STEP-UP AUTHENTICATION FOR SINGLE SIGN-ON
First Claim
1. A method for authenticating a user seeking access to first and second resources that have different authentication levels, comprising:
- receiving at an authentication server from a computing device of the user, a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource;
receiving at the authentication server from the computing device of the user, a first request to access the second resource;
receiving at the authentication server from the computing device of the user, first credentials of the user;
validating at the authentication server the first credentials;
responsive to validating the first credentials, generating at the authentication server a second authentication event and storing the second authentication event that includes an authentication method and an authentication time within the primary token;
receiving at the authentication server from the computing device of the user, the first request to access the second resource and the primary token; and
issuing a first secondary token that authenticates the user to access the second resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.
56 Citations
20 Claims
-
1. A method for authenticating a user seeking access to first and second resources that have different authentication levels, comprising:
-
receiving at an authentication server from a computing device of the user, a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource; receiving at the authentication server from the computing device of the user, a first request to access the second resource; receiving at the authentication server from the computing device of the user, first credentials of the user; validating at the authentication server the first credentials; responsive to validating the first credentials, generating at the authentication server a second authentication event and storing the second authentication event that includes an authentication method and an authentication time within the primary token; receiving at the authentication server from the computing device of the user, the first request to access the second resource and the primary token; and issuing a first secondary token that authenticates the user to access the second resource. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
-
2. (canceled)
-
3. (canceled)
-
10. A non-transitory computer-readable storage medium comprising instructions that, when executed in a computing device, authenticates a user seeking access to first and second resources that have different authentication levels, by performing the steps of:
-
receiving at an authentication server from a computing device of the user, a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource; receiving at the authentication server from a computing device of the user, a first request to access the second resource; receiving at the authentication server from a computing device of the user, first credentials of the user; validating at the authentication server the first credentials; responsive to validating the first credentials, generating at the authentication server a second authentication event and storing the second authentication event that includes an authentication method and an authentication time within the primary token; receiving at the authentication server from the computing device of the user, the first request to access the second resource and the primary token; and issuing a first secondary token that authenticates the user to access the second resource. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
11. (canceled)
-
12. (canceled)
-
19. A computer system for authenticating a user seeking access to first and second resources that have different authentication levels, the computer system comprising a memory and a processor programmed to carry out the steps of:
-
receiving, from a token agent, a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource; receiving at an authentication server from a computing device of the user, a first request associated with a first application to access the second resource; receiving at the authentication server from a computing device of the user, first credentials of the user; validating at the authentication server the first credentials; responsive to validating the first credentials, generating at the authentication server a second authentication event and storing the second authentication event that includes an authentication method and an authentication time within the primary token; receiving at the authentication server from the computing device of the user, the first request to access the second resource and the primary token; and issuing, to the token agent, a first secondary token that authenticates the user to access the second resource. - View Dependent Claims (20)
-
Specification