POLICY-BASED AUTHENTICATION

US 20120240211A1
Filed: 03/14/2011
Published: 09/20/2012
Est. Priority Date: 03/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a computing device, the method comprising:

receiving, by the computing device, a request to authenticate an end user of a user device based on a requested use of an application by the user device;

communicating, by the computing device, with an authentication client, provided in the user device, to perform an authentication requested by the request;

generating, by the computing device, a response to the request based on the communication with the authentication client, where the response indicates that the end user is or is not authenticated to use the application; and

providing, by the computing device, the response to an application server device hosting the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device receives a request to authenticate an end user of a user device based on a requested use of an application by the user device, and communicates with an authentication client, provided in the user device, to perform an authentication requested by the request. The device also generates a response to the request based on the communication with the authentication client, where the response indicates that the end user is or is not authenticated to use the application. The device further provides the response to an application server device hosting the application.

Citations

20 Claims

1. A method implemented by a computing device, the method comprising:
- receiving, by the computing device, a request to authenticate an end user of a user device based on a requested use of an application by the user device;
  
  communicating, by the computing device, with an authentication client, provided in the user device, to perform an authentication requested by the request;
  
  generating, by the computing device, a response to the request based on the communication with the authentication client, where the response indicates that the end user is or is not authenticated to use the application; and
  
  providing, by the computing device, the response to an application server device hosting the application.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, where the request includes a request to authenticate the end user of the user device using a generic bootstrapping architecture (GBA).
  - 3. The method of claim 1, where the request includes a request to authenticate the end user with one of:
    - a user name and password that are not known by the application,a password,a one-time password,a public key cryptography, orbiometrics.
  - 4. The method of claim 1, where the request includes one or more of an application identifier, an identifier for the end user, a type of authentication, and a level of authentication assurance.

5. A method implemented by a computing device, the method comprising:
- receiving, by the computing device, a request to authenticate an end user of a user device based on a requested use of an application by the user device;
  
  evaluating, by the computing device, policies for an application identifier and an end user identifier to determine what and if authentication is required for the end user;
  
  providing, by the computing device, the request to an authentication enabler device for performance of an authentication determined by the evaluation;
  
  receiving, by the computing device and from the authentication enabler device, a response indicating that the end user is or is not authenticated to use the application; and
  
  providing, by the computing device, the response to an application server device hosting the application.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, further comprising:
    - performing additional processing on the response before providing the response to the application server device, where the additional processing includes forwarding the request to another enabler device requested by the request, and receiving, from the other enabler device, results of performance of functions performed by the other enabler device.
  - 7. The method of claim 5, where the request includes at least one of:
    - a request to authenticate the end user of the user device using a generic bootstrapping architecture (GBA),a request to authenticate the end user with a user name and password that are not known by the application, ora request that includes one or more of an application identifier, an identifier for the end user, a type of authentication, and a level of authentication assurance.

8. A method implemented by a computing device, the method comprising:
- receiving, by the computing device, a request to authenticate an end user of a user device, where the request includes an application identifier and an end user identifier;
  
  evaluating, by the computing device, policies for the application identifier and the end user identifier to determine what and if authentication is required for the end user;
  
  retrieving, by the computing device and when authentication is required, authentication requirements and a token associated with the application and end user identifiers;
  
  determining, by the computing device, whether the token is present and valid; and
  
  providing, to an application server hosting the application and when the token is present and valid, a response indicating that the end user is or is not authenticated to use the application.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, where, when the token is not present or is invalid, the method further comprises:
    - providing the request to an authentication enabler device for performance of the authentication;
      
      receiving, from the authentication enabler device, a response indicating that the end user is or is not authenticated to use the application; and
      
      providing the response to the application server.
  - 10. The method of claim 8, further comprising:
    - receiving an authentication query from the application server, where the authentication query requests an authentication state associated with the application and the end user identity;
      
      evaluating the authentication query to determine compliance with governing policies for the application and the end user identity;
      
      generating, based on the evaluation, an authentication response that includes the authentication state associated with the application and the end user identity; and
      
      providing the authentication response to the application server.
  - 11. The method of claim 8, where the request includes a request to authenticate the end user with one of:
    - a generic bootstrapping architecture (GBA),a user name and password that are not known by the application,a password,a one-time password,a public key cryptography, orbiometrics.

12. A method implemented by a computing device, the method comprising:
- receiving, by the computing device, a request for a service and for authentication of a requester associated with a user device;
  
  receiving, by the computing device and from a database, credentials associated with the requester;
  
  communicating, by the computing device, with an authentication client, provided in the user device, to retrieve identification information of the requester;
  
  determining, by the computing device and based on the credentials and the identification information, whether the requester is authenticated to receive the service;
  
  generating, by the computing device and based on the determination, a response indicating that the requester is or is not authenticated to received the service; and
  
  providing, by the computing device, the response to a gateway device for responding to the service request.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, where, when determining whether the requester is authenticated to receive the service, the method further comprises:
    - determining that the requester is authenticated to receive the service when the credentials match the identification information; and
      
      determining that the requester is not authenticated to receive the service when the credentials do not match the identification information.
  - 14. The method of claim 12, where the authentication includes a user name and password authentication of the requester.
  - 15. The method of claim 12, where the service includes determining a location of a target user.
  - 16. The method of claim 12, where the request includes a request to authenticate the requestor with one of:
    - a generic bootstrapping architecture (GBA),a user name and password that are not known by the application,a password,a one-time password,a public key cryptography, orbiometrics.

17. A method implemented by a computing device, the method comprising:
- receiving, by the computing device and from an application used by a user device, a request for a service, where the user device is associated with an end user;
  
  determining, by the computing device, that the service request does not include an identifier of the end user;
  
  providing, by the computing device and to the application, an error message indicating that the identifier of the end user is missing;
  
  receiving, from the application and based on the error message, the identifier of the end user and a request for authenticating the end user;
  
  providing, by the computing device, the request to an authentication enabler for authenticating the end user based on the identifier of the end user; and
  
  receiving, by the computing device and based on the request, a valid authentication response from the authentication enabler.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - sending, after receiving the valid authentication response, the service request to a service providing device;
      
      receiving the service from the service providing device; and
      
      providing the service to the application.
  - 19. The method of claim 17, where the authentication enabler:
    - receives the request for authenticating the end user,determines whether a token associated with the end user is present in a database,validates the token when the token is present in the database,generates the valid authentication response when the token is present in the database, andprovides the valid authentication response to the computing device.
  - 20. The method of claim 17, where the service includes determining a location of a target user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Workday Incorporated
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
COUNTERMAN, Raymond C.

Granted Patent

US 8,978,100 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/108   when the policy decisions a...

H04L 63/205   involving negotiation or de...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/37   Managing security policies ...

POLICY-BASED AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY-BASED AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links