US2012079574A1PendingUtilityA1
Predictive Mechanism for Multi-Party Strengthening of Authentication Credentials with Non-Real Time Synchronization
Est. expiryOct 13, 2024(expired)· nominal 20-yr term from priority
H04L 63/08G06F 21/46H04L 2463/081
36
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A mechanism for strengthening authentication credentials for accessing any number of applications across multiple access interfaces and across multiple remote access sites is disclosed. The applications can be accessed by a set of authorized users by using multiple instances of a predictive scheme for generating and synchronizing the authentication credentials and by leveraging pre-existing infrastructure associated with the applications.
Claims
exact text as granted — not AI-modified1 . A method, in an application server, for providing a set of authorized users secure access to a plurality of applications, the method comprising:
receiving, in a credentials generator in the application server, a user's identity of a user in the set of authorized users; identifying, by the credentials generator, a set of applications in the plurality of applications that are accessible by the user; identifying, by the credential generator, a set of periodic events; generating, by the credentials generator, a set of predictive schemes using a combination of each application in the set of applications, each event in the set of periodic events, and the user's identity; and instantiating, by the credentials generator, the set of predictive schemes on a plurality of credential mechanisms in the application server.
2 . The method of claim 1 , further comprising
receiving, by a credentials verifier in the plurality of credential mechanisms, the user's identity, an identified application from the set of applications, and a password; identifying, by the credentials verifier a current event from the set of periodic events; generating, by the credentials verifier, a regenerated password using a predictive scheme in the set of predictive schemes based upon the identified application, the current event, and the identity of the user; and
responsive to the password matching the regenerated password, granting, by the credentials verifier, access to the identified application.
3 . (canceled)
4 . The method of claim 1 , further comprising:
generating by a credential updater in the plurality of credential mechanisms, a set of passwords for the user to access the set of applications, wherein the set of passwords comprises a password for each combination of each application in the set of applications, each event in the set of periodic events, and the user's identity; and storing, by credential update, the set of passwords in a credentials store.
5 - 6 . (canceled)
7 . The method of claim 1 , wherein the plurality of applications are accessible through a plurality of different access interfaces using generated authentication credentials corresponding to each application being accessed.
8 . The method of claim 1 , wherein the plurality of applications are accessible from a plurality of different remote sites and computers.
9 - 12 . (canceled)
13 . The method of claim 1 , wherein each predictive scheme in the set of predictive schemes includes using a difficult to invert one-way function with arguments that include a first seed that is unique to each application of the plurality of applications, a second seed that is unique to each user authorized to access the plurality of applications, and a third seed that is unique to an agreed upon event in the set of periodic events.
14 - 15 . (canceled)
16 . The method of claim 13 , further comprising:
applying a one-way hash to the one-way function.
17 . (canceled)
18 . An authentication system, the authentication system comprising:
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to: receive a user's identity of a user in a set of authorized users; identify a set of applications in a plurality of applications that are accessible by the user; identifying a set of periodic events; generate a set of predictive schemes using a combination of each application in the set of applications, each event in the set of periodic events, and the user's identity; and instantiate the set of predictive schemes on a plurality of credential mechanisms in the system.
19 . The authentication system of claim 18 , wherein the pre-selected predictive scheme includes a difficult to invert one-way function with arguments that comprises a first seed that is unique to each application of the plurality of applications, a second seed that is unique to each user authorized to access the plurality of applications, and a third seed that is unique to an agreed upon deterministic event in the set of periodic events.
20 - 21 . (canceled)
22 . The authentication system of claim 18 , wherein the instructions further cause the processor to:
receive the user's identity, an identified application from the set of applications, and a password; identify a current event from the set of periodic events; generate a regenerated password using a predictive scheme in the set of predictive schemes based upon the identified application, the current event, and the identity of the user; and responsive to the password matching the regenerated password, grant access to the identified application.
23 - 24 . (canceled)
25 . The authentication system of claim 18 , wherein the plurality of applications are accessible through a plurality of different access interfaces using authentication information corresponding to each application being accessed.
26 . The authentication system of claim 18 , wherein the plurality of applications are accessible from a plurality of different remote sites and computers.
27 - 31 . (canceled)
32 . The method of claim 1 , further comprising;
receiving, by a server credentials generator in the plurality of credential mechanisms, the user's identity, an identified application from the set of applications, and a password; identifying, by the server credentials generator, a current event from the set of periodic events; retrieving, by the server credentials generator, a stored password from a credentials store, wherein the stored password is associated with the identified application, the current event, and the user's identity; and responsive to the password matching the stored password, granting, by the server credentials generator, access to the identified application.
33 . The method of claim 1 , wherein the agreed upon event is at least one of a minute of a day, a hour of the day, the day of a week, or the day of the month.
34 . The method of claim 1 , wherein the set of periodic events are agreed upon by the user.
35 . The authentication system of claim 18 , wherein the instructions further cause the processor to:
generate a set of passwords for the user to access the set of applications, wherein the set of passwords comprises a password for each combination of each application in the set of applications, each event in the set of periodic events, and the user's identity; and store the set of passwords in a credentials store.
36 . The authentication system of claim 19 , wherein the instructions further cause the processor to:
apply a one-way hash to the one-way function.
37 . The authentication system of claim 18 , wherein the instructions further cause the processor to:
receive the user's identity, an identified application from the set of applications, and a password; identify a current event from the set of periodic events; retrieve a stored password from a credentials store, wherein the stored password is associated with the identified application, the current event and the user's identity; and responsive to the password matching the stored password, grant access to the identified application.
38 . The authentication system of claim 18 , wherein the agreed upon deterministic event is at least one of a minute of a day, a hour of the day, the day of a week, or the day of the month.
39 . The authentication system of claim 18 , wherein the set of periodic events are agreed upon by the user.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.