Authentication system and method
First Claim
1. A computerized method comprising:
- receiving at the processing component, a registration request from the end user;
creating by the processing component a unique registration token;
creating by the processing component a database record including an identifier for the end user and the unique registration token;
providing by the processing component to a registration device a mechanism to access an authentication application for initiating registration of the registration device;
receiving, through the authentication application, from the end user, the identifier for the end user and the unique registration token;
collecting an identifier associated with the registration device;
receiving from the registration device a public key, the public key forming a portion of a cryptographic key pair, the cryptographic key pair being created upon the end user authenticating to the registration device, wherein the registration device stores a private key of the cryptographic key pair;
calculating by the processing component a device authentication weight;
storing in a database by the processing component the public key and the device authentication weight;
receiving at a processing component, from a requesting device operated by an end user, data describing a request to access a computer program;
determining by the processing component whether an existing authentication session for the end user exists;
in accordance with a determination that the existing authentication session for the end user does not exist, prompting the end user to authenticate to the processing component;
in accordance with a determination that the existing authentication session for the end user exists, performing a risk assessment comprising a consideration of one or both of (i) one or more request characteristics associated with the request to access the computer program and (ii) one or more computer program access criteria;
in accordance with a determination that the risk assessment is positive, providing the requesting device with access to the computer program;
in accordance with a determination that the risk assessment is negative, prompting the end user to perform an authentication activity and, in response to receiving data indicating that the end user performed the authentication activity and the authentication activity is successful, establishing a new authentication session for the end user and providing the requesting device with access to the computer program.
1 Assignment
0 Petitions
Accused Products
Abstract
Data describing a request to access a computer program is received at a processing component from a requesting device operated by an end user. The processing component determines whether an existing authentication session for the end user exists. In accordance with a determination that the existing authentication session for the end user does not exist, the end user is prompted to authenticate to the processing component. In accordance with a determination that the existing authentication session for the end user exists, a risk assessment is performed. The risk assessment comprises a consideration of one or both of (i) one or more request characteristics associated with the request to access the computer program and (ii) one or more computer program access criteria. In accordance with a determination that risk assessment is positive, the requesting device is provided with access to the computer program. In accordance with a determination that risk assessment is negative, the end user is prompted to perform an authentication activity. In response to receiving data indicating that the end user performed the authentication activity, and the authentication activity is successful, a new authentication session is established for the end user and the requesting device is provided with access to the computer program.
-
Citations
28 Claims
-
1. A computerized method comprising:
-
receiving at the processing component, a registration request from the end user; creating by the processing component a unique registration token; creating by the processing component a database record including an identifier for the end user and the unique registration token; providing by the processing component to a registration device a mechanism to access an authentication application for initiating registration of the registration device; receiving, through the authentication application, from the end user, the identifier for the end user and the unique registration token; collecting an identifier associated with the registration device; receiving from the registration device a public key, the public key forming a portion of a cryptographic key pair, the cryptographic key pair being created upon the end user authenticating to the registration device, wherein the registration device stores a private key of the cryptographic key pair; calculating by the processing component a device authentication weight; storing in a database by the processing component the public key and the device authentication weight; receiving at a processing component, from a requesting device operated by an end user, data describing a request to access a computer program; determining by the processing component whether an existing authentication session for the end user exists; in accordance with a determination that the existing authentication session for the end user does not exist, prompting the end user to authenticate to the processing component; in accordance with a determination that the existing authentication session for the end user exists, performing a risk assessment comprising a consideration of one or both of (i) one or more request characteristics associated with the request to access the computer program and (ii) one or more computer program access criteria; in accordance with a determination that the risk assessment is positive, providing the requesting device with access to the computer program; in accordance with a determination that the risk assessment is negative, prompting the end user to perform an authentication activity and, in response to receiving data indicating that the end user performed the authentication activity and the authentication activity is successful, establishing a new authentication session for the end user and providing the requesting device with access to the computer program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system comprising:
a processing component configured to; receive at the processing component, a registration request from the end user; create by the processing component a unique registration token; create by the processing component a database record including an identifier for the end user and the unique registration token; provide by the processing component to a registration device a mechanism to access an authentication application for initiating registration of the registration device; receive, through the authentication application, from the end user, the identifier for the end user and the unique registration token; collect an identifier associated with the registration device; receive from the registration device a public key, the public key forming a portion of a cryptographic key pair, the cryptographic key pair being created upon the end user authenticating to the registration device, wherein the registration device stores a private key of the cryptographic key pair; calculate by the processing component a device authentication weight; store in a database by the processing component the public key and the device authentication weight; receive, from a requesting device operated by an end user, data describing a request to access a computer program; determine whether an existing authentication session for the end user exists; in accordance with a determination that the existing authentication session for the end user does not exist, prompt the end user to authenticate to the processing component; in accordance with a determination that the existing authentication session for the end user exists, perform a risk assessment comprising a consideration of one or both of (i) one or more request characteristics and (ii) one or more computer program access criteria; in accordance with a determination that the risk assessment is positive, providing the requesting device with access to the computer program; in accordance with a determination that the risk assessment is negative, prompting the end user to perform an authentication activity and, in response to receiving data indicating that the end user performed the authentication activity and the authentication activity is successful, establishing a new authentication session for the end user and providing the requesting device with access to the computer program.
Specification