Method and system for transmitting authentication context information

US 8,181,231 B2
Filed: 06/09/2010
Issued: 05/15/2012
Est. Priority Date: 12/31/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A class-based authentication system, comprising:

a network interface communicating with a memory;

said memory communicating with a class-based authentication processor; and

said class-based authentication processor, when executing a computer program, performs operations comprising;

receiving, by said class-based authentication processor and from an authentication information system, authentication information comprising physical controls of a facility housing said authentication information system, wherein said authentication information system creates said authentication information in response to said authentication information system authenticating a user;

determining, by said class-based authentication processor, that said authentication information substantially complies with a predetermined class established by said class-based authentication processor; and

providing services, by said class-based authentication processor to said user, based upon said determining.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider.

34 Citations

20 Claims

1. A class-based authentication system, comprising:
- a network interface communicating with a memory;
  
  said memory communicating with a class-based authentication processor; and
  
  said class-based authentication processor, when executing a computer program, performs operations comprising;
  
  receiving, by said class-based authentication processor and from an authentication information system, authentication information comprising physical controls of a facility housing said authentication information system, wherein said authentication information system creates said authentication information in response to said authentication information system authenticating a user;
  
  determining, by said class-based authentication processor, that said authentication information substantially complies with a predetermined class established by said class-based authentication processor; and
  
  providing services, by said class-based authentication processor to said user, based upon said determining.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein said authentication information comprises characteristics regarding a process used to initially associate user credentials to said user.
  - 3. The system of claim 2, wherein said class-based authentication processor is further configured to transmit user credentials to said authentication information system.
  - 4. The system of claim 1, wherein said authentication information system is configured to provide at least one of information regarding a process used to authenticate an identity, procedural security controls of said authentication information system, and how a secret is kept secure.
  - 5. The system of claim 1, further comprising requesting additional authentication information from said authentication information system in response to determining that said process used to authenticate said user does not substantially comply with a predetermined class established by said class-based authentication processor.
  - 6. The system of claim 1, further comprising a service delivery system configured to provide services to said user, wherein said service delivery system communicates with said authentication information system.
  - 7. The system of claim 1, wherein said authentication information comprises a predefined XML schema.
  - 8. The system of claim 1, wherein said authentication information system is further configured to receive authentication information relating to said user from a third computer system.

9. A method for facilitating authentication of a user comprising:
- receiving, at a first computer system, information indicative of an identity of said user;
  
  authenticating, by said first computer system, said identity of said user; and
  
  transmitting, by said first computer system, authentication information from said first computer system to a second computer system, wherein said authentication information includes physical controls of a facility housing said first computer system, and wherein said second computer system allows access to said second computer system in response to determining, by said second computer system, that said authentication information substantially complies with a predetermined class established by said second computer system.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The method of claim 9, wherein said authentication information comprises characteristics regarding a process used to initially associate user credentials to said user.
  - 11. The method of claim 10, wherein said second computer system transmits said user credentials to said first computer system.
  - 12. The method of claim 9, wherein said authentication information further comprises at least one of:
    - information regarding a process used to authenticate said identity, data identifying said first computer, procedural security controls of said first computer, data identifying previous verifications of said user, and how a secret is kept secure.
  - 13. The method of claim 9, wherein a request from said second computer system to said first computer system for additional authentication credentials is in response to determining that said authentication information does not substantially comply with said predetermined class established by said second computer system.
  - 14. The method of claim 9, wherein said class is at least one of:
    - indicative of information used in said authenticating step, contains data regarding the method of authentication used in performing said authenticating step, and contains data regarding security characteristics of said first computing system.
  - 15. The method of claim 9, further comprising:
    - providing data regarding said authenticating from said first computer system to a third computer system, wherein said user attempts to access a third computer system, coupled to said first computer system, wherein said third computer system determines that said user was authenticated by said first computer system, and wherein said third computer system allows access to said third computer system provided that said authentication information substantially complies with a predetermined class established by said third computer system.
  - 16. The method of claim 15, wherein, in response to said third computer rejecting access to said third computing system in response to said authentication information not complying with a predetermined class established by said third computer system, and in response to submitting additional information indicative of the identity of said user to a first computer system, said first computer system authenticates said identity of said user and transmits data regarding said authenticating to said third computer system, wherein in response, said third computer system allows access to said third computer system provided that said data complies with a predetermined class established by said third computer system.
  - 17. The method of claim 9, wherein said authentication information is transmitted using a predetermined XML schema.
  - 18. The method of claim 9, wherein said second computer system transmits a request to said first computer system for additional authentication in response to said process used to authenticate said identity at said first computer system not substantially complying with a predetermined class established by said second computer system.
  - 19. The method of claim 9, further comprising receiving information relating to said user from a third computer system.

20. A method for facilitating authentication of a user comprising:
- receiving, by a second computer system and from a first computer system, authentication information, wherein said authentication information includes physical controls of a facility housing said first computer, wherein said first computer system receives information indicative of an identity of said user and authenticates said identity of said user to create authentication information; and
  
  determining, by said second computer system, that said authentication information substantially complies with said predetermined class established by said second computer system;
  
  allowing, by said second computer system and in response to said determining, access to said second computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Barrett, Michael
Primary Examiner(s)
Powers, William

Application Number

US12/797,531
Publication Number

US 20100251343A1
Time in Patent Office

706 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/205   involving negotiation or de...

Method and system for transmitting authentication context information

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for transmitting authentication context information

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links