a site location and the second access-control system controls access to a computer system.
  - 4. The method of claim 3, wherein the first authentication credential is a badge and the second authentication credential is one or more of a password, a screen name, a user identification code, a secure access code or biometric data.
  - 5. The method of claim 3, wherein the first access-control system is one or more of a physical access control system, a video surveillance system, or a workflow system.
  - 6. The method of claim 1, wherein the determination whether to accord the user access to the second resource is based in part on a time when the user was accorded access to the first resource.
  - 7. The method of claim 1, wherein the second access-control system is one or more of an active directory-based computer system, a virtual private network, or a remote-access control system.
  - 8. The method of claim 1, wherein the determining step is based also on a time-based access rule.
  - 9. The method of claim 1, wherein the determining step is based also on an environmental state.
  - 18. The method of claim 1 wherein the the global access server is further configured to determine whether to accord the user access to the second resource based also on an environmental state.

10. An authentication system comprising:
- a first access-control system controlling access to a first secure resource;
  
  a second access-control system (i) different from the first access-control system and (ii) controlling access to a second secure resource different from the first secure resource; and
  
  a global access server configured to;
  
  (i) provide user access policies based on rules associated with a plurality of access control systems;
  
  (ii) receive a first request from a user to access the first secure resource, the first request comprising a first user authentication credential presented to the first access-control system;
  
  (iii) receive a second request from the user to access the second secure resource, the second request comprising a second user authentication credential different from the first user credential and presented to the second access-control system; and
  
  (iv) in accordance an access policy for the user, determine whether to accord the user access to the second resource based on at least (a) the second user credential and (b) whether the first access-control system accorded the user access to the first secure resource based on the first user authentication credential.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the global access server is further configured to accord the user access to the first resource based on at least the first user credential.
  - 12. The system of claim 10, wherein the first access-control system controls physical access to a site location and the second access-control system controls access to a computer system.
  - 13. The system of claim 10, wherein the first authentication credential is a badge and the second authentication credential is one or more of a password, a screen name, a user identification code, a secure access code or biometric data.
  - 14. The system of claim 10, wherein the first access-control system is one or more of a physical access control system, a video surveillance system, or a workflow system.
  - 15. The system of claim 10, wherein the global access server is further configured to determine whether to accord the user access to the second resource based in part on a time when the user was accorded access to the first resource.
  - 16. The system of claim 10, wherein the second access-control system is one or more of an active directory-based computer system, a virtual private network, or a remote-access control system.
  - 17. The system of claim 10, wherein the global access server is further configured to determine whether to accord the user access to the second resource based also on a time-based access rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Ting, David M. T., Hussain, Omar, LaRoche, Gregg
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US11/698,271
Publication Number

US 20070186106A1
Time in Patent Office

3,134 Days
Field of Search

725/105, 713/155, 713/168, 713/185
US Class Current

1/1
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2463/082   applying multi-factor authe...

H04L 63/0815   providing single-sign-on or...

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

Systems and methods for multi-factor authentication

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for multi-factor authentication

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links