Methods and systems for single sign on with dynamic authentication levels
First Claim
1. A computer implemented method for automatically providing access to a second application to a user authenticated to a first application, the method comprising:
- (a) receiving from the user authenticated to the first application, using at least one computer system communicating with an electronic network, a data request for access to the second application, wherein the user is authenticated to the first application at a first authentication level;
(b) processing by a computer server, by retrieving application information stored in a database, the minimum authentication level necessary to access the second application;
(c) receiving, from the user via the computer network, further authentication data to access the second application, provided in response to a request, wherein the type of the further authentication data required is based on the first authentication level and the minimum authentication level necessary to access the second application; and
(d) authenticating the user to the second application at the minimum authentication level necessary to access the second application.
2 Assignments
0 Petitions
Accused Products
Abstract
Method and systems for single sign on with dynamic authentication levels is described. The method include receiving a data request for access to a second application, where the user is already authenticated to the first application at a first authentication level. Application information about the authentication level necessary to access the second application is retrieved. In response to a request, the user provides the further authentication data for accessing the second application. The type of the further authentication data required is based on the first authentication level and the minimum authentication level necessary to access the second application. The user is then authenticated to the second application at the minimum authentication level necessary to access the second application.
-
Citations
45 Claims
-
1. A computer implemented method for automatically providing access to a second application to a user authenticated to a first application, the method comprising:
-
(a) receiving from the user authenticated to the first application, using at least one computer system communicating with an electronic network, a data request for access to the second application, wherein the user is authenticated to the first application at a first authentication level; (b) processing by a computer server, by retrieving application information stored in a database, the minimum authentication level necessary to access the second application; (c) receiving, from the user via the computer network, further authentication data to access the second application, provided in response to a request, wherein the type of the further authentication data required is based on the first authentication level and the minimum authentication level necessary to access the second application; and (d) authenticating the user to the second application at the minimum authentication level necessary to access the second application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for automatically stepping down a user authenticated to an application at a first authentication level, after a period of time, to a lower second authentication level, the method comprising:
-
(a) a user authenticated to an application at a first authentication level; (b) receiving, using at least one computer system in communication with an electronic network, after a period of time, a request from a user to access the application; (c) stepping down, by a computer server, the user'"'"'s authentication level from the first authentication level to a lower second authentication level, based on predetermined criteria, wherein the computer server updates session information regarding the user'"'"'s authentication level, and wherein the predetermined criteria is the period of the time and the first authentication level; and (d) receiving, through the computer network, further authentication data from the user, wherein the further authentication data is receiving in response to a request, and wherein the type of authentication requested from the user is based on the lower authentication level and the authentication necessary to access the application. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer-readable storage device containing instructions for automatically providing access to a second application to a user authenticated to a first application, the method comprising:
-
(a) receiving from the user authenticated to the first application, via at least one computer system and an electronic network, a request to access the second application, wherein the user is authenticated to the first application at a first authentication level; (b) determining by a computer server, and using a database of application information, the minimum authentication level necessary to access the second application; (c) transmitting to the user via the computer network a request for further authentication to access the second application, based on the first authentication level and the minimum authentication level necessary to access the second application, wherein a type of the further authentication required is abased on the first authentication level and the minimum authentication level necessary to access the second application; (d) receiving, via the least one computer system and electronic network, the further authentication from the user; (e) authenticating the user to the second application at the minimum authentication level necessary to access the second application; and (f) providing the requested access to the second application.
-
-
32. A computer implemented system for automatically providing access to a second application to a user authenticated to a first application, the system comprising:
-
a front end server receiving from the user authenticated to the first application, using at least one computer system communicating with an electronic network, a data request for access to the second application, wherein the user is authenticated to the first application at a first authentication level; a computer server retrieving application information stored in a database, the minimum authentication level necessary to access the second application; the front end server receiving from the user, via the computer network, further authentication data to access the second application, provided in response to a request, wherein the type of the further authentication data required is based on the first authentication level and the minimum authentication level necessary to access the second application; and authenticating the user to the second application at the minimum authentication level necessary to access the second application. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A system for automatically stepping down a user authenticated to an application at a first authentication level, after a period of time, to a lower second authentication level, the system comprising:
-
a computer system, in communication with an electronic network, receiving after a period of time, a request from a user to access the application, wherein the user is authenticated to the application at a first authentication level; a computer server stepping down the user'"'"'s authentication level from the first authentication level to a lower second authentication level, based on predetermined criteria, wherein the computer server updates session information regarding the user'"'"'s authentication level, and wherein the predetermined criteria is the period of the time and the first authentication level; and receiving, through the computer network, further authentication data from the user, wherein the further authentication data is receiving in response to a request, and wherein the type of authentication requested from the user is based on the lower authentication level and the authentication necessary to access the application. - View Dependent Claims (42, 43, 44, 45)
-
Specification