阅读说明：本技术 安全访问可编程装置的系统和方法 (System and method for secure access to programmable devices ) 是由 迈克尔·派尔 于 2013-01-15 设计创作，主要内容包括：本申请涉及安全访问可编程装置的系统和方法。依据各个方面和实施方式,提供了包含可编程装置的系统。可编程装置包括存储认证会话的标识符的存储器和至少一个耦合至存储器的处理器。该至少一个处理器被配置为：接收认证证书,解码认证证书以访问会话标识符和与认证证书的请求者相关的信息,确定会话标识符与认证会话的标识符是否匹配,以及如果会话标识符与认证会话的标识符匹配,则授权请求者对可编程装置的受保护功能的访问。(The present application relates to systems and methods for secure access to programmable devices. In accordance with various aspects and embodiments, a system is provided that includes a programmable device. The programmable device includes a memory storing an identifier of an authentication session and at least one processor coupled to the memory. The at least one processor is configured to: the method includes receiving authentication credentials, decoding the authentication credentials to access a session identifier and information related to a requestor of the authentication credentials, determining whether the session identifier matches an identifier of an authentication session, and authorizing access by the requestor to a protected function of the programmable device if the session identifier matches the identifier of the authentication session.)

1. A system, comprising:

a programmable device, comprising:

a memory storing an identifier of an authentication session;

a conversation interface including a display screen; and

at least one processor coupled to the memory and configured to: generating the identifier for the authentication session;

displaying the identifier of the authentication session on the display screen;

receiving an authentication certificate;

decoding the authentication credential to access a session identifier and information related to a requestor of the authentication credential;

determining whether the session identifier matches an identifier of the authentication session;

authorizing access by the requestor to a protected function of the programmable device if the session identifier matches an identifier of the authentication session;

denying access to the programmable device in response to at least one of determining that the authentication credential was not provided within a first threshold amount of time from generating the identifier or that the authentication credential was not correctly generated using the identifier; and

restricting access to the programmable device in response to at least one of determining that the authentication credential was not received within a second threshold amount of time from generating the identifier or that a number of access denials exceeds a threshold amount of access denials.

2. The system of claim 1, wherein the at least one processor is configured to determine that the session identifier matches an identifier of the authentication session if the session identifier equals the identifier of the authentication session.

3. The system of claim 1, wherein the at least one processor is configured to decode the authentication credential by decrypting the authentication credential using a public key.

4. The system of claim 3, wherein the at least one processor is further configured to:

receiving a session request;

generating an identifier for the authentication session in response to receiving the session request;

providing the supplicant with an identifier of the authentication session; and

a timer is started in response to providing the supplicant with an identifier of the authentication session.

5. The system of any of claim 4, wherein the at least one processor is further configured to:

determining whether a predetermined time period has expired since the timer was started; and

ending the authentication session if the predetermined time period has expired.

6. The system of claim 5, wherein the at least one processor is further configured to restrict generation of identifiers for subsequent authentication sessions if the predetermined period of time has expired.

7. The system of claim 1, wherein the at least one processor is further configured to deny the requestor access to the protected functionality of the programmable device if the session identifier does not match an identifier of the authentication session.

8. The system of claim 7, wherein the at least one processor is further configured to:

recording an access failure event if the session identifier does not match an identifier of the authentication session;

calculating whether the total number of access failure events exceeds a predetermined threshold; and

ending the authentication session if the total number of access failure events exceeds the predetermined threshold.

9. The system of claim 7, wherein the at least one processor is further configured to limit generation of identifiers for subsequent authentication sessions if the total number of access failure events exceeds the predetermined threshold.

10. The system of claim 1, further comprising a computer system configured to:

receiving a credential request containing an identifier of the authentication session and information identifying a target;

generating an authentication credential in response to receiving the credential request; and

providing the target with the authentication certificate.

11. The system of claim 10, wherein the computer system is configured to generate the authentication credential based on a combination of an identifier of the authentication session, a unique identifier of the requestor, and additional characters.

12. The system of claim 11, wherein the computer system is configured to generate the authentication credential by encrypting the combination.

13. The system of claim 12, wherein the computer system is configured to generate the authentication credential by: the combined length is configured to generate an authentication certificate having a length of no more than 48 characters.

14. The system of claim 13, wherein the programmable device further comprises a utility meter including a sensor configured to measure utility usage, and the protected function includes a function to configure an operating parameter of the utility meter.

15. A system, comprising:

a computer system having:

a memory; and

at least one processor coupled to the memory and configured to:

receiving a credential request generated by a programmable device, the credential request including an identifier of an authentication session and information identifying a target;

in response to receiving the credential request, generating an authentication credential using the identifier of the authentication session; and

providing the target with the authentication certificate; and

the programmable device having:

a memory; and

at least one processor coupled to the memory and configured to:

denying access to the programmable device in response to at least one of determining that the authentication credential was not provided within a first threshold amount of time from generating the credential request or that the authentication credential was not correctly generated using the identifier; and

restricting access to the programmable device in response to at least one of determining that the authentication credential was not provided within a second threshold amount of time from generating the credential request or that a number of access denials exceeds a threshold amount of access denials.

16. The system of claim 15, wherein the at least one processor is configured to generate the authentication credential based on a combination of an identifier of the authentication session, a unique identifier of a requestor, and an additional character.

17. The system of claim 16, wherein the at least one processor is configured to generate the authentication credential by encrypting the combination.

18. The system of claim 17, wherein the at least one processor is configured to generate the authentication credential by: the combined length is configured to generate an authentication certificate having a length of no more than 48 characters.

19. A method of generating authentication credentials using a programmable device and a computer system, the method comprising:

generating an identifier of the authentication session;

displaying the identifier of the authentication session;

receiving, at a programmable device, an authentication credential;

decoding, by the programmable device, the authentication credential to access a session identifier and information related to a requestor of the authentication credential;

determining whether the session identifier matches an identifier of the authentication session; and

authorizing access by the requestor to a protected function of the programmable device if the session identifier matches an identifier of the authentication session;

denying access to the programmable device in response to at least one of determining that the authentication credential was not provided within a first threshold amount of time from generating the identifier or that the authentication credential was not correctly generated using the identifier; and

restricting access to the programmable device in response to at least one of determining that the authentication credential was not received within a second threshold amount of time from generating the identifier or that a number of access denials exceeds a threshold amount of access denials.

20. The method of claim 19, further comprising:

receiving a credential request containing an identifier of the authentication session and information identifying a target;

generating the authentication credential in response to receiving the credential request; and

providing the target with the authentication certificate.

Technical Field

The technical field relates generally to preventing unauthorized access to programmable devices and, more particularly, to systems and methods for securely generating user authentication credentials.

Discussion of background

There are at least three conventional techniques for reestablishing access to a device by a device user who has forgotten or lost their authentication credentials. One approach is to send the device back to the factory where it will be restored to the factory default settings. A second method is to provide a user interface element that, when activated, causes the device to reset the authentication credentials to a known standard or causes the device to revert to its factory default settings. A third option is to provide a "back door password" that is hard-coded or generated from device specific data, such as the serial number of the device. Each of these options provides users with access to their devices when they are unable to authenticate the devices through the established authentication credentials.

Background

SUMMARY

In accordance with various aspects and embodiments, a system is provided that includes a programmable device. The programmable device includes a memory storing an identifier of an authentication session and at least one processor coupled to the memory. The at least one processor is configured to: the method includes receiving authentication credentials, decoding the authentication credentials to access a session identifier and information related to a requestor of the authentication credentials, determining whether the session identifier matches an identifier of an authentication session, and authorizing access by the requestor to a protected function of the programmable device if the session identifier matches the identifier of the authentication session.

In the system, the at least one processor may be configured to: determining that the session identifier matches an identifier of the authentication session if the session identifier equals the identifier of the authentication session. The at least one processor may be configured to decode the authentication certificate by decrypting the authentication certificate using a public key. The at least one processor may be further configured to: the method includes receiving a session request, generating an identifier of an authentication session in response to receiving the session request, providing the identifier of the authentication session to a supplicant and starting a timer in response to providing the identifier of the authentication session to the supplicant.

In the system, the at least one processor may be further configured to: determining whether a predetermined time period has expired since the timer was started, and ending the authentication session if the predetermined time period has expired. The at least one processor may be further configured to: restricting the generation of identifiers for subsequent authentication sessions if the predetermined time period has expired.

In the system, the at least one processor may be further configured to: denying the requestor access to the protected functionality of the programmable device if the session identifier does not match the identifier of the authentication session. The at least one processor may be further configured to: if the session identifier does not match the identifier of the authentication session, recording an access failure event; calculating whether the total number of access failure events exceeds a predetermined threshold, and ending the authentication session if the total number of access failure events exceeds the predetermined threshold. The at least one processor may be further configured to: if the total number of access failure events exceeds a predetermined threshold, limiting the generation of identifiers for subsequent authentication sessions.

The system may also include a computer system configured to: the method includes receiving a credential request containing an identifier of an authentication session and information identifying a target, generating an authentication credential in response to receiving the credential request, and providing the authentication credential to the target. The computer system may be configured to generate an authentication certificate based on a combination of an identifier of the authentication session, a unique identifier of the requestor, and the additional characters. The computer system may be configured to generate the authentication certificate by encrypting the combination. The computer system may be further configured to generate the authentication credential by: the length of the combination is configured to generate an authentication certificate having a length of no more than 48 characters.

In the system, the programmable device may further include a utility meter including a sensor configured to measure utility usage, and the protected function may include a function to configure an operating parameter of the utility meter.

According to another embodiment, a computer system is provided that includes a memory and at least one processor coupled to the memory. The at least one processor is configured to: the method includes receiving a credential request containing an identifier of an authentication session and information identifying a target, generating an authentication credential in response to receiving the credential request, and providing the authentication credential to the target.

In the computer system, the at least one processor may be configured to generate the authentication certificate based on a combination of an identifier of the authentication session, a unique identifier of the requestor, and the additional characters. The at least one processor may be configured to generate an authentication certificate by encrypting the combination. The at least one processor may be configured to generate the authentication credential by: the combined length is configured to generate an authentication certificate having a length of no more than 48 characters.

In accordance with another embodiment, a method for generating authentication credentials using a programmable device and a computer system is provided. The method comprises the acts of: receiving an authentication credential in a programmable device; decoding, by the programmable device, the authentication credential to access the session identifier and information related to the requestor of the authentication credential; determining whether the session identifier matches an identifier of the authentication session; and authorizing access by the requestor to the protected functionality of the programmable device if the session identifier matches the identifier of the authentication session.

The method may also include the acts of receiving a credential request including an identifier of the authentication session and information identifying the target, generating an authentication credential in response to receiving the credential request, and providing the authentication credential to the target.

Still other aspects, embodiments, and advantages of these exemplary aspects and embodiments are discussed in detail below. Moreover, it is to be understood that both the foregoing information and the following detailed description are merely illustrative examples of various aspects and embodiments, and are intended to provide an overview or framework for understanding the nature and character of the claimed aspects and embodiments. Any embodiment disclosed herein may be combined with any other embodiment. References to "an embodiment," "an example," "some embodiments," "some examples," "an alternative embodiment," "various embodiments," "one embodiment," "at least one embodiment," "this and other embodiments," or the like are not necessarily mutually exclusive and are intended to indicate that a particular feature, structure, or characteristic described in connection with the embodiments may be included in at least one embodiment. The appearances of such terms herein are not necessarily all referring to the same embodiment.

The present invention provides the following aspects:

1) a system, comprising:

a programmable device, comprising:

a memory storing an identifier of an authentication session; and

at least one processor coupled to the memory and configured to:

receiving an authentication certificate;

decoding the authentication credential to access a session identifier and information related to a requestor of the authentication credential;

determining whether the session identifier matches an identifier of the authentication session; and

authorizing access by the requestor to a protected function of the programmable device if the session identifier matches an identifier of the authentication session.

2) The system of 1), wherein the at least one processor is configured to determine that the session identifier matches an identifier of the authentication session if the session identifier equals the identifier of the authentication session.

3) The system of 1), wherein the at least one processor is configured to decode the authentication credential by decrypting the authentication credential using a public key.

4) The system of 3), wherein the at least one processor is further configured to:

receiving a session request;

generating an identifier for the authentication session in response to receiving the session request;

providing the supplicant with an identifier of the authentication session; and

a timer is started in response to providing the supplicant with an identifier of the authentication session.

5) The system of any of 1) -4), wherein the at least one processor is further configured to:

determining whether a predetermined time period has expired since the timer was started; and

ending the authentication session if the predetermined time period has expired.

6) The system of 5), wherein the at least one processor is further configured to restrict generation of identifiers for subsequent authentication sessions if the predetermined time period has expired.

7) The system of claim 1), wherein the at least one processor is further configured to deny the requestor access to the protected functionality of the programmable device if the session identifier does not match an identifier of the authentication session.

8) The system of 7), wherein the at least one processor is further configured to:

recording an access failure event if the session identifier does not match an identifier of the authentication session;

calculating whether the total number of access failure events exceeds a predetermined threshold; and

ending the authentication session if the total number of access failure events exceeds the predetermined threshold.

9) The system of 7), wherein the at least one processor is further configured to limit generation of identifiers for subsequent authentication sessions if the total number of access failure events exceeds the predetermined threshold.

10) The system of 1), further comprising a computer system configured to:

receiving a credential request containing an identifier of the authentication session and information identifying a target;

generating an authentication credential in response to receiving the credential request; and

providing the target with the authentication certificate.

11) The system of 10), wherein the computer system is configured to generate the authentication credential based on a combination of an identifier of the authentication session, a unique identifier of the requestor, and additional characters.

12) The system of 11), wherein the computer system is configured to generate the authentication certificate by encrypting the combination.

13) The system of 12), wherein the computer system is configured to generate the authentication credential by: the combined length is configured to generate an authentication certificate having a length of no more than 48 characters.

14) The system of 13), wherein the programmable device further comprises a utility meter including a sensor configured to measure utility usage, and the protected function includes a function to configure an operating parameter of the utility meter.

15) A computer system, comprising:

a memory; and

at least one processor coupled to the memory and configured to:

receiving a credential request containing an identifier of an authentication session and information identifying a target;

generating an authentication credential in response to receiving the credential request; and

providing the target with the authentication certificate.

16) The computer system of 15), wherein the at least one processor is configured to generate the authentication credential based on a combination of an identifier of the authentication session, a unique identifier of a requestor, and an additional character.

17) The system of 16), wherein the at least one processor is configured to generate the authentication credential by encrypting the combination.

18) The system of 17), wherein the at least one processor is configured to generate the authentication credential by: the combined length is configured to generate an authentication certificate having a length of no more than 48 characters.

19) A method of generating authentication credentials using a programmable device and a computer system, the method comprising:

receiving, at a programmable device, an authentication credential;

decoding, by the programmable device, the authentication credential to access a session identifier and information related to a requestor of the authentication credential;

determining whether the session identifier matches an identifier of an authentication session; and

authorizing access by the requestor to a protected function of the programmable device if the session identifier matches an identifier of the authentication session.

20) The method of 19), further comprising:

receiving a credential request containing an identifier of the authentication session and information identifying a target;

generating an authentication credential in response to receiving the credential request; and

providing the target with the authentication certificate.

Brief Description of Drawings

Various aspects of at least one embodiment are discussed below with reference to the accompanying drawings, which are not intended to be drawn to scale. The figures are included to provide an illustration and a further understanding of the various aspects and embodiments, and are incorporated in and constitute a part of this specification, but are not intended as a definition of the limits of any particular embodiment. The drawings, together with the remainder of the specification, serve to explain the principles and operations of the described and claimed aspects and embodiments. In the drawings, each identical or nearly identical component that is illustrated in various figures is represented by a like numeral. For purposes of clarity, not every component may be labeled in every drawing. In each figure:

FIG. 1 is a block diagram of an example system that includes a system for generating authentication credentials;

FIG. 2 is a block diagram of another example system that includes a system for generating authentication credentials;

FIG. 3 is a schematic diagram of an example programmable device that performs the processes and functions disclosed herein;

FIG. 4 is a schematic diagram of an example of a computer system that performs the processes and functions disclosed herein;

FIG. 5 is a flow diagram of an example certificate generation process;

FIG. 6 is a flow diagram of an example session request process;

FIG. 7 is a flow diagram of an example certificate request process;

fig. 8 is a flow diagram of an example authentication request process.

Detailed Description

Some embodiments disclosed herein include apparatuses and processes for authenticating a user using an encoded authentication credential having a limited validity period. For example, in accordance with one embodiment, a programmable device is configured to provide an interface through which the programmable device receives a request for an authentication session. In response to receipt of the request, the programmable device provides an identifier of the authentication session to the supplicant.

The embodiment also includes a computer system executing a credential interface configured to receive a request to generate an authentication credential. These requests may include a session identifier and return information identifying one or more targets to which the generated authentication credentials are requested to be transmitted. These targets may include any electronically addressable component, such as a computer system, programmable device, email account, phone, and so forth. In accordance with such an embodiment, the credential engine is configured to encode the session identifier and information related to the requestor into the authentication credential using a predetermined encoding process and to transmit the authentication credential to the target identified by the returned information.

Further, in this embodiment, the programmable device is further configured to provide an interface through which the programmable device receives authentication credentials for processing. In response to receipt of the authentication credentials, the programmable device decodes the authentication credentials, verifies that the authentication credentials include a valid session identifier, and grants access rights to the requestor of the session if a valid session identifier is included.

The examples of the methods and systems discussed herein are not limited in application to the details of construction and the arrangement of components set forth in the following description or illustrated in the drawings. The methods and systems are capable of other embodiments and of being practiced or of being carried out in various ways. Examples of specific implementations provided herein are for illustrative purposes only and are not intended to be limiting. In particular, acts, components, elements, and features discussed in connection with any one or more examples are not intended to be excluded from a similar role in any other examples.

Also, the phraseology and terminology used herein is for the purpose of description and should not be regarded as limiting. Any reference herein to examples, embodiments, components, elements or acts of the systems and methods in the singular may also encompass embodiments comprising the plural, and any reference herein to any embodiment, component, element or act in the plural may also encompass embodiments comprising only the singular. Reference to the singular or plural is not intended to limit the disclosed systems or methods, their components, acts, or elements. The use of "including," "comprising," "having," "containing," "involving," and variations thereof herein, is meant to encompass the items listed thereafter and equivalents thereof as well as additional items. References to "or" may be construed as inclusive and thus any term described with "or" may mean any single item, more than one item, or all of the described terms. In addition, in the event of a conflict in the use of terms between this document and the documents incorporated by reference, the use of the terms incorporated by reference is in addition to the use of the terms of this document; for irreconcilable contradictions, the term usage by this document is dominant.

Certificate generation system

Various embodiments utilize one or more programmable devices and a computer system to securely provide access to the one or more programmable devices. Fig. 1 illustrates one of these embodiments, a certificate generation system 100. As shown, FIG. 1 includes two users 102 and 104, a programmable device 106, a communication device 108, a communication network 110, and a computer system 112. Programmable device 106 may include any device having configurable operations, such as the programmable device described below with reference to FIG. 3. The communication device 108 may include a mobile computing device such as a laptop computer, a tablet computer, a mobile phone (e.g., a smartphone), a personal digital assistant, or any other portable device configured to communicate with other devices. Computer system 112 may include one or more computer systems, such as the computer system described below with reference to FIG. 4.

As depicted in fig. 1, computer system 112 and communication device 108 exchange (i.e., send or receive) information over network 110. Network 110 may include any communication network over which devices may exchange information. For example, the network 110 may be a public network such as the internet, and may include other public or private networks such as LANs, WANs, extranets, intranets, and cloud computing systems. The network 110 may also include a cellular network such as CDMA, EvDO, GSM, and iDEN networks.

In at least one example, the user 102 cannot access the protected functionality provided by the programmable device 106 because the user 102 cannot authenticate with the programmable device 106. This protected functionality may include any functionality or any subset thereof provided by programmable device 106. Thus, the protected functionality may include administrative functions for configuring a user of programmable device 106 and granting the user access to other functions provided by programmable device 106 (e.g., access to operational information recorded by programmable device 106, access to configuration operational parameters of programmable device 106, etc.).

To remedy this authentication failure with the programmable device 106, the user 102 interacts with the user 104, the programmable device 106, and the communication device 108 to request and receive authentication credentials with sufficient rights to access protected functionality within the programmable device 106. User 104 interacts with user 102 and a verification data source (e.g., a record containing information about users authorized to request authentication credentials for programmable device 106) to verify that user 102 has rights to access protected functionality. In response to verifying the authority of user 102, user 104 interacts with credential interface 118 to generate and provide authentication credentials to user 102 via communication device 108.

As shown in fig. 1, programmable device 106 includes a session interface 114. The session interface 114 is configured to exchange information with the user 102 to support the processes described below with reference to fig. 5, 6, and 8. This information may include a request for an authentication session, a session identifier, and authentication credentials. The session interface 114 may employ a variety of flags and user interface elements in exchanging information with the user 102. For example, in one embodiment, the session interface 114 provides a screen having a plurality of elements that, when selected by the user 102, will initiate a session request process (such as the session request process 600 described further below) or initiate an authentication request process (such as the authentication request process 800 described further below). In some embodiments, the session interface 114 is only accessible through physical contact with the programmable device 106 to increase the security of the entire certificate generation system 100.

As further shown in fig. 1, computer system 112 includes a certificate engine 116 and a certificate interface 118. Credential interface 118 is configured to exchange information with user 104 and credential engine 116 to support the processes described below with reference to fig. 5 and 7. This information may include a request for an authentication certificate. To exchange information with certificate engine 116, certificate interface 118 generates messages that agree with protocols supported by certificate engine 116 and transmits the messages to certificate engine 116. To exchange information with user 104, credential interface 118 may employ a variety of flags and user interface elements. For example, in one embodiment, credential interface 118 provides a screen with elements that, when selected by user 104, will prompt user 104 to enter a credential request. The credential request may include a session identifier and return information identifying a target to which the authentication credential was sent. In response to receiving a credential request from user 104, credential interface 118 transmits the credential request to credential engine 116.

The communication device 108 depicted in fig. 1 is configured to exchange information with the credential engine 116. This information may include authentication credentials generated by the credential engine 116. In at least one embodiment, the communication device 108 comprises a mobile phone that receives authentication credentials via automatic text communication. In another embodiment, the communication device 108 comprises a mobile computing device executing a specialized client application. In such an embodiment, the client application receives the authentication credentials over the data connection provided by the network 110 and displays the authentication credentials to the user 102.

As shown in fig. 1, credential engine 116 is configured to exchange information with credential interface 118 and communication device 108 to support the processes described below with reference to fig. 5 and 7. This information may include a credential request and an authentication credential generated in response to the credential request. To enable interoperation with certificate interface 118, certificate engine 116 implements a protocol through which certificate engine 116 receives certificate requests. In response to receiving the certificate request, the certificate engine 116 processes the certificate request and generates an authentication certificate in accordance with a certificate generation process 700 described further below. To provide the generated credentials to communication device 108, credential interface 116 generates messages that agree on protocols supported by communication device 108 and transmits the messages over network 110.

In some embodiments where the programmable device is capable of interacting with a computer system hosting the credential engine, the credential generation system omits the communication device 108. Fig. 2 illustrates some embodiments in which the communication device 108 is not included. As shown in FIG. 2, credential generation system 200 includes a user 202, a programmable device 204, a communication network 206, and a computer system 208. Programmable device 204 may include any device having configurable operations, such as the programmable device described below with reference to FIG. 3. Computer system 206 may include one or more computer systems, such as the computer system described below with reference to FIG. 4.

As depicted in fig. 2, computer system 208 and communication device 204 exchange (i.e., send or receive) information over network 206. The network 206 may include any communication network over which devices may exchange information. For example, the network 206 may be a public network such as the internet, and may include other public or private networks such as LANs, WANs, extranets, intranets, and cloud computing systems. The network 206 may also include cellular networks such as CDMA, EvDO, GSM, and iDEN networks.

In at least one example, the user 202 cannot access the protected functionality provided by the programmable device 204 because the user 202 cannot authenticate to the programmable device 204. This protected functionality may include any functionality or any subset thereof provided by programmable device 204. Thus, the protected functionality may include administrative functions for configuring a user of programmable device 204 and granting the user access to other functions provided by programmable device 204 (e.g., access to operational information recorded by programmable device 204, access to configuration operational parameters of programmable device 204, etc.).

To remedy this authentication failure with the programmable device 204, the user 202 interacts with the programmable device 204 and the computer system 208 to request and receive authentication credentials with sufficient rights to access protected functionality within the programmable device 204. More specifically, credential interface 214 interacts with user 202 to verify that user 202 has the right to access protected functionality, and interacts with credential engine 212 to generate and provide authentication credentials to user 202 through programmable device 204.

As shown in fig. 2, the programmable device 204 includes a session interface 210. Session interface 210 is configured to exchange information with user 202 and credential engine 212 to support the processes described below with reference to fig. 5, 6, and 8. This information may include a request for an authentication session, a session identifier, and authentication credentials. The session interface 210 may employ a variety of flags and user interface elements in exchanging information with the user 202. For example, in one embodiment, the session interface 210 provides a screen having a plurality of elements that, when selected by the user 202, will initiate a session request process (such as the session request process 600 described further below) or initiate an authentication request process (such as the authentication request process 800 described further below). In some embodiments, the elements of session interface 210 that initiate the session request process and the authentication request process are only accessible through physical contact with programmable device 204 to increase the security of the overall credential generation system 200. To enable interoperation with the credential engine 212, the session interface 210 implements a protocol by which the session interface 210 receives authentication credentials.

As further shown in fig. 2, computer system 208 includes a credential engine 212 and a credential interface 214. Credential interface 214 is configured to exchange information with user 202 and credential engine 212 to support the processes described below with reference to fig. 5 and 7. This information may include certificate requests and authentication requests. To exchange information with the certificate engine 212, the certificate interface 214 generates messages that agree with protocols supported by the certificate engine 212 and transmits the messages to the certificate engine 212. To exchange information with user 202, credential interface 214 can employ a variety of flags and user interface elements. For example, in one embodiment, credential interface 214 provides a screen with elements that, when selected by user 202, will prompt user 202 to enter a credential request. The credential request may include a session identifier and return information identifying a target to which the authentication credential was sent.

In one embodiment consistent with fig. 2, credential interface 214 is further configured to verify that user 202 has the authority to request authentication credentials of programmable device 204. In such an embodiment, the authentication interface 214 requests and validates the authentication credentials before transmitting the request for the authentication credentials to the credential engine 212. The authentication credentials may include an identifier of the user 202, such as a unique identifier of the user (e.g., employee number), an identifier of an organization associated with the user 202 (e.g., employer number), and so forth. In such an embodiment, credential interface 214 records the identifier of user 202 and verifies that the identifier identifies the user as having the authority to request authentication credentials for programmable device 204. The verification process may include a variety of actions, including sending an authentication request through a predefined approval process involving one or more notifications to other users (e.g., other users related to user 202 or an organization). Responsive to verifying that user 202 has the right to request an authentication credential for programmable device 204, credential interface 214 transmits a credential request to credential engine 212.

As shown in fig. 2, credential interface 212 is configured to exchange information with credential interface 214 and programmable device 204 to support the processes described below with reference to fig. 5 and 7. This information may include a credential request and an authentication credential generated in response to the credential request. To enable interoperation with the credential interface 214, the credential engine 212 implements a protocol by which the credential engine 212 receives credential requests. In response to receiving the certificate request, the certificate engine 212 processes the certificate request and generates an authentication certificate in accordance with the certificate generation process 700 described further below. To provide the generated credentials to programmable device 204, credential interface 212 generates messages that agree on the protocols supported by session interface 210 and transmits the messages over network 206.

Each of the interfaces disclosed herein, including that presented by the communication device 108, the session interface 114, the session interface 210, the credential engine 116, the credential engine 212, the credential interface 118, and the credential interface 214, may limit input to a preset value and verify any information input before using the information or providing the information to other components. These functions may prevent erroneous data from being introduced into the certificate generation systems 100 and 200.

In addition, in some embodiments, each interface disclosed herein may be implemented using a wide variety of technologies and may provide additional or other interface elements to accomplish the functionality described herein. For example, in one embodiment, credential interfaces 118 and 214 function as a browser-based user interface provided by a web browser running on a computer system accessible by user 104 or user 202, while in another embodiment, communication device 108 may provide information to user 102 as part of an IVR application. Thus, particular embodiments are not limited to any one flag or configuration of interface elements.

The information within certificate generation systems 100 and 200 may be stored in any logical structure capable of maintaining information on a computer-readable medium, including a file system, a flat file, an index file, a hierarchical database, a relational database, or an object-oriented database, among other structures. The data may be modeled using unique key relationships and foreign key relationships and indexes. Unique key and foreign key relationships and indices may be built between different fields and tables to ensure both data integrity and data exchange performance.

Information may be communicated between components as shown in fig. 1 and 2, or between any of the elements, components, and subsystems disclosed herein, using a variety of techniques. Such techniques include, for example: information is transferred over a network, between modules in memory, and by writing to a file, database, data storage device, or some other non-volatile data storage device using standard protocols such as TCP/IP or HTTP. Further, pointers or other references to information may be sent and received instead of, in conjunction with, or in addition to copies of information. Conversely, pointers or other references to information may be substituted, incorporated, or appended to exchange information. Other techniques and protocols for communicating information may be used without departing from the scope of the examples and embodiments disclosed herein.

Embodiments of the credential generation systems 100 and 200 are not limited to the particular configurations shown in fig. 1 and 2. These configurations are included for illustrative purposes only. Further, it should be understood that the various examples utilize a wide variety of hardware components, software components, and combinations of hardware and software components configured to perform the processes and functions described herein. The scope of the embodiments disclosed herein is therefore not limited to a particular arrangement of hardware, software, or a combination thereof.

Programmable device

As discussed above with respect to fig. 1 and 2, the various aspects and functions described herein may be implemented as dedicated hardware or software components executing in one or more programmable devices. These programmable devices are configured to periodically perform one or more dedicated automated functions independently (i.e., without instructions from a central control system). Programmable devices have a wide range of potential applications. The characteristics of a particular type of programmable device vary depending on the function that the programmable device is configured to perform. For example, a programmable device configured for external use may include a rigid and insulative housing, while a programmable device configured to detect environmental conditions may include one or more sensors configured to measure such environmental conditions. Some specific examples of programmable devices include uninterruptible power supplies, programmable logic controllers, and utility meters, such as the utility meter 300 shown in fig. 3.

As shown in FIG. 3, the utility meter 300 includes a housing 302, the housing 302 including a sensor 306, a processor 308, a memory 310, a data storage device 312, an interconnection element 314, and an interface 316. To implement at least some of the various aspects, functions, and processes disclosed herein, processor 308 executes a series of instructions that produce data for operations. Processor 308 may be any type of processor, multiprocessor or controller.

The memory 310 stores programs and data during operation of the utility meter 300. Thus, memory 310 includes any device for storing data, such as a disk drive or other non-volatile storage device, but typically includes relatively high performance, volatile, random access memory such as Dynamic Random Access Memory (DRAM) or static memory (SRAM). Various embodiments may organize memory 310 into specific and, in some cases, unique structures to perform the functions disclosed herein. These data structures may be sized and organized to store values for particular data and particular types of data.

As shown in FIG. 3, several of the components of the utility meter 300 are coupled to an interconnection element 314. The interconnection element 314 may include any communicative coupling between components of the utility meter, such as one or more physical buses supporting one or more proprietary or standard computing bus technologies, such as IDE, SCSI, and PCI. The interconnection element 314 allows communications (e.g., data and instructions) to be exchanged between components of the utility meter 300.

The utility meter 300 also includes one or more interface devices 316 such as input devices, output devices, and combinations of input/output devices. The interface device may receive input or provide output. More specifically, the output device may provide information for external presentation. The input device may receive information from an external source. Examples of interface devices include buttons, keyboards, touch screens, network interface cards, and the like. The interface device allows the utility meter 300 to exchange information with and communicate with external entities such as users and other systems.

Data storage 312 includes a computer-readable and writable, non-volatile or non-transitory data storage medium in which instructions defining a program or other object executed by processor 308 are stored. The data storage 312 may also include information recorded on or in the media and processed by the processor 308 during program execution. More specifically, the information may be stored in one or more data structures specifically configured to conserve storage space or improve data exchange performance. The instructions may be permanently stored as an encoded signal and may cause the processor 308 to perform any of the functions described herein. The medium may be, for example, an optical disc, a magnetic disc, or a flash memory, among other media.

As shown in fig. 3, the sensor 306 is coupled to a processor 308. Sensor 306 includes an analog sensor and an analog-to-digital converter to provide processor 308 with a digital signal representative of the utility flow (e.g., usage) detected by the analog sensor. The specific configuration of the sensors 306 varies depending on the utility being measured by the utility meter 300. For example, in embodiments that include a meter to measure power, the sensor 306 includes an input for single or three phase power and records periodic measurements of one or more identifying characteristics of the power (e.g., power, voltage, current, etc.) passing through the input. When these periodic measurements are received, processor 308 stores information describing the measurements and the number of times the measurements were performed in data storage element 312. Additionally, in some embodiments, processor 308 then transmits the stored information describing the measurements to an external entity via a network interface included in interface device 316.

Some embodiments of the utility meter 300 include operational parameters that are configurable by the protected functionality provided by the utility meter 300. These operating parameters may be used to configure the CT/PT ratio, system type, demand calculations, input/output settings, onboard data logging, onboard waveform acquisition, and onboard alarms.

While the utility meter 300 is shown by way of example as one type of utility meter on which various aspects and functions may be practiced, there is no limitation that aspects and functions are implemented on the utility meter 300 as shown in FIG. 3. Various aspects and functions may be practiced on one or more utility meters having different structures or components than those shown in FIG. 3. For example, the utility meter 300 may include specially programmed, dedicated hardware, such as an Application Specific Integrated Circuit (ASIC) tailored to perform one or more of the specific operations disclosed herein.

In some examples, a component of the utility meter 300 disclosed herein can read parameters that affect the function performed by the component. These parameters may be physically stored in any form of suitable memory, including volatile memory (e.g., RAM) or non-volatile memory (e.g., disk drive). Further, the parameters may be logically stored in a suitable data structure (such as a database or file defined by the user mode application) or in a shared data structure (such as an application registry defined by the operating system). Further, some examples provide systems and user interfaces that allow external entities to modify parameters and thereby configure the behavior of components.

Computer system

As discussed above with respect to fig. 1 and 2, the various aspects and functions described herein may be implemented as dedicated hardware or software components executing in one or more computer systems. There are many examples of computer systems currently in use. Examples include network devices, personal computers, workstations, mainframes, network clients, servers, media servers, application servers, database servers, and web servers, among others. Other examples of computer systems may include mobile computing devices such as cell phones and personal digital assistants, and network appliances such as load balancers, routers, and switches. Further, aspects may reside on one computer system or may be distributed among multiple computer systems connected to one or more communication networks.

For example, the various aspects, functions, and processes may be distributed among one or more computer systems configured to provide services to one or more client computers, or to perform an overall task as part of a distributed system. Further, aspects may be performed on a client-server or multi-tier system that includes components distributed among one or more server systems that perform various functions. Thus, embodiments are not limited to execution on any particular system or group of systems. Further, the various aspects, functions and processes may be implemented in software, hardware or firmware, or any combination thereof. Thus, the various aspects, functions and processes may be implemented within methods, acts, systems, system elements and components using a wide variety of hardware and software configurations, and the examples are not limited to any particular distributed architecture, network or communication protocol.

Referring to FIG. 4, a block diagram of a distributed computer system 400 is shown in which various aspects and functions are practiced. As shown, distributed computer system 400 includes more than one computer system that exchange information. More specifically, distributed computer system 400 includes computer systems 402 and 404 and utility meter 300. As shown, the computer systems 402 and 404 and the utility meter 300 are connected to each other by a communication network 408, and data may be exchanged over the communication network 408. Network 408 may include any communication network over which computer systems may exchange data. To exchange data using the network 408, the computer systems 402 and 404 and the utility meter 300 and the network 408 may use various methods, protocols, and standards including fibre channel, token Ring, Ethernet, Wireless Ethernet, Bluetooth, IP, IPV6, TCP/IP, UDP, DTN, HTTP, FTP, SNMP, SMS, MMS, SS7, JSON, SOAP, CORBA, REST, and Web services. To ensure that data transfer is secure, the computer systems 402 and 404 and the utility meter 300 can transmit data over the network 408 using a variety of security measures including, for example, TLS, SSL, or VPN. Although distributed computer system 400 illustrates three networked computer systems, distributed computer system 400 is not so limited and may include any number of computer systems and computing devices networked using any media and communication protocols.

As shown in fig. 4, computer system 402 includes a processor 410, a memory 412, an interconnection element 414, an interface 416, and a data storage element 418. To implement at least some of the various aspects, functions, and processes disclosed herein, processor 410 executes a series of instructions that produce data for operations. The processor 410 may be any type of processor, multiprocessor or controller. Some exemplary processors include commercial processors such as Intel to Strong, Itanium, core, Saiyang, or Pentium processors, AMD Opteron processors, apple A4 or A5 processors, Sun UltraSPARC or IBM Power5+ processors, and IBM host chips. The processor 410 is connected to other system components including one or more memory devices 412 through an interconnection element 414.

The memory 412 stores programs and data during operation of the computer system 402. Thus, the memory 412 may be higher performance, volatile, random access storage such as dynamic random access memory ("DRAM") or static memory ("SRAM"). However, the memory 412 may include any device for storing data, such as a disk drive or other non-volatile storage device. Various examples may organize the memory 412 into specific and, in some cases, unique structures to perform the functions disclosed herein. These data structures may be sized and organized to store values for particular data and particular types of data.

The components of computer system 402 are coupled by an interconnection element, such as interconnection element 414. The interconnection element 414 may include any communicative coupling between system components, such as one or more physical buses compliant with proprietary or standard computing bus technologies such as IDE, SCSI, PCI, and InfiniBand. The interconnection element 414 allows communications (e.g., data and instructions) to be exchanged between system components of the computer system 402.

The computer system 402 also includes one or more interface devices 416, such as input devices, output devices, and combinations of input/output devices. The interface device may receive input or provide output. More specifically, the output device may provide information for external presentation. The input device may receive information from an external source. Examples of interface devices include keyboards, mouse devices, trackballs, microphones, touch screens, printing devices, display screens, speakers, network interface cards, and the like. The interface devices allow computer system 402 to exchange information with and communicate with external entities, such as users and other systems.

The data storage element 418 includes a computer-readable and writable, non-volatile or non-transitory data storage medium in which instructions defining a program or other object executed by the processor 410 are stored. The data storage element 418 may also include information recorded on or in the medium and processed by the processor 410 during program execution. More specifically, the information may be stored in one or more data structures specifically configured to conserve storage space or improve data exchange performance. The instructions may be permanently stored as an encoded signal and may cause the processor 410 to perform any of the functions described herein. The medium may be, for example, an optical disc, a magnetic disc, or a flash memory, among other media. In operation, the processor 410 or some other controller causes data to be read from a non-volatile recording medium into another memory, such as memory 412, which allows the processor 410 to access information more quickly than a storage medium included in the data storage element 418. The memory may be located in the data storage element 418 or in the memory 412, however, the processor 410 manipulates the data in the memory and then copies the data to a storage medium associated with the data storage element 418 after processing is complete. Various components may manage data movement between storage media and other memory elements, and examples are not limited to a particular data management component. Furthermore, the examples are not limited to a particular memory system or data storage system.

While computer system 402 is shown by way of example as one type of computer system on which various aspects and functions may be practiced, there are no limiting aspects and functions implemented on computer system 402 as shown in FIG. 4. Various aspects and functions may be practiced on one or more computers having different structures or components than those shown in fig. 4. For example, the computer system 402 may include specially-programmed, special-purpose hardware, such as an application-specific integrated circuit ("ASIC") tailored to perform the specific operations disclosed herein. Yet another example may perform the same function using a grid of several general purpose computing devices running MAC OS system X and motorola PowerPC processors, and several special purpose computing devices running proprietary hardware and operating systems.

Computer system 402 may be a computer system that includes an operating system that manages at least a portion of the hardware elements included in computer system 402. In some instances, a processor or controller, such as processor 410, executes an operating system. Examples of specific operating systems that may be executed include: a Windows-based operating system such as the Windows NT, Windows 2000(Windows ME), Windows XP, Windows Vista, or Windows 7 operating system available from microsoft corporation, a MAC OS system X operating system or iOS operating system available from apple computer corporation, one of the many Linux-based operating system releases such as the enterprise Linux operating system available from Red Hat corporation, the Solaris operating system available from Sun microsystems, or the UNIX operating system available from various sources. Many other operating systems may be used, and the examples are not limited to any particular operating system.

Together, processor 410 and the operating system define a computer platform for writing application programs in a high-level programming language. The applications of these components may be executable intermediate bytecodes or interpreties that communicate over a communication network, such as the internet, using a communication protocol such as TCP/IP. Similarly, aspects may be implemented using an object oriented programming language such as, for example, Net, SmallTalk, Java, C + +, Ada, C # (C-Sharp), Python, or JavaScript. Other object-oriented programming languages may also be used. In addition, functional, scripting, or logical programming languages may be used.

Further, various aspects and functions may be implemented in a non-programming environment. For example, a file created in HTML, XML, or other format can provide aspects of a graphical user interface and perform other functions when viewed in a window of a browser program. Furthermore, various examples may be implemented with programmed or non-programmed elements, or any combination thereof. For example, a web page may be implemented using HTML and data objects called from within the web page may be written in C + +. Thus, examples are not limited to a particular programming language and any suitable programming language may be used. Accordingly, the functional components disclosed herein may include a wide variety of elements (e.g., dedicated hardware, executable code, data structures, or objects) configured to perform the functions described herein.

In some instances, a component disclosed herein may read parameters that affect the function performed by the component. These parameters may be physically stored in any form of suitable memory, including volatile memory (e.g., RAM) or non-volatile memory (e.g., disk drive). Further, the parameters may be logically stored in a suitable data structure (such as a database or file defined by the user mode application) or in a shared data structure (such as an application registry defined by the operating system). In addition, some examples provide systems and user interfaces that allow external entities to modify parameters and thereby configure the behavior of components.

Certificate generation process

As described above with reference to fig. 1 and 2, several embodiments perform the process of generating an authentication certificate. In some embodiments, these authentication credential generation processes are performed by credential generation systems, such as credential generation systems 100 and 200 described above with reference to fig. 1 and 2. An example of such a certificate generation process is shown in fig. 5. Pursuant to this example, the credential generation process 500 includes acts of processing an authentication session request, authorizing a requestor, processing an authentication credential request, passing an authentication credential, and processing an authentication request.

At act 502, a programmable device, such as the credential generation system described above with reference to programmable device 106 of fig. 1 or described above with reference to programmable device 204 of fig. 2, receives and processes an authentication session request from an external entity, such as user 102 described above with reference to fig. 1 or user 202 described above with reference to fig. 2. The example process performed in act 502 is further described below with reference to FIG. 6.

In act 504, the certificate generation system verifies that the external entity that initiated the session request is authorized to initiate the session request. In the example of a credential generation system performing credential generation process 500 being in accordance with credential generation system 200 described above with reference to FIG. 2, credential interface 214 interacts with user 202 to verify that user 202 has access to protected functionality of programmable device 204. In the example of a credential generation system performing credential generation process 500 in accordance with credential generation system 100 described above with reference to FIG. 1, user 104 interacts with an authentication source to authenticate that user 102 has access to protected functionality of programmable device 106. Additionally, in some instances, the credential interface records each request for authentication and credential generation (and information identifying the requestor) in a data store.

At act 506, a computer system, such as the certificate generation system described above with reference to computer system 112 of FIG. 1 or the computer system 208 of FIG. 2, receives and processes an authentication certificate request from an external entity. The example process performed in act 506 is further described below with reference to FIG. 7.

In act 508, the certificate generation system passes the authentication certificate. In an embodiment in accordance with the credential generation system 200 shown in fig. 2, the credential engine 212 transmits authentication credentials to the session interface 210 over the network 206. In an embodiment in accordance with the credential generation system 100 shown in fig. 1, the credential engine 116 transmits the authentication credentials to the communication device 108.

In act 510, the programmable device of the credential generation system receives and processes an authentication request from a requestor. The example process performed in act 510 is further described below with reference to FIG. 8. Upon completion of act 510, the credential generation system ends credential generation process 500.

The process pursuant to the credential generation process 500 enables a user who cannot authenticate to a programmable device to authenticate to the programmable device without compromising the security of the programmable device.

As described above with reference to act 502, some embodiments perform a process by which a certificate generation system receives and processes an authentication session request from an external entity. An example of such a session request procedure is shown in fig. 6. Pursuant to this example, the session request process 600 includes acts of receiving a session request, generating a session identifier, starting a timer, and providing the session identifier.

At act 602, the programmable device receives a session request from a user (referred to herein as a "session requestor") through a session interface. In one embodiment, a session request is received when a user selects an executable element presented by the session interface, such as a menu item designed to initiate the session request. In act 604, in response to receiving the session request, the session interface generates a session identifier. The session identifier may comprise randomly or pseudo-randomly generated data (e.g., symbols, text, or numbers) that is recognized by the programmable device. In some embodiments, the generated session identifier has a predetermined length. At act 606, the session interface provides the user with a session identifier. At act 608, the session interface starts a timer and ends the session request process 600. As described further below, the session interface uses a timer to limit the period of time during which the session identifier can be used to authenticate the user (i.e., to limit the period of time during which the session identifier is valid). In some embodiments, this time period is set to a small value (e.g., 5 or 10 minutes).

The process pursuant to the session request process 600 enables a programmable device to establish a time-limited authentication session that increases the security of the programmable device.

As described above with reference to act 506, some embodiments perform a process by which a certificate generation system receives and processes authentication certificate requests from external entities. An example of such a certificate request process is shown in fig. 7. Pursuant to this example, the certificate request process 700 includes acts of receiving a certificate request, generating a certificate seed, encoding an authentication certificate, and providing the authentication certificate.

In act 702, the computer system receives a credential request from a user through a credential interface. In one embodiment, a credential request is received upon a user selecting an executable element presented by the credential interface, such as a menu item designed to initiate the credential request, and entering a session identifier and return information. In response to receiving the credential request, the credential interface transmits the credential request to the credential engine.

In act 704, in response to receiving the certificate request, the certificate engine generates a certificate seed by combining several elements of information. In at least one embodiment, the certificate engine generates the certificate seed by concatenating the session identifier and the returned information to form a string. In another embodiment, the certificate engine generates the certificate seed by concatenating the session identifier, the returned information, and the additional characters to form a string having a predetermined length. In another embodiment, the certificate engine generates the certificate seed by concatenating the session identifier, data related to the returned information (e.g., the identifier of the returned information, a compressed version of the returned information, etc.), and the additional characters to form a string having a predetermined length. In another embodiment, the certificate engine generates the certificate seed by concatenating the session identifier, the unique identifier of the session requestor (e.g., a 10 digit number associated with the personal identity information, such as the returned information), and the appended characters to form a string having a predetermined length. Other processes may be used to generate the certificate seed and embodiments disclosed herein are not limited to a particular certificate seed generation process.

At act 706, the certificate engine encodes the certificate seed to create an authentication certificate. In various embodiments, the certificate engine encodes the certificate seed by encrypting the certificate seed using any of a variety of encryption processes. In some embodiments, the certificate engine encrypts the certificate seed using the private key of an asymmetric encryption process, such as Diffie-Hellman, DSS, ElGamal, Paillier, RSA, Cramer-Shoip, and YAK. In some embodiments, the certificate engine encrypts the certificate seed using a key of a symmetric encryption process, such as Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, 3DES, and IDEA. Other encryption or encoding processes may be used to encode the certificate seed and embodiments disclosed herein are not limited to a particular encryption process.

In some embodiments, the generated authentication certificate has a predetermined length. In these embodiments, the certificate generation system may configure the predetermined length of the session identifier and the number of additional characters added to the certificate seed (and thus configure the predetermined length of the certificate seed) to generate an authentication certificate having a target predetermined length. In at least one embodiment, the predetermined length of the session identifier and the certificate seed is configured such that the predetermined length of the authentication certificate is less than or equal to 48 characters.

After creating the authentication certificate, the certificate engine provides the authentication certificate for the target specified in the returned information, act 708. In an embodiment in accordance with the credential generation system 100 shown in fig. 1, the credential interface transmits the authentication credential to a target accessible through the communication device 108. In an embodiment in accordance with the credential generation system 200 shown in fig. 2, the credential interface transmits the authentication credentials to a target accessible through the programmable device 204. In other embodiments, other objectives may be specified in the returned information and the embodiments disclosed herein are not limited to a particular objective or type of objective. After providing the authentication certificate, the certificate interface ends the certificate request process 700 in act 708.

The process pursuant to the certificate request process 700 enables a computer system to create a secure authentication certificate that contains personal identity information that tracks the identity of the user requesting the authentication certificate.

As described above with reference to act 510, some embodiments perform a process by which a certificate generation system receives and processes an authentication request from an external entity. An example of such an authentication request process is shown in fig. 8. According to this embodiment, the certificate request process 800 includes various actions described further below.

In act 802, the programmable device receives an authentication request through a session interface. In an embodiment according to the certificate generation system 100 shown in fig. 1, the authentication request is received upon a user selecting an executable element presented by the session interface, such as a menu item designed to initiate the authentication request, and entering an authentication certificate. In an embodiment in accordance with the credential generation system 200 shown in fig. 2, an authentication request is received from a credential engine over a network 206. In other implementations, the authentication request is received upon a user selecting an executable element presented by the session interface. In these embodiments, the input of the authentication credentials is delayed until act 806. In response to receiving the authentication request, the session interface performs act 804.

In act 804, the session interface determines whether a timer indicates that a predetermined period of time has expired since the timer was started in act 610. If so, the session interface performs act 812. Otherwise, the session identified by the previously generated session identifier is still valid, and the session interface performs act 806.

In act 806, the session interface receives (in embodiments where input of the authentication credential is delayed until act 806) and decodes the authentication credential using a process corresponding to the encoding process performed in act 706. In act 808, the session interface determines whether the credential seed contains a valid session identifier. If so, at act 810, the session interface records the successful access event and the unique identifier of the session requestor (or the compressed/uncompressed return information stored in the certificate seed) in the security log of the programmable device, authorizes the user's access to the protected functionality of the programmable device and ends the authentication request process 800. Otherwise, the session interface performs act 812.

At act 812, the session interface denies the user access to the protected functionality of the programmable device, recording an access failure event in the security check log. The access failure event may include a timestamp indicating the date and time of the access failure. At act 814, the session interface determines whether a predetermined time period has expired or whether the total number of recorded access failures is greater than a threshold (e.g., 2, 3, 4, or greater than 4). If so, at act 816, the session interface ends the authentication session (e.g., resets the value of the valid session identifier) so that new authentication credentials can be generated to access the programmable device using the systems and processes disclosed herein. Further at act 816, the session interface restricts further processing of the session request until a predetermined event occurs. These restrictions may include completely prohibiting processing of session requests. Examples of predetermined events that end these limits of processing of session requests include the expiration of a predetermined time period (e.g., 10 minutes). If the session interface determines that the timer has not expired and the total number of recorded access failures has not exceeded the threshold, the session interface ends the authentication request procedure 800.

The process pursuant to the authentication request process 800 enables a programmable device to provide access to protected functionality in a secure manner.

Each of processes 500 through 800 describes a particular sequence of actions in a particular implementation. The actions included in these processes may be performed by, or using, one or more specially configured computer systems or programmable devices as discussed herein. Certain actions are optional and may therefore be omitted in accordance with one or more embodiments. Additionally, the order of the acts may be changed, or other acts may be added, without departing from the scope of the embodiments described herein. Further, as described above, in at least one embodiment, the acts are performed on a particular, specially configured machine, i.e., a certificate generation system configured in accordance with the examples and embodiments disclosed herein.

Exemplary application scenarios

According to an exemplary application scenario, a client, such as user 102 described above with reference to FIG. 1, cannot authenticate to a programmable device, such as programmable device 106 described above with reference to FIG. 1. In this example, the customer has previously established a registered and authenticated account with the support center. The account is associated with one or more personal security issues and a limited number of predetermined targets, such as email addresses or phone numbers.

According to this example, the customer moves to a location proximate to the programmable device and calls the support center. The customer interacts with support center personnel, such as user 104 described above with reference to FIG. 1, to verify that the customer is authorized to receive the authentication credentials. Support center personnel record credential requests in their logs through a credential interface such as credential interface 118 described above with reference to FIG. 1.

The customer then selects the "get recovery code" menu item, in this example, from a session interface, such as the session interface 114 described above with reference to FIG. 1. In response, the session interface generates a pseudo-random session identifier having a predetermined length, provides the session identifier to the client and starts a timer. The customer provides the support center personnel with a session identifier and designates one of the predetermined targets as the target to which the authentication credentials will be sent.

Continuing with this example, the support center personnel enter the session identifier and information identifying the specified target into the credential interface. The credential interface transmits a session request including a session identifier and information identifying a specified target to a credential engine, such as credential engine 116 described above with reference to fig. 1. In response to receiving the certificate request, the certificate engine generates a certificate seed using the session identifier, the client's unique 10-bit personal identifier, and additional characters that extend the length of the certificate seed to a predetermined value. Then, the certificate engine encodes the certificate seed into an authentication certificate having a predetermined length by encrypting the certificate seed and transmits the authentication certificate to a specified target.

In this example, the designated target receives the authentication certificate, thus enabling the client to obtain the authentication certificate. The client then selects the "enter resume password" menu item from the session interface. In response, the session interface checks to see if the timer has expired. If so, the session interface ends the authentication session without presenting (or activating) the interface element configured to receive the authentication credentials. The session interface then records the attempted authentication as a failed access event in a security check log of the programmable device. In addition, if the number of consecutive failed access events exceeds a predetermined threshold, the session interface will lock the "get recovery code" menu item for a predetermined length of time. To gain access to the protected functionality of the programmable device, when the "get recovery code" is available, the client must request a new session identifier and the remaining credential generation steps must be repeated.

If the timer has not expired, the session interface prompts the user to enter authentication credentials. In response to receiving the authentication credentials, the session interface decrypts the authentication credentials and determines whether a credential seed stored in the authentication credentials contains a session identifier. If so, the session interface grants the client permission (e.g., administrator-level permission) to perform the protected function of the programmable device. The session interface also records the successful access event and the unique identifier associated with the client in a security log of the programmable device. The client now performs the protected functions of the programmable device (e.g., reconfiguring the programmable device and authentication credentials maintained within it).

If the credential seed does not include the session identifier, the authentication credential is invalid and the session interface records the attempted authentication as a failed access event in a security check log of the programmable device. In addition, if the number of consecutive failed access events exceeds a predetermined threshold, the session interface will lock the "get recovery code" menu item for a predetermined length of time. To gain access to the programmable device, when the "get recovery code" is available, the client must request a new session identifier and the remaining credential generation steps must be repeated.

Having thus described several aspects of at least one example, it is to be appreciated various alterations, modifications, and improvements will readily occur to those skilled in the art. For example, the examples disclosed herein may also be used in other contexts. Such alterations, modifications, and improvements are intended to be part of this disclosure, and are intended to be within the scope of the examples discussed herein. Accordingly, the foregoing description and drawings are by way of example only.