Method and apparatus for providing access to an application-resource
First Claim
1. A method for providing access to an application-resource, comprising:
- receiving a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application;
determining an authentication-level required to access the application-resource;
sending the required authentication-level to an authentication-server;
in response to sending the required authentication-level, receiving an authentication-response from the authentication-server;
determining if the authentication-response specifies that the user is authenticated to access the application-resource; and
if so, granting the user access to the application-resource.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that provides access to an application-resource. During operation, the system receives a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application. The system then determines an authentication-level required to access the application-resource. Next, the system sends the required authentication-level to an authentication-server. In response, the system receives an authentication-response from the authentication-server. Next, the system determines if the authentication-response specifies that the user is authenticated to access the application-resource. If so, the system grants the user access to the application-resource.
One embodiment of the present invention provides a system that provides an authentication-token associated with a lower authentication-level in response to an authentication-token associated with a higher authentication-level expiring. Note that the lower authentication-level meets or exceeds a required authentication-level and does not require a user to re-authenticate.
109 Citations
32 Claims
-
1. A method for providing access to an application-resource, comprising:
-
receiving a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application; determining an authentication-level required to access the application-resource; sending the required authentication-level to an authentication-server; in response to sending the required authentication-level, receiving an authentication-response from the authentication-server; determining if the authentication-response specifies that the user is authenticated to access the application-resource; and if so, granting the user access to the application-resource. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing fine-grained multi-level dynamic authentication, comprising:
-
receiving an authentication-request token at an authentication-server, wherein the authentication-request token is received from an application-server; identifying a set of authentication-criteria associated with the authentication-request token; requesting the set of authentication-criteria from a user associated with the authentication-request token to determine a user authentication-level; creating an authentication-token associated with the user authentication-level; and sending the authentication-token to the application-server. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for providing access to an application-resource, wherein the method further comprises:
-
receiving a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application; determining an authentication-level required to access the application-resource; sending the required authentication-level to an authentication-server; in response to sending the required authentication-level, receiving an authentication-response from the authentication-server; determining if the authentication-response specifies that the user is authenticated to access the application-resource; and if so, granting the user access to the application-resource. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for providing fine-grained multi-level dynamic authentication, wherein the method comprises:
-
receiving an authentication-request token at an authentication-server, wherein the authentication-request token is received from an application-server; identifying a set of authentication-criteria associated with the authentication-request token; requesting the set of authentication-criteria from a user associated with the authentication-request token to determine a user authentication-level; creating an authentication-token associated with the user authentication-level; and sending the authentication-token to the application-server. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. An apparatus that provides access to an application-resource, comprising:
-
a receiving mechanism configured to receive a request to access an application-resource associated with an application, wherein the request is received at an application-server that hosts the application; a determination mechanism configured to determine an authentication-level required to access the application-resource; a sending mechanism configured to send the required authentication-level to an authentication-server; the receiving mechanism further configured to receive an authentication-response from the authentication-server; the determination mechanism further configured to determine if the authentication-response specifies that the user is authenticated to access the application-resource; and a granting mechanism configured to grant the user access to the application-resource.
-
-
32. An apparatus that provides fine-grained multi-level dynamic authentication, comprising:
-
a receiving mechanism configured to receive an authentication-request token at an authentication-server, wherein the authentication-request token is received from an application-server; an identification mechanism configured to identify a set of authentication-criteria associated with the authentication-request token; a requesting mechanism configured to request the set of authentication-criteria from a user associated with the authentication-request token to determine a user authentication-level; a creation mechanism configured to create an authentication-token associated with the user authentication-level; and a sending mechanism configured to send the authentication-token to the application-server.
-
Specification