Authentication policy orchestration for a user device
First Claim
1. A server comprising:
- a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol;
at least one hardware processor of a plurality of hardware processors configured to;
implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices;
obtain, from a client device via the network, a transaction request for a transaction;
determine an authorization requirement for the transaction request based on the authorization policies as follows;
a first policy of the authorization policies being configurable by the relying party policy engine but not the authorizing policy engine;
a second policy of the authorization policies being configurable by the authorizing policy engine;
a third policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on a predetermined distance of the client device to at least one of the authorizing party user devices; and
a fourth policy of the authorization policies based on a habit of at least one of the authorizing party user devices;
obtain for the relying party policy engine a status of the plurality of the authorizing party user devices;
provide a notification of the transaction and an associated transaction context to at least one of the plurality of authorizing party user devices;
divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices;
receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and
complete the transaction by approving the transaction based on the authorization requirement having been met.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.
73 Citations
19 Claims
-
1. A server comprising:
-
a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol; at least one hardware processor of a plurality of hardware processors configured to; implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices; obtain, from a client device via the network, a transaction request for a transaction; determine an authorization requirement for the transaction request based on the authorization policies as follows; a first policy of the authorization policies being configurable by the relying party policy engine but not the authorizing policy engine; a second policy of the authorization policies being configurable by the authorizing policy engine; a third policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on a predetermined distance of the client device to at least one of the authorizing party user devices; and a fourth policy of the authorization policies based on a habit of at least one of the authorizing party user devices; obtain for the relying party policy engine a status of the plurality of the authorizing party user devices; provide a notification of the transaction and an associated transaction context to at least one of the plurality of authorizing party user devices; divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices; receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and complete the transaction by approving the transaction based on the authorization requirement having been met. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A server comprising:
-
a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol; at least one hardware processor of a plurality of hardware processors configured to; implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine; obtain, from a client device via the network, a transaction request for a transaction; determine an authorization requirement for the transaction request based on the authorization policies as follows; a first policy of the authorization policies being configurable by the relying party policy engine but not the authorizing policy engine; a second policy of the authorization policies being configurable by the authorizing policy engine; a third policy of the authorization policies being configurable by the relying party policy engine or the authorizing policy engine and being based on a predetermined distance of the client device to at least one of a plurality of authorizing party user devices; a fourth policy of the authorization policies based on a habit of at least one of the plurality of authorizing party user devices; and a fifth policy of the authorization policies based on predetermined criteria regarding the number of approvals and rejections received from the plurality of authorizing party devices; obtain for the relying party policy engine a status of the plurality of the authorizing party user devices; provide a notification of the transaction and an associated transaction context to the plurality of authorizing party user devices; divide the transaction request into subtransaction authorization requests and send them to the plurality of authoring party user devices; receive responses for the subtransaction authorization requests from at least one of the plurality of authorizing party user devices; and complete the transaction by approving the transaction based on the authorization requirement having been met. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification