SYSTEM AND METHOD FOR CARRYING STRONG AUTHENTICATION EVENTS OVER DIFFERENT CHANNELS

US 20170109751A1
Filed: 05/02/2014
Published: 04/20/2017
Est. Priority Date: 05/02/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

performing authentication over a network with an authentication service to authenticate a client;

responsively generating a token at the authentication service, the token including identification information for the client, a service, and a type of authenticator used for the authentication, the token further including verification data;

transmitting the token to the client;

transmitting the token from the client to the service, the service using the verification data to verify the token and allowing or denying one or more transactions with the client based, at least in part, on the type of authenticator used for the authentication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, method, and machine readable medium are described for performing authentication over multiple channels. For example, one embodiment of a method comprises: performing authentication over a network with an authentication service to authenticate a client; responsively generating a token at the authentication service, the token including identification information for the client, a service, and a type of authenticator used for the authentication, the token further including verification data; transmitting the token to the client; transmitting the token from the client to the service, the service using the verification data to verify the token and allowing one or more transactions with the client in accordance with a policy based, at least in part, on the type of authenticator used for the authentication.

Citations

21 Claims

1. A method comprising:
- performing authentication over a network with an authentication service to authenticate a client;
  
  responsively generating a token at the authentication service, the token including identification information for the client, a service, and a type of authenticator used for the authentication, the token further including verification data;
  
  transmitting the token to the client;
  
  transmitting the token from the client to the service, the service using the verification data to verify the token and allowing or denying one or more transactions with the client based, at least in part, on the type of authenticator used for the authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 21)
- - 2. The method as in claim 1 wherein the verification data comprises a signature over the identity of the client, the service, and/or the type of authenticator used for the authentication.
  - 3. The method as in claim 1 wherein the signature is generated with a first key and wherein the service verifies the signature using either the first key or a second key corresponding to the first key.
  - 4. The method as in claim 1 wherein both the authentication service and the service are implemented within a network perimeter of a relying party.
  - 5. The method as in claim 1 wherein the authentication service is implemented by an identity provider external to a relying party implementing the service.
  - 6. The method as in claim 1 wherein performing authentication comprises implementing a biometric authenticator on the client to generate an authentication result;
    - andsecurely transmitting the result to the authentication service.
  - 7. The method as in claim 1 wherein the service queries a policy database using the identification information for the authenticator to determine one or more characteristics of the authenticator and to allow or deny the one or more transactions based, at least in part, on the one or more characteristics of the authenticator.
  - 8. The method as in claim 7 wherein at least one of the characteristics of the authenticator comprises a measure of reliability and accuracy of the authenticator.
  - 9. The method as in claim 8 wherein at least one of the characteristics of the authenticator comprises a level of security with which the authenticator is implemented.
  - 10. The method as in claim 7 wherein, in addition to the characteristics of the authenticator, the service allows or denies the transaction based on one or more characteristics of the transaction.
  - 11. The method as in claim 8 wherein the characteristics of the transaction include an amount of money involved in the transaction.
  - 21. The method as in claim 8 wherein the characteristics of the transaction include an amount of money involved in the transaction.

12. A method comprising:
- performing authentication over a network with an networking device having authentication capabilities to authenticate a client, the network authentication performed over a secure communication channel;
  
  generating first identification information at the networking device identifying a type of authenticator used for the authentication;
  
  receiving network packets transmitted from the client device to a service;
  
  modifying the network packets to include the first identification information and routing the network packets to the service; and
  
  the service using the first identification information to determine the type of authenticator used for the authentication and allowing or denying one or more transactions with the client based, at least in part, on the type of authenticator used for the authentication.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method as in claim 12 further comprising:
    - the networking device identifying the first identification information by querying a data structure containing a mapping between authentication device ID codes and virtual identifier (VID) codes, the first identification information comprising one of the VID codes associated with an authentication device ID code for the authenticator used for the authentication.
  - 14. The method as in claim 13 wherein the network device comprises a Firewall, a virtual private network (VPN) device, or a transport layer security (TLS) endpoint.
  - 15. The method as in claim 12 wherein both the network device and the service are implemented within a network perimeter of a relying party offering the service.
  - 16. The method as in claim 12 wherein performing authentication comprises implementing a biometric authenticator on the client to generate an authentication result;
    - andsecurely transmitting the result to the network device.
  - 17. The method as in claim 12 wherein the service queries a policy database using the first identification information for the authenticator to determine one or more characteristics of the authenticator and to allow or deny the one or more transactions based, at least in part, on the one or more characteristics of the authenticator.
  - 18. The method as in claim 17 wherein at least one of the characteristics of the authenticator comprises a measure of reliability and accuracy of the authenticator.
  - 19. The method as in claim 18 wherein at least one of the characteristics of the authenticator comprises a level of security with which the authenticator is implemented.
  - 20. The method as in claim 17 wherein, in addition to the characteristics of the authenticator, the service allows or denies the transaction based on one or more characteristics of the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nok Nok Labs Incorporated
Original Assignee
Nok Nok Labs Incorporated
Inventors
Dunkelberger, Phillip, Lindemann, Rolf

Application Number

US14/268,563
Publication Number

US 20170109751A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06Q 20/4014   Identity check for transact...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/205   involving negotiation or de...

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

SYSTEM AND METHOD FOR CARRYING STRONG AUTHENTICATION EVENTS OVER DIFFERENT CHANNELS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CARRYING STRONG AUTHENTICATION EVENTS OVER DIFFERENT CHANNELS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links