×

Multi-factor authentication and comprehensive login system for client-server networks

  • US 9,374,369 B2
  • Filed: 03/15/2013
  • Issued: 06/21/2016
  • Est. Priority Date: 12/28/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for processing a request to access a target server over a network from a user operating a client computer, the method comprising:

  • receiving, at an authentication server, a request to access the target server from the user operating the client computer, wherein the target server is separate from the authentication server and wherein the target server is accessible to the user executing a web browser on the client computer;

    causing, by the authentication server, user input fields to be displayed on the client computer to prompt the user for entry of user credentials through the web browser;

    issuing, by the authentication server, a challenge to an authorizing client device requiring validation of an identity of the user in response to the request to access the target server;

    sending, from the authentication server, a command to the authorizing client device to prompt the user to input a response to the challenge into the authorizing client device;

    receiving, at the authentication server, verification from the authorizing client device that the response to the challenge is valid;

    evaluating, by the authentication server, at least one item of context information related to the client computer being operated by the user, the at least one item of context information including at least one of a location of the client computer, characteristics of a network to which the client computer is connected, security risk data associated with an application operating on the target server for which the user requests access, an identification of accounts common to both the client computer and the authorizing client device, and an identification of usage anomalies, wherein the at least one item of context information is provided by the client computer to the authentication server separate from the request to access the network resource and separate from the user credentials;

    determining, at the authentication server, a disposition of the request to access the target server based on the verification from the authorizing client device and the evaluation of the at least one item of context information; and

    releasing, by the authentication server, user credentials to a client desktop extension on the client computer when the determined disposition is to grant access, the released user credentials being used by the client computer to obtain access to the target server.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×