Method and apparatus for enabling a user to select an authentication method

US 20020087894A1
Filed: 12/27/2001
Published: 07/04/2002
Est. Priority Date: 01/03/2001
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating the selection of at least one authentication method for accessing a restricted service, comprising the steps of:

enabling a user to select a method of authentication for access to the restricted service, wherein the restricted service requires a method of authentication in order to gain access to the restricted service; and

registering the user selected method of authentication which facilitates the user'"'"'s ability for gaining access to the restricted service.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user'"'"'s selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service.

Citations

26 Claims

1. A method for facilitating the selection of at least one authentication method for accessing a restricted service, comprising the steps of:
- enabling a user to select a method of authentication for access to the restricted service, wherein the restricted service requires a method of authentication in order to gain access to the restricted service; and
  
  registering the user selected method of authentication which facilitates the user'"'"'s ability for gaining access to the restricted service.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the method of authentication includes at least one of user identification and password, user identification and pass-phrase, smart card and PIN, smart card and digital certificate, biometrics, sound verification, radio frequency and password, infrared and password, and palm pilot and digital certificate.
  - 3. The method of claim 1, further comprising the step of enabling the user to select more than one method of authentication for access to the restricted service.
  - 4. The method of claim 1, further comprising the step of registering the user selected method of authentication as a minimum level of security for authentication for the user.

5. A method for facilitating a user'"'"'s selection of a minimum security level for authentication for a login into a system, comprising the steps of:
- querying the user to select at least one level of security for authentication by presenting a dialog box to the user;
  
  enabling the user to submit a user selected level of security for authentication into the system by entering the user selected level of security for authentication into the dialog box such that a predetermined security level for authentication is selected by the user; and
  
  registering the user selected level of security for authentication into the system such that the system may authenticate the user based on the predetermined security level for authentication.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, wherein the predetermined security level for authentication includes at least one of user identification and password, user identification and pass-phrase, smart card and PIN, smart card and digital certificate, biometrics, sound verification, radio frequency and password, infrared and password, and palm pilot and digital certificate.
  - 7. The method of claim 5, further comprising the step of enabling the user to select a plurality of predetermined security levels with the system.

8. A method for facilitating a host'"'"'s determination of a minimum security level for authentication of a user based on predetermined characteristics, comprising the steps of:
- checking for a cookie residing on the user'"'"'s computing unit, wherein the host reads the preference set in the cookie;
  
  identifying the user, if the preference set includes information regarding the minimum level of security for authentication of the user; and
  
  enabling the user to register with the host and select an authentication method, if the preference set does not include information regarding the minimum level of security for authentication of the user.
- View Dependent Claims (9, 10)
- - 9. The method of claim 8, further comprising the step of authorizing the user to access a restricted service controlled by the host.
  - 10. The method of claim 8, further comprising the step of enabling the user to gain access to a restricted service upon validating the user'"'"'s selected authentication method.

11. A method for facilitating the determination of the authentication method pre-set by the user in a system, comprising the steps of:
- retrieving a user preference from the system, wherein the user preference indicates at least one authentication method pre-set by the user;
  
  prompting the user to input data into the system in connection with the user'"'"'s pre-set authorization method;
  
  accepting data from the user into the system in connection with the user'"'"'s pre-set authorization method; and
  
  verifying the user'"'"'s pre-set authorization method based on the data input into the system by the user.
- View Dependent Claims (12, 18, 20)
- - 12. The method of claim 11, wherein the authentication method pre-set by the user includes at least one of user identification and password, user identification and pass-phrase, smart card and PIN, smart card and digital certificate, biometrics, sound verification, radio frequency and password, infrared and password, and palm pilot and digital certificate.
  - 18. The authentication method system of claim 17, wherein the authentication method includes at least one of user identification and password, user identification and pass-phrase, smart card and PIN, smart card and digital certificate, biometrics, sound verification, radio frequency and password, infrared and password, and palm pilot and digital certificate.
  - 20. The authentication method system of claim 19, wherein the user selected method of authentication includes at least one of user identification and password, user identification and pass-phrase, smart card and PIN, smart card and digital certificate, biometrics, sound verification, radio frequency and password, infrared and password, and palm pilot and digital certificate.

13. A method for facilitating a user'"'"'s selection of at least one authentication method, comprising the steps of:
- requesting data in connection with the user via a web server;
  
  receiving data in connection with the user via the web server, wherein the data includes information regarding the user selected authentication method for accessing a restricted service;
  
  transmitting the data having information regarding the user selected authentication method from the web server to a security server and an application server; and
  
  registering the user selected authentication method by transmitting the data from the application server to one or more database servers via a communication channel.

14. A computer implemented method for facilitating a user'"'"'s selection of at least one authentication method, comprising the steps of:
- obtaining data on the user, wherein the user submits the data via a communication channel to an authentication method system having a memory and a processor;
  
  storing the data in the memory and using the processor to configure the data for registering a user selected authentication method in the authentication method system; and
  
  registering a user selected authentication method in the authentication method system.

15. A method for facilitating a user'"'"'s selection of at least one authentication method, comprising the steps of:
- receiving a request for data from an authentication method system;
  
  submitting data to the authentication method system via a communication channel coupled to the authentication method system, wherein the user selects an authentication method by submitting data into the authentication method system; and
  
  registering the user'"'"'s selected authentication method in the authentication method system.

16. A method for facilitating a user'"'"'s selection of at least one authentication method, comprising the steps of:
- submitting data in connection with a user to an authentication method system;
  
  obtaining data on the user into the authentication method system;
  
  registering the user with the authentication method system, wherein the user indicates a predetermined authentication method for the user; and
  
  requiring the predetermined authentication method for the user to access a restricted service.

17. An authentication system, comprising:
- a host server configured for processing data in connection with a user;
  
  a database coupled to the host server, said database configured for collecting data on the user where the data includes information in connection with an authentication method for gaining access to a restricted service, wherein the user selects the authentication method; and
  
  a communication channel coupled between the host server, the database, and at least one user, said communication channel configured for transmitting at least a portion of the data from the user to at least one of the host server and the database, wherein the user becomes registered in the authentication method system.

19. An authentication system, comprising:
- a database for receiving data on at least one user;
  
  a processor coupled to the database for configuring the data in a format;
  
  a communication means in communication with the database and the processor for transmitting the data from at least one user to the database and the processor, wherein the data includes a user selected method of authentication such that the user may register the user selected method of authentication into the authentication method system; and
  
  the user becomes registered into the authentication method system upon transmitting the data to the database and processor.

21. An authentication system, comprising:
- a host server including a processor for processing data in connection with a user;
  
  a memory coupled to the processor for storing the data;
  
  an input digitizer coupled to the memory and the processor for inputting the data into the memory; and
  
  an application program stored in the memory and accessible by the processor for directing processing of the data by the processor, wherein the application program is configured to;
  
  obtain data on the user, wherein the user submits the data to the host server via a communication channel;
  
  store the data in the memory and use the processor to configure the data to indicate a user selected method of authentication; and
  
  register the user selected method of authentication with the host server.
- View Dependent Claims (22, 24, 26)
- - 22. The authentication method system of claim 21, wherein the user selected method of authentication includes at least one of user identification and password, user identification and pass-phrase, smart card and PIN, smart card and digital certificate, biometrics, sound verification, radio frequency and password, infrared and password, and palm pilot and digital certificate.
  - 24. The authentication method system of claim 23, wherein the minimum level of security for authentication includes at least one of user identification and password, user identification and pass-phrase, smart card and PIN, smart card and digital certificate, biometrics, sound verification, radio frequency and password, infrared and password, and palm pilot and digital certificate.
  - 26. The authentication method system of claim 25, wherein the minimum level of security for authentication includes at least one of user identification and password, user identification and pass-phrase, smart card and PIN, smart card and digital certificate, biometrics, sound verification, radio frequency and password, infrared and password, and palm pilot and digital certificate.

23. A communication system, comprising:
- a user computing unit, coupled to an authentication method system via a communication channel, for submitting data in connection with the user to the authentication method system; and
  
  at least one user, in communication with the authentication method system, wherein the user selects a minimum level of security for authentication for accessing a restricted service by registering the minimum level of security for authentication in the authentication method system.

25. An authentication system, comprising:
- a browser for submitting data to a web server, wherein the browser and the web server communicate via a communication channel and the data submitted to the web server includes information in connection with a user selected minimum level of security for authentication for accessing a restricted service;
  
  an application server coupled to the web server via a second communication channel for retrieving data from the web server and registering the minimum level of security for authentication in the application server; and
  
  a database coupled to the application server via a third communication channel for receiving, storing, and submitting data to and from the application server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Johnson, Rick D., Foley, James M., Nambiar, Anant

Granted Patent

US 7,941,669 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/105   Multiple levels of security

H04L 63/205   involving negotiation or de...

Method and apparatus for enabling a user to select an authentication method

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enabling a user to select an authentication method

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links