Security information caching on authentication token
First Claim
1. A method of conducting a multi-factor authentication, the method comprising:
- caching a knowledge factor in a memory of a token, the token having an identifying characteristic representing a possession factor to satisfy possession factor authentication on a security system, wherein the knowledge factor is different from the identifying characteristic representing the possession factor, wherein the token comprises two sub-tokens including a first sub-token with an attachment mechanism to attach to the user'"'"'s body and a second sub-token unattached to the user'"'"'s body to enable demonstration of possession and knowledge of the possession factor and the knowledge factor, respectively, wherein each component of the token, including a controller and the memory, is in the first sub-token or the second sub-token;
monitoring user custody status of the token, said monitoring comprising confirming a continuous user custody by monitoring continual proximity between the first sub-token and the second sub-token via a sensor;
in response to an authentication request during a period of continuous user custody determined based on the monitoring of the user custody status, presenting the identifying characteristic of the token to demonstrate possession of the possession factor to the security system;
in response to the authentication request during the period of continuous user custody determined based on the monitoring of the user custody status, retrieving the knowledge factor from the memory to demonstrate knowledge of the knowledge factor to the security system; and
in response to detecting a break in the continuous user custody, clearing the knowledge factor from the memory.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of operating a security token to authenticate a user in a multi-factor authentication system is disclosed. The method includes: monitoring user custody of the token, the token having an identifying characteristic representing a possession factor for use through possession factor authentication; during a period of continuous user custody of the token based on the monitoring, obtaining a knowledge factor from a user having the continuous user custody; caching the knowledge factor in a memory of the token; and in response to a second authentication request, retrieving the knowledge factor from the memory to demonstrate to an authentication system knowledge of the knowledge factor, during the period of the continuous user custody.
18 Citations
31 Claims
-
1. A method of conducting a multi-factor authentication, the method comprising:
-
caching a knowledge factor in a memory of a token, the token having an identifying characteristic representing a possession factor to satisfy possession factor authentication on a security system, wherein the knowledge factor is different from the identifying characteristic representing the possession factor, wherein the token comprises two sub-tokens including a first sub-token with an attachment mechanism to attach to the user'"'"'s body and a second sub-token unattached to the user'"'"'s body to enable demonstration of possession and knowledge of the possession factor and the knowledge factor, respectively, wherein each component of the token, including a controller and the memory, is in the first sub-token or the second sub-token; monitoring user custody status of the token, said monitoring comprising confirming a continuous user custody by monitoring continual proximity between the first sub-token and the second sub-token via a sensor; in response to an authentication request during a period of continuous user custody determined based on the monitoring of the user custody status, presenting the identifying characteristic of the token to demonstrate possession of the possession factor to the security system; in response to the authentication request during the period of continuous user custody determined based on the monitoring of the user custody status, retrieving the knowledge factor from the memory to demonstrate knowledge of the knowledge factor to the security system; and in response to detecting a break in the continuous user custody, clearing the knowledge factor from the memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus acting as a token to conduct a multi-factor authentication, the apparatus comprising:
-
a sensor to take measurements indicative of user custody status of the token; a controller configured to monitor the measurements to determine a period of continuous user custody of the token based on the user custody status; a memory to cache a knowledge factor; an interface to receive authentication requests; and an identifying characteristic representing a possession factor to satisfy possession factor authentication on a security system, wherein the knowledge factor is different from the identifying characteristic representing the possession factor; wherein the apparatus is configured to present the identifying characteristic of the token to demonstrate possession of the possession factor to the security system, in response to receiving an authentication request at the interface; wherein, during the period of the continuous user custody of the token, the controller is configured to retrieve the knowledge factor from the memory to demonstrate knowledge of the knowledge factor to the security system, in response to receiving the authentication request at the interface; wherein the apparatus comprises two sub-tokens including a first sub-token with an attachment mechanism to attach to the user'"'"'s body and a second sub-token unattached to the user'"'"'s body to enable demonstration of possession and knowledge of the possession factor and the knowledge factor, respectively; wherein the controller is configured to confirm the continuous user custody by monitoring continual proximity between the first sub-token and the second sub-token via the sensor; and wherein each component of the token, including the controller and the memory, is either in the first sub-token or the second sub-token. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification