AUTHENTICATION SEQUENCING BASED ON NORMALIZED LEVELS OF ASSURANCE OF IDENTITY SERVICES

US 20150215319A1
Filed: 01/30/2014
Published: 07/30/2015
Est. Priority Date: 01/30/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

identifying a first authentication associated with a user;

assigning a level of assurance value to the user based on the first authentication;

determining if the user is associated with a second authentication;

incrementing, if the user is associated with the second authentication, the level of assurance value assigned to the user; and

allowing, by a processing device, access to an application by the user if the incremented level of assurance value assigned to the user meets or exceeds a second level of assurance value of a policy assigned to the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication sequencing and normalization module may receive a first authentication associated with a user and assign a level of assurance value to the user based on the first authentication from a first identity service of a specific type. If the user is associated with a second authentication, based on a second identity service of an alternate type, then the level of assurance value assigned to the user may be incremented. Furthermore, access to an application by the user may be allowed if the incremented level of assurance value assigned to the user meets or exceeds a second level of assurance value of a policy assigned to the application. Different users may be authenticated in the authentication sequencing and normalization module by disparate identity services.

16 Citations

View as Search Results

20 Claims

1. A method comprising:
- identifying a first authentication associated with a user;
  
  assigning a level of assurance value to the user based on the first authentication;
  
  determining if the user is associated with a second authentication;
  
  incrementing, if the user is associated with the second authentication, the level of assurance value assigned to the user; and
  
  allowing, by a processing device, access to an application by the user if the incremented level of assurance value assigned to the user meets or exceeds a second level of assurance value of a policy assigned to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving a supplemental attribute associated with the user from an identity service providing the first authentication or the second authentication, wherein the second level of assurance value of the policy is based on the supplemental attribute.
  - 3. The method of claim 2, wherein the second level of assurance value of the policy is based on the supplemental attribute such that if the supplemental attribute matches a condition of the policy then the second level of assurance value is higher than if the supplemental attribute does not match the condition of the policy.
  - 4. The method of claim 1, wherein the first authentication is against a first identity service and the second authentication is against a second identity service, and the first identity service is assigned the level of assurance value and the second identity service is assigned a third level of assurance value, and the incrementing of the level of assurance value assigned to the user is by an amount equal to the third level of assurance value assigned to the second identity service.
  - 5. The method of claim 1, wherein a second user is authenticated against a third identity service and a fourth identity service that are different than the first and second identity services, the second user is assigned a fourth level of assurance value based on level of assurance values assigned to the third and fourth identity services, and access to the application is allowed if the fourth level of assurance value assigned to the second user meets or exceeds the second level of assurance value of the policy assigned to the application.
  - 6. The method of claim 1, further comprising:
    - identifying a request from the user to access the application; and
      
      determining that the level of assurance value assigned to the user based on the first authentication does not meet or exceed the second level of assurance value of the policy assigned to the application, wherein the second authentication is assigned a third level of assurance value, and wherein the determining if the user is associated with the second authentication and the incrementing of the level of assurance value assigned to the user are performed in response to the determining that the level of assurance value assigned to the user based on the first authentication does not meet or exceed the second level of assurance value of the policy assigned to the application, and the incrementing of the level of assurance value assigned to the user is by an amount equal to the third level of assurance value.
  - 7. The method of claim 1, wherein first authentication is a primary authentication and the second authentication is a secondary authentication, the first authentication is a first part of an authentication sequence and the secondary authentication is a second part of the same authentication sequence.

8. A system comprising:
- a memory; and
  
  a processing device coupled with the memory to;
  
  identify a first authentication associated with a user;
  
  assign a level of assurance value to the user based on the first authentication;
  
  determine if the user is associated with a second authentication;
  
  increment, if the user is associated with the second authentication, the level of assurance value assigned to the user; and
  
  allow access to an application by the user if the incremented level of assurance value assigned to the user meets or exceeds a second level of assurance value of a policy assigned to the application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the processing device is further to:
    - receive a supplemental attribute associated with the user from an identity service providing the first authentication or the second authentication, wherein the second level of assurance value of the policy is based on the supplemental attribute.
  - 10. The system of claim 9, wherein the second level of assurance value of the policy is based on the supplemental attribute such that if the supplemental attribute matches a condition of the policy then the second level of assurance value is higher than if the supplemental attribute does not match the condition of the policy.
  - 11. The system of claim 8, wherein the first authentication is against a first identity service and the second authentication is against a second identity service, and the first identity service is assigned the level of assurance value and the second identity service is assigned a third level of assurance value, and the incrementing of the level of assurance value assigned to the user is by an amount equal to the third level of assurance value assigned to the second identity service.
  - 12. The system of claim 11, wherein a second user is authenticated against a third identity service and a fourth identity service that are different than the first and second identity services, the second user is assigned a fourth level of assurance value based on level of assurance values assigned to the third and fourth identity services, and access to the application is allowed if the fourth level of assurance value assigned to the second user meets or exceeds the second level of assurance value of the policy assigned to the application.
  - 13. The system of claim 8, wherein the processing device is further to:
    - identify a request from the user to access the application; and
      
      determine that the level of assurance value assigned to the user based on the first authentication does not meet or exceed the second level of assurance value of the policy assigned to the application, wherein the second authentication is assigned a third level of assurance value, wherein the determining if the user is associated with the second authentication and the incrementing of the level of assurance value assigned to the user are performed in response to the determining that the level of assurance value assigned to the user based on the first authentication does not meet or exceed the second level of assurance value of the policy assigned to the application, and the incrementing of the level of assurance value assigned to the user is by an amount equal to the third level of assurance value.
  - 14. The system of claim 8, wherein first authentication is a primary authentication and the second authentication is a secondary authentication, the first authentication is a first part of an authentication sequence and the secondary authentication is a second part of the same authentication sequence.

15. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
- identifying a first authentication associated with a user;
  
  assigning a level of assurance value to the user based on the first authentication;
  
  determining if the user is associated with a second authentication;
  
  incrementing, if the user is associated with the second authentication, the level of assurance value assigned to the user; and
  
  allowing access to an application by the user if the incremented level of assurance value assigned to the user meets or exceeds a second level of assurance value of a policy assigned to the application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, the operations further comprising:
    - receiving a supplemental attribute associated with the user from an identity service providing the first authentication or the second authentication, wherein the second level of assurance value of the policy is based on the supplemental attribute.
  - 17. The non-transitory computer readable storage medium of claim 16, wherein the second level of assurance value of the policy is based on the supplemental attribute such that if the supplemental attribute matches a condition of the policy then the second level of assurance value is higher than if the supplemental attribute does not match the condition of the policy.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein the first authentication is against a first identity service and the second authentication is against a second identity service, and the first identity service is assigned the level of assurance value and the second identity service is assigned a third level of assurance value, and the incrementing of the level of assurance value assigned to the user is by an amount equal to the third level of assurance value assigned to the second identity service.
  - 19. The non-transitory computer readable storage medium of claim 18, wherein a second user is authenticated against a third identity service and a fourth identity service that are different than the first and second identity services, the second user is assigned a fourth level of assurance value based on level of assurance values assigned to the third and fourth identity services, and access to the application is allowed if the fourth level of assurance value assigned to the second user meets or exceeds the second level of assurance value of the policy assigned to the application.
  - 20. The non-transitory computer readable storage medium of claim 15, the operations further comprising:
    - identifying a request from the user to access the application; and
      
      determining that the level of assurance value assigned to the user based on the first authentication does not meet or exceed the second level of assurance value of the policy assigned to the application, wherein the second authentication is assigned a third level of assurance value, and wherein the determining if the user is associated with the second authentication and the incrementing of the level of assurance value assigned to the user are performed in response to the determining that the level of assurance value assigned to the user based on the first authentication does not meet or exceed the second level of assurance value of the policy assigned to the application, and the incrementing of the level of assurance value assigned to the user is by an amount equal to the third level of assurance value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Koeten, Robert, Lowe, Jeff L.

Application Number

US14/168,802
Publication Number

US 20150215319A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/41   where a single sign-on prov...

H04L 63/10   for controlling access to d...

AUTHENTICATION SEQUENCING BASED ON NORMALIZED LEVELS OF ASSURANCE OF IDENTITY SERVICES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION SEQUENCING BASED ON NORMALIZED LEVELS OF ASSURANCE OF IDENTITY SERVICES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links