Method for authenticating a user to a service of a service provider
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, devices, and computer programs for an authentication of a user to a service of a service provider (SP) are disclosed. Access for the user to the service of the service provider (SP) is requested. One or more authentication security profiles are selected by the service provider SP) for specifying an authentication security requirement of the service provider (SP) for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider (IdP1) are sent from the service provider (SP) to the identity provider (IdP1) for requesting the authentication of the user by the identity provider (IdP1). The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider (SP) is sent to the service provider (SP).
412 Citations
68 Claims
-
1-34. -34. (canceled)
-
35. A method for an authentication of a user to a service of a service provider, comprising the steps of:
-
requesting access for the user to the service of the service provider;
selecting by the service provider one or more authentication security profiles comprising at least one security attribute for specifying an authentication security requirement for the authentication of the user to the service;
sending an indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider for requesting the authentication of the user by the identity provider;
authenticating the user based on the user identity and one of the one or more selected authentication security profiles; and
,sending an assertion indicating the authentication of the user to the service provider. - View Dependent Claims (36, 37, 38, 39, 40, 41, 43, 44, 45, 46, 47, 67, 68)
-
-
42. A method for an authentication of a user to a service of a service provider, comprising the steps of:
-
requesting access for the user to the service of the service provider;
sending a user identity identifying the user to an identity provider for requesting the authentication of the user by the identity provider;
authenticating the user based on the user identity and an authentication security profile comprising at least one security attribute;
sending an assertion indicating the authentication of the user to the service provider, the assertion being supplemented by an indication of the authentication security profile; and
,checking by the service provider the indicated authentication security profile for acceptance.
-
-
48. A device associated to a service provider, the device comprising a receiving unit for receiving messages, a transmitting unit for sending messages, and a processing unit for processing messages and information, wherein the device is adapted to:
-
receive a request for access of a user to a service of the service provider;
select one or more authentication security profiles comprising at least one security attribute for specifying an authentication security requirement for an authentication of the user to the service;
send an indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider for requesting the authentication of the user by the identity provider; and
,to receive an assertion indicating the authentication of the user by the identity provider. - View Dependent Claims (49, 50, 51, 52, 54, 55, 56, 57, 58)
-
-
53. A device associated to a service provider, the device comprising a receiving unit for receiving messages, a transmitting unit for sending messages, and a processing unit for processing messages and information, wherein the device is adapted to:
-
receive a request for access of a user to a service of the service provider;
send a user identity identifying the user to an identity provider for requesting an authentication of the user by the identity provider;
receive an assertion indicating the authentication of the user from the identity provider, the assertion being supplemented by an indication of the authentication security profile comprising at least one security attribute; and
,check the indicated authentication security profile for acceptance.
-
-
59. A device associated to an identity provider, the device comprising a receiving unit for receiving messages, a transmitting unit for sending messages, and a processing unit for processing messages and information, wherein the device is adapted to:
-
receive a request for an authentication of a user, the request comprising a user identity identifying the user to the identity provider and an indication for one or more authentication security profiles comprising at least one security attribute specifying an authentication security requirement of the service provider for the authentication of the user to a service of the service provider;
authenticate the user based on the user identity and one of the one or more authentication security profiles; and
,send an assertion indicating to the service provider the authentication of the user. - View Dependent Claims (60, 61, 62, 63, 64, 66)
-
-
65. A device associated to an identity provider, the device comprising a receiving unit for receiving messages, a transmitting unit for sending messages, and a processing unit for processing messages and information, wherein the device is adapted to:
-
receive a request for an authentication of a user, the request comprising a user identity identifying the user to the identity provider;
authenticate the user based on the user identity and an authentication security profile comprising at least one security attribute; and
,send an assertion indicating to the service provider the authentication of the user, the assertion being supplemented by an indication of the authentication security profile based on which the authentication of the user is executed.
-
Specification