METHOD AND SYSTEM FOR AUTHENTICATION BY DEFINING A DEMANDED LEVEL OF SECURITY
2 Assignments
0 Petitions
Accused Products
Abstract
There is provided a computer-implemented method for authentication, the method comprising:
- defining a demanded level of security in an authorization service of a server;
- providing at least one authentication mechanism comprising at least one instance for at least one client;
- providing a policy comprising a security level for the at least one instance;
- receiving at least one request from the client to the server;
- authenticating the request based on the policy and the demanded level of security by the authentication service; and
- permitting the request if the demanded level of security is reached.
17 Citations
21 Claims
- 1. (canceled)
-
2. A computer-implemented client method for authentication to a server, the method comprising:
-
using one or more computer processors to perform the operations of; determining a demanded level of security for a resource on the server, the demanded level of security defining a .minimum level of trust necessary to allow an access of the resource, wherein the demanded level of security is defined independent of any particular authentication instance; determining security levels for each of at least three authentication instances, each security level representing a level, of trust the server has in the corresponding authentication instance; selecting at least two of the at least three authentication instances based upon a determination that the security levels corresponding to the selected authentication instances combine, using one or more combining operators, to meet or exceed the determined demanded level of security for the server; and sending a request to the server to utilize the resource, the request comprising information verifying that the client has successfully authenticated using the selected authentication instances. - View Dependent Claims (6)
-
- 3. The method of 2, wherein the security level for one of the authentication instances selected by the client is at least in part based on a trust opinion.
-
9. A non-transitory computer-readable medium that stores instructions which when performed by a machine, causes the machine to perform operations comprising:
using one or more computer processors to perform the operations of; determining a demanded level of security for a resource on the server, the demanded level of security defining a minimum level of trust necessary to allow an access of the resource, wherein the demanded level of security is defined independent of any particular authentication instance; determining security levels for each of at least three authentication instances, each security level representing a level of trust the server has in the corresponding authentication instance; selecting at least two of the at least three authentication instances based upon a determination that the security levels corresponding to the selected authentication instances combine, using one or more combining operators, to meet or exceed the determined demanded level of security for the server; and sending a request to the server to utilize the resource, the request comprising information verifying that the client has successfully authenticated using the selected authentication instances. - View Dependent Claims (10, 11, 12, 13, 14)
-
15. A client system for authentication comprising:
-
a memory to store; a demanded level of security for a resource on a server, the demanded level of security defining a minimum level of trust necessary to allow an access of the resource, wherein the demanded level of security is defined independent of any particular authentication instance, and a security level for each of at least three authentication instances, each security level representing a level of trust the server has in that authentication instance; and a computer processor programmed to execute instructions operable to; determine the demanded level of security for the server; determine security levels for each of at least three authentication instances; select at least two of the at least three authentication instances based upon a determination that the security levels corresponding to the selected authentication instances combine, using one or more combining operators, to meet or exceed the determined demanded level of security for the server; and send a request to the server to utilize the resource, the request comprising information verifying that the client has successfully authenticated using the selected authentication instances. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification