System, method and computer program product for providing unified authentication services for online applications

US 7,441,263 B1
Filed: 03/23/2001
Issued: 10/21/2008
Est. Priority Date: 03/23/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system for providing user authentication to a first account provided by a first server via a communication medium, comprising:

client side components;

a user management component coupled to said client side components via the communication medium; and

server side components coupled to said user management component via the communication medium,wherein said client side components include an authentication control component that manages a process of capturing a user-determined policy for the first account and user credentials, thereby allowing a user to define a level of protection by selecting one or more identification devices from a list of at least two identification devices that are used to execute the policy for accessing the first account and wherein said client side components communicate the result of capturing said user-determined policy and said user credentials to said user management component,wherein said user management component stores said user-determined policy and said user credentials in a centralized location and organizes said user-determined policy and said user credentials such that said user credentials can be reused for user authentication to a second account provided by a second server;

wherein said user-determined policy for the first account and a second user-determined policy for said second account utilize different sets of devices; and

wherein said server side components include an authentication server, and wherein said user management component indicates to said authentication server to use said user-determined policy for user authentication to the first account.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for providing unified authentication services in an Application Service Provider (ASP) setting to a registered end-user of one or more online (or web) applications. The system includes client side components, a user management component coupled to the client side components and server side components coupled to the user management component. The client side components include an authentication control component that manages the process of capturing a user-determined policy for a first account and user credentials. This allows the user to define the level of protection to access the first account. This includes, but is not limited to, accounts/applications that have been configured specifically for used with the system and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The client side components then communicate the result of capturing the user-determined policy and user credentials to the user management component. The user management component stores the user-determined policy and user credentials in a centralized location. In addition, the user management component organizes the user-determined policy and user credentials such that the user credentials can be reused for user authentication to a second account. Finally, the server side components include an authentication server. The user management component indicates to the authentication server to use the user-determined policy for user authentication to the first account.

Citations

18 Claims

1. A system for providing user authentication to a first account provided by a first server via a communication medium, comprising:
- client side components;
  
  a user management component coupled to said client side components via the communication medium; and
  
  server side components coupled to said user management component via the communication medium,wherein said client side components include an authentication control component that manages a process of capturing a user-determined policy for the first account and user credentials, thereby allowing a user to define a level of protection by selecting one or more identification devices from a list of at least two identification devices that are used to execute the policy for accessing the first account and wherein said client side components communicate the result of capturing said user-determined policy and said user credentials to said user management component,wherein said user management component stores said user-determined policy and said user credentials in a centralized location and organizes said user-determined policy and said user credentials such that said user credentials can be reused for user authentication to a second account provided by a second server;
  
  wherein said user-determined policy for the first account and a second user-determined policy for said second account utilize different sets of devices; and
  
  wherein said server side components include an authentication server, and wherein said user management component indicates to said authentication server to use said user-determined policy for user authentication to the first account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the communication medium is the Internet.
  - 3. The system of claim 1, wherein the communication medium is a local network.
  - 4. The system of claim 1, wherein the communication medium is a wireless network.
  - 5. The system of claim 1, wherein the first server and said second server are web servers.
  - 6. The system of claim 1, wherein the first server and said second server are application servers.
  - 7. The system of claim 1, wherein said authentication control component is checked for integrity each time it is invoked.
  - 8. The system of claim 1, wherein the first server and said second server are unrelated.
  - 9. The system of claim 1, wherein the first server and said second server are related.

10. A method for providing user authentication to a first account provided by a first server via a communication medium, comprising the steps of:
- managing, via an authentication control component, the process of capturing a user-determined policy for the first account and user credentials, thereby allowing a user to define a level of protection by selecting one or more identification devices from a list of at least two identification devices that are used to execute the policy for accessing the first account;
  
  communicating, from said authentication control component to a user management component, the result of capturing said user-determined policy and said user credentials;
  
  organizing, by said user management component, said user-determined policy and said user credentials in a centralized location such that said user credentials can be reused for user authentication to a second account provided by a second server;
  
  wherein said user-determined policy for the first account and a second user-determined policy for said second account utilize different sets of devices; and
  
  indicating, by said user management component to said authentication server, to use said user-determined policy for user authentication to the first account.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the communication medium is the Internet.
  - 12. The method of claim 10, wherein the communication medium is a local network.
  - 13. The method of claim 10, wherein the communication medium is a wireless network.
  - 14. The method of claim 10, wherein the first server and said second server are web servers.
  - 15. The method of claim 10 wherein the first server and said second server are application servers.
  - 16. The method of claim 10 wherein said authentication control component is checked for integrity each time it is invoked.
  - 17. The method of claim 10, wherein the first server and said second server are unrelated.
  - 18. The method of claim 10, wherein the first server and said second server are related.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BioNetrix Systems Corporation
Original Assignee
Citibank NA (Citigroup Incorporated)
Inventors
Rochon, Anthony C, Bakshi, Bikram S, Walker, Trevor J, Helms, David W
Primary Examiner(s)
Kincaid; Kristine
Assistant Examiner(s)
Jackson; Jenise E.

Application Number

US09/814,971
Time in Patent Office

2,769 Days
Field of Search

713/166, 713/182, 713/186, 713200-202, 709223-226, 709/229, 726/1
US Class Current

726/2
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 2221/2117   User registration

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

System, method and computer program product for providing unified authentication services for online applications

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for providing unified authentication services for online applications

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links