Method and system for transmitting authentication context information

US 8,607,314 B2
Filed: 03/14/2012
Issued: 12/10/2013
Est. Priority Date: 12/31/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

transmitting, by a first computer system for facilitating authentication of a user, authentication information of said user from said first computer system to a class-based second computer system,wherein said authentication information includes at least one of environment information and facility housing information related to said first computer system,wherein said environment information comprises at least one of characteristics of a process used to initially associate user credentials to said user, characteristics of a process used to verify an identity of said user, and characteristics of a methodology by which a secret is secured, andwherein said facility housing information comprises at least one of characteristics of physical controls of a facility housing said first computer and characteristics of procedural security controls of said first computer, andwherein said class-based second computer system provides services in response to said authentication information substantially complying with a predetermined class stored at said class-based second computer system, and wherein said predetermined class is defined by a service provider.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider.

41 Citations

View as Search Results

18 Claims

1. A method comprising:
- transmitting, by a first computer system for facilitating authentication of a user, authentication information of said user from said first computer system to a class-based second computer system,wherein said authentication information includes at least one of environment information and facility housing information related to said first computer system,wherein said environment information comprises at least one of characteristics of a process used to initially associate user credentials to said user, characteristics of a process used to verify an identity of said user, and characteristics of a methodology by which a secret is secured, andwherein said facility housing information comprises at least one of characteristics of physical controls of a facility housing said first computer and characteristics of procedural security controls of said first computer, andwherein said class-based second computer system provides services in response to said authentication information substantially complying with a predetermined class stored at said class-based second computer system, and wherein said predetermined class is defined by a service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising receiving, at said first computer system, information indicative of said identity of said user.
  - 3. The method of claim 1, further comprising authenticating, by said first computer system, said identity of said user.
  - 4. The method of claim 1, wherein said authentication information further comprises at least one of:
    - data identifying said first computer, and data identifying previous verifications of said user.
  - 5. The method of claim 1, wherein a request from said class-based second computer system to said first computer system for additional authentication credentials is in response to determining that said authentication information does not substantially comply with said predetermined class.
  - 6. The method of claim 1, wherein said class is at least one of:
    - indicative of information used in authenticating said user, contains data regarding the method of authentication used in performing said authenticating of said user, and contains data regarding security characteristics of said first computing system.
  - 7. The method of claim 1, further comprising:
    - providing data regarding authenticating said user from said first computer system to a third computer system, wherein said user attempts to access said third computer system, coupled to said first computer system, wherein said third computer system determines that said user was authenticated by said first computer system, and wherein said third computer system provides services in response to said authentication information substantially complying with said predetermined class stored by said third computer system.
  - 8. The method of claim 7, wherein, in response to said third computer rejecting access to said third computing system in response to said authentication information not complying with said predetermined class, and in response to submitting additional information indicative of the identity of said user to said first computer system, said first computer system authenticates said identity of said user and transmits data regarding said authenticating to said third computer system, wherein in response, said third computer system provides services, in response to said data complying with said predetermined class.
  - 9. The method of claim 1, wherein said authentication information is transmitted using a predetermined XML schema.
  - 10. The method of claim 1, wherein said class-based second computer system transmits a request to said first computer system for additional authentication information, in response to said data complying with said predetermined class.
  - 11. The method of claim 1, wherein said class-based second computer system transmits said user credentials to said first computer system.
  - 12. The method of claim 1, further comprising receiving information relating to said user from a third computer system.

13. A method comprising:
- receiving, by a class-based second computer system and from a first computer system for facilitating authentication of a user, authentication information of said user, wherein said authentication information includes at least one of environment information and facility housing information related to said first computer system,wherein said environment information comprises at least one of characteristics of a process used to initially associate user credentials to said user, characteristics of a process used to verify an identity of said user, and characteristics of a methodology by which a secret is secured, andwherein said facility housing information comprises at least one of characteristics of physical controls of a facility housing said first computer and characteristics of procedural security controls of said first computer;
  
  determining, by said class-based second computer system, that said authentication information substantially complies with a predetermined class stored by said class-based second computer system, wherein said predetermined class is defined by a service provider; and
  
  providing services by said class-based second computer system, and in response to said determining.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein said first computer system receives information indicative of said identity of said user and authenticates said identity of said user to create authentication information.

15. A class-based second computer system comprising:
- a processor for facilitating authentication of a user,a tangible, non-transitory memory configured to communicate with the processor,the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;
  
  receiving, by said processor and from a first computer system, authentication information of said user, wherein said authentication information includes at least one of environment information and facility housing information related to said first computer system,wherein said environment information comprises at least one of characteristics of a process used to initially associate user credentials to said user, characteristics of a process used to verify an identity of said user, and characteristics of a methodology by which a secret is secured, andwherein said facility housing information comprises at least one of characteristics of physical controls of a facility housing said first computer and characteristics of procedural security controls of said first computer;
  
  determining, by said processor, that said authentication information substantially complies with a predetermined class stored by said class-based second computer system, wherein said predetermined class is defined by a service provider; and
  
  providing services, by said processor, and in response to said determining.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein said first computer system receives information indicative of said identity of said user and authenticates said identity of said user to create authentication information.
  - 17. The method of claim 15, wherein said processor transmits a request to said first computer system for additional authentication information, in response to said authentication information complying with said predetermined class.
  - 18. The method of claim 15, wherein said class is at least one of:
    - indicative of information used in authenticating said user, contains data regarding the method of authentication used in performing said authenticating of said user, and contains data regarding security characteristics of said first computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Barrett, Michael Richard
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US13/420,469
Publication Number

US 20120180118A1
Time in Patent Office

636 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/205   involving negotiation or de...

Method and system for transmitting authentication context information

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Method and system for transmitting authentication context information

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others