Security information caching on authentication token
First Claim
1. A method of conducting at least a two-factor authentication, the method comprising:
- caching a knowledge factor in a memory of a token, wherein the knowledge factor represents information known to an authorized user of a security system;
monitoring user custody status of the token, the token having an identifying characteristic representing a possession factor to satisfy possession factor authentication on the security system, wherein the identifying characteristic represents information that verifies the authorized user'"'"'s possession of the token, wherein the knowledge factor is separate and different from the identifying characteristic, and wherein said monitoring includes setting a continuous custody flag in response to determining a user custody of the token;
in response to an authentication request during a period of continuous user custody based on the monitoring of the user custody status, retrieving the knowledge factor from the memory to demonstrate knowledge of the knowledge factor to the security system;
providing access to a list of passwords stored in an encrypted manner and associated with the token;
wherein the knowledge factor is required for decryption of one or more passwords within the list; and
in response detecting a break in the continuous user custody, clearing the knowledge factor from the memory such that, during a next continuous user custody, the knowledge factor has to be re-entered into the memory, wherein said clearing the knowledge factor includes clearing the continuous custody flag.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of operating a security token to authenticate a user in a multi-factor authentication system is disclosed. The method includes: monitoring user custody of the token, the token having an identifying characteristic representing a possession factor for use through possession factor authentication; during a period of continuous user custody of the token based on the monitoring, obtaining a knowledge factor from a user having the continuous user custody; caching the knowledge factor in a memory of the token; and in response to a second authentication request, retrieving the knowledge factor from the memory to demonstrate to an authentication system knowledge of the knowledge factor, during the period of the continuous user custody.
22 Citations
32 Claims
-
1. A method of conducting at least a two-factor authentication, the method comprising:
-
caching a knowledge factor in a memory of a token, wherein the knowledge factor represents information known to an authorized user of a security system; monitoring user custody status of the token, the token having an identifying characteristic representing a possession factor to satisfy possession factor authentication on the security system, wherein the identifying characteristic represents information that verifies the authorized user'"'"'s possession of the token, wherein the knowledge factor is separate and different from the identifying characteristic, and wherein said monitoring includes setting a continuous custody flag in response to determining a user custody of the token; in response to an authentication request during a period of continuous user custody based on the monitoring of the user custody status, retrieving the knowledge factor from the memory to demonstrate knowledge of the knowledge factor to the security system; providing access to a list of passwords stored in an encrypted manner and associated with the token;
wherein the knowledge factor is required for decryption of one or more passwords within the list; andin response detecting a break in the continuous user custody, clearing the knowledge factor from the memory such that, during a next continuous user custody, the knowledge factor has to be re-entered into the memory, wherein said clearing the knowledge factor includes clearing the continuous custody flag. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus acting as a token to conduct at least a two-factor authentication, the apparatus comprising:
-
a sensor to take measurements indicative of user custody status of the token; a controller configured to monitor the measurements to determine a period of continuous user custody of the token based on the user custody status; a memory to cache a knowledge factor, the knowledge factor available during the period of the continuous user custody, wherein the knowledge factor represents information known to an authorized user of a security system; an interface to receive authentication requests; and a token portion with an identifying characteristic representing a possession factor to satisfy possession factor authentication on the security system, wherein the identifying characteristic represents information that verifies the authorized user'"'"'s possession of the token and wherein the knowledge factor is separate and different from the identifying characteristic; wherein the controller is configured to set a continuous custody flag in response to determining user custody based on the monitored measurements; wherein, during the period of the continuous user custody of the token, the controller is configured to retrieve the knowledge factor from the memory to demonstrate knowledge of the knowledge factor to the security system to gain access to a list of encrypted information associated with the token and decryptable by the knowledge factor, in response to receiving a second authentication request at the interface; and wherein, in response detecting a break in the continuous user custody, the controller is configured to clear the continuous custody flag and clear the knowledge factor from the memory such that during a next continuous user custody the knowledge factor has to be re-entered into the memory. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An apparatus comprising:
-
a sensor to take measurements indicative of user custody status of the apparatus; a controller configured to monitor the measurements to determine the user custody status of the apparatus; a token portion with an identifying characteristic representing a possession factor to satisfy possession factor authentication on a security system, wherein the identifying characteristic represents information that verifies an authorized user'"'"'s possession of the token portion; a memory to cache a knowledge factor to satisfy knowledge factor authentication on the security system, wherein the knowledge factor represents information known to the authorized user of the security system and wherein the knowledge factor is separate and different from the identifying characteristic; and an output component configured to demonstrate the knowledge factor or the possession factor to the security system to gain access to a list of encrypted information associated with the token portion and decryptable by the knowledge factor, during a period of continuous user custody according to the user custody status; wherein the controller is configured to set a continuous custody flag in response to determining user custody based on the monitored measurements; wherein the knowledge factor is removed from memory or prevented from being accessed when the period of the continuous user custody ends; and wherein, in response detecting a break in the continuous user custody, the controller is configured to clear the continuous custody flag and the knowledge factor from the memory such that during a next continuous user custody the knowledge factor has to be re-entered into the memory.
-
Specification