SYSTEMS AND METHODS FOR PROVIDING SECURITY TOKEN AUTHENTICATION
First Claim
Patent Images
1. A system for authenticating a security token provided to request access to at least one business application in an enterprise, comprising:
- a plurality of token domains, each token domain operates to authenticate a type of security token;
a lookup database that stores therein a mapping of security tokens to token types and the plurality of token domains;
a user store database that operates to store a user profile that includes the provided security token, a token type of the provided security as provided by the mapping in the lookup database, and a corresponding one of the token domains as also provided by the mapping in the lookup database; and
an authentication broker that operates to receive the provided security token from the at least one business application and to look up the provided security token in the user profile stored in the user store database to identify the token type and the corresponding token domain of the provided token so as to authenticate the provided security token.
1 Assignment
0 Petitions
Accused Products
Abstract
Described herein are systems and methods for centralizing and standardizing implementation of security tokens so as to provide one token per one user for accessing business applications across an enterprise, providing scalability to support authentication of as many enterprise users as desired or needed, and providing a standardized token management interface that supports both pre-binding and post-binding user registration processes and different types of security token.
-
Citations
21 Claims
-
1. A system for authenticating a security token provided to request access to at least one business application in an enterprise, comprising:
-
a plurality of token domains, each token domain operates to authenticate a type of security token; a lookup database that stores therein a mapping of security tokens to token types and the plurality of token domains; a user store database that operates to store a user profile that includes the provided security token, a token type of the provided security as provided by the mapping in the lookup database, and a corresponding one of the token domains as also provided by the mapping in the lookup database; and an authentication broker that operates to receive the provided security token from the at least one business application and to look up the provided security token in the user profile stored in the user store database to identify the token type and the corresponding token domain of the provided token so as to authenticate the provided security token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19, 20, 21)
-
-
8. A method for authenticating a request to access at least one business application [204] in an enterprise, comprising [pre-binding registration]:
-
receiving a request for a security token for authenticating the request to access the at least one business application; creating a unique user identification (UID) for the security-token request; assigning and activating a security token in response to the security-token request, the security token is identified by a unique token identification; looking up the assigned security token and its unique token identification to identify a token type of the assigned security token and an associated token domain for authenticating the assigned security token; storing the UID, the unique token identification, the identified token type, and an identification of the associated token domain in a user profile; receiving the request to access the at least one business application, wherein the request includes the assigned and activated security token; responsive to the request to access, looking up the assigned and activated security token and its unique token identification in the user profile to identify the token type and the associated token domain of the assigned and activated security token; invoking an authentication plug-in particular to the identified token type to connect to the associated token domain based on the identification of the associated token domain in the user profile; and authenticating the assigned and activated security token with the associated token domain as connected to by the authentication plug-in. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for authenticating a request to access at least one business application in an enterprise, comprising [post-binding registration]:
-
receiving a request to activate a previously-obtained security token for authenticating the request to access the at least one business application, the request includes a unique token identification of the previously-obtained security token; activating the previously-obtained security token; looking up the previously-obtained security token and its unique token identification to identify a token type of the previously-obtained security token and an associated token domain for authenticating the previously-obtained security token; storing the UID, the unique token identification, the identified token type, and an identification of the associated token domain in a user profile; receiving the request to access the at least one business application, wherein the request includes the previously-obtained security token; responsive to the request to access, looking up the previously-obtained security token and its unique token identification in the user profile to identify the token type and the associated token domain of the previously-obtained security token; invoking an authentication plug-in particular to the identified token type to connect to the associated token domain based on the identification of the associated token domain in the user profile; and authenticating the previously-obtained security token with the associated token domain as connected to by the authentication plug-in. - View Dependent Claims (17, 18)
-
Specification