TRUSTED DEVICE-SPECIFIC AUTHENTICATION
First Claim
1. A method of performing multiple-factor authentication of a user within an account network, the method comprising:
- associating a user identifier of user credentials of the user with a device identifier of device credentials employed by the user to access the account network to represent a trust relationship between the user and the device;
evaluating the user credentials and the device credentials to generate verification results; and
providing evidence of identity of the user based on the verification results of both the user credentials and the device credentials to grant a level of privilege, the level of privilege being dependent upon whether the evidence of identity indicates successful verification of the device credentials.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.
-
Citations
20 Claims
-
1. A method of performing multiple-factor authentication of a user within an account network, the method comprising:
-
associating a user identifier of user credentials of the user with a device identifier of device credentials employed by the user to access the account network to represent a trust relationship between the user and the device; evaluating the user credentials and the device credentials to generate verification results; and providing evidence of identity of the user based on the verification results of both the user credentials and the device credentials to grant a level of privilege, the level of privilege being dependent upon whether the evidence of identity indicates successful verification of the device credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more computer-readable storage media having computer-executable instructions for performing a computer process that performs multiple-factor authentication of a user within an account network, the computer process comprising:
-
associating a user identifier of user credentials of the user with a device identifier of device credentials employed by the user to access the account network to represent a trust relationship between the user and the device; evaluating the user credentials and the device credentials to generate verification results; and providing evidence of identity of the user based on the verification results of both the user credentials and the device credentials to grant a level of privilege, the level of privilege being dependent upon whether the evidence of identity indicates successful verification of the device credentials. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A method of authorizing a user with a level of privilege for accessing an account network resource, the method comprising:
-
receiving evidence of identity from a device through which the user is attempting to access the account network resource; interrogating the evidence of identity to determine whether the evidence of identity indicates successful verification of both user credentials of the user and device credentials of the device by an authentication provider trusted by the account network resource; granting a first level of privilege if the evidence of identity indicates successful verification of both the user credentials of the user and the device credentials of the device by the authentication provider; and granting a second level of privilege if the evidence of identity indicates unsuccessful verification of either the user credentials of the user or the device credentials of the device by the authentication provider. - View Dependent Claims (19, 20)
-
Specification