Systems and methods for secure over-the-air updates for cyber-physical systems
US-2021334085-A1 · Oct 28, 2021 · US
Device protection using pre-execution multi-factor process authentication
US12505199B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12505199-B2 |
| Application number | US-202218081759-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 15, 2022 |
| Priority date | Dec 15, 2022 |
| Publication date | Dec 23, 2025 |
| Grant date | Dec 23, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are provided for device protection using pre-execution multi-factor authentication of a process. One method comprises obtaining, by a software entity associated with an operating system kernel of a processing device, a request to execute a process on the processing device; performing, by the software entity, a first authentication of the process that evaluates a first set of information of the process; performing, by the software entity, a second authentication of the process to obtain a verification result, wherein the second authentication of the process evaluates a second set of different information of the process; and allowing the process to execute on the processing device based at least in part on the verification result. The second set of different information may comprise a name of the process, an identifier of the process and/or an identifier of a given processing device that will execute the process.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method, comprising: obtaining, by at least one software entity associated with an operating system kernel of at least one processing device, a request from a user to execute a process on the at least one processing device, wherein the process is distinct from the user; in response to the obtained request: performing, by the at least one software entity associated with the operating system kernel, a first authentication of the process that evaluates a first set of information of the process; performing, by the at least one software entity associated with the operating system kernel, a second authentication of the process to obtain a verification result, wherein the second authentication of the process evaluates a second set of different information of the process, wherein the second set of different information of the process comprises one or more of: a name of the process, an identifier of the process and an identifier of a given one of the at least one processing device that will execute the process; and allowing the process to execute on the at least one processing device based at least in part on the verification result; wherein the method is performed by the at least one processing device, wherein the at least one processing device comprises a processor coupled to a memory. 2 . The method of claim 1 , wherein the second authentication of the process comprises comparing the process name of the process to a designated list of process names for a given entity. 3 . The method of claim 1 , wherein the second authentication of the process comprises comparing the identifier of the given one of the at least one processing device to a designated list of processing devices for a given entity. 4 . The method of claim 1 , wherein the second authentication of the process comprises comparing the identifier of the process to a designated list of process identifiers for a given entity. 5 . The method of claim 4 , wherein the identifier of the process is stored in a trusted platform module of the at least one processing device. 6 . The method of claim 1 , wherein the second authentication of the process is performed by a multi-factor authentication module associated with the at least one processing device. 7 . The method of claim 1 , wherein the first set of information of the process comprises a username and a password of the process. 8 . The method of claim 1 , wherein the at least one software entity intercepts the request to execute the process and releases the process for execution based at least in part on the verification result. 9 . The method of claim 1 , wherein the second set of different information of the process comprises the identifier of a given one of the at least one processing device that will execute the process and at least one of the name of the process and the identifier of the process. 10 . An apparatus comprising: at least one processing device comprising a processor coupled to a memory; the at least one processing device being configured to implement the following steps: obtaining, by at least one software entity associated with an operating system kernel of the at least one processing device, a request from a user to execute a process on the at least one processing device, wherein the process is distinct from the user; in response to the obtained request: performing, by the at least one software entity associated with the operating system kernel, a first authentication of the process that evaluates a first set of information of the process; performing, by the at least one software entity associated with the operating system kernel, a second authentication of the process to obtain a verification result, wherein the second authentication of the process evaluates a second set of different information of the process, wherein the second set of different information of the process comprises one or more of: a name of the process, an identifier of the process and an identifier of a given one of the at least one processing device that will execute the process; and allowing the process to execute on the at least one processing device based at least in part on the verification result. 11 . The apparatus of claim 10 , wherein the second authentication of the process comprises one or more of: (i) comparing the process name of the process to a designated list of process names for a given entity; (ii) comparing the identifier of the given one of the at least one processing device to a designated list of processing devices for a given entity; and (iii) comparing the identifier of the process to a designated list of process identifiers for a given entity. 12 . The apparatus of claim 10 , wherein the second authentication of the process is performed by a multi-factor authentication module associated with the at least one processing device. 13 . The apparatus of claim 10 , wherein the first set of information of the process comprises a username and a password of the process. 14 . The apparatus of claim 10 , wherein the at least one software entity intercepts the request to execute the process and releases the process for execution based at least in part on the verification result. 15 . The apparatus of claim 10 , wherein the second set of different information of the process comprises the identifier of a given one of the at least one processing device that will execute the process and at least one of the name of the process and the identifier of the process. 16 . A non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device causes the at least one processing device to perform the following steps: obtaining, by at least one software entity associated with an operating system kernel of the at least one processing device, a request from a user to execute a process on the at least one processing device, wherein the process is distinct from the user; in response to the obtained request: performing, by the at least one software entity associated with the operating system kernel, a first authentication of the process that evaluates a first set of information of the process; performing, by the at least one software entity associated with the operating system kernel, a second authentication of the process to obtain a verification result, wherein the second authentication of the process evaluates a second set of different information of the process, wherein the second set of different information of the process comprises one or more of: a name of the process, an identifier of the process and an identifier of a given one of the at least one processing device that will execute the process; and allowing the process to execute on the at least one processing device based at least in part on the verification result. 17 . The non-transitory processor-readable storage medium of claim 16 , wherein the second authentication of the process comprises one or more of: (i) comparing the process name of the process to a designated list of process names for a given entity; (ii) comparing the identifier of the given one of the at least one processing device to a designated list of processing devices for a given entity; and (iii) comparing the identifier of the process to a designated list of process identifiers for a given entity. 18 . The non-transitory processor-readable storage medium of claim 16 , wherein the second authentication of the process is performed by a multi-factor authenticat
Assignees
Inventors
Classifications
- G06F21/445Primary
by mutual authentication, e.g. between devices or programs · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12505199B2 cover?
- Techniques are provided for device protection using pre-execution multi-factor authentication of a process. One method comprises obtaining, by a software entity associated with an operating system kernel of a processing device, a request to execute a process on the processing device; performing, by the software entity, a first authentication of the process that evaluates a first set of informat…
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/445. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 23 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).