1. Technical Field
The present disclosure relates to generally to the field of computer security and more particularly to enabling unknown devices to access computer resources in a secure manner.
2. Discussion of Related Art
In some remote access (RA) systems, entry of a single RA identifier (ID) and password into a device grants the device full access to the remote system without linkage to the accessing device. For example, in such a system, the user can remotely logon from any device as long as he has the correct ID/login and password. Further, in some of these systems, it is common place for a single remote access account to be shared among several workers. This increases the risk of compromise or abuse of the ID and password and may warrant increased protections.
One current security method restricts a user's access to a remote system only to registered devices. For example, a user may register a particular device with the remote system through a process that can include verifying the user identity with personal or secret information, and installing programs or changing the device configuration to comply with the remote system security requirements. The remote system then blocks access to any un-registered devices. Thus, even if the same user enters a valid ID/password, the remote system only grants access if it recognizes the connecting device. However, this can be problematic if the user has to connect from a previously un-registered device, such as when the user's device malfunctions, or when upgrading, or testing new devices. In this example, the user would be required to register the new device in order to gain access to the system. However, the registration process may be time consuming. For example, if the user is unable to remember the information needed to register a new device, it could be hours or days before he is able to gain access to the necessary resources. However, if the control for enabling a user to connect to the system using an unknown device is too loose, a bad actor who can fake the registration process can bypass the control to gain access to the system.
Accordingly, there is a need for a mechanism to that provides unknown devices access to computer assets in a more secure manner.