Systems and methods to authenticate users and/or control access made by users on a computer network using identity services
First Claim
1. A controller for user authentication and access control, the controller comprising:
- at least one microprocessor;
a network interface controlled by the at least one microprocessor to communicate over a computer network with;
at least one computing site, and at least one identity service, wherein the identity service stores identification information of a user and is configured to communicate with the user for identity protection; and
memory coupled with the at least one microprocessor and storing;
graph data representing a graph having;
nodes representing data associated with access tokens used in connecting to a network, andlinks among the nodes representing connections between the data elements derived from the data associated with the access tokens; and
instructions which, when executed by the at least one microprocessor, cause the controller to;
receive, from the computing site, input data specifying details of an access made using a new access token;
determine, from the input data;
a device identity representing a user device from which the access is made using the new access token, and a user identity representing the user who uses the user device to make the access using the new access token;
update the graph according to the input data, the updating the graph comprising inserting a new node into the graph using the device identity or user identity and connecting the new node to an existing node in the graph via a new connection and based on data associated with the new access token;
transmit a query over the network to the identity service, the query causing the identity service to verify association of data elements corresponding to the connection identified in the graph;
receive, over the network and from the identity service, a validation responsive to the query; and
process, based on the validation, the access made using the new access token.
6 Assignments
0 Petitions
Accused Products
Abstract
A controller for user authentication and access control, configured to: store data representing a graph having: nodes representing data elements associated with accesses made using an access token; and links among the nodes representing connections between the data elements identified in details of the accesses. In response to receiving details of an access made using the access token, the controller updates the graph according to the details and identifies a new connection in the graph resulting from update. The controller communicates with an identity service to verify the association of data elements corresponding to the new connection in the graph. Based on a result of the verification, the controller authenticates the user of the access and/or controls the access.
113 Citations
20 Claims
-
1. A controller for user authentication and access control, the controller comprising:
-
at least one microprocessor; a network interface controlled by the at least one microprocessor to communicate over a computer network with;
at least one computing site, and at least one identity service, wherein the identity service stores identification information of a user and is configured to communicate with the user for identity protection; andmemory coupled with the at least one microprocessor and storing; graph data representing a graph having; nodes representing data associated with access tokens used in connecting to a network, and links among the nodes representing connections between the data elements derived from the data associated with the access tokens; and instructions which, when executed by the at least one microprocessor, cause the controller to; receive, from the computing site, input data specifying details of an access made using a new access token; determine, from the input data;
a device identity representing a user device from which the access is made using the new access token, and a user identity representing the user who uses the user device to make the access using the new access token;update the graph according to the input data, the updating the graph comprising inserting a new node into the graph using the device identity or user identity and connecting the new node to an existing node in the graph via a new connection and based on data associated with the new access token; transmit a query over the network to the identity service, the query causing the identity service to verify association of data elements corresponding to the connection identified in the graph; receive, over the network and from the identity service, a validation responsive to the query; and process, based on the validation, the access made using the new access token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer storage medium storing instructions which, when executed by a controller, cause the controller to perform a method for user authentication and access control, the method comprising:
-
storing, in the controller coupled to a network, graph data representing a graph having; nodes representing data associated with access tokens used in connecting to a network, and links among the nodes representing connections between the data elements derived from the data associated with the access tokens; receiving, in the controller over the network from the computing site, input data specifying details of an access made using a new access token; determining, by the controller, from the input data; a device identity representing a user device from which the access is made using the new access token, and a user identity representing the user who uses the user device to make the access using the new access token; updating, by the controller, the graph according to the input data, the updating the graph comprising inserting a new node into the graph using the device identity or user identity and connecting the new node to an existing node in the graph via a new connection and based on data associated with the new access token; transmitting, by the controller over the network to an identity service storing identification information of a user and configured to communicate with the user for identity protection, a query over the network to the identity service, the query causing the identity service to verify association of data elements corresponding to the connection identified in the graph; receiving, in the controller over the network and from the identity service, a validation responsive to the query; and processing, by the controller based on the validation, the access made using the new access token.
-
-
18. A method for user authentication and access control, the method comprising:
-
storing, in a controller coupled to a network, graph data representing a graph having; nodes representing data associated with access tokens used in connecting to a network, and links among the nodes representing connections between the data elements derived from the data associated with the access tokens; receiving, in the controller over the network from the computing site, input data specifying details of an access made using a new access token; determining, by the controller, from the input data; a device identity representing a user device from which the access is made using the new access token, and a user identity representing the user who uses the user device to make the access using the new access token; updating, by the controller, the graph according to the input data, the updating the graph comprising inserting a new node into the graph using the device identity or user identity and connecting the new node to an existing node in the graph via a new connection and based on data associated with the new access token; transmitting, by the controller over the network to an identity service storing identification information of a user and configured to communicate with the user for identity protection, a query over the network to the identity service, the query causing the identity service to verify association of data elements corresponding to the connection identified in the graph; receiving, in the controller over the network and from the identity service, a validation responsive to the query; and processing, by the controller based on the validation, the access made using the new access token. - View Dependent Claims (19, 20)
-
Specification