Methods for facilitating improved user authentication using persistent data and devices thereof

US 9,635,024 B2
Filed: 12/15/2014
Issued: 04/25/2017
Est. Priority Date: 12/16/2013
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating improved user authentication using persistent data, the method comprising:

obtaining, by an access policy management device, a first set of attributes based on a login request received from a client device, the first set of attributes including at least credentials for a user of the client device;

identifying, by the access policy management device, a persistent data store record for the user and importing at least a second set of attributes associated with the user and included in the persistent data store record into a session cache record for the user;

generating, by the access policy management device, a confidence level based on a comparison of a fingerprint comprising at least a subset of the second set of attributes to the first set of attributes, wherein the at least a subset of the second set of attributes comprise data obtained during prior sessions for the user;

determining, by the access policy management device, when the confidence level exceeds a threshold confidence level;

initiating, by the access policy management device, a multifactor authentication to determine when the user is authenticated by requesting authentication data from the client device for each of a plurality of factors, when the determining indicates that the confidence level does not exceed the threshold confidence level; and

establishing, by the access policy management device, a session for the user and allowing access by the user to one or more network resources, when the determining indicates that the user is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, non-transitory computer readable medium, and access policy management computing device that obtains a first set of attributes based on a login request received from a client device. The first set of attributes includes at least credentials for a user of the client device. A persistent data store record for the user is identified and a second set of attributes associated with the user, and included in the persistent data store record, is imported into a session cache record for the user. A fingerprint including the second set of attributes is compared to the first set of attributes. A multifactor or single factor authentication is initiated based on a result of the comparison to determine when the credentials for the user are valid. A session for the user is established and access by the user to network resource(s) is allowed, when the credentials for the user are valid.

130 Citations

15 Claims

1. A method for facilitating improved user authentication using persistent data, the method comprising:
- obtaining, by an access policy management device, a first set of attributes based on a login request received from a client device, the first set of attributes including at least credentials for a user of the client device;
  
  identifying, by the access policy management device, a persistent data store record for the user and importing at least a second set of attributes associated with the user and included in the persistent data store record into a session cache record for the user;
  
  generating, by the access policy management device, a confidence level based on a comparison of a fingerprint comprising at least a subset of the second set of attributes to the first set of attributes, wherein the at least a subset of the second set of attributes comprise data obtained during prior sessions for the user;
  
  determining, by the access policy management device, when the confidence level exceeds a threshold confidence level;
  
  initiating, by the access policy management device, a multifactor authentication to determine when the user is authenticated by requesting authentication data from the client device for each of a plurality of factors, when the determining indicates that the confidence level does not exceed the threshold confidence level; and
  
  establishing, by the access policy management device, a session for the user and allowing access by the user to one or more network resources, when the determining indicates that the user is authenticated.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - initiating, by the access policy management device, a write of user data associated with the user at the session cache record; and
      
      marking, by the access policy management device, the session cache record as updated.
  - 3. The method of claim 1, further comprising:
    - initiating, by the access policy management device, a write of user data associated with the user at the persistent data store record;
      
      andmarking, by the access policy management device the session cache record as invalid.
  - 4. The method of claim 1, further comprising:
    - periodically retrieving, by the access policy management device, the session cache record;
      
      determining, by the access policy management device, when the session cache record is marked as updated; and
      
      synchronizing, by the access policy management device, the persistent data store record and the session cache record and marking the session cache record as not updated when the determining indicates that the session cache record is marked as updated.
  - 5. The method of claim 1, wherein the establishing further comprises storing an indication of an authentication pass event in the persistent data store record and the method further comprises denying, by the access policy management device, access by the user to the one or more network resources and storing an indication of an authentication fail event in the session cache record for the user, when the determining indicates that the user is authenticated.

6. An access policy management device, comprising a processor and a memory coupled to the processor, wherein the memory comprises programmed instructions stored in the memory and a session cache and the processor is configured to be capable of executing the programmed instructions stored in the memory to:
- obtain a first set of attributes based on a login request received from a client device, the first set of attributes including at least credentials for a user of the client device;
  
  identify a persistent data store record for the user and importing at least a second set of attributes associated with the user and included in the persistent data store record into a record for the user in the session cache;
  
  generate a confidence level based on a comparison of a fingerprint comprising at least a subset of the second set of attributes to the first set of attributes;
  
  determine when the confidence level exceeds a threshold confidence level;
  
  initiate a multifactor authentication to determine when the user is authenticated by requesting authentication data from the client device for each of a plurality of factors, when the determining indicates that the confidence level does not exceed the threshold confidence level; and
  
  establish a session for the user and allowing access by the user to one or more network resources, when the determining indicates that the user is authenticated.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The access policy management device of claim 6, wherein the processor coupled to the memory is further configured to be capable of executing the programmed instructions stored in the memory to:
    - initiate a write of user data associated with the user at the session cache record; and
      
      mark the session cache record as updated.
  - 8. The access policy management device of claim 6, wherein the processor coupled to the memory is further configured to be capable of executing the programmed instructions stored in the memory to:
    - initiate a write of user data associated with the user at the persistent data store record;
      
      andmark the session cache record as invalid.
  - 9. The access policy management device of claim 6, wherein the processor coupled to the memory is further configured to be capable of executing the programmed instructions stored in the memory to:
    - periodically retrieve the session cache record;
      
      determine when the session cache record is marked as updated; and
      
      synchronize the persistent data store record and the session cache record and marking the session cache record as not updated when the determining indicates that the session cache record is marked as updated.
  - 10. The access policy management device of claim 6, wherein the establishing further comprises storing an indication of an authentication pass event in the persistent data store record and the processor coupled to the memory is further configured to be capable of exe executing the programmed instructions stored in the memory to deny access by the user to the one or more network resources and storing an indication of an authentication fail event in the session cache record for the user, when the determining indicates that the user is authenticated.

11. A non-transitory computer readable medium having stored thereon executable instructions for facilitating improved user authentication using persistent data comprising executable code which when executed by a processor, causes the processor to perform steps comprising:
- obtaining a first set of attributes based on a login request received from a client device, the first set of attributes including at least credentials for a user of the client device;
  
  identifying a persistent data store record for the user and importing at least a second set of attributes associated with the user and included in the persistent data store record into a session cache record for the user;
  
  generating a confidence level based on a comparison of a fingerprint comprising at least a subset of the second set of attributes to the first set of attributes;
  
  determining when the confidence level exceeds a threshold confidence level;
  
  initiating a multifactor authentication to determine when the user is authenticated by requesting authentication data from the client device for each of a plurality of factors, when the determining indicates that the confidence level does not exceed the threshold confidence level; and
  
  establishing a session for the user and allowing access by the user to one or more network resources, when the determining indicates that the user is authenticated.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer readable medium of claim 11, wherein the executable code when executed by the processor further causes the processor to perform steps further comprising:
    - initiating a write of user data associated with the user at the session cache record; and
      
      marking the session cache record as updated.
  - 13. The non-transitory computer readable medium of claim 11, wherein the executable code when executed by the processor further causes the processor to perform steps further comprising:
    - initiating a write of user data associated with the user at the persistent data store record;
      
      andmarking the session cache record as invalid.
  - 14. The non-transitory computer readable medium of claim 11, wherein the executable code when executed by the processor further causes the processor to perform steps further comprising:
    - periodically retrieving the session cache record;
      
      determining when the session cache record is marked as updated; and
      
      synchronizing the persistent data store record and the session cache record and marking the session cache record as not updated when the determining indicates that the session cache record is marked as updated.
  - 15. The non-transitory computer readable medium of claim 11, wherein the establishing further comprises storing an indication of an authentication pass event in the persistent data store record and the executable code when executed by the processor further causes the processor to perform steps further comprising denying access by the user to the one or more network resources and storing an indication of an authentication fail event in the session cache record for the user, when the determining indicates that the user is authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Pisharody, Vinod, Jain, Amit
Primary Examiner(s)
Avery, Jeremiah

Application Number

US14/570,128
Publication Number

US 20150215314A1
Time in Patent Office

862 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/245   Query processing

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0861   using biometrical features,...

Methods for facilitating improved user authentication using persistent data and devices thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

130 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for facilitating improved user authentication using persistent data and devices thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links