CA3059330C - Systems and methods for dynamic flexible authentication in a cloud service - Google Patents

Systems and methods for dynamic flexible authentication in a cloud service Download PDF

Info

Publication number
CA3059330C
CA3059330C CA3059330A CA3059330A CA3059330C CA 3059330 C CA3059330 C CA 3059330C CA 3059330 A CA3059330 A CA 3059330A CA 3059330 A CA3059330 A CA 3059330A CA 3059330 C CA3059330 C CA 3059330C
Authority
CA
Canada
Prior art keywords
authentication
user
token
request
resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CA3059330A
Other languages
English (en)
French (fr)
Other versions
CA3059330A1 (en
Inventor
Feng Huang
Jean-Luc Giraud
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Citrix Systems Inc
Original Assignee
Citrix Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Citrix Systems Inc filed Critical Citrix Systems Inc
Publication of CA3059330A1 publication Critical patent/CA3059330A1/en
Application granted granted Critical
Publication of CA3059330C publication Critical patent/CA3059330C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2131Lost password, e.g. recovery of lost or forgotten passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
CA3059330A 2017-06-19 2018-05-16 Systems and methods for dynamic flexible authentication in a cloud service Active CA3059330C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/626,881 US11544356B2 (en) 2017-06-19 2017-06-19 Systems and methods for dynamic flexible authentication in a cloud service
US15/626,881 2017-06-19
PCT/IB2018/053436 WO2018234886A1 (en) 2017-06-19 2018-05-16 Systems and methods for dynamic flexible authentication in a cloud service

Publications (2)

Publication Number Publication Date
CA3059330A1 CA3059330A1 (en) 2018-12-27
CA3059330C true CA3059330C (en) 2023-03-28

Family

ID=62563212

Family Applications (1)

Application Number Title Priority Date Filing Date
CA3059330A Active CA3059330C (en) 2017-06-19 2018-05-16 Systems and methods for dynamic flexible authentication in a cloud service

Country Status (6)

Country Link
US (1) US11544356B2 (enExample)
EP (1) EP3642749A1 (enExample)
JP (1) JP7079798B2 (enExample)
AU (1) AU2018287526B2 (enExample)
CA (1) CA3059330C (enExample)
WO (1) WO2018234886A1 (enExample)

Families Citing this family (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11122034B2 (en) 2015-02-24 2021-09-14 Nelson A. Cicchitto Method and apparatus for an identity assurance score with ties to an ID-less and password-less authentication system
US11171941B2 (en) 2015-02-24 2021-11-09 Nelson A. Cicchitto Mobile device enabled desktop tethered and tetherless authentication
FI3291184T3 (fi) * 2016-09-02 2023-08-24 Assa Abloy Ab Pääsyobjektiin pääsyn resetointi
US11544356B2 (en) 2017-06-19 2023-01-03 Citrix Systems, Inc. Systems and methods for dynamic flexible authentication in a cloud service
US11303633B1 (en) 2017-08-09 2022-04-12 Sailpoint Technologies, Inc. Identity security gateway agent
US11240240B1 (en) 2017-08-09 2022-02-01 Sailpoint Technologies, Inc. Identity defined secure connect
US10505925B1 (en) * 2017-09-06 2019-12-10 Amazon Technologies, Inc. Multi-layer authentication
US11057362B2 (en) * 2017-10-05 2021-07-06 Ca, Inc. Adaptive selection of authentication schemes in MFA
US10944685B2 (en) * 2017-11-29 2021-03-09 International Business Machines Corporation Abstracted, extensible cloud access of resources
US11367323B1 (en) 2018-01-16 2022-06-21 Secureauth Corporation System and method for secure pair and unpair processing using a dynamic level of assurance (LOA) score
US11463426B1 (en) * 2018-01-25 2022-10-04 Sailpoint Technologies, Inc. Vaultless authentication
CA3089255A1 (en) 2018-02-01 2019-08-08 Equifax Inc. Verification of access to secured electronic resources
US11336700B2 (en) * 2018-05-03 2022-05-17 Microsoft Technology Licensing, Llc Scalable real-time duplex communications service
US11057375B1 (en) * 2018-06-25 2021-07-06 Amazon Technologies, Inc User authentication through registered device communications
US20200067913A1 (en) * 2018-08-22 2020-02-27 Cryptography Research, Inc. Modifying an identity token based on a trusted service
US11405375B2 (en) * 2018-09-27 2022-08-02 Lenovo (Singapore) Pte. Ltd. Device and method for receiving a temporary credit token
US11258756B2 (en) * 2018-11-14 2022-02-22 Citrix Systems, Inc. Authenticating to a hybrid cloud using intranet connectivity as silent authentication factor
US20200204544A1 (en) * 2018-12-20 2020-06-25 Konica Minolta Laboratory U.S.A., Inc. Biometric security for cloud services
US11469894B2 (en) * 2019-05-20 2022-10-11 Citrix Systems, Inc. Computing system and methods providing session access based upon authentication token with different authentication credentials
CN111988262B (zh) * 2019-05-21 2023-04-28 顺丰科技有限公司 认证方法、装置及服务器、存储介质
US11096059B1 (en) 2019-08-04 2021-08-17 Acceptto Corporation System and method for secure touchless authentication of user paired device, behavior and identity
US11736466B2 (en) * 2019-09-18 2023-08-22 Bioconnect Inc. Access control system
US10951606B1 (en) * 2019-12-04 2021-03-16 Acceptto Corporation Continuous authentication through orchestration and risk calculation post-authorization system and method
US11669840B2 (en) * 2019-12-19 2023-06-06 Yuzhen Xu System and method for managing associations in an online network
CN111355720B (zh) * 2020-02-25 2022-08-05 深信服科技股份有限公司 一种应用访问内网方法、系统、设备及计算机存储介质
US11875320B1 (en) 2020-02-28 2024-01-16 The Pnc Financial Services Group, Inc. Systems and methods for managing a financial account in a low-cash mode
US11539684B2 (en) * 2020-03-16 2022-12-27 Microsoft Technology Licensing, Llc Dynamic authentication scheme selection in computing systems
WO2021194464A1 (en) * 2020-03-23 2021-09-30 Btblock Llc Management system and method for user authentication on password based systems
US11770377B1 (en) * 2020-06-29 2023-09-26 Cyral Inc. Non-in line data monitoring and security services
WO2022010978A1 (en) * 2020-07-08 2022-01-13 The @ Co. Automation of user identity using network protocol providing secure granting or revocation of secured access rights
US12035136B1 (en) 2020-08-01 2024-07-09 Secureauth Corporation Bio-behavior system and method
US11329998B1 (en) 2020-08-31 2022-05-10 Secureauth Corporation Identification (ID) proofing and risk engine integration system and method
US10965665B1 (en) 2020-09-16 2021-03-30 Sailpoint Technologies, Inc Passwordless privilege access
CN112291198B (zh) * 2020-09-29 2024-06-28 西安万像电子科技有限公司 通信方法及终端设备、服务器
US12034845B2 (en) 2020-11-30 2024-07-09 Citrix Systems, Inc. Smart card and associated methods for initiating virtual sessions at kiosk device
US11558206B2 (en) * 2021-01-19 2023-01-17 Verizon Digital Media Services Inc. Systems and methods for distributed, stateless, and dynamic browser challenge generation and verification
CN112511569B (zh) * 2021-02-07 2021-05-11 杭州筋斗腾云科技有限公司 网络资源访问请求的处理方法、系统及计算机设备
US11620363B1 (en) 2021-03-15 2023-04-04 SHAYRE, Inc. Systems and methods for authentication and authorization for software license management
US11621957B2 (en) * 2021-03-31 2023-04-04 Cisco Technology, Inc. Identity verification for network access
US12095753B2 (en) * 2021-04-08 2024-09-17 Akamai Technologies, Inc. End-to-end verifiable multi-factor authentication service
US11632362B1 (en) 2021-04-14 2023-04-18 SHAYRE, Inc. Systems and methods for using JWTs for information security
EP4356635A4 (en) 2021-06-17 2024-07-31 Atsign, Inc. ENHANCED SIGN-IN PROCESSES WITH PROPRIETARY SECURITY AND PERSONAL INFORMATION SHARING AND MANAGEMENT PROTOCOL
US11621830B1 (en) 2021-06-28 2023-04-04 SHAYRE, Inc. Systems and methods for facilitating asynchronous secured point-to-point communications
US20230015789A1 (en) * 2021-07-08 2023-01-19 Vmware, Inc. Aggregation of user authorizations from different providers in a hybrid cloud environment
US12302127B2 (en) * 2021-09-27 2025-05-13 Omnissa, Llc Management service device platform creation and device configuration
WO2023091731A1 (en) * 2021-11-19 2023-05-25 Liveramp, Inc. Secure information delivery in an untrusted environment
WO2023106621A1 (ko) * 2021-12-08 2023-06-15 삼성전자주식회사 사용자를 인증하기 위한 클라우드 서버 및 이의 동작 방법
US12335251B2 (en) 2021-12-16 2025-06-17 Microsoft Technology Licensing, Llc Service to service authentication in computing systems
US12045327B2 (en) * 2022-02-16 2024-07-23 IsltMe LLC Methods and systems for facilitating authenticating of users
US11695772B1 (en) * 2022-05-03 2023-07-04 Capital One Services, Llc System and method for enabling multiple auxiliary use of an access token of a user by another entity to facilitate an action of the user
CN115499177B (zh) * 2022-08-30 2025-02-11 新华三技术有限公司 云桌面访问方法、零信任网关、云桌面客户端和服务端
US12255891B2 (en) * 2022-09-29 2025-03-18 Motorola Solutions, Inc. Selecting authentication method based on user constraints
US12231549B1 (en) * 2023-01-03 2025-02-18 Wells Fargo Bank, N.A. Systems and methods for device authentication using authentication tokens derived from quantum particles
US20240406180A1 (en) * 2023-05-31 2024-12-05 Sailpoint Technologies, Inc. System and method for describing and visualizing allowed, denied, chained and effective access to a system

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4082028B2 (ja) 2001-12-28 2008-04-30 ソニー株式会社 情報処理装置および情報処理方法、並びに、プログラム
US8151116B2 (en) * 2006-06-09 2012-04-03 Brigham Young University Multi-channel user authentication apparatus system and method
US8788419B2 (en) * 2006-12-30 2014-07-22 First Data Corporation Method and system for mitigating risk of fraud in internet banking
US8656472B2 (en) * 2007-04-20 2014-02-18 Microsoft Corporation Request-specific authentication for accessing web service resources
US8990896B2 (en) * 2008-06-24 2015-03-24 Microsoft Technology Licensing, Llc Extensible mechanism for securing objects using claims
US20100077457A1 (en) * 2008-09-23 2010-03-25 Sun Microsystems, Inc. Method and system for session management in an authentication environment
US8997196B2 (en) * 2010-06-14 2015-03-31 Microsoft Corporation Flexible end-point compliance and strong authentication for distributed hybrid enterprises
US8925053B1 (en) 2012-02-24 2014-12-30 Emc Corporation Internet-accessible service for dynamic authentication and continuous assertion of trust level in identities
KR101924683B1 (ko) 2013-04-26 2018-12-03 인터디지탈 패튼 홀딩스, 인크 요구된 인증 보증 레벨을 달성하기 위한 다중요소 인증
US9633355B2 (en) * 2014-01-07 2017-04-25 Bank Of America Corporation Knowledge based verification of the identity of a user
US9935934B1 (en) * 2014-03-31 2018-04-03 Microstrategy Incorporated Token management
US9836594B2 (en) * 2014-05-19 2017-12-05 Bank Of America Corporation Service channel authentication token
US20160094531A1 (en) * 2014-09-29 2016-03-31 Microsoft Technology Licensing, Llc Challenge-based authentication for resource access
EP3770781B1 (en) 2014-09-30 2022-06-08 Citrix Systems, Inc. Fast smart card logon and federated full domain logon
US10404689B2 (en) * 2017-02-09 2019-09-03 Microsoft Technology Licensing, Llc Password security
US10681024B2 (en) * 2017-05-31 2020-06-09 Konica Minolta Laboratory U.S.A., Inc. Self-adaptive secure authentication system
US11544356B2 (en) 2017-06-19 2023-01-03 Citrix Systems, Inc. Systems and methods for dynamic flexible authentication in a cloud service

Also Published As

Publication number Publication date
JP2020524847A (ja) 2020-08-20
JP7079798B2 (ja) 2022-06-02
US11544356B2 (en) 2023-01-03
US20180367526A1 (en) 2018-12-20
AU2018287526B2 (en) 2022-04-28
AU2018287526A1 (en) 2019-10-31
CA3059330A1 (en) 2018-12-27
EP3642749A1 (en) 2020-04-29
WO2018234886A1 (en) 2018-12-27

Similar Documents

Publication Publication Date Title
CA3059330C (en) Systems and methods for dynamic flexible authentication in a cloud service
US10432608B2 (en) Selectively enabling multi-factor authentication for managed devices
US8997196B2 (en) Flexible end-point compliance and strong authentication for distributed hybrid enterprises
US10187374B2 (en) Multi-factor authentication for managed applications using single sign-on technology
US11444932B2 (en) Device verification of an installation of an email client
JP6349579B2 (ja) 条件付きログインプロモーション
US9401918B2 (en) User to user delegation service in a federated identity management environment
US10616196B1 (en) User authentication with multiple authentication sources and non-binary authentication decisions
US10536447B2 (en) Single sign-on for managed mobile devices
US20220263813A1 (en) Multi-layer authentication
US20170279798A1 (en) Multi-factor authentication system and method
US10592978B1 (en) Methods and apparatus for risk-based authentication between two servers on behalf of a user
US20190182242A1 (en) Authentication in integrated system environment
US20250112961A1 (en) Techniques for generating policy recommendations and insights using generative ai
US20250112907A1 (en) Cross application authorization for enterprise systems
CN110869928A (zh) 认证系统和方法
US9594911B1 (en) Methods and apparatus for multi-factor authentication risk detection using beacon images
US20230370456A1 (en) Systems, methods, and storage media for controlling user access to an application
US12463962B2 (en) Multiworkflow authorization system and method
US20250260682A1 (en) Pinning device identifiers to cryptographic key pairs
US20250106214A1 (en) Determining digital trust of a client device and user for access permission

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20220914

EEER Examination request

Effective date: 20220914

EEER Examination request

Effective date: 20220914