Rich token rejection system
US-2021136113-A1 · May 6, 2021 · US
Computing session multi-factor authentication
US12101319B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12101319-B2 |
| Application number | US-202117448536-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 23, 2021 |
| Priority date | Jul 6, 2021 |
| Publication date | Sep 24, 2024 |
| Grant date | Sep 24, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computing device includes a memory and a processor configured to cooperate with the memory to receive a connection lease and a token from a client device, with the token being generated responsive to the client device completing multi-factor authentication (MFA) with a provider of MFA. The processor further verifies, responsive to unavailability of the provider of MFA, that the client device has previously performed MFA based upon the token, and connect the client device to a computing session with use of the connection lease and responsive to the verification that the client device has performed MFA.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computing device comprising: a memory and a processor configured to cooperate with the memory to: receive a connection lease and a token from a client device, the token being generated responsive to the client device completing Multi-Factor Authentication (MFA) with a provider of MFA in compliance with an MFA policy; verify, responsive to unavailability of the provider of MFA, that the client device has previously performed MFA based upon the token and a secondary information, wherein the secondary information is selected from an IP address for a prior successful MFA, a latency associated with communications with the client device, or a combination thereof; change a level of access associated with a computing session responsive to an identity provider being offline; and connect the client device to the computing session with use of the connection lease and responsive to the verification that the client device has performed MFA, wherein the connecting comprises selecting an appropriate policy tier from a plurality of tiers of the MFA policy based on a user context. 2. The computing device of claim 1 wherein the connection lease includes data about the MFA; and wherein the processor is further configured to verify that the token is valid based upon the data, and connect the client device to the computing session also responsive to verification of the token being valid. 3. The computing device of claim 1 wherein the processor verifies that the client device has performed MFA for external connections outside of a network. 4. The computing device of claim 1 wherein the token has an expiration, and wherein the processor requests MFA authentication from the MFA provider prior to the expiration of the token. 5. The computing device of claim 4 wherein the processor is further configured to delay the MFA authentication request responsive to an identity provider being offline and extend the connection to the computing session during the delay. 6. The computing device of claim 1 wherein the MFA comprises generating a Time-based One-time Password (TOTP) based upon a key, and wherein the processor is further configured to receive the key and verify that the client device has performed MFA based upon the key. 7. A method comprising: at a computing device, receiving a connection lease and a token from a client device, the token being generated responsive to the client device completing Multi-Factor Authentication (MFA) with a provider of MFA in compliance with an MFA policy; verifying, responsive to unavailability of the provider of MFA, that the client device has previously performed MFA based upon the token and a secondary information, wherein the secondary information is selected from an IP address for a prior successful MFA, a latency associated with communications with the client device, or a combination thereof; changing a level of access associated with a computing session responsive to an identity provider being offline; and connecting the client device to the computing session with use of the connection lease and responsive to the verification that the client device has performed MFA, wherein the connecting comprises selecting an appropriate policy tier from a plurality of tiers of the MFA policy based on a user context. 8. The method of claim 7 wherein the connection lease includes data about the MFA; wherein verifying further comprises verifying that the token is valid based upon the data; and wherein connecting further comprises connecting the client device to the computing session also responsive to verification of the token being valid. 9. The method of claim 7 wherein verifying comprises verifying that the client device has performed MFA for external connections outside of a network. 10. The method of claim 7 wherein the token has an expiration, and further comprising, at the computing device, requesting MFA authentication from the MFA provider prior to the expiration of the token. 11. The method of claim 7 wherein the MFA comprises generating a Time-based One-time Password (TOTP) based upon a key, and further comprising, at the computing device, receiving the key and verifying that the client device has performed MFA based upon the key. 12. A non-transitory computer-readable medium having computer-executable instructions for causing a computing device to perform steps comprising: receiving a connection lease and a token from a client device, the token being generated responsive to the client device completing Multi-Factor Authentication (MFA) with a provider of MFA in compliance with an MFA policy; verifying, responsive to unavailability of the provider of MFA, that the client device has previously performed MFA based upon the token and a secondary information, wherein the secondary information is selected from an IP address for a prior successful MFA, a latency associated with communications with the client device, or a combination thereof; changing a level of access associated with a computing session responsive to an identity provider being offline; and connecting the client device to the computing session with use of the connection lease and responsive to the verification that the client device has performed MFA, wherein the connecting comprises selecting an appropriate policy tier from a plurality of tiers of the MFA policy based on a user context. 13. The non-transitory computer-readable medium of claim 12 wherein the connection lease includes data about the MFA; wherein verifying further comprises verifying that the token is valid based upon the data; and wherein connecting further comprises connecting the client device to the computing session also responsive to verification of the token being valid. 14. The non-transitory computer-readable medium of claim 12 wherein verifying comprises verifying that the client device has performed MFA for external connections outside of a network. 15. The non-transitory computer-readable medium of claim 12 wherein the token has an expiration, and further having computer-executable instructions for causing the computing device to request MFA authentication from the MFA provider prior to the expiration of the token. 16. The non-transitory computer-readable medium of claim 12 wherein the MFA comprises generating a Time-based One-time Password (TOTP) based upon a key, and further having computer-executable instructions for causing the computing device to receive the key and verify that the client device has performed MFA based upon the key.
Assignees
Inventors
Classifications
applying multi-factor authentication · CPC title
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
using time-dependent-passwords, e.g. periodically changing passwords · CPC title
using one-time-passwords · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12101319B2 cover?
- A computing device includes a memory and a processor configured to cooperate with the memory to receive a connection lease and a token from a client device, with the token being generated responsive to the client device completing multi-factor authentication (MFA) with a provider of MFA. The processor further verifies, responsive to unavailability of the provider of MFA, that the client device …
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0884. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 10 related publications on this page (citations in our corpus or others sharing the same primary CPC).