Facilitating multiple authentications
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, at a control layer of a computing resource service provider via an application accessed by a user device, a request to access a service;
receiving, at the control layer of the computing resource service provider via the application, a user identifier and a password associated with the user identifier for accessing the service;
obtaining a first authentication of the user identifier and the password using an authentication directory accessible by the computing resource provider, the authentication directory comprising one of a plurality of directories accessible by the computing resource provider;
at least partly in response to obtaining the first authentication, encrypting the password to create an encrypted password;
transmitting the encrypted password to the application accessed by the user device, wherein the application is configured to decrypt the encrypted password to create a decrypted password and transmit the decrypted password to the user device;
receiving, from the user device, at a data layer of the computing resource provider, and independently of the control layer, the decrypted password; and
obtaining a second authentication of the decrypted password.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques and constructs to facilitate multiple authentications of passwords are described. For instance, the disclosure describes systems and processes that authenticate a password and return an encrypted password that may be subsequently decrypted for additional authentications.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, at a control layer of a computing resource service provider via an application accessed by a user device, a request to access a service; receiving, at the control layer of the computing resource service provider via the application, a user identifier and a password associated with the user identifier for accessing the service; obtaining a first authentication of the user identifier and the password using an authentication directory accessible by the computing resource provider, the authentication directory comprising one of a plurality of directories accessible by the computing resource provider; at least partly in response to obtaining the first authentication, encrypting the password to create an encrypted password; transmitting the encrypted password to the application accessed by the user device, wherein the application is configured to decrypt the encrypted password to create a decrypted password and transmit the decrypted password to the user device; receiving, from the user device, at a data layer of the computing resource provider, and independently of the control layer, the decrypted password; and obtaining a second authentication of the decrypted password. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a control layer accessible by a user device via an application; and a data layer having a plurality of directories and accessible by the application via the control layer, upon a first authentication of user credentials, and by the user device independent of the control layer, upon a second authentication of the user credentials, the plurality of directories including at least an authentication directory, wherein the control layer comprises one or more computing devices programmed to implement; a network interface configured to receive, from the application, a request to access a service by a user device, and the user credentials associated with the user device requesting access to the service; an authentication module configured to obtain the first authentication of the user device from the authentication directory; and an encryption module configured to, at least partly in response to obtaining the first authentication of the user credentials, encrypt at least a portion of the user credentials to create encrypted user credentials, wherein the network interface is further configured to transmit, to the application, the encrypted user credentials, and wherein the encrypted user credentials are decrypted and presented to the data layer to obtain the second authentication of the user device. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method comprising:
-
receiving, from a user device, a request to access an application provided by a computing resource service provider, wherein the application requires that the user device is authenticated, via a first authentication of a password, to create a session with the application and access one or more directories during the session, and authenticated, via a second authentication of the password, to access the one or more directories independently of the session; receiving, from the user device, the password; transmitting, to an authentication module, the password; receiving, from the authentication module, the first authentication of the user credentials; receiving, at least in part in response to an indication that the password will be required to obtain the second authentication, from the authentication module, an encrypted password comprising the password encrypted using a key associated with the application; decrypting the encrypted password to obtain a decrypted password; and transmitting the decrypted password to the user device, wherein the decrypted password is used by the user device to obtain the second authentication. - View Dependent Claims (18, 19, 20)
-
Specification