Performing a security action with regard to an access token based on clustering of access requests
US-2024406160-A1 · Dec 5, 2024 · US
Strong user authentication for accessing protected network
US9608981B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9608981-B2 |
| Application number | US-201314102694-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 11, 2013 |
| Priority date | Dec 11, 2013 |
| Publication date | Mar 28, 2017 |
| Grant date | Mar 28, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for strong user authentication for accessing protected networks. An example method may include: transmitting, by a processing device, an authentication request to an authentication server; receiving an access granting token from the authentication server; transmitting, to a nonce server, a nonce request using the access granting token; receiving a cryptographic nonce from the nonce server; and transmitting, to a virtual private network (VPN) server, a VPN connection request using the cryptographic nonce.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: transmitting, by a processor, an authentication request in view of a user authentication credential to an authentication server, wherein the authentication request comprises a first authentication factor and a second authentication factor; receiving an access granting token from the authentication server; providing the access granting token to gain a service ticket to access a nonce server; transmitting, by the processor, directly to the nonce server, a nonce request in view of the service ticket; receiving a cryptographic nonce from the nonce server, wherein the cryptographic nonce is generated using a secret shared by the nonce server and the authentication server such that the authentication server can validate the cryptographic nonce when presented by a virtual private network (VPN) server, and wherein the cryptographic nonce is provided by at least one of a short-lived certificate or a one-time password; and transmitting, to VPN server, a VPN connection request comprising the cryptographic nonce for authentication of the cryptographic nonce by the VPN server to establish a VPN connection with the VPN server. 2. The method of claim 1 , further comprising: establishing the VPN connection with the VPN server; and accessing, in view of the access granting token, a computing resource via the VPN connection. 3. The method of claim 1 , wherein transmitting the authentication request is performed via an HTTP proxy server. 4. The method of claim 1 , wherein transmitting the authentication request is performed over an SSL connection. 5. The method of claim 1 , wherein the authentication request conforms to a Kerberos protocol. 6. A method, comprising: responsive to receiving an authentication request in view of a user authentication credential from a client computer system, generating an access granting token by an authentication server, wherein the authentication request comprises a first authentication factor and a second authentication factor; transmitting, by a processor of a server computer system, the access granting token to the client computer system; responsive to receiving an access request in view of the access granting token, providing a service ticket for direct access to a nonce server to request a cryptographic nonce by the client computer system, wherein the cryptographic nonce is generated by the nonce server using a secret shared by the nonce server and the authentication server such that the authentication server can validate the cryptographic nonce when presented by a virtual private network (VPN) server, and wherein the cryptographic nonce is provided by at least one of a short-lived certificate or a one-time password; responsive to receiving a VPN connection request comprising the cryptographic nonce, authenticating the cryptographic nonce; and responsive to a successful authentication of the cryptographic nonce, establishing a VPN connection with the client computer system. 7. The method of claim 6 , wherein generating an access granting token is performed according to Kerberos protocol. 8. A computer system comprising: a memory; and a processor, operatively coupled to the memory, to: transmit an authentication request in view of a user authentication credential to an authentication server, wherein the authentication request comprises a first authentication factor and a second authentication factor; receive an access granting token from the authentication server; providing the access granting token to gain a service ticket to access a nonce server; transmit, directly to the nonce server, a nonce request in view of the service ticket; receive a cryptographic nonce from the nonce server, wherein the cryptographic nonce is generated using a secret shared by the nonce server and the authentication server such that the authentication server can validate the cryptographic nonce when presented by a virtual private network (VPN) server, and wherein the cryptographic nonce is provided by at least one of a short-lived certificate or a one-time password; and transmit, to VPN server, a VPN connection request comprising the cryptographic nonce for authentication of the cryptographic nonce by the VPN server to establish a VPN connection with the VPN server. 9. The system of claim 8 , wherein the processor is further to: establish the VPN connection with the VPN server; and access, in view of the access granting token, a computing resource via the VPN connection. 10. The system of claim 8 , wherein to transmit the authentication request is to transmit the authentication request via an HTTP proxy server. 11. The system of claim 8 , wherein the authentication request conforms to a Kerberos protocol. 12. A computer-readable non-transitory storage medium comprising executable instructions to cause a processor to: transmit, by the processor, an authentication request in view of a user authentication credential to an authentication server, wherein the authentication request comprises a first authentication factor and a second authentication factor; receive an access granting token from the authentication server; transmit, by the processor, to a nonce server, a nonce request in view of the access granting token; receive a cryptographic nonce from the nonce server, wherein the cryptographic nonce is generated using a secret shared by the nonce server and the authentication server such that the authentication server can validate the cryptographic nonce when presented by a virtual private network (VPN) server, and wherein the cryptographic nonce is provided by at least one of a short-lived certificate or a one-time password; and transmit, to VPN server, a VPN connection request comprising the cryptographic nonce for authentication of the cryptographic nonce by the VPN server to establish a VPN connection with the VPN server. 13. The computer-readable non-transitory storage medium of claim 12 , further comprising executable instructions to cause the processor to: establish the VPN connection with the VPN server; and access, in view of the access granting token, a computing resource via the VPN connection. 14. The computer-readable non-transitory storage medium of claim 12 , wherein to transmit the authentication request, the processor is to transmit the authentication request via an HTTP proxy server. 15. The computer-readable non-transitory storage medium of claim 12 , wherein the authentication request conforms to a Kerberos protocol.
Assignees
Inventors
Classifications
Virtual private networks · CPC title
applying multi-factor authentication · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9608981B2 cover?
- Systems and methods for strong user authentication for accessing protected networks. An example method may include: transmitting, by a processing device, an authentication request to an authentication server; receiving an access granting token from the authentication server; transmitting, to a nonce server, a nonce request using the access granting token; receiving a cryptographic nonce from th…
- Who is the assignee on this patent?
- Red Hat Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).