Methods and credential servers for controlling access to a computer system

US 9,374,349 B1
Filed: 09/08/2011
Issued: 06/21/2016
Est. Priority Date: 09/08/2011
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a computer system, said method is implemented by a credential server computing device, said method comprising:

receiving, by the credential server computing device, a first request from a workstation computing device, for a temporary single-factor credential associated with a user account;

receiving, by the credential server computing device, a reason selection transmitted from the workstation computing device, wherein the reason selection specifies a reason for requesting the temporary single-factor credential;

generating, by the credential server computing device, a plurality of selectable lifetimes in a list for the temporary single-factor credential based on the reason selection transmitted from the workstation computing device;

transmitting, by the credential server computing device, the plurality of selectable lifetimes to the workstation computing device;

modifying, at a computing device, the user account from requiring multi-factor authentication to permitting single-factor authentication for access to the computer system;

issuing, from the credential server computing device to the workstation computing device, the temporary single-factor credential;

receiving a second request to extend the lifetime of the temporary single-factor credential through a web-based user interface and extending the lifetime of the temporary single-factor credential in response to the request;

receiving, at the credential server computing device, the temporary single-factor credential;

upon receiving the temporary single-factor credential, generating a hash value and associating the hash value with the user account to permit access to the computer system;

disabling, at the computing device, the temporary single-factor credential, when the lifetime ends, such that access to the computer system via the temporary single-factor credential is terminated; and

modifying, at the credential server computing device, the user account to require multi-factor authentication for access to the computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and credential systems for use in controlling access to a computer system are disclosed. One example method includes receiving a request for a temporary single-factor credential associated with a user account, modifying the user account to allow single-factor authentication to permit access to the computer system, issuing the temporary single-factor credential, wherein the password includes a lifetime, disabling the temporary single-factor credential, when the lifetime ends, such that access to the computer system via the temporary single-factor credential is terminated, and modifying the user account associated to require multi-factor authentication for access to the computer system.

Citations

17 Claims

1. A method for controlling access to a computer system, said method is implemented by a credential server computing device, said method comprising:
- receiving, by the credential server computing device, a first request from a workstation computing device, for a temporary single-factor credential associated with a user account;
  
  receiving, by the credential server computing device, a reason selection transmitted from the workstation computing device, wherein the reason selection specifies a reason for requesting the temporary single-factor credential;
  
  generating, by the credential server computing device, a plurality of selectable lifetimes in a list for the temporary single-factor credential based on the reason selection transmitted from the workstation computing device;
  
  transmitting, by the credential server computing device, the plurality of selectable lifetimes to the workstation computing device;
  
  modifying, at a computing device, the user account from requiring multi-factor authentication to permitting single-factor authentication for access to the computer system;
  
  issuing, from the credential server computing device to the workstation computing device, the temporary single-factor credential;
  
  receiving a second request to extend the lifetime of the temporary single-factor credential through a web-based user interface and extending the lifetime of the temporary single-factor credential in response to the request;
  
  receiving, at the credential server computing device, the temporary single-factor credential;
  
  upon receiving the temporary single-factor credential, generating a hash value and associating the hash value with the user account to permit access to the computer system;
  
  disabling, at the computing device, the temporary single-factor credential, when the lifetime ends, such that access to the computer system via the temporary single-factor credential is terminated; and
  
  modifying, at the credential server computing device, the user account to require multi-factor authentication for access to the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the temporary single-factor credential includes a temporary password.
  - 3. The method of claim 1, wherein issuing the temporary single-factor credential includes issuing the temporary single-factor credential for one of the workstation computing device and an application incompatible with multi-factor authentication.
  - 4. The method of claim 3, further comprising receiving multi-factor authentication from a user prior to modifying, at the credential server computing device, the user account to permit single-factor authentication.
  - 5. The method of claim 1, further comprising providing for presentation to a user the web-based user interface to receive the first request from the user.
  - 6. The method of claim 1, wherein the lifetime of the temporary single-factor credential includes one of about 2 hours, about 4 hours, about 10 hours, and about 1 week.
  - 7. The method of claim 6, further comprising receiving a third request to end the lifetime of the temporary single-factor credential.
  - 8. The method of claim 1, wherein the multi-factor authentication is two-factor authentication.

9. A credential server for use in controlling access to a computer system, said credential server comprising:
- a memory device storing a user account; and
  
  a processor coupled to the memory device, said processor configured to;
  
  receive a first request from a workstation computing device for a temporary single-factor credential associated with the user account;
  
  receive a reason selection transmitted from the workstation computing device, wherein the reason selection specifies a reason for requesting the temporary single-factor credential;
  
  generate a plurality of selectable lifetimes in a list for the temporary single-factor credential based on the reason selection transmitted from the workstation computing device;
  
  transmit the plurality of selectable lifetimes to the workstation computing device;
  
  modify the user account from requiring multi-factor authentication to permitting single-factor authentication for access to the computer system;
  
  issue the temporary single-factor credential to the workstation computing device;
  
  receive a second request to extend the lifetime of the temporary single-factor credential through a web-based user interface and extend the lifetime of the temporary single-factor credential in response to the request;
  
  receive the temporary single-factor credential;
  
  upon receiving the temporary single-factor credential, generate a hash value and associate the hash value with the user account to permit access to the computer system;
  
  disable the temporary single-factor credential, when the lifetime ends, such that access to the computer system via the temporary single-factor credential is terminated; and
  
  modify the user account to require multi-factor authentication for access to the computer system.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The credential server of claim 9, wherein said processor is further configured to end the lifetime of the temporary single-factor credential in response to a third request from a user.
  - 11. The credential server of claim 9, wherein said processor is further configured to send a message to a user associated with the user account, when the temporary single-factor credential is disabled.
  - 12. The credential server of claim 11, wherein said processor is further configured to provide the web-based user interface for presentation to a user, the web-based user interface including a reason field to receive the reason for issuing the temporary credential.
  - 13. The credential server of claim 9, wherein said processor includes a plurality of processors, a first one of said plurality of processors being located remote from a second one of said plurality of processors, andwherein said first one of said plurality of processors is configured to receive the first request for a temporary single-factor credential associated with the user account, and said second one of said plurality of processor is configured to issue the temporary single-factor credential having the lifetime.

14. One or more non-transitory computer-readable storage media having computer-executable instructions embodied thereon, wherein when executed by at least one processor, the computer-executable instructions cause the processor to:
- receive a first request from a workstation computing device for a temporary single-factor credential associated with a user account;
  
  receive a reason selection transmitted from the workstation computing device, wherein the reason selection specifies a reason for requesting the temporary single-factor credential;
  
  generate a plurality of selectable lifetimes in a list for the temporary single-factor credential based on the reason selection transmitted from the workstation computing device;
  
  transmit the plurality of selectable lifetimes to the workstation computing device;
  
  modify the user account from requiring multi-factor authentication to permitting single-factor authentication for access to a computer system;
  
  issue the temporary single-factor credential to the workstation computing device;
  
  receive a second request to extend the lifetime of the temporary single-factor credential through a web-based user interface and extend the lifetime of the temporary single-factor credential in response to the request;
  
  receive the temporary single-factor credential;
  
  upon receiving the temporary single-factor credential, generate a hash value and associate the hash value with the user account to permit access to the computer system;
  
  modify the user account associated to permit single-factor authentication for access to the computer system; and
  
  disable the temporary credential, when the lifetime ends, such that access to the computer system via the temporary single-factor credential is terminated.
- View Dependent Claims (15, 16, 17)
- - 15. The one or more non-transitory computer-readable storage media of claim 14, wherein when executed by the at least one processor, the computer-executable instructions further cause the processor to modify, after the temporary single-factor credential is disabled, the user account associated to permit multi-factor authentication for access to the computer system.
  - 16. The one or more non-transitory computer-readable storage media of claim 14, wherein when executed by the at least one processor, the computer-executable instructions further cause the processor to end the lifetime of the temporary single-factor credential in response to a third request from a user.
  - 17. The one or more non-transitory computer-readable storage media of claim 14, wherein when executed by the processor, the computer-executable instructions further cause the at least one processor to provide the web-based user interface for presentation to a user, the web-based user interface indicating the user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Corlett, Douglas Dwyer, Weber, Jeffrey Lee, Larson, Todd Andrew, Hagerman, Ronald Christopher, Jones, Adam D., Huynh, Frank
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US13/227,980
Time in Patent Office

1,748 Days
Field of Search

726/5
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

Methods and credential servers for controlling access to a computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and credential servers for controlling access to a computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links