DYNAMIC USER AUTHENTICATION FOR ACCESS TO ONLINE SERVICES
First Claim
1. A computer-implemented method for authenticating a user for access to an online service using a variable authentication type, the method comprising:
- receiving from an online service an authentication request that includes user identity information and an indication of the online service that submitted the request;
determining one or more authentication criteria to use to authenticate the identified user;
sending to the online service an authentication response that requests satisfaction of the determined authentication criteria by the user;
receiving from the online service a verification request that includes user identity information and a response to the authentication criteria;
validating the information received in the verification request to determine whether a user requesting access is the user identified by the user identity information;
upon determining that the information received in the verification request matches one or more expected answers, sending to the online service a verification response indicating that the access request is allowed,wherein the preceding steps are performed by at least one processor.
2 Assignments
0 Petitions
Accused Products
Abstract
A dynamic authentication system that makes authentication stronger, while reducing the cost to business and the burden to users. The system includes a service that provides centralized, non-federated, proxied authentication. The system uses a two-pass authentication process that first receives a supposed identity of the user and then determines one or more authentication criteria for proving that supposed identity. When the user attempts to use an online service that relies on the dynamic authentication system for authentication, the service requests the user'"'"'s identity. The system dynamically determines authentication criteria for the user to prove the provided identity belongs to the user. In the second pass, the service receives a response from the user containing additional authentication information, and forwards the received response to the system for verification. If verification succeeds, the service allows the user to access the requested resources.
185 Citations
20 Claims
-
1. A computer-implemented method for authenticating a user for access to an online service using a variable authentication type, the method comprising:
-
receiving from an online service an authentication request that includes user identity information and an indication of the online service that submitted the request; determining one or more authentication criteria to use to authenticate the identified user; sending to the online service an authentication response that requests satisfaction of the determined authentication criteria by the user; receiving from the online service a verification request that includes user identity information and a response to the authentication criteria; validating the information received in the verification request to determine whether a user requesting access is the user identified by the user identity information; upon determining that the information received in the verification request matches one or more expected answers, sending to the online service a verification response indicating that the access request is allowed, wherein the preceding steps are performed by at least one processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for providing a hosted authentication service to multiple online resources, the system comprising:
-
a processor and memory configured to execute software instructions embodied in the following components; an account creation component configured to receive user information and create an account for the user; a user data store configured to store user information about users of the system; an authentication request component configured to receive first requests from online services from users attempting to access the online services, wherein the requests include user identity information; an authentication criteria component configured to determine one or more authentication criteria for proving a user'"'"'s identity in response to a received authentication request, and provide a response to each received request based on the determined authentication criteria; and a verification request component configured to receive second requests from online services from users attempting to access the online services, wherein the requests include user responses to the determined authentication criteria. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-readable storage medium comprising instructions for controlling a computer system to access a hosted authentication provider for authenticating access to an online service, wherein the instructions, upon execution, cause a processor to perform actions comprising:
-
receiving from a user a request to access the online service; sending an authentication request to the hosted authentication provider, wherein the request identifies the user and requests one or more authentication methods for verifying the user'"'"'s identity; receiving from the hosted authentication provider one or more user interface elements to receive information from the user to respond to one or more authentication methods identified by the hosted authentication provider; providing the received user interface elements for display to the user; receiving from the user authentication information through the displayed user interface elements; sending to the hosted authentication provider a verification request that includes the authentication information received from the user; and receiving from the hosted authentication provider a verification response that indicates whether the authentication information provided by the user was sufficient to prove the user'"'"'s identity.
-
Specification