Step-up authentication for single sign-on
First Claim
1. A method for providing step-up authentication in a system providing single-sign on to a plurality of applications on a computing device, comprising:
- receiving a request to authenticate a user of the computing device for a first application using a primary token associated with a single-sign on capability;
determining that the primary token is insufficient to authenticate the user for the first application;
requesting a token agent executing on the computing device to perform a step-up authentication of the user;
updating the primary token to reflect the step-up authentication of the user after receiving an indication of a successful step-up authentication of the user from the token agent;
providing the updated primary token to the computing device;
receiving, from the computing device, a resubmission of the request to authenticate the user for the first application, the resubmitted request including the updated primary token reflecting the step-up authentication; and
transmitting a secondary token to the token agent executing on the computing device based on granting access to the first application, wherein the secondary token authenticates the user for the first application, and wherein granting access to the first application is based on receiving the resubmitted requesting including the updated primary token.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.
19 Citations
19 Claims
-
1. A method for providing step-up authentication in a system providing single-sign on to a plurality of applications on a computing device, comprising:
-
receiving a request to authenticate a user of the computing device for a first application using a primary token associated with a single-sign on capability; determining that the primary token is insufficient to authenticate the user for the first application; requesting a token agent executing on the computing device to perform a step-up authentication of the user; updating the primary token to reflect the step-up authentication of the user after receiving an indication of a successful step-up authentication of the user from the token agent; providing the updated primary token to the computing device; receiving, from the computing device, a resubmission of the request to authenticate the user for the first application, the resubmitted request including the updated primary token reflecting the step-up authentication; and transmitting a secondary token to the token agent executing on the computing device based on granting access to the first application, wherein the secondary token authenticates the user for the first application, and wherein granting access to the first application is based on receiving the resubmitted requesting including the updated primary token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An authentication server, having a hardware processor and a memory store, for providing step-up authentication with single sign-on, the authentication server configured to:
-
receive a request from a computing device to authenticate a user of the computing device for a first application using a primary token associated with a single-sign on capability; determine that the primary token is insufficient to authenticate the user for the first application; request a token agent executing on the computing device to perform a step-up authentication of the user; update the primary token to reflect the step-up authentication of the user after receiving an indication of a successful step-up authentication of the user from the token agent; provide the updated primary token to the computing device; receive, from the computing device, a resubmission of the request to authenticate the user for the first application, the resubmitted request including the updated primary token reflecting the step-up authentication; and transmit a secondary token to the token agent executing on the computing device based on granting access to the first application, wherein the secondary token authenticates the user for the first application, and wherein granting access to the first application is based on receiving the resubmitted requested including the updated primary token. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory, computer-readable medium comprising instruction which, when executed by a processor, provide step-up authentication with single-sign by executing a series of steps comprising:
-
receiving a request to authenticate a user of the computing device for a first application using a primary token associated with a single-sign on capability; determining that the primary token is insufficient to authenticate the user for the first application; requesting a token agent executing on the computing device to perform a step-up authentication of the user; updating the primary token to reflect the step-up authentication of the user after receiving an indication of a successful step-up authentication of the user from the token agent; providing the updated primary token to the computing device; receiving, from the computing device, a resubmission of the request to authenticate the user for the first application, the resubmitted request including the updated primary token reflecting the step-up authentication; and transmitting a secondary token to the token agent executing on the computing device based on granting access to the first application, wherein the secondary token authenticates the user for the first application, and wherein granting access to the first application is based on receiving the resubmitted requesting including the updated primary token. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification