Identity authentication portfolio system
First Claim
1. A method of providing an authentication service, comprising:
- relating a user identity to a set of a plurality of authentication mechanisms;
relating a type of transaction with a relying party to a level of authentication; and
authenticating the user identity through at least one authentication mechanism in the set of the plurality of authentication mechanisms for the type of transaction, according to the level of authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems for providing an authentication service through a number of authentication mechanisms associated with each user. Lists of the authentication mechanisms associated with each user are stored in a set of portfolios, one portfolio for each user. Authentication mechanisms include laptops, PCs, biometric input devices, smart card readers, proximity badge readers, magnetic stripe readers, and the like. The systems have various configurations of registration servers, authentication servers, and authorization servers. Methods for providing an authentication service include relating a user identity to a portfolio, relating a type of transaction to a level of authentication, and authenticating the user identity through one or more authentication mechanisms for the type of transaction, according to the level of authentication required.
-
Citations
43 Claims
-
1. A method of providing an authentication service, comprising:
-
relating a user identity to a set of a plurality of authentication mechanisms;
relating a type of transaction with a relying party to a level of authentication; and
authenticating the user identity through at least one authentication mechanism in the set of the plurality of authentication mechanisms for the type of transaction, according to the level of authentication. - View Dependent Claims (2, 3, 4, 5, 6, 12)
-
-
7. A method of syndication, comprising:
-
offering an authentication service, the authentication service being capable of authenticating a user identity with a plurality of authentication mechanisms, rendering results of the authentication to at least one relying party, and dynamically making an authorization decision; and
distributing the authentication service to the at least one relying party. - View Dependent Claims (8, 9, 10, 11)
-
-
13. A method of registration, comprising:
-
authenticating a user;
determining a level of identity confirmation for a registration;
receiving a new authentication mechanism;
receiving new authentication verification information; and
storing user identity information, the level of identity confirmation, and the new authentication verification information in a database. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method of providing an authentication service, comprising:
-
providing a list of supported authentication methods;
receiving requirements for an authentication level from at least one relying party;
receiving a selection of authentication methods from at least one user;
receiving identification information for the at least one user;
producing a portfolio associated with the at least one user, the portfolio comprising the list of authentication methods, each authentication method in the portfolio meeting the selection of the at least one user, each authentication method in the portfolio supported by an authentication system, the list of authentication methods meeting the requirements for the authentication level from the at least one relying party; and
relating the identification information to the portfolio for the at least one user. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method of authentication, comprising:
-
requesting, by a user to a relying party, a protected service;
sending, by the relying party, a description of the request to an authorization server;
determining, by the authorization server, a first level of assurance;
sending, by the authorization server to an authentication server, the first level of assurance;
requesting, by an authentication server, authentication from the user;
entering, by the user, authentication information into an authentication device;
sending, by the authentication device to the authentication server, authentication information;
verifying, by the authentication server, the authentication information using authentication verification information stored in a portfolio in a database that is associated with the user;
computing, by the authentication server, a second level of assurance;
evaluating whether the second level of assurance is high enough;
sending, by the authentication server to the authorization server, a first success message, upon determining the second level of assurance is high enough;
verifying, by the authorization server, information from the authentication server;
verifying, by the authorization server, that the user is allowed to perform the protected service;
sending, by the authorization server to the relying party, a second success message, upon verification of the information from the authentication server and verification that the user is allowed to perform the protected service; and
providing, by the relying party to the user, the protected service. - View Dependent Claims (42, 43)
-
Specification