Flexible authentication with multiple levels and factors

US 20040039909A1
Filed: 08/22/2002
Published: 02/26/2004
Est. Priority Date: 08/22/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method to authorize access to an authorizee, comprising:

(a) providing a plurality of authentication levels, wherein each of said plurality of authentication levels comprises one or more authentication factors;

(b) selecting an access authentication level from said plurality of authentication levels; and

(c) requesting from said authorizee to communicate via a portable authentication device said access authentication level in order for said authorizee to be authorized said access.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication system and method are provided that offer greater degree of flexibility in using authentication devices while maintaining a high level of security. Roughly three parts of organization are distinguished. At the first part, an arbiter defines a plurality of authentication levels. Each authentication level distinguishes one or more authentication factors. At the second part, an authorizer selects an access authentication level from the defined plurality of authentication levels. At the third part, it is requested from an authorizee to communicate via a portable authentication device the selected access authentication level in order for the authorizee to be authorized said access. Greater flexibility is provided to an authorizer in selecting an access authentication level within the definitions set by an arbiter. Greater flexibility is provided to an authorizee in allowing modifications to an authentication level and/or authentication factors within the definitions and/or rules set by the arbiter and authorizee.

191 Citations

62 Claims

1. A method to authorize access to an authorizee, comprising:
- (a) providing a plurality of authentication levels, wherein each of said plurality of authentication levels comprises one or more authentication factors;
  
  (b) selecting an access authentication level from said plurality of authentication levels; and
  
  (c) requesting from said authorizee to communicate via a portable authentication device said access authentication level in order for said authorizee to be authorized said access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method as set forth in claim 1, wherein an arbiter defines said plurality of authentication levels.
  - 3. The method as set forth in claim 1, wherein an authorizer selects said access authentication level.
  - 4. The method as set forth in claim 1, wherein an authorizer requests said communication of said access authentication level.
  - 5. The method as set forth in claim 1, wherein said access authentication level is communicated to an authorizer and said authorizer validates said communicated access authentication level.
  - 6. The method as set forth in claim 1, further comprising said authorizee selecting one or more alternative authentication factors, wherein said one or more alternative authentication factors have similar quality of authentication as said one or more authentication factors in said access authentication level.
  - 7. The method as set forth in claim 1, wherein said each of said plurality of authentication levels comprises rules to define one or more alternative authentication factors that need to be communicated by said authorizee when said authorizee fails to successfully communicate said required one or more authentication factors.
  - 8. The method as set forth in claim 1, further comprising processing rules, controlling rules or operating rules.
  - 9. The method as set forth in claim 1, wherein said one or more authentication factors in each of said plurality of authentication levels are of similar quality of authentication.
  - 10. The method as set forth in claim 1, wherein said one or more authentication factors comprises one or more biometric factors, one or more non-biometric factors or a combination of said one or more biometric factors and said one or more non-biometric factors.
  - 11. The method as set forth in claim 1, further comprising said authorizee modifying said access authentication level to a different authentication level, which is selected from said plurality of authentication levels.
  - 12. The method as set forth in claim 1, further comprising said authorizee modifying said one or more authentication factors.
  - 13. The method as set forth in claim 1, further comprising said authorizee adding one or more new authentication factors, wherein said one or more new authentication factors comprises one or more biometric factors, one or more non-biometric factors or a combination of said one or more biometric factors and said one or more non-biometric factors.
  - 14. The method as set forth in claim 1, further comprising said authorizee deleting one or more of said one or more authentication factors.
  - 15. The method as set forth in claim 1, wherein said each of said plurality of authentication levels comprises two or more groups defined by an arbiter wherein each of said two or more groups comprises a different combination of said one or more authentication factors, wherein said combinations represent the same quality of authentication.
  - 16. The method as set forth in claim 1, wherein said authentication levels or said one or more authentication factors comprise an electronic identifiers.
  - 17. The method as set forth in claim 1, further comprising certifying said authentication levels or said one or more authentication factors.
  - 18. The method as set forth in claim 1, further comprising requesting form said authorizes to perform cryptography functions via a portable authentication device on data received in conjunction with said communication.
  - 19. The method as set forth in claim 18, wherein an authorizer requests said performance of cryptography functions.

20. A portable authentication device carried by an authorizes to authorize access to said authorizee, comprising:
- (a) a communication means to receive a request for said authorizee to communicate via said portable authentication device an access authentication level in order for said authorizee to be authorized said access, wherein said access authentication level comprises one or more authentication factors; and
  
  (b) a modifying means to allow said authorizee to modify said access authentication level within a hierarchy of rules.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 21. The portable authentication device as set forth in claim 20, wherein an arbiter defines a plurality of authentication levels and said hierarchy of rules, and an authorizer select said access authentication level from said plurality of authentication levels.
  - 22. The portable authentication device as set forth in claim 20, wherein an authorizer requests said communication of said access authentication level.
  - 23. The portable authentication device as set forth in claim 20, wherein said access authentication level is communicated to an authorizer and said authorizer validates said communicated access authentication level.
  - 24. The portable authentication device as set forth in claim 20, wherein said modifying means comprises selecting means to select one or more alternative authentication factors, wherein said one or more alternative authentication factors have similar quality of authentication as said one or more authentication factors in said access authentication level.
  - 25. The portable authentication device as set forth in claim 20, wherein said one or more authentication factors in each of said plurality of authentication levels are of similar quality of authentication.
  - 26. The portable authentication device as set forth in claim 20, wherein said one or more authentication factors comprises one or more biometric factors, one or more non-biometric factors or a combination of said one or more biometric factors and said one or more non-biometric factors.
  - 27. The portable authentication device as set forth in claim 20, wherein said modifying means allows said authorizee to modify said access authentication level to a different authentication level, which is selected from a plurality of authentication levels.
  - 28. The portable authentication device as set forth in claim 20, wherein said modifying means allows said authorizee to modify said one or more authentication factors.
  - 29. The portable authentication device as set forth in claim 20, wherein said modifying means allows said authorizee to add one or more new authentication factors, wherein said one or more new authentication factors comprises one or more biometric factors, one or more non-biometric factors or a combination of said one or more biometric factors and said one or more non-biometric factors.
  - 30. The portable authentication device as set forth in claim 20, wherein said modifying means allows said authorizee to delete one or more of said one or more authentication factors.
  - 31. The portable authentication device as set forth in claim 20, wherein said each of said plurality of authentication levels comprises two or more groups wherein each of said two or more groups comprises a different combination of said one or more authentication factors, wherein said combinations represent the same quality of authentication.
  - 32. The portable authentication device as set forth in claim 20, wherein said authentication levels or said one or more authentication factors comprise electronic identifiers.
  - 33. The portable authentication device as set forth in claim 20, wherein said authentication levels or said one or more authentication factors are certified.
  - 34. The portable authentication device as set forth in claim 20, further comprising communicating means for communicating said access authentication level and associated data.
  - 35. The portable authentication device as set forth in claim 20, further comprising entering means for entering said one or more authentication factors.
  - 36. The portable authentication device as set forth in claim 20, further comprising scanning means to scan said one or more authentication factors.
  - 37. The portable authentication device as set forth in claim 20, further comprising displaying means to display information to said authorizee.
  - 38. The portable authentication device as set forth in claim 20, further comprising storing means to store said one or more authentication factors.
  - 39. The portable authentication device as set forth in claim 20, wherein said modifying means comprises software means.
  - 40. The portable authentication device as set forth in claim 20, further comprising processing means to perform cryptography functions on data received in conjunction with said communication.
  - 41. The portable authentication device as set forth in claim 40, wherein an authorizer requests said performance of cryptography functions.

42. A system for authorizing access to an authorizee, comprising:
- (a) an arbiter to define a plurality of authentication levels, wherein each of said plurality of authentication levels comprises one or more authentication factors;
  
  (b) an authorizer to select an access authentication level from said plurality of authentication levels;
  
  (c) a portable authentication device carried by said authorizes;
  
  (d) a request for said authorizee from said authorizer to communicate to said authorizer via said portable authentication device said access authentication level in order for said authorizee to be authorized said access, wherein said authorizer validates said communicated access authentication level; and
  
  (e) said portable authentication device comprises modifying means to allow said authorizee to modify said access authentication level.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 43. The system as set forth in claim 42, wherein said modifying means comprises selecting means to select one or more alternative authentication factors, wherein said one or more alternative authentication factors have similar quality of authentication as said one or more authentication factors in said access authentication level.
  - 44. The system as set forth in claim 42, wherein each of said plurality of authentication levels comprises rules to define one or more alternative authentication factors that need to be communicated by said authorizee when said authorizee fails to successfully communicate said required one or more authentication factors.
  - 45. The system as set forth in claim 42, further comprising processing rules, controlling rules or operating rules.
  - 46. The system as set forth in claim 42, wherein said one or more authentication factors in each of said plurality of authentication levels are of similar quality of authentication.
  - 47. The system as set forth in claim 42, wherein said one or more authentication factors comprises one or more biometric factors, one or more non-biometric factors or a combination of said one or more biometric factors and said one or more non-biometric factors.
  - 48. The system as set forth in claim 42, wherein said modifying means allows said authorizee to modify said access authentication level to a different authentication level, which is selected from a plurality of authentication levels.
  - 49. The system as set forth in claim 42, wherein said modifying means allows said authorizee to modify said one or more authentication factors.
  - 50. The system as set forth in claim 42, wherein said modifying means allows said authorizee to add one or more new authentication factors, wherein said one or more new authentication factors comprises one or more biometric factors, one or more non-biometric factors or a combination of said one or more biometric factors and said one or more non-biometric factors.
  - 51. The system as set forth in claim 42, wherein said modifying means allows said authorizee to delete one or more of said one or more authentication factors.
  - 52. The system as set forth in claim 42, wherein said each of said plurality of authentication levels comprises two or more groups wherein each of said two or more groups comprises a different combination of said one or more authentication factors, wherein said combinations represent the same quality of authentication.
  - 53. The system as set forth in claim 42, wherein said authentication levels or said one or more authentication factors comprise electronic identifiers.
  - 54. The system as set forth in claim 42, wherein said authentication levels or one or more authentication factors are certified.
  - 55. The system as set forth in claim 42, wherein said portable authentication device comprises communicating means for communicating said access authentication level and associated data.
  - 56. The system as set forth in claim 42, wherein said portable authentication device comprises entering means for entering said one or more authentication factors.
  - 57. The system as set forth in claim 42, wherein said portable authentication device comprises scanning means to scan said one or more authentication factors.
  - 58. The system as set forth in claim 42, wherein said portable authentication device comprises displaying means to display information to said authorizee.
  - 59. The system as set forth in claim 42, wherein said portable authentication device comprises storing means to store said one or more authentication factors.
  - 60. The system as set forth in claim 42, wherein said portable authentication device comprises comparing means.
  - 61. The system as set forth in claim 42, wherein said portable authentication device comprises cryptography means.
  - 62. The system as set forth in claim 42, wherein said portable authentication device comprises software means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
David Cheng
Original Assignee
David Cheng
Inventors
Cheng, David

Application Number

US10/227,612
Publication Number

US 20040039909A1
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 2221/2113   Multi-level security, e.g. ...

G07C 9/22   in combination with an iden...

Flexible authentication with multiple levels and factors

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

191 Citations

62 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible authentication with multiple levels and factors

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

191 Citations

62 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links