Incorporating multiple authentication systems and protocols in conjunction

US 10,541,813 B2
Filed: 05/08/2017
Issued: 01/21/2020
Est. Priority Date: 05/09/2016
Status: Active Grant

First Claim

Patent Images

1. An authentication method, incorporating a combination of a plurality of authentication systems, comprising:

determining, by a centralized authentication system, a desired level of assurance based on an application;

determining, by the centralized authentication system, at least one acceptable authentication system according to the desired level of assurance;

capturing, by the centralized authentication system, authentication data from a user device;

comparing, by the centralized authentication system, the authentication data from the user device to data stored in a network server; and

verifying, by the centralized authentication system, a user identity based on whether the authentication data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system,wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, andwherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.

14 Citations

View as Search Results

16 Claims

1. An authentication method, incorporating a combination of a plurality of authentication systems, comprising:
- determining, by a centralized authentication system, a desired level of assurance based on an application;
  
  determining, by the centralized authentication system, at least one acceptable authentication system according to the desired level of assurance;
  
  capturing, by the centralized authentication system, authentication data from a user device;
  
  comparing, by the centralized authentication system, the authentication data from the user device to data stored in a network server; and
  
  verifying, by the centralized authentication system, a user identity based on whether the authentication data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system,wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, andwherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system.
- View Dependent Claims (2, 3, 4)
- - 2. The authentication method of claim 1, wherein, after verifying, by the centralized authentication system, the user identity based on whether the data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system, the method further comprises,when the user identity is verified by the centralized authentication system, granting, by an authorization server, a token granting access;
    - andassociating the token with a user device identity.
  - 3. The authentication method of claim 1, wherein, after verifying, by the centralized authentication system, the user identity based on whether the data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system, the method further compriseswhen the user identity is verified by the centralized authentication system, granting, by the centralized authentication system, a token which can be validated.
  - 4. The authentication method of claim 3, wherein, after verifying, by the centralized authentication system, the user identity based on whether the data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system, the method further compriseswhen the user identity is verified by the centralized authentication system, signing, by the centralized authentication system, a token which can be validated, wherein the trusted user identity is embedded in the token.

5. A registration method incorporating multiple authentication systems, the method comprising,establishing, by a centralized authentication system, a user identity;
- determining, by a centralized authentication system, a desired level of assurance based on an application;
  
  determining, by the centralized authentication system, at least one acceptable authentication system according to the desired level of assurance;
  
  capturing, by the centralized authentication system, authentication data from a user device;
  
  comparing, by the centralized authentication system, the authentication data from the user device to data stored in a network server; and
  
  determining, by the centralized authentication system, whether the user identity and user device identity correspond to a new user based on whether the authentication data from the user device matches an existing user identity in the data stored in the network server; and
  
  when the user identity and user device identity correspond to a new user, registering the user identity and user device identity in the data stored in the network server; and
  
  when the user identity and user device identity do not correspond to a new user, registering the user identity and user device identity in the data stored in the network server, and associating the user identity and user device identity with the matching existing user identity in the data stored in the network server,wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, andwherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system.
- View Dependent Claims (6, 7, 8)
- - 6. The registration method of claim 5, whereinthe establishing, by the centralized authentication, the user identity comprises one of:
    - registering, by the centralized authentication system, a user identity based a registration policy, wherein the registration policy is based on at least one of an application and an organization, andreceiving, by the centralized authentication system, a user identity previously authenticated at the level of assurance required by the registration policy.
  - 7. The registration method of claim 5, whereinthe establishing, by the centralized authentication system, the user identity comprises:
    - obtaining, from a third party platform, a trusted user identity.
  - 8. The registration method of claim 5, wherein when a registered user with a registered user identity in the data stored in the network server requests a transfer to a new user device, the method further comprises:
    - generating, by the centralized authentication system, a one-time use registration token on a previously-registered user device;
      
      transferring the one time registration token to the new user device;
      
      capturing, by the centralized authentication system, authentication data from the new user device, wherein the authentication data comprises a user identity and user device identity of the new user device; and
      
      registering, by the centralized authentication system, the user identity and user device identity of the new user device in the data stored in the network server, and associating the user identity and the user device identity of the new user device with the registered user identity in the data stored in the network server.

9. A centralized authentication system apparatus comprising a processor;
- and a non-transitory computer-readable storage medium including computer-executable instructions executed by the processor to perform operations comprising;
  
  determining a desired level of assurance based on an application;
  
  determining at least one acceptable authentication system according to the desired level of assurance;
  
  capturing authentication data from a user device;
  
  comparing the authentication data from the user device to data stored in a network server; and
  
  verifying a user identity based on whether the authentication data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system,wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, andwherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system.
- View Dependent Claims (10, 11, 12)
- - 10. The centralized authentication system apparatus of claim 9, wherein, after verifying the user identity based on whether the data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system, the operations further comprise,when the user identity is verified, granting, by an authorization server, a token granting access;
    - andassociating the token with a user device identity.
  - 11. The centralized authentication system apparatus of claim 9, wherein, after verifying the user identity based on whether the data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system, the operations further comprisewhen the user identity is verified, granting a token which can be validated.
  - 12. The centralized authentication system apparatus of claim 11, wherein, after verifying the user identity based on whether the data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system, the operations further comprisewhen the user identity is verified, signing a token which can be validated, wherein the trusted user identity is embedded in the token.

13. A centralized authentication system apparatus comprising a processor;
- and a non-transitory computer-readable storage medium including computer-executable instructions executed by the processor to perform operations comprising;
  
  establishing a user identity;
  
  determining a desired level of assurance based on an application;
  
  determining at least one acceptable authentication system according to the desired level of assurance;
  
  capturing authentication data from a user device;
  
  comparing the authentication data from the user device to data stored in a network server; and
  
  determining whether the user identity and user device identity correspond to a new user based on whether the authentication data from the user device matches an existing user identity in the data stored in the network server; and
  
  when the user identity and user device identity correspond to a new user, registering the user identity and user device identity in the data stored in the network server; and
  
  when the user identity and user device identity do not correspond to a new user, registering the user identity and user device identity in the data stored in the network server, and associating the user identity and user device identity with the matching existing user identity in the data stored in the network server,wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, andwherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system.
- View Dependent Claims (14, 15, 16)
- - 14. The centralized authentication system apparatus of claim 13, whereinthe establishing the user identity comprises one of:
    - registering a user identity based a registration policy, wherein the registration policy is based on at least one of an application and an organization, andreceiving a user identity previously authenticated at the level of assurance required by the registration policy.
  - 15. The centralized authentication system apparatus of claim 13, wherein the establishing the user identity comprises:
    - obtaining, from a third party platform, a trusted user identity.
  - 16. The centralized authentication system apparatus of claim 13, wherein when a registered user with a registered user identity in the data stored in the network server requests a transfer to a new user device, the operations further comprise:
    - generating a one-time use registration token on a previously-registered user device;
      
      transferring the one time registration token to the new user device;
      
      capturing authentication data from the new user device, wherein the authentication data comprises a user identity and user device identity of the new user device; and
      
      registering the user identity and user device identity of the new user device in the data stored in the network server, and associating the user identity and the user device identity of the new user device with the registered user identity in the data stored in the network server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aetna Incorporated (CVS Health Corporation)
Original Assignee
Aetna Incorporated (CVS Health Corporation)
Inventors
Jain, Salil Kumar, Barbir, Abbie, Tran, Sylvan, Marehalli, Jay, Swift, Derek
Primary Examiner(s)
Pyzocha, Michael
Assistant Examiner(s)
Tafaghodi, Zoha Piyadehghibi

Application Number

US15/589,252
Publication Number

US 20170323094A1
Time in Patent Office

988 Days
Field of Search

713159
US Class Current
CPC Class Codes

G06F 21/45   Structures or tools for the...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/08   for authentication of entit...

H04L 9/0891   Revocation or update of sec...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04W 12/06   Authentication

Incorporating multiple authentication systems and protocols in conjunction

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Incorporating multiple authentication systems and protocols in conjunction

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links