| 摘要 |
A technique performs user authentication. The technique involves receiving, by processing circuitry, an authentication request which includes a set of authentication factors and which identifies a particular user. The technique further involves performing, by the processing circuitry, an authentication operation to generate an authentication result in response to the authentication request, the authentication result being based on (i) the set of authentication factors of the authentication request, (ii) a user authentication profile which profiles the particular user, and (iii) a lockout state identifying a lockout condition of the particular user which existed at the time of receiving the authentication request. The technique further involves providing, by the processing circuitry and as a response to the authentication request, an authentication action based on the authentication result. |
| 主权项 |
1. A method of performing user authentication, the method comprising:
receiving, by processing circuitry, an authentication request which includes a set of authentication factors and which identifies a particular user; performing, by the processing circuitry, an authentication operation to generate an authentication result in response to the authentication request, the authentication result being based on (i) the set of authentication factors of the authentication request, (ii) a user authentication profile which profiles the particular user, and (iii) a lockout state identifying a lockout condition of the particular user which existed at the time of receiving the authentication request; providing, by the processing circuitry and as a response to the authentication request, an authentication action based on the authentication result; based on the authentication result, updating the lockout state to identify an updated lockout condition of the particular user; storing the updated lockout state in non-volatile memory for use in a subsequent authentication operation; after updating the lockout state, receiving another authentication request which includes another set of authentication factors and which identifies the particular user; performing another authentication operation to generate another authentication result in response to the other authentication request, the other authentication result being based on (i) the other set of authentication factors of the other authentication request, (ii) the user authentication profile which profiles the particular user, and (iii) the updated lockout state identifying the updated lockout condition of the particular user; and providing, as a response to the other authentication request, another authentication action based on the other authentication result; wherein the lockout state indicates a “locked out” condition prior to performing the authentication operation, the “locked out” condition preventing the particular user from accessing a set of protected resources even upon successful standard authentication; and wherein updating the lockout state to identify the updated lockout condition of the particular user includes:
after performing the authentication operation, setting the lockout state to indicate a “not locked out” condition to allow the particular user to access the set of protected resources upon successful standard authentication. |
