System and method for enforcing a policy for an authenticator device

US 9,361,451 B2
Filed: 05/06/2014
Issued: 06/07/2016
Est. Priority Date: 10/07/2011
Status: Active Grant

First Claim

Patent Images

1. A method for authentication on an electronic authenticator device comprising:

defining at least one authenticator device authentication policy;

collecting an authenticator device status assessment;

evaluating policy compliance of the authenticator device status assessment to an associated defined authenticator device authentication policy; and

enforcing use of the authenticator device according to the policy compliance comprising;

if the policy compliance indicates the authenticator device status assessment is in compliance with the authenticator device authentication policy, allowing the authenticator device to be used as an authentication factor; and

if the policy compliance indicates the authenticator device status assessment is not in compliance with the authenticator device authentication policy, preventing the authenticator device from being used as an authentication factor.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method including defining at least one device authentication policy; at a policy engine, initializing authentication policy processing for an authenticator device; collecting device status assessment; evaluating policy compliance of the device status assessment to an associated defined device authentication policy; and enforcing use of the authenticator device according to the policy compliance.

Citations

20 Claims

1. A method for authentication on an electronic authenticator device comprising:
- defining at least one authenticator device authentication policy;
  
  collecting an authenticator device status assessment;
  
  evaluating policy compliance of the authenticator device status assessment to an associated defined authenticator device authentication policy; and
  
  enforcing use of the authenticator device according to the policy compliance comprising;
  
  if the policy compliance indicates the authenticator device status assessment is in compliance with the authenticator device authentication policy, allowing the authenticator device to be used as an authentication factor; and
  
  if the policy compliance indicates the authenticator device status assessment is not in compliance with the authenticator device authentication policy, preventing the authenticator device from being used as an authentication factor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein upon receiving an authentication policy request at a policy engine, initializing authentication policy processing for an authenticator device.
  - 3. The method of claim 1, wherein collecting authenticator device status assessment includes collecting at least one application version number of an application on the authenticator device.
  - 4. The method of claim 3, wherein collecting authenticator device status assessment is performed at an authenticator on the authenticator device, and further comprises, the authenticator communicating the device status assessment to a policy engine.
  - 5. The method of claim 1, wherein collecting authenticator device status assessment includes collecting a vulnerability assessment.
  - 6. The method of claim 5, wherein collecting a vulnerability assessment includes identifying a vulnerability assessment from an object identifier for an operative object of the authenticator device.
  - 7. The method of claim 5, further comprising periodically collecting a vulnerability assessment and generating a historical view of the device status as part of the authenticator device status assessment used in evaluating policy compliance.
  - 8. The method of claim 1, wherein the at least one authenticator device authentication policy is defined through an administrator user interface.
  - 9. The method of claim 8, wherein a plurality of different authenticator device authentication policies are defined for a plurality of different accounts of an authentication system;
    - and a policy engine selects the authenticator device authentication policy for evaluation according to a mapping between the authenticator device and an account.
  - 10. The method of claim 1, wherein a policy engine is integrated with an authentication system in a cloud computing environment.
  - 11. The method of claim 1, wherein allowing the authenticator device to be used as an authentication factor comprises allowing the authenticator device to facilitate transferring a passcode;
    - and preventing the authenticator device from being used as an authentication factor comprises preventing the authenticator device from facilitating transfer of the passcode.
  - 12. The method of claim 11, wherein enforcing use of the authenticator device further includes facilitating an authenticator device update to comply with the associated authenticator device authentication policy.
  - 13. The method of claim 12, further comprising upon completing the authenticator device update, evaluating policy compliance and enforcing use of the authenticator device for at least a second time.
  - 14. The method of claim 11, wherein allowing the authenticator device to be used as an authentication factor and preventing the authenticator device from being used as an authentication factor are executed on the authenticator device.
  - 15. The method of claim 11, wherein allowing the authenticator device to be used as an authentication factor and preventing the authenticator device from being used as an authentication factor are executed in a cloud-based authentication system.
  - 16. The method of claim 11, further comprising at an authenticator of the authenticator device, receiving the passcode;
    - wherein allowing the authenticator device to be used as an authentication factor comprises displaying the passcode; and
      
      wherein preventing the authenticator device from being used as an authentication factor comprises not displaying the passcode.
  - 17. The method of claim 11, further comprising at an authenticator of the authenticator device receiving the passcode;
    - and wherein preventing the authenticator device from being used as an authentication factor comprises invalidating the passcode for authentication.
  - 18. The method of claim 1, wherein preventing the authenticator device from being used as an authentication factor comprises transmitting a message to an authentication system, the message instructing the authentication system to not accept authentication from the authenticator device.
  - 19. The method of claim 1, further comprising at a policy engine, initializing authentication policy processing for an authenticator device.
  - 20. The method of claim 1, wherein allowing the authenticator device to be used as an authentication factor comprises allowing the authenticator device to be used as a secondary authentication factor during or after authentication by a primary authentication factor;
    - wherein the primary authentication factor is distinct from the secondary authentication factor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jonathan, Song, Dug, Goodman, Adam
Primary Examiner(s)
Smithers, Matthew

Application Number

US14/271,258
Publication Number

US 20140245379A1
Time in Patent Office

763 Days
Field of Search

726/1, 726/5, 726/22, 726/25
US Class Current

1/1
CPC Class Codes

G06F 21/34 involving the use of extern...

G06F 21/45 Structures or tools for the...

System and method for enforcing a policy for an authenticator device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enforcing a policy for an authenticator device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links