Hierarchical multi-transaction policy orchestrated authentication and authorization
First Claim
1. A server, comprising:
- a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol;
at least one hardware processor of a plurality of hardware processors configured to;
implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices;
obtain, from a client device via the network, a transaction request for a transaction;
determine an authorization requirement for the transaction request based on the authorization policies as follows;
a first policy of the authorization policies being configurable by the relying party policy engine;
a second policy of the authorization policies being configurable by the authorizing policy engine;
a third policy of the authorization policies being configurable by the relying party policy engine or authorizing policy engine and being based on availability of the network; and
a fourth policy of the authorization policies based on a location of at least one of the authorizing party user devices;
obtain for the relying party policy engine a status of the plurality of the authorizing party user devices;
provide a notification of the transaction and an associated transaction context to at least one of the authorizing party user devices;
divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices;
receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and
complete the transaction by approving the transaction based on the authorization requirement having been met.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.
75 Citations
7 Claims
-
1. A server, comprising:
-
a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol; at least one hardware processor of a plurality of hardware processors configured to;
implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices;obtain, from a client device via the network, a transaction request for a transaction; determine an authorization requirement for the transaction request based on the authorization policies as follows; a first policy of the authorization policies being configurable by the relying party policy engine; a second policy of the authorization policies being configurable by the authorizing policy engine; a third policy of the authorization policies being configurable by the relying party policy engine or authorizing policy engine and being based on availability of the network; and a fourth policy of the authorization policies based on a location of at least one of the authorizing party user devices; obtain for the relying party policy engine a status of the plurality of the authorizing party user devices; provide a notification of the transaction and an associated transaction context to at least one of the authorizing party user devices; divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices; receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and complete the transaction by approving the transaction based on the authorization requirement having been met. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification