Technique for providing multiple levels of security
First Claim
Patent Images
1. A article of manufacture for user authentication, comprising computer readable storage media;
- and computer programming stored on the storage media, wherein the stored computer programming is configured to be readable by one or more computers and thereby cause the one or more computers to operate so as to;
receive, from a first user and by an authentication server, a first authentication request transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key;
authenticate the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key;
receive, from a second user and by the authentication server, a second authentication request transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and
authenticate the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key;
wherein the private portion of the first type split private key is based on a password of the first user and another factor, different than the user password, with both factors being under the control of the user, and the private portion of the second type split private key is based on only a password of the second user.
6 Assignments
0 Petitions
Accused Products
Abstract
Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.
29 Citations
16 Claims
-
1. A article of manufacture for user authentication, comprising computer readable storage media;
- and computer programming stored on the storage media, wherein the stored computer programming is configured to be readable by one or more computers and thereby cause the one or more computers to operate so as to;
receive, from a first user and by an authentication server, a first authentication request transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key;
authenticate the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key;
receive, from a second user and by the authentication server, a second authentication request transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and
authenticate the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key;
wherein the private portion of the first type split private key is based on a password of the first user and another factor, different than the user password, with both factors being under the control of the user, and the private portion of the second type split private key is based on only a password of the second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- and computer programming stored on the storage media, wherein the stored computer programming is configured to be readable by one or more computers and thereby cause the one or more computers to operate so as to;
-
9. A system for user authentication, comprising:
- a communications interface configured to receive i) a first authentication request from a first user transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key, and ii) a second authentication request from a second user transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and
a processor configured to i) authenticate the first user for a first level of network access based upon the received first request being transformed with a private portion of the first type split private key, and ii) authenticate the second user for a second level of network access based upon the received second request being transformed with a private portion of the second type split private key;
wherein the private portion of the first type split private key is based upon a password and another factor, different than the user password, with both factors being under the control of the user, and the private portion of the second type split private key is based upon only a password. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- a communications interface configured to receive i) a first authentication request from a first user transformed with a private portion of a first type split private key associated with a first asymmetric key pair having a public key and the first type split private key, and ii) a second authentication request from a second user transformed with a private portion of a second type split private key associated with a second asymmetric key pair having a public key and the second type split private key; and
Specification