Access point—authentication server combination
First Claim
1. A method of controlling access to a protected resource, the method comprising:
- providing, by a SOHO (small office/home office) device connected to a private network and to a public network, a tokencode prompt to a user device roaming on the public network, the tokencode prompt requesting a tokencode from an electronic token possessed by a user of the user device, the SOHO device including a database containing a set of token seeds from which expected one-time use passcodes (OTPs) are derived;
receiving, by the SOHO device from the user device, a current tokencode from the electronic token possessed by the user; and
performing, by the SOHO device, an authentication operation based on the current tokencode, a result of the authentication operation (i) permitting the user to access the protected resource when the authentication operation determines that the user is legitimate and (ii) denying the user access to the protected resource when the authentication operation determines that the user is not legitimate;
wherein the SOHO device is a network firewall unit having (i) network ports and (ii) a controller which performs network firewall operations to control network traffic between the network ports; and
wherein performing the authentication operation includes;
running, by the controller of the network firewall unit, a tokencode authentication server; and
locally comparing, by the tokencode authentication server run by the controller of the network firewall unit, the current tokencode to an expected tokencode to determine whether the user is legitimate,and wherein the method further comprises;
providing, by the SOHO device, a token seed from the database to the electronic token possessed by the user to configure the electronic token to provide, as tokencodes, current OTPs for comparison with the expected OTPs during authentication; and
providing the user device roaming on the public network with control of a home appliance on the private network when the user is legitimate.
18 Assignments
0 Petitions
Accused Products
Abstract
A technique controls access to a protected resource. The technique involves providing a tokencode prompt to a user. The tokencode prompt requests a tokencode from an electronic token in possession of the user. The technique further involves receiving, in response to the tokencode prompt, a current tokencode from the electronic token in possession of the user. The technique further involves performing, by a SOHO device having an embedded tokencode authentication server, an authentication operation based on the current tokencode. A result of the authentication operation (i) permits the user to access the protected resource when the authentication operation determines that the user is legitimate and (ii) denies the user access to the protected resource when the authentication operation determines that the user is not legitimate. For example, the SOHO device may be a NAS device or a firewall device which with tokencode authentication capabilities.
86 Citations
15 Claims
-
1. A method of controlling access to a protected resource, the method comprising:
-
providing, by a SOHO (small office/home office) device connected to a private network and to a public network, a tokencode prompt to a user device roaming on the public network, the tokencode prompt requesting a tokencode from an electronic token possessed by a user of the user device, the SOHO device including a database containing a set of token seeds from which expected one-time use passcodes (OTPs) are derived; receiving, by the SOHO device from the user device, a current tokencode from the electronic token possessed by the user; and performing, by the SOHO device, an authentication operation based on the current tokencode, a result of the authentication operation (i) permitting the user to access the protected resource when the authentication operation determines that the user is legitimate and (ii) denying the user access to the protected resource when the authentication operation determines that the user is not legitimate; wherein the SOHO device is a network firewall unit having (i) network ports and (ii) a controller which performs network firewall operations to control network traffic between the network ports; and wherein performing the authentication operation includes; running, by the controller of the network firewall unit, a tokencode authentication server; and locally comparing, by the tokencode authentication server run by the controller of the network firewall unit, the current tokencode to an expected tokencode to determine whether the user is legitimate, and wherein the method further comprises; providing, by the SOHO device, a token seed from the database to the electronic token possessed by the user to configure the electronic token to provide, as tokencodes, current OTPs for comparison with the expected OTPs during authentication; and providing the user device roaming on the public network with control of a home appliance on the private network when the user is legitimate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 15)
-
-
11. A small office/home office (SOHO) apparatus, comprising:
-
a network interface connected to a private network and to a public network; memory, the memory storing a database containing a set of token seeds from which expected one-time use passcodes (OTPs) are derived; and control circuitry coupled to the network interface and the memory, the memory storing instructions which, when carried out by the control circuitry, cause the control circuitry to; provide, through the network interface, a tokencode prompt to a user device roaming on the network, the tokencode prompt requesting a tokencode from an electronic token possessed by a user, receive a current tokencode from the electronic token possessed by the user through the network interface, and perform an authentication operation based on the current tokencode, a result of the authentication operation (i) permitting the user to access the protected resource when the authentication operation determines that the user is legitimate and (ii) denying the user access to the protected resource when the authentication operation determines that the user is not legitimate; wherein the network interface includes network ports; wherein the control circuitry is constructed and arranged to perform network firewall operations to control network traffic between the network ports; and wherein the control circuitry, when performing the authentication operation, is constructed and arranged to; run a tokencode authentication server; and locally compare, by the tokencode authentication server, the current tokencode to an expected tokencode to determine whether the user is legitimate, and wherein the control circuitry is further constructed and arranged to; provide, by the SOHO device, a token seed from the database to the electronic token possessed by the user to configure the electronic token to provide, as tokencodes, current OTPs for comparison with the expected OTPs during authentication; and provide the user device roaming on the public computer network with control of a home appliance on the private network when the user is legitimate. - View Dependent Claims (12, 13)
-
-
14. A computer program product having a non-transitory computer readable medium which stores a set of instructions to
control access to a protected resource, the set of instructions, when carried out by computerized circuitry of a set of small office/home office (SOHO) devices on a private network, causing the computerized circuitry of the set of SOHO devices to perform a method of: -
providing, via communication over the private network and over a public network, a tokencode prompt to a user device roaming on the public network, the tokencode prompt requesting a tokencode from an electronic token possessed by a user, the SOHO device including a database containing a set of token seeds from which expected one-time use passcodes (OTPs) are derived; receiving, from the user device, a current tokencode from the electronic token possessed by the user; and performing an authentication operation based on the current tokencode, a result of the authentication operation (i) permitting the user to access the protected resource when the authentication operation determines that the user is legitimate and (ii) denying the user access to the protected resource when the authentication operation determines that the user is not legitimate; wherein the set of SOHO devices includes a network firewall unit having (i) network ports and (ii) a controller which performs network firewall operations to control network traffic between the network ports; and wherein performing the authentication operation includes; running, by the controller of the network firewall unit, a tokencode authentication server; and locally comparing, by the tokencode authentication server run by the controller of the network firewall unit, the current tokencode to an expected tokencode to determine whether the user is legitimate, and wherein the method further comprises; providing, by the SOHO device, a token seed from the database to the electronic token possessed by the user to configure the electronic token to provide, as tokencodes, current OTPs for comparison with the expected OTPs during authentication; and providing the user device roaming on the public network with control of a home appliance on the private network when the user is legitimate.
-
Specification