Systems and methods for providing security token authentication
First Claim
Patent Images
1. A system for authenticating a security token provided to request access to at least one business application in an enterprise including a plurality of business units, comprising:
- a processor coupled to memory and programmed for;
receiving a request for the security token for authenticating the request to access the at least one business application of a plurality of business applications, each business application being managed by a different one of the plurality of business units, and the plurality of business units being provided with access to a token domain interface (TAMIN);
creating, via accessing the TAMIN, a unique user identification (UID) for the security-token request;
assigning and activating, via accessing the TAMIN, the security token in response to the security-token request, the security token being identified by a unique token identification;
storing in a lookup database a mapping of security tokens to token types and a plurality of token domains, each of said token domains operating to authenticate a type of security token;
storing in a user store database a user profile that includes the UID, the assigned and activated security token, a token type of the assigned and activated security token as provided by the mapping in the lookup database, and a corresponding one of the token domains as also provided by the mapping in the lookup database;
receiving by an authentication broker the assigned and activated security token from the at least one business application;
looking up, via accessing the TAMIN, the assigned and activated security token and its unique token identification in the user profile stored in the user store database to identify the token type and the corresponding token domain of the assigned and activated security token so as to authenticate the assigned and activated security token; and
preventing one of the plurality of business units to perform, via accessing the TAMIN, the steps of creating the UID, assigning the security token, and looking up the assigned and activated security token upon a determination that the assigned security token is used for authentication access to multiple business applications in different ones of the plurality of business units.
1 Assignment
0 Petitions
Accused Products
Abstract
Described herein are systems and methods for centralizing and standardizing implementation of security tokens so as to provide one token per one user for accessing business applications across an enterprise, providing scalability to support authentication of as many enterprise users as desired or needed, and providing a standardized token management interface that supports both pre-binding and post-binding user registration processes and different types of security token.
-
Citations
17 Claims
-
1. A system for authenticating a security token provided to request access to at least one business application in an enterprise including a plurality of business units, comprising:
-
a processor coupled to memory and programmed for; receiving a request for the security token for authenticating the request to access the at least one business application of a plurality of business applications, each business application being managed by a different one of the plurality of business units, and the plurality of business units being provided with access to a token domain interface (TAMIN); creating, via accessing the TAMIN, a unique user identification (UID) for the security-token request; assigning and activating, via accessing the TAMIN, the security token in response to the security-token request, the security token being identified by a unique token identification; storing in a lookup database a mapping of security tokens to token types and a plurality of token domains, each of said token domains operating to authenticate a type of security token; storing in a user store database a user profile that includes the UID, the assigned and activated security token, a token type of the assigned and activated security token as provided by the mapping in the lookup database, and a corresponding one of the token domains as also provided by the mapping in the lookup database; receiving by an authentication broker the assigned and activated security token from the at least one business application; looking up, via accessing the TAMIN, the assigned and activated security token and its unique token identification in the user profile stored in the user store database to identify the token type and the corresponding token domain of the assigned and activated security token so as to authenticate the assigned and activated security token; and preventing one of the plurality of business units to perform, via accessing the TAMIN, the steps of creating the UID, assigning the security token, and looking up the assigned and activated security token upon a determination that the assigned security token is used for authentication access to multiple business applications in different ones of the plurality of business units. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for authenticating a request to access at least one business application in an enterprise including a plurality of business units, comprising:
-
receiving a request for a security token for authenticating the request to access the at least one business application of a plurality of business applications, each business application being managed by a different one of the plurality of business units, and the plurality of business units being provided with access to a token domain interface (TAMIN); creating, via accessing the TAMIN, a unique user identification (UID) for the security-token request; assigning and activating, via accessing the TAMIN, a security token in response to the security-token request, the security token is identified by a unique token identification; looking up, via accessing the TAMIN, the assigned and activated security token and its unique token identification to identify a token type of the assigned and activated security token and an associated token domain for authenticating the assigned and activated security token; storing the UID, the unique token identification, the identified token type, and an identification of the associated token domain in a user profile; receiving the request to access the at least one business application, wherein the request includes the assigned and activated security token; responsive to the request to access, looking up the assigned and activated security token and its unique token identification in the user profile to identify the token type and the associated token domain of the assigned and activated security token; invoking an authentication plug-in particular to the identified token type to connect to the associated token domain based on the identification of the associated token domain in the user profile; authenticating the assigned and activated security token with the associated token domain as connected to by the authentication plug-in; and preventing one of the plurality of business units to perform, via accessing the TAMIN, the steps of creating the UID, assigning the security token, and looking up the assigned and activated security token upon a determination that the assigned and activated security token is used for authentication access to multiple business applications in different ones of the plurality of business units. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for authenticating a request to access at least one business application in an enterprise including a plurality of business units, comprising:
-
receiving a request for the security token for authenticating the request to access the at least one business application of a plurality of business applications, each business application being managed by a different one of a plurality of business units, and the plurality of business units being provided with access to a token domain interface (TAMIN); creating, via accessing the TAMIN, a unique user identification (UID) for the security-token request; assigning, via accessing the TAMIN, a security token in response to the security-token request, the security token being identified by a unique token identification; receiving a request to activate the previously assigned security token for authenticating the request to access the at least one business application, the request includes a unique token identification of the previously assigned security token; activating, via accessing the TAMIN, the previously assigned security token; looking up, via accessing the TAMIN, the previously assigned and activated security token and its unique token identification to identify a token type of the previously assigned and activated security token and an associated token domain for authenticating the previously assigned and activated security token; storing the UID, the unique token identification, the identified token type, and an identification of the associated token domain in a user profile; receiving the request to access the at least one business application, wherein the request includes the previously assigned and activated security token; responsive to the request to access, looking up, via accessing the TAMIN, the previously assigned and activated security token and its unique token identification in the user profile to identify the token type and the associated token domain of the previously assigned and activated security token; invoking an authentication plug-in particular to the identified token type to connect to the associated token domain based on the identification of the associated token domain in the user profile; authenticating the previously assigned and activated security token with the associated token domain as connected to by the authentication plug-in; and preventing one of the plurality of business units to perform, via accessing the TAMIN, the steps of creating the UID, assigning the security token, and looking up the assigned and activated security token upon a determination that the assigned and activated security token is used for authentication access to multiple business applications in different ones of the plurality of business units. - View Dependent Claims (16, 17)
-
Specification