Common authentication service for network connected applications, devices, users, and web services
First Claim
Patent Images
1. An authentication library for a network community comprising:
- a network community;
a community service provider;
user authentication for providing access to the community comprising a) a logon for entry of user ID and password data at an access device through which a user may access a service within the community and b) a random authentication challenge issued upon completion of the log on, the challenge determined from a set of entries maintained in a library of authentication challenges specific to the user ID and the password entered by the user;
the library uniquely associated with either or both of the user and the provider of the community service the user is attempting to access, each library entry including a) an authentication question;
b) the expected response to the question, and c) a meta data table comprising information pertinent to the question and the response such that each library entry is specific to an authorization request and the life cycle of each library entry;
user created library credential entries having a predetermined life cycle;
a selection mechanism for determining a challenge from the library according to one or more of the following criteria a) random selection;
b) random selection assuring no previous challenge under the current session is repeated within a certain number of attempts;
c) input variables from the group including device, network address, user ID and password, historical activity, time of day, geographical location, requested activity, IP address, MAC address, activity value, risk profile, account type, activity type, and network type; and
d) a combination of request parameters and meta data associated with a given library entry; and
a correlation of the user request with the user credential lifecycle and the user authentication request.
0 Assignments
0 Petitions
Accused Products
Abstract
System architecture for network connected applications, devices, users, and web services providing security effected by means for managing interaction with an authentication library that effects a correlation between the use and creation of library entries having predetermined correlation indicia for effecting strong authentication of users and participants within the network. A common authentication service (CAS) based upon an XML or web services protocol is described.
81 Citations
18 Claims
-
1. An authentication library for a network community comprising:
-
a network community; a community service provider; user authentication for providing access to the community comprising a) a logon for entry of user ID and password data at an access device through which a user may access a service within the community and b) a random authentication challenge issued upon completion of the log on, the challenge determined from a set of entries maintained in a library of authentication challenges specific to the user ID and the password entered by the user;
the library uniquely associated with either or both of the user and the provider of the community service the user is attempting to access, each library entry including a) an authentication question;
b) the expected response to the question, and c) a meta data table comprising information pertinent to the question and the response such that each library entry is specific to an authorization request and the life cycle of each library entry;user created library credential entries having a predetermined life cycle; a selection mechanism for determining a challenge from the library according to one or more of the following criteria a) random selection;
b) random selection assuring no previous challenge under the current session is repeated within a certain number of attempts;
c) input variables from the group including device, network address, user ID and password, historical activity, time of day, geographical location, requested activity, IP address, MAC address, activity value, risk profile, account type, activity type, and network type; and
d) a combination of request parameters and meta data associated with a given library entry; anda correlation of the user request with the user credential lifecycle and the user authentication request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An authentication library for a network community comprising:
-
a network community; a community service provider; a web service or XML service interconnected with a device, user, or application such that an authentication process permits access to one or more entries in an authentication library for strong authentication and an application specific authentication is a precondition to access to the application; means for initializing a new user node within a network community to effect authentication for user self enrollment; user authentication for providing access to the community comprising a) a logon for entry of user ID and password data at an access device through which a user may access a service within the community and b) a random authentication challenge issued upon completion of the log on, the challenge determined from a set of entries maintained in a library of authentication challenges specific to the user ID and the password entered by the user;
the library uniquely associated with either or both of the user and the provider of the community service the user is attempting to access, each library entry including a) an authentication question;
b) the expected response to the question, and c) a meta data table comprising information pertinent to the question and the response such that each library entry is specific to an authorization request and the life cycle of each library entry;user created library credential entries having a predetermined life cycle; a selection mechanism for determining a challenge from the library according to one or more of the following criteria a) random selection;
b) random selection assuring no previous challenge under the current session is repeated within a certain number of attempts;
c) input variables from the group including device, network address, user ID and password, historical activity, time of day, geographical location, requested activity, IP address, MAC address, activity value, risk profile, account type, activity type, and network type; and
d) a combination of request parameters and meta data associated with a given library entry; anda correlation of the user request with the user credential lifecycle and the user authentication request. - View Dependent Claims (16, 17, 18)
-
Specification