Method and system for transmitting authentication context information
First Claim
1. A method comprising:
- transmitting, by a first computer system for facilitating authentication of a user, authentication information of said user from said first computer system to a class-based second computer system,wherein said authentication information includes at least one of environment information and facility housing information related to said first computer system,wherein said environment information comprises at least one of characteristics of a process used to initially associate user credentials to said user, characteristics of a process used to verify an identity of said user, and characteristics of a methodology by which a secret is secured, andwherein said facility housing information comprises at least one of characteristics of physical controls of a facility housing said first computer and characteristics of procedural security controls of said first computer, andwherein said class-based second computer system provides services in response to said authentication information substantially complying with a predetermined class stored at said class-based second computer system, and wherein said predetermined class is defined by a service provider.
3 Assignments
0 Petitions
Accused Products
Abstract
A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider.
41 Citations
18 Claims
-
1. A method comprising:
-
transmitting, by a first computer system for facilitating authentication of a user, authentication information of said user from said first computer system to a class-based second computer system, wherein said authentication information includes at least one of environment information and facility housing information related to said first computer system, wherein said environment information comprises at least one of characteristics of a process used to initially associate user credentials to said user, characteristics of a process used to verify an identity of said user, and characteristics of a methodology by which a secret is secured, and wherein said facility housing information comprises at least one of characteristics of physical controls of a facility housing said first computer and characteristics of procedural security controls of said first computer, and wherein said class-based second computer system provides services in response to said authentication information substantially complying with a predetermined class stored at said class-based second computer system, and wherein said predetermined class is defined by a service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving, by a class-based second computer system and from a first computer system for facilitating authentication of a user, authentication information of said user, wherein said authentication information includes at least one of environment information and facility housing information related to said first computer system, wherein said environment information comprises at least one of characteristics of a process used to initially associate user credentials to said user, characteristics of a process used to verify an identity of said user, and characteristics of a methodology by which a secret is secured, and wherein said facility housing information comprises at least one of characteristics of physical controls of a facility housing said first computer and characteristics of procedural security controls of said first computer; determining, by said class-based second computer system, that said authentication information substantially complies with a predetermined class stored by said class-based second computer system, wherein said predetermined class is defined by a service provider; and providing services by said class-based second computer system, and in response to said determining. - View Dependent Claims (14)
-
-
15. A class-based second computer system comprising:
-
a processor for facilitating authentication of a user, a tangible, non-transitory memory configured to communicate with the processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising; receiving, by said processor and from a first computer system, authentication information of said user, wherein said authentication information includes at least one of environment information and facility housing information related to said first computer system, wherein said environment information comprises at least one of characteristics of a process used to initially associate user credentials to said user, characteristics of a process used to verify an identity of said user, and characteristics of a methodology by which a secret is secured, and wherein said facility housing information comprises at least one of characteristics of physical controls of a facility housing said first computer and characteristics of procedural security controls of said first computer; determining, by said processor, that said authentication information substantially complies with a predetermined class stored by said class-based second computer system, wherein said predetermined class is defined by a service provider; and providing services, by said processor, and in response to said determining. - View Dependent Claims (16, 17, 18)
-
Specification