Authentication policy orchestration for a user device

US 10,148,699 B1
Filed: 08/21/2017
Issued: 12/04/2018
Est. Priority Date: 07/28/2013
Status: Active Grant

First Claim

Patent Images

1. A server comprising:

a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol;

at least one hardware processor of a plurality of hardware processors configured to;

implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices;

obtain, from a client device via the network, a transaction request for a transaction;

determine an authorization requirement for the transaction request based on the authorization policies as follows;

a first policy of the authorization policies being configurable by the relying party policy engine but not the authorizing policy engine;

a second policy of the authorization policies being configurable by the authorizing policy engine;

a third policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on a predetermined distance of the client device to at least one of the authorizing party user devices; and

a fourth policy of the authorization policies based on a habit of at least one of the authorizing party user devices;

obtain for the relying party policy engine a status of the plurality of the authorizing party user devices;

provide a notification of the transaction and an associated transaction context to at least one of the plurality of authorizing party user devices;

divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices;

receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and

complete the transaction by approving the transaction based on the authorization requirement having been met.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

73 Citations

View as Search Results

19 Claims

1. A server comprising:
- a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol;
  
  at least one hardware processor of a plurality of hardware processors configured to;
  
  implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices;
  
  obtain, from a client device via the network, a transaction request for a transaction;
  
  determine an authorization requirement for the transaction request based on the authorization policies as follows;
  
  a first policy of the authorization policies being configurable by the relying party policy engine but not the authorizing policy engine;
  
  a second policy of the authorization policies being configurable by the authorizing policy engine;
  
  a third policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on a predetermined distance of the client device to at least one of the authorizing party user devices; and
  
  a fourth policy of the authorization policies based on a habit of at least one of the authorizing party user devices;
  
  obtain for the relying party policy engine a status of the plurality of the authorizing party user devices;
  
  provide a notification of the transaction and an associated transaction context to at least one of the plurality of authorizing party user devices;
  
  divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices;
  
  receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and
  
  complete the transaction by approving the transaction based on the authorization requirement having been met.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The server of claim 1, further comprising:
    - a fifth policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on context of at least one of the plurality of authorizing party user devices.
  - 3. The server of claim 1, further comprising:
    - a fifth policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on location of at least one of the plurality of authorizing party user devices.
  - 4. The server of claim 1, wherein the transaction is at least one of a monetary transaction.
  - 5. The server of claim 1, wherein the transaction is an attempt to access a physical location.
  - 6. The server of claim 1, wherein the transaction is an attempt to utilize personal information.
  - 7. The server of claim 1, wherein the transaction is an attempt to access electronic data.

8. A server comprising:
- a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol;
  
  at least one hardware processor of a plurality of hardware processors configured to;
  
  implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine;
  
  obtain, from a client device via the network, a transaction request for a transaction;
  
  determine an authorization requirement for the transaction request based on the authorization policies as follows;
  
  a first policy of the authorization policies being configurable by the relying party policy engine but not the authorizing policy engine;
  
  a second policy of the authorization policies being configurable by the authorizing policy engine;
  
  a third policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on a predetermined distance of the client device to at least one of a plurality of authorizing party user devices;
  
  a fourth policy of the authorization policies based on a habit of at least one of the plurality of authorizing party user devices; and
  
  a fifth policy of the authorization policies based on predetermined criteria regarding the number of approvals and rejections received from the plurality of authorizing party devices;
  
  obtain for the relying party policy engine a status of the plurality of the authorizing party user devices;
  
  provide a notification of the transaction and an associated transaction context to the plurality of authorizing party user devices;
  
  divide the transaction request into subtransaction authorization requests and send them to the plurality of authoring party user devices;
  
  receive responses for the subtransaction authorization requests from at least one of the plurality of authorizing party user devices;
  
  andcomplete the transaction by approving the transaction based on the authorization requirement having been met.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The server of claim 8, wherein the predetermined criteria is receipt of the approvals from more than half of the plurality of authorizing party devices.
  - 10. The server of claim 8, wherein the predetermined criteria receipt of an approval from at least one of the plurality of authorizing party devices.
  - 11. The server of claim 8, wherein the predetermined criteria is receipt of an approvals from at least one of the plurality of authorizing party devices and no receipt of a rejection.
  - 12. The server of claim 8, wherein the subtransaction authorization requests are sent in a reverse sequence with the senior authorizing party receiving the substransaction authorization request after approvals have been received from more junior authorizing parties.
  - 13. The server of claim 8, wherein the predetermined criteria is receipt of an approval from at least one of the plurality of authorizing party devices and a rejection from at least one of the plurality of authorizing party devices.
  - 14. The server of claim 8, further comprising:
    - a sixth policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on context of at least one of the plurality of authorizing party user devices.
  - 15. The server of claim 8, further comprising:
    - a sixth policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on location of at least one of the plurality of authorizing party user devices.
  - 16. The server of claim 8, wherein the transaction is at least one of a monetary transaction.
  - 17. The server of claim 8, wherein the transaction is an attempt to access a physical location.
  - 18. The server of claim 8, wherein the transaction is an attempt to utilize personal information.
  - 19. The server of claim 8, wherein the transaction is an attempt to access electronic data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureAuth Incorporated
Original Assignee
Acceptto Corporation
Inventors
Shahidzadeh, Nahal, Akkary, Haitham
Primary Examiner(s)
Lwin, Maung T

Application Number

US15/682,377
Time in Patent Office

470 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/401   Transaction verification

G06Q 20/4014   Identity check for transact...

G06Q 20/405   Establishing or using trans...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Authentication policy orchestration for a user device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication policy orchestration for a user device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links