US2012079574A1PendingUtilityA1

Predictive Mechanism for Multi-Party Strengthening of Authentication Credentials with Non-Real Time Synchronization

36
Assignee: KOH ENG-KIATPriority: Oct 13, 2004Filed: Oct 14, 2011Published: Mar 29, 2012
Est. expiryOct 13, 2024(expired)· nominal 20-yr term from priority
H04L 63/08G06F 21/46H04L 2463/081
36
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A mechanism for strengthening authentication credentials for accessing any number of applications across multiple access interfaces and across multiple remote access sites is disclosed. The applications can be accessed by a set of authorized users by using multiple instances of a predictive scheme for generating and synchronizing the authentication credentials and by leveraging pre-existing infrastructure associated with the applications.

Claims

exact text as granted — not AI-modified
1 . A method, in an application server, for providing a set of authorized users secure access to a plurality of applications, the method comprising:
 receiving, in a credentials generator in the application server, a user's identity of a user in the set of authorized users;   identifying, by the credentials generator, a set of applications in the plurality of applications that are accessible by the user;   identifying, by the credential generator, a set of periodic events;   generating, by the credentials generator, a set of predictive schemes using a combination of each application in the set of applications, each event in the set of periodic events, and the user's identity; and   instantiating, by the credentials generator, the set of predictive schemes on a plurality of credential mechanisms in the application server.   
     
     
         2 . The method of  claim 1 , further comprising
 receiving, by a credentials verifier in the plurality of credential mechanisms, the user's identity, an identified application from the set of applications, and a password;   identifying, by the credentials verifier a current event from the set of periodic events;   generating, by the credentials verifier, a regenerated password using a predictive scheme in the set of predictive schemes based upon the identified application, the current event, and the identity of the user; and   
       responsive to the password matching the regenerated password, granting, by the credentials verifier, access to the identified application. 
     
     
         3 . (canceled) 
     
     
         4 . The method of  claim 1 , further comprising:
 generating by a credential updater in the plurality of credential mechanisms, a set of passwords for the user to access the set of applications, wherein the set of passwords comprises a password for each combination of each application in the set of applications, each event in the set of periodic events, and the user's identity; and   storing, by credential update, the set of passwords in a credentials store.   
     
     
         5 - 6 . (canceled) 
     
     
         7 . The method of  claim 1 , wherein the plurality of applications are accessible through a plurality of different access interfaces using generated authentication credentials corresponding to each application being accessed. 
     
     
         8 . The method of  claim 1 , wherein the plurality of applications are accessible from a plurality of different remote sites and computers. 
     
     
         9 - 12 . (canceled) 
     
     
         13 . The method of  claim 1 , wherein each predictive scheme in the set of predictive schemes includes using a difficult to invert one-way function with arguments that include a first seed that is unique to each application of the plurality of applications, a second seed that is unique to each user authorized to access the plurality of applications, and a third seed that is unique to an agreed upon event in the set of periodic events. 
     
     
         14 - 15 . (canceled) 
     
     
         16 . The method of  claim 13 , further comprising:
 applying a one-way hash to the one-way function.   
     
     
         17 . (canceled) 
     
     
         18 . An authentication system, the authentication system comprising:
 a processor; and   a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to:   receive a user's identity of a user in a set of authorized users;   identify a set of applications in a plurality of applications that are accessible by the user;   identifying a set of periodic events;   generate a set of predictive schemes using a combination of each application in the set of applications, each event in the set of periodic events, and the user's identity; and   instantiate the set of predictive schemes on a plurality of credential mechanisms in the system.   
     
     
         19 . The authentication system of  claim 18 , wherein the pre-selected predictive scheme includes a difficult to invert one-way function with arguments that comprises a first seed that is unique to each application of the plurality of applications, a second seed that is unique to each user authorized to access the plurality of applications, and a third seed that is unique to an agreed upon deterministic event in the set of periodic events. 
     
     
         20 - 21 . (canceled) 
     
     
         22 . The authentication system of  claim 18 , wherein the instructions further cause the processor to:
 receive the user's identity, an identified application from the set of applications, and a password;   identify a current event from the set of periodic events;   generate a regenerated password using a predictive scheme in the set of predictive schemes based upon the identified application, the current event, and the identity of the user; and   responsive to the password matching the regenerated password, grant access to the identified application.   
     
     
         23 - 24 . (canceled) 
     
     
         25 . The authentication system of  claim 18 , wherein the plurality of applications are accessible through a plurality of different access interfaces using authentication information corresponding to each application being accessed. 
     
     
         26 . The authentication system of  claim 18 , wherein the plurality of applications are accessible from a plurality of different remote sites and computers. 
     
     
         27 - 31 . (canceled) 
     
     
         32 . The method of  claim 1 , further comprising;
 receiving, by a server credentials generator in the plurality of credential mechanisms, the user's identity, an identified application from the set of applications, and a password;   identifying, by the server credentials generator, a current event from the set of periodic events;   retrieving, by the server credentials generator, a stored password from a credentials store, wherein the stored password is associated with the identified application, the current event, and the user's identity; and   responsive to the password matching the stored password, granting, by the server credentials generator, access to the identified application.   
     
     
         33 . The method of  claim 1 , wherein the agreed upon event is at least one of a minute of a day, a hour of the day, the day of a week, or the day of the month. 
     
     
         34 . The method of  claim 1 , wherein the set of periodic events are agreed upon by the user. 
     
     
         35 . The authentication system of  claim 18 , wherein the instructions further cause the processor to:
 generate a set of passwords for the user to access the set of applications, wherein the set of passwords comprises a password for each combination of each application in the set of applications, each event in the set of periodic events, and the user's identity; and   store the set of passwords in a credentials store.   
     
     
         36 . The authentication system of  claim 19 , wherein the instructions further cause the processor to:
 apply a one-way hash to the one-way function.   
     
     
         37 . The authentication system of  claim 18 , wherein the instructions further cause the processor to:
 receive the user's identity, an identified application from the set of applications, and a password;   identify a current event from the set of periodic events;   retrieve a stored password from a credentials store, wherein the stored password is associated with the identified application, the current event and the user's identity; and   responsive to the password matching the stored password, grant access to the identified application.   
     
     
         38 . The authentication system of  claim 18 , wherein the agreed upon deterministic event is at least one of a minute of a day, a hour of the day, the day of a week, or the day of the month. 
     
     
         39 . The authentication system of  claim 18 , wherein the set of periodic events are agreed upon by the user.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.