Client-based authentication

US 9,231,943 B2
Filed: 11/25/2013
Issued: 01/05/2016
Est. Priority Date: 02/16/2011
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus comprising:

one or more processing devices configured to;

acquire network user credentials for a user;

perform a successful network login to a network with the network user credentials; and

store, local to the apparatus, the network user credentials securely as a plurality of encrypted N split-keys respectively corresponding to N authentication mechanisms to authenticate the user to the apparatus with the network user credentials using the locally stored network user credentials, via the N authentication mechanisms, when the network is unavailable.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed.

Citations

15 Claims

1. An apparatus comprising:
- one or more processing devices configured to;
  
  acquire network user credentials for a user;
  
  perform a successful network login to a network with the network user credentials; and
  
  store, local to the apparatus, the network user credentials securely as a plurality of encrypted N split-keys respectively corresponding to N authentication mechanisms to authenticate the user to the apparatus with the network user credentials using the locally stored network user credentials, via the N authentication mechanisms, when the network is unavailable.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the one or more processing devices are configured to:
    - receive successful results to the N authentication mechanisms to decrypt the encrypted N split-keys to have N split-keys; and
      
      reconstruct the network user credentials from the N split-keys.
  - 3. The apparatus of claim 2, wherein the one or more processing devices are configured to provide access to a network resource on the apparatus with the reconstructed network user credentials.
  - 4. The apparatus of claim 1, wherein the network user credentials comprise a user name and a password.
  - 5. The apparatus of claim 1, wherein to store the network user credentials securely includes the processing devices configured to:
    - encrypt the network user credentials with a single key;
      
      split the single key into the N split-keys; and
      
      use the N authentication mechanisms to respectively encrypt the N split-keys to create the encrypted N split-keys.

6. A machine-readable medium that is not a transitory propagating signal, the machine-readable medium including instructions that, when executed by a machine, cause the machine to perform operations comprising:
- acquiring, at an apparatus, network user credentials for a user;
  
  performing, by the apparatus, a successful network login to a network with the network user credentials; and
  
  storing, locally at the apparatus, the network user credentials securely as a plurality of encrypted N split-keys respectively corresponding to N authentication mechanisms to authenticate the user to the apparatus with the network user credentials using the locally stored network user credentials, via the N authentication mechanisms, when the network is unavailable.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The machine-readable medium of claim 6, wherein the operations further comprise:
    - receiving successful results to the N authentication mechanisms to decrypt the encrypted N split-keys to have N split-keys; and
      
      reconstructing the network user credentials from the N split-keys.
  - 8. The machine-readable medium of claim 7, wherein the operations further comprise providing access to a network resource at the apparatus with the reconstructed user credentials.
  - 9. The machine-readable medium of claim 6, wherein the network user credentials comprise a user name and a password.
  - 10. The machine-readable medium of claim 6, wherein storing the network user credentials securely includes:
    - encrypting the network user credentials with a single key;
      
      splitting the single key into the N split-keys; and
      
      using the N authentication mechanisms to respectively encrypt the N split-keys to create the encrypted N split-keys.

11. A method comprising:
- decrypting, by a machine, pieces of a key using multiple authentication techniques, the pieces of the key and the multiple authentication techniques stored locally on a device and accessible when a connection to a network authentication entity is unavailable; and
  
  decrypting, by the machine, an encrypted network user credential by combining the pieces into the key, to provide access to a network resource when the connection to a network authentication entity is unavailable, wherein operations of the machine are performed by one or more hardware processing elements.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the pieces are respectively encrypted with different authentication techniques.
  - 13. The method of claim 11, comprising acquiring the network user credential from a successful login by a user to a network authentication entity when the connection is available.
  - 14. The method of claim 11, comprising:
    - encrypting the network user credentials with the key;
      
      splitting the key into the pieces; and
      
      using different authentication mechanisms to respectively encrypt the pieces.
  - 15. The method of claim 11, comprising using the network user credential to login for a corresponding user in response to decrypting the encrypted user credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Panchapakesan, Santosh Kumar, Hegde, Vinayak
Primary Examiner(s)
Reza, Mohammad W

Application Number

US14/088,634
Publication Number

US 20150149787A1
Time in Patent Office

771 Days
Field of Search

713/184
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 9/085   Secret sharing or secret sp...

H04L 9/321   involving a third party or ...

Client-based authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Client-based authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links