Password authentication

US 9,769,179 B2
Filed: 05/16/2016
Issued: 09/19/2017
Est. Priority Date: 02/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a credential to access a computer system, the credential comprising a user password and a one-time password (OTP);

in response to the computer system being unable to access an authentication server and unable to authenticate the OTP using the authentication server, storing, by a processor, the OTP and the user password to be used in a subsequent authentication by the authentication server and granting a user a first level of access to the computer system in view of authenticating the user password by the processor using a stored password and without authenticating the OTP;

checking whether the computer system is able to access the authentication server; and

in response to the computer system being able to access the authentication server, authenticating the stored OTP using the authentication server and granting, by the processor, the user a second level of access to the computer system, the second level of access being different than the first level of access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user credential comprising a user password and a one-time password (OTP) may be provided to access a computing system. The user password is authenticated and the network connection status of the computing system is determined. If the computing system is offline, the user password and the OTP are stored in memory and the user is granted a first level of access to the computing system. Upon detecting that the network connection status of the computing system has changed to online, the user password and the OTP are provided to an authentication server for authentication. If the authentication of the user password and the OTP is successful, the user is granted a second level of access to the computing system, the second level of access being higher than the first level of access.

Citations

20 Claims

1. A method, comprising:
- receiving a credential to access a computer system, the credential comprising a user password and a one-time password (OTP);
  
  in response to the computer system being unable to access an authentication server and unable to authenticate the OTP using the authentication server, storing, by a processor, the OTP and the user password to be used in a subsequent authentication by the authentication server and granting a user a first level of access to the computer system in view of authenticating the user password by the processor using a stored password and without authenticating the OTP;
  
  checking whether the computer system is able to access the authentication server; and
  
  in response to the computer system being able to access the authentication server, authenticating the stored OTP using the authentication server and granting, by the processor, the user a second level of access to the computer system, the second level of access being different than the first level of access.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - in response to authenticating the stored OTP and the stored user password, granting the user an access ticket to access one or more of network resources and network services.
  - 3. The method of claim 1 further comprising:
    - after failing to authenticate the stored OTP or the stored user password, performing one or more security measures.
  - 4. The method of claim 3, wherein performing the one or more security measures comprises locking the computer system in response to the stored user password being invalid.
  - 5. The method of claim 3, wherein performing the one or more security measures comprises:
    - requesting a second OTP if the stored OTP is invalid;
      
      receiving the second OTP;
      
      authenticating the second OTP and the stored user password using the authentication server; and
      
      after authenticating the second OTP and the stored user password, granting the user the second level of access to the computer system.
  - 6. The method of claim 5, further comprising:
    - after failing to authenticate the second OTP or the stored user password, locking the computer system.
  - 7. The method of claim 1, wherein the OTP comprises an event-based OTP.

8. An apparatus comprising:
- a memory to store a one-time password (OTP); and
  
  a processor, operatively coupled to the memory, to;
  
  receive a credential to access a computer system, the credential comprising a user password and the one-time password (OTP);
  
  in response to the computer system being unable to access an authentication server and unable to authenticate the OTP using the authentication server, store the OTP and the user password to be used in a subsequent authentication by the authentication server and grant a user account a first level of access to the computer system in view of authenticating the user password using a stored password and without authenticating the OTP;
  
  check whether the computer system is able to access the authentication server; and
  
  in response to the computer system being able to access the authentication server, authenticating the stored OTP using the authentication server and granting the user account a second level of access to the computer system, the second level of access being different than the first level of access.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the processor is further to:
    - in response to authenticating the stored OTP and the stored user password, grant the user account an access ticket to access one or more of network resources and network services.
  - 10. The apparatus of claim 8, wherein the processor is further to:
    - after failing to authenticate the stored OTP or the stored user password, perform one or more security measures.
  - 11. The apparatus of claim 10, wherein to perform the one or more security measures, the processor is to lock the computer system in response to the stored user password being invalid.
  - 12. The apparatus of claim 10, wherein to perform the one or more security measures, the processor to:
    - request a second OTP if the stored OTP is invalid;
      
      receive the second OTP;
      
      authenticate the second OTP and the stored user password using the authentication server; and
      
      after authenticating the second OTP and the stored user password, grant the user account the second level of access to the computer system.
  - 13. The apparatus of claim 12, wherein the processor is further to:
    - after failing to authenticate the second OTP or the stored user password, lock the computer system.
  - 14. The apparatus of claim 8, wherein the OTP comprises an event-based OTP.

15. A non-transitory machine-readable storage medium comprising instructions that, when executed by a processor, cause the processor to:
- receive a credential to access a computer system, the credential comprising a user password and a one-time password (OTP);
  
  in response to the computer system being unable to access an authentication server and unable to authenticate the OTP using the authentication server, store, by the processor, the OTP and the user password to be used in a subsequent authentication by the authentication server and grant a user a first level of access to the computer system in view of authenticating the user password by the processor using a stored password and without authenticating the OTP;
  
  check whether the computer system is able to access the authentication server; and
  
  in response to the computer system being able to access the authentication server, authenticate the stored OTP and the user password using the authentication server and granting, by the processor, the user a second level of access to the computer system, the second level of access being different than the first level of access.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable storage medium of claim 15, wherein the processor is further to:
    - in response to authenticating the stored OTP and the stored user password, grant the user an access ticket to access one or more of network resources and network services.
  - 17. The non-transitory machine-readable storage medium of claim 15, wherein the processor further to:
    - after failing to authenticate the stored OTP or the stored user password, perform one or more security measures.
  - 18. The non-transitory machine-readable storage medium of claim 17, wherein to perform the one or more security measures the processor to lock the computer system if the stored user password is invalid.
  - 19. The non-transitory machine-readable storage medium of claim 17, wherein to perform the one or more security measures the processor to:
    - request a second OTP when the stored OTP is invalid;
      
      receive the second OTP;
      
      authenticate the second OTP and the stored user password using the authentication server; and
      
      after authenticating the second OTP and the stored user password, grant the user the second level of access to the computer system.
  - 20. The non-transitory machine-readable storage medium of claim 19, wherein the processor is further to:
    - after failing to authenticate the second OTP or the stored user password, lock the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Pal, Dmitri V., Gallagher, Stephen J.
Primary Examiner(s)
JHAVERI, JAYESH M

Application Number

US15/156,064
Publication Number

US 20160261604A1
Time in Patent Office

491 Days
Field of Search

726 5- 10, 726 19, 713182-185
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/105   Multiple levels of security

H04L 9/3215   using a plurality of channe...

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

Password authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Password authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links