Incorporating multiple authentication systems and protocols in conjunction
First Claim
1. An authentication method, incorporating a combination of a plurality of authentication systems, comprising:
- determining, by a centralized authentication system, a desired level of assurance based on an application;
determining, by the centralized authentication system, at least one acceptable authentication system according to the desired level of assurance;
capturing, by the centralized authentication system, authentication data from a user device;
comparing, by the centralized authentication system, the authentication data from the user device to data stored in a network server; and
verifying, by the centralized authentication system, a user identity based on whether the authentication data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system,wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, andwherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.
14 Citations
16 Claims
-
1. An authentication method, incorporating a combination of a plurality of authentication systems, comprising:
-
determining, by a centralized authentication system, a desired level of assurance based on an application; determining, by the centralized authentication system, at least one acceptable authentication system according to the desired level of assurance; capturing, by the centralized authentication system, authentication data from a user device; comparing, by the centralized authentication system, the authentication data from the user device to data stored in a network server; and verifying, by the centralized authentication system, a user identity based on whether the authentication data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system, wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, and wherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system. - View Dependent Claims (2, 3, 4)
-
-
5. A registration method incorporating multiple authentication systems, the method comprising,
establishing, by a centralized authentication system, a user identity; -
determining, by a centralized authentication system, a desired level of assurance based on an application; determining, by the centralized authentication system, at least one acceptable authentication system according to the desired level of assurance; capturing, by the centralized authentication system, authentication data from a user device; comparing, by the centralized authentication system, the authentication data from the user device to data stored in a network server; and determining, by the centralized authentication system, whether the user identity and user device identity correspond to a new user based on whether the authentication data from the user device matches an existing user identity in the data stored in the network server; and when the user identity and user device identity correspond to a new user, registering the user identity and user device identity in the data stored in the network server; and when the user identity and user device identity do not correspond to a new user, registering the user identity and user device identity in the data stored in the network server, and associating the user identity and user device identity with the matching existing user identity in the data stored in the network server, wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, and wherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system. - View Dependent Claims (6, 7, 8)
-
-
9. A centralized authentication system apparatus comprising a processor;
- and a non-transitory computer-readable storage medium including computer-executable instructions executed by the processor to perform operations comprising;
determining a desired level of assurance based on an application; determining at least one acceptable authentication system according to the desired level of assurance; capturing authentication data from a user device; comparing the authentication data from the user device to data stored in a network server; and verifying a user identity based on whether the authentication data from the user device matches the data stored in the network server pertaining to the at least one acceptable authentication system, wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, and wherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system. - View Dependent Claims (10, 11, 12)
- and a non-transitory computer-readable storage medium including computer-executable instructions executed by the processor to perform operations comprising;
-
13. A centralized authentication system apparatus comprising a processor;
- and a non-transitory computer-readable storage medium including computer-executable instructions executed by the processor to perform operations comprising;
establishing a user identity; determining a desired level of assurance based on an application; determining at least one acceptable authentication system according to the desired level of assurance; capturing authentication data from a user device; comparing the authentication data from the user device to data stored in a network server; and determining whether the user identity and user device identity correspond to a new user based on whether the authentication data from the user device matches an existing user identity in the data stored in the network server; and when the user identity and user device identity correspond to a new user, registering the user identity and user device identity in the data stored in the network server; and when the user identity and user device identity do not correspond to a new user, registering the user identity and user device identity in the data stored in the network server, and associating the user identity and user device identity with the matching existing user identity in the data stored in the network server, wherein the data stored in the network server is stored as an individual object data structure comprising a data object header, an organization or application specific user identifier, and registered authentication data pertaining to a plurality of authentication systems, and wherein for each of the plurality of authentication systems, the registered authentication data comprises header information identifying a particular authentication system and registered data used for authentication by the particular authentication system. - View Dependent Claims (14, 15, 16)
- and a non-transitory computer-readable storage medium including computer-executable instructions executed by the processor to perform operations comprising;
Specification