Automatic provisioning and onboarding of offline or disconnected machines
US-12182236-B2 · Dec 31, 2024 · US
Authenticating Users Requesting Access to Computing Resources
US2016171196A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016171196-A1 |
| Application number | US-201615048283-A |
| Country | US |
| Kind code | A1 |
| Filing date | Feb 19, 2016 |
| Priority date | Sep 11, 2014 |
| Publication date | Jun 16, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.
First claim
Opening claim text (preview).
1 . (canceled) 2 . A computer-implemented method of authenticating a user comprising: storing, at a data store of a first computing device, an authentication rule used to authenticate a user, the authentication rule indicating a set of first identity elements which comprises one or more first identity elements selectable for authentication of the user; receiving, at the first computing device from a second computing device operated by the user, a request that a computing resource perform an action; receiving, at the first computing device from the second computing device, a set of second identity elements comprising one or more second identity elements usable for authentication of the user; selecting, by the first computing device from the set of first identity elements, a subset of first identity elements which comprises at least one of the one or more first identity elements; performing, by the first computing device, an authentication attempt by verifying, for each first identity element selected, a second identity element received which corresponds to that first identity element; and providing, by the first computing device, a response indicating whether the authentication attempt succeeded or failed. 3 . The computer-implemented method of claim 2 , further comprising: performing, by the first computing device, a comparison of the subset of first identity elements to the set of second identity elements; and determining, by the first computing device based on the comparison, whether to (i) attempt authentication of the user, or (ii) request an additional identity element. 4 . The computer-implemented method of claim 3 , further comprising: determining, by the first computing device, to attempt authentication of the user responsive to determining that the set of second identity elements includes, for each first identity element selected, a second identity element which corresponds to that first identity element. 5 . The computer-implemented method of claim 3 , further comprising: determining, by the first computing device, to request the additional identity element responsive to determining that the set of second identity elements does not include a second identity element that corresponds to one of the first identity elements selected. 6 . The computer-implemented method of claim 5 , further comprising: providing, by the first computing device to the second computing device, a request for the additional identity element; and receiving, at the first computing device from the second computing device in response to that request, a second set of second identity elements. 7 . The computer-implemented method of claim 6 , wherein: one or more second identity elements in the second set of second identity elements were selected by an application residing at the second computing device. 8 . The computer-implemented method of claim 2 , wherein: selecting the subset of first identity elements comprises selecting the subset of first identity elements dynamically. 9 . The computer-implemented method of claim 8 , wherein: selecting the subset of first identity elements dynamically comprises selecting a first identity element in the subset of first identity elements randomly from the set of first identity elements. 10 . The computer-implemented method of claim 8 , further comprising: identifying, by the first computing device, a total number of first identity elements to select; wherein a count of the one or more first identity elements selected equals the total number of first identity elements identified. 11 . The computer-implemented method of claim 10 , wherein: the authentication rule specifies the total number of first identity elements to select. 12 . The computer-implemented method of claim 10 , wherein: the authentication rule specifies a numerical range; and identifying the total number of first identity elements to select comprises selecting the total number from the numerical range. 13 . The computer-implemented method of claim 12 , wherein: selecting the total number from the numerical range comprises selecting the total number randomly from the numerical range. 14 . The computer-implemented method of claim 2 , further comprising: selecting, by the computing device, the set of first identity elements from a plurality of sets of first identity elements indicated in the authentication rule. 15 . The computer-implemented method of claim 14 , wherein: the set of first identity elements is selected at random from the plurality of sets of first identity elements. 16 . The computer-implemented method of claim 14 , wherein: the plurality of sets of first identity elements comprises (i) a first set of first identity elements associated with a first user type, and (ii) a second set of first identity elements associated with a second user type different from the first user type; and one of the first or second sets of first identity elements is selected as the set of first identity elements based on a user type of the user. 17 . The computer-implemented method of claim 14 , wherein: the plurality of sets of first identity elements comprises (i) a first set of first identity elements associated with a first action type, and (ii) a second set of first identity elements associated with a second action type different from the first action type; and one of the first or second sets of first identity elements is selected as the set of first identity elements based on an action type of the action requested. 18 . The computer-implemented method of claim 14 , wherein: the plurality of sets of first identity elements comprises (i) a first set of first identity elements associated with a first timeframe, and (ii) a second set of first identity elements associated with a second timeframe different from the first timeframe; and one of the first or second sets of first identity elements is selected as the set of first identity elements based on a timeframe during which the request was received. 19 . The computer-implemented method of claim 18 , wherein: the first and second timeframes each comprise at least one of a day-of-the-week or a time-of-day. 20 . The computer-implemented method of claim 18 , wherein: the first timeframe comprises a previous timeframe within which the user previously requested one or more computing resources perform one or more actions. 21 . The computer-implemented method of claim 14 , wherein: the plurality of sets of first identity elements comprises (i) a first set of first identity elements associated with a first geographic location, and (ii) a second set of first identity elements associated with a second geographic location different from the first geographic location; and one of the first or second sets of first identity elements is selected as the set of first identity elements based on a geographic location of the user. 22 . The computer-implemented method of claim 14 , wherein: the plurality of sets of first identity elements comprises (i) a first set of first identity elements associated with a first device location, and (ii) a second set of first identity elements associated with a second device location different from the first device location; and one of the first or second sets of first identity elements is selected as the set of first identity elements based on a location of the second computing device operated by the user. 23 . The computer-implemen
Assignees
Inventors
Classifications
when the policy decisions are valid for a limited amount of time · CPC title
Access control lists [ACL] · CPC title
- G06F21/31Primary
User authentication · CPC title
by quorum, i.e. whereby two or more security principals are required · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016171196A1 cover?
- Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource…
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification G06F21/31. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jun 16 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).