US 11,757,880 B2
Multifactor authentication at a data source
Manav Ratan Mital, Mountain View, CA (US); Srinivas Nageswarrao Vadlamani, San Jose, CA (US); Pramod Chandraiah, Pleasanton, CA (US); and Hugo Araújo de Sousa, Belo Horizonte (BR)
Assigned to Cyral Inc., Milpitas, CA (US)
Filed by Cyral Inc., Redwood City, CA (US)
Filed on Aug. 22, 2019, as Appl. No. 16/548,737.
Claims priority of provisional application 62/840,847, filed on Apr. 30, 2019.
Claims priority of provisional application 62/758,223, filed on Nov. 9, 2018.
Claims priority of provisional application 62/733,013, filed on Sep. 18, 2018.
Prior Publication US 2020/0092300 A1, Mar. 19, 2020
Int. Cl. H04L 9/40 (2022.01); G06F 11/30 (2006.01); G06F 11/34 (2006.01); G06F 21/31 (2013.01); H04L 69/326 (2022.01); H04L 69/329 (2022.01); G06F 21/62 (2013.01); G06F 16/2453 (2019.01); G06F 21/60 (2013.01); H04L 67/01 (2022.01)
CPC H04L 63/0884 (2013.01) [G06F 11/3006 (2013.01); G06F 11/3438 (2013.01); G06F 11/3476 (2013.01); G06F 16/24547 (2019.01); G06F 21/31 (2013.01); G06F 21/604 (2013.01); G06F 21/6227 (2013.01); G06F 21/6254 (2013.01); H04L 63/0281 (2013.01); H04L 63/101 (2013.01); H04L 63/102 (2013.01); H04L 63/104 (2013.01); H04L 63/105 (2013.01); H04L 63/1425 (2013.01); H04L 63/166 (2013.01); H04L 63/168 (2013.01); H04L 69/326 (2013.01); H04L 69/329 (2013.01); G06F 2221/2107 (2013.01); H04L 67/01 (2022.05); H04L 2463/082 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving, from a client, a communication for a data source at a wrapper, the wrapper including a dispatcher and an authentication service, the dispatcher receiving the communication and being data agnostic, the communication including a header and a payload;
providing the communication from the dispatcher to the authentication service based on an inspection of the header without inspecting the payload, wherein the providing of the communication from the dispatcher to the authentication service comprises:
storing the communication at the dispatcher to prevent the communication from being forwarded to the data source;
performing, using the authentication service, authentication of the client, wherein in the event that the client is authenticated, the client is authorized to access the data source, and wherein the authentication utilizes multi-factor authentication (MFA), wherein the performing of the authentication of the client comprises:
calling, by the authentication service, an MFA utility; and
receiving, from the MFA utility, a success indication indicating whether authentication by the MFA utility is successful, wherein the MFA is configured to:
validate user identification and password from a user;
receiving a code or a response to a prompt from a separate device of the user upon validating the user identification and the password from the user; and
in response to a determination that the code or the response is received, determine that the authentication is successful; and
allowing, using the wrapper, access to the data source in the event that the authentication service determines that the client is authorized to access the data source, wherein the allowing of the access to the data source comprises:
in the event that the client is authenticated:
forwarding the stored communication to the data source; and
forwarding subsequent communication to the data source.