Common authentication service for network connected applications, devices, users, and web services

US 7,546,276 B2
Filed: 01/23/2006
Issued: 06/09/2009
Est. Priority Date: 01/23/2006
Status: Active Grant

First Claim

Patent Images

1. An authentication library for a network community comprising:

a network community;

a community service provider;

user authentication for providing access to the community comprising a) a logon for entry of user ID and password data at an access device through which a user may access a service within the community and b) a random authentication challenge issued upon completion of the log on, the challenge determined from a set of entries maintained in a library of authentication challenges specific to the user ID and the password entered by the user;

the library uniquely associated with either or both of the user and the provider of the community service the user is attempting to access, each library entry including a) an authentication question;

b) the expected response to the question, and c) a meta data table comprising information pertinent to the question and the response such that each library entry is specific to an authorization request and the life cycle of each library entry;

user created library credential entries having a predetermined life cycle;

a selection mechanism for determining a challenge from the library according to one or more of the following criteria a) random selection;

b) random selection assuring no previous challenge under the current session is repeated within a certain number of attempts;

c) input variables from the group including device, network address, user ID and password, historical activity, time of day, geographical location, requested activity, IP address, MAC address, activity value, risk profile, account type, activity type, and network type; and

d) a combination of request parameters and meta data associated with a given library entry; and

a correlation of the user request with the user credential lifecycle and the user authentication request.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System architecture for network connected applications, devices, users, and web services providing security effected by means for managing interaction with an authentication library that effects a correlation between the use and creation of library entries having predetermined correlation indicia for effecting strong authentication of users and participants within the network. A common authentication service (CAS) based upon an XML or web services protocol is described.

81 Citations

View as Search Results

18 Claims

1. An authentication library for a network community comprising:
- a network community;
  
  a community service provider;
  
  user authentication for providing access to the community comprising a) a logon for entry of user ID and password data at an access device through which a user may access a service within the community and b) a random authentication challenge issued upon completion of the log on, the challenge determined from a set of entries maintained in a library of authentication challenges specific to the user ID and the password entered by the user;
  
  the library uniquely associated with either or both of the user and the provider of the community service the user is attempting to access, each library entry including a) an authentication question;
  
  b) the expected response to the question, and c) a meta data table comprising information pertinent to the question and the response such that each library entry is specific to an authorization request and the life cycle of each library entry;
  
  user created library credential entries having a predetermined life cycle;
  
  a selection mechanism for determining a challenge from the library according to one or more of the following criteria a) random selection;
  
  b) random selection assuring no previous challenge under the current session is repeated within a certain number of attempts;
  
  c) input variables from the group including device, network address, user ID and password, historical activity, time of day, geographical location, requested activity, IP address, MAC address, activity value, risk profile, account type, activity type, and network type; and
  
  d) a combination of request parameters and meta data associated with a given library entry; and
  
  a correlation of the user request with the user credential lifecycle and the user authentication request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. An authentication library of claim 1 wherein one or more authentication library entries are used to effect multi factor authentication at in band and out of band systems.
  - 3. An authentication library of claim 2 wherein access to the authentication library is accomplished by means of a common authentication service based upon an XML or web services protocol.
  - 4. An authentication library of claim 3 wherein transitive security is effected among community entities connected on a network by means of the authentication service.
  - 5. An authentication library of claim 2 wherein entries into the authentication library are created by a user via a self service interface where the user is the only one that has knowledge of the authentication library entries.
  - 6. An authentication library of claim 2 further including a strength value (SV) protocol as an element of the authentication library wherein the SV provides a unique factor in determining suitable library entries for use in determining the authentication of one or more of a particular user, device, application, terminal, or network connection.
  - 7. An authentication library of claim 2 including an algorithm determining the selection of entries from the library in accordance with a rule that there is no general observable correlation between multiple authentication attempts from the same device, user, or networked interface such that random authentication processes at the interface defeat keyboard loggers and in-channel security attacks.
  - 8. An authentication library of claim 2 including a multifactor authentication protocol applied at more than one user, device, application, or interface in a network of multiple users, devices and applications.
  - 9. An authentication library of claim 8 wherein multifactor authentication is accomplished independent of the application, device or network interface a user is authenticating to in a networked community by using multiple entries derived from the authentication library.
  - 10. An authentication library of claim 2 wherein a one time password is generated for use as an authentication vehicle at systems, interfaces, and devices in an application within the network community.
  - 11. An authentication library of claim 10 further including a network link for one time password validation selected from a web service, XML service, radius server, LDAP server, meta directory, OLDAP, or SAML server in conjunction with multifactor authentication.
  - 12. The authentication library system in accordance with claim 1 wherein 1) a service is interconnected with a device, user, or application such that the authentication process permits access to one or more entries in an authentication library for strong authentication and 2) an application specific authentication is a precondition to access to the application.
  - 13. The system of claim 1 wherein the network comprises an ATM, kiosk, cell phone, or computer network.
  - 14. The system of claim 13 wherein the network is wired or wireless.

15. An authentication library for a network community comprising:
- a network community;
  
  a community service provider;
  
  a web service or XML service interconnected with a device, user, or application such that an authentication process permits access to one or more entries in an authentication library for strong authentication and an application specific authentication is a precondition to access to the application;
  
  means for initializing a new user node within a network community to effect authentication for user self enrollment;
  
  user authentication for providing access to the community comprising a) a logon for entry of user ID and password data at an access device through which a user may access a service within the community and b) a random authentication challenge issued upon completion of the log on, the challenge determined from a set of entries maintained in a library of authentication challenges specific to the user ID and the password entered by the user;
  
  the library uniquely associated with either or both of the user and the provider of the community service the user is attempting to access, each library entry including a) an authentication question;
  
  b) the expected response to the question, and c) a meta data table comprising information pertinent to the question and the response such that each library entry is specific to an authorization request and the life cycle of each library entry;
  
  user created library credential entries having a predetermined life cycle;
  
  a selection mechanism for determining a challenge from the library according to one or more of the following criteria a) random selection;
  
  b) random selection assuring no previous challenge under the current session is repeated within a certain number of attempts;
  
  c) input variables from the group including device, network address, user ID and password, historical activity, time of day, geographical location, requested activity, IP address, MAC address, activity value, risk profile, account type, activity type, and network type; and
  
  d) a combination of request parameters and meta data associated with a given library entry; and
  
  a correlation of the user request with the user credential lifecycle and the user authentication request.
- View Dependent Claims (16, 17, 18)
- - 16. The library system of claim 15 including means for using authentication dynamically in combination with a library of authentication criteria entries to react to security threats in real time whereby strong authentication is required in the absence of any human interaction except for that of the authenticating user.
  - 17. The system of claim 15 wherein the network comprises an ATM, kiosk, cell phone, or computer network.
  - 18. The system of claim 17 wherein the network is wired or wireless.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Randall E. Orkis, William M. Randle
Original Assignee
Randall E. Orkis, William M. Randle
Inventors
Orkis, Randall E., Randle, William M.
Primary Examiner(s)
Elisca; Pierre E

Application Number

US11/337,394
Publication Number

US 20070186103A1
Time in Patent Office

1,233 Days
Field of Search

705/65
US Class Current

705/65
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 2221/2101   Auditing as a secondary aspect

G06Q 20/367   involving electronic purses...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

Common authentication service for network connected applications, devices, users, and web services

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Common authentication service for network connected applications, devices, users, and web services

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links