Method and system for transmitting authentication context information

US 7,207,058 B2
Filed: 12/31/2002
Issued: 04/17/2007
Est. Priority Date: 12/31/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system for facilitating an authentication of a user comprising:

a first computer system configured to verify an identity of said user and transmit characteristics regarding a process used to initially associate user credentials to said user, physical controls of a facility housing said first computer, and at least one of information regarding a process used to verify said identity, procedural security controls of said first computer, and how a secret is kept secure; and

a second computer system configured to provide services to said user, wherein said second computer system communicates with said first computer system; and

further wherein,said second computer system is configured to request additional authentication credentials from said first computer system upon determining that said process used to verify said identity does not substantially comply with a predetermined class established by said second computer system; and

further wherein,said second computer system allows interaction with said second computer system provided that said process used to verify said identity at said first computer system substantially complies with a predetermined class established by said second computer system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider.

64 Citations

View as Search Results

11 Claims

1. A system for facilitating an authentication of a user comprising:
- a first computer system configured to verify an identity of said user and transmit characteristics regarding a process used to initially associate user credentials to said user, physical controls of a facility housing said first computer, and at least one of information regarding a process used to verify said identity, procedural security controls of said first computer, and how a secret is kept secure; and
  
  a second computer system configured to provide services to said user, wherein said second computer system communicates with said first computer system; and
  
  further wherein,said second computer system is configured to request additional authentication credentials from said first computer system upon determining that said process used to verify said identity does not substantially comply with a predetermined class established by said second computer system; and
  
  further wherein,said second computer system allows interaction with said second computer system provided that said process used to verify said identity at said first computer system substantially complies with a predetermined class established by said second computer system.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1 further comprising:
    - a third computer system configured to provide services to said user, wherein said third computer system communicates with said first computer system.
  - 3. The system of claim 1, wherein said information transmitted by said first computer system comprises a predefined XML schema.

4. A method for facilitating validation of an identity of a user comprising:
- receiving information indicative of said identity of said user by a first computer system;
  
  verifying said identity of said user by said first computer system;
  
  transmitting data from said first computer system to a second computer system, wherein said data includes characteristics regarding a process used to initially associate user credentials to said user, physical controls of a facility housing said first computer, and at least one of information regarding a process used to verify said identity, procedural security controls of said first computer and how a secret is kept secure;
  
  facilitating a request from said second computer system to said first computer system for additional authentication credentials upon determining that said data does not substantially comply with a predetermined class established by said second computer system; and
  
  ,allowing access to said second computer system provided that said data substantially complies with said predetermined class established by said second computer system.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. The method of claim 4 further wherein said data comprises:
    - data identifying said first computer system; and
      
      data identifying the method used to verify the identity of said user.
  - 6. The method of claim 5 wherein said data further comprises:
    - data identifying previous verifications of said user.
  - 7. The method of claim 4 whereinsaid class is indicative of information used in said verifying step;
    - and further whereinsaid class contains data regarding the method of authentication used in performing said verifying step; and
      
      said class further contains data regarding security characteristics of said first computing system.
  - 8. The method of claim 4 further comprising:
    - attempting to access a third computer system, coupled to said first computer system, by said user;
      
      determining that said user was verified by said first computer system,providing data regarding said verifying step from said first computer system to said third computer system; and
      
      allowing access to said third computer system provided that said data complies with a predetermined class established by said third computer system.
  - 9. The method of claim 8 further comprising:
    - rejecting access to said third computing system if said data does not comply with a predetermined class established by said third computer system;
      
      submitting additional information indicative of the identity of said user to a first computer system;
      
      verifying the identity of said user by said first computer system;
      
      transmitting data regarding said verifying step from said first computer system to said third computer system; and
      
      allowing access to said third computer system provided that said data complies with a predetermined class established by said third computer system.
  - 10. The method of claim 4 wherein:
    - said data is transmitted using a predetermined XML schema.

11. A method for facilitating validation of an identity of a user to allow said user to access a second computer system, said method comprising:
- receiving information indicative of said identity of said user by a first computer system;
  
  verifying said identity of said user by said first computer system;
  
  transmitting data from said first computer system to said second computer system to facilitate a request from said second computer system to said first computer system for additional authentication credentials upon determining that said data does not substantially comply with a predetermined class established by said second computer system, wherein said data includes characteristics regarding a process used to initially associate said authentication credentials to said user, physical controls of a facility housing said first computer, and at least one of information regarding a process used to verify said identity, procedural security controls of said first computer and how a secret is kept secure; and
  
  ,allowing access to said second computer system provided that said data substantially complies with said predetermined class established by said second computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Barrett, Michael Richard
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Nalven, Andrew L.

Application Number

US10/334,270
Publication Number

US 20040128558A1
Time in Patent Office

1,568 Days
Field of Search

713/182, 713/183, 713/184, 713/185, 713/186, 713/202, 713/201, 726/4, 705/51
US Class Current

726/4
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/205   involving negotiation or de...

Method and system for transmitting authentication context information

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for transmitting authentication context information

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links