Selective authorization based on authentication input attributes
First Claim
Patent Images
1. A computer-implemented method, comprising:
- issuing an authentication input according to an issuance policy, the issuance policy dictating one or more identification verification procedures that are performed prior to the issuing the authentication input;
receiving the authentication input provided by a client device at an authentication authority using an authentication protocol;
identifying a strength attribute of the authentication input that represents a permutational complexity or a cryptographic complexity of the authentication input;
identifying an amount of trust in the authentication input, the amount of trust corresponding to a strictness of administrative rules under which the authentication input was issued;
representing the strength attribute of the authentication input, the amount of trust in the authentication input, and an identifier of the issuance policy with one or more representations; and
returning a token to the client device that includes the one or more representations using the authentication protocol.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.
129 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
issuing an authentication input according to an issuance policy, the issuance policy dictating one or more identification verification procedures that are performed prior to the issuing the authentication input; receiving the authentication input provided by a client device at an authentication authority using an authentication protocol; identifying a strength attribute of the authentication input that represents a permutational complexity or a cryptographic complexity of the authentication input; identifying an amount of trust in the authentication input, the amount of trust corresponding to a strictness of administrative rules under which the authentication input was issued; representing the strength attribute of the authentication input, the amount of trust in the authentication input, and an identifier of the issuance policy with one or more representations; and returning a token to the client device that includes the one or more representations using the authentication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer readable memory having computer-executable instructions that, when executed, perform acts comprising:
-
issuing an authentication input according to an issuance policy, the issuance policy dictating one or more identification verification procedures that are performed prior to the issuing the authentication input; receiving the authentication input at an authentication authority using an authentication protocol, the authentication input being sent from a client device associated with a user; identifying at least one of a strength attribute or a type attribute of the authentication input; identifying an amount of trust in the authentication input, the amount of trust corresponding to a strictness of administrative rules under which the authentication input was issued; representing an identifier of the issuance policy, the strength attribute or the type attribute of the authentication input, and the amount of trust in the authentication input with one or more representations selected from a plurality of representations; and returning a token that includes the one or more representations to the client device using the authentication protocol. - View Dependent Claims (17, 18, 19)
-
-
20. A system, the system comprising:
-
one or more processors; and memory to store a plurality of computer-executable instructions for execution by the one or more processors, the computer-executable instructions comprising; receiving an authentication input provided by a client device at an authentication authority using an authentication protocol, the authentication input being inputted into the client device to identify a user that requests access to a resource; identifying a strength attribute of the authentication input that is different than a type attribute of the authentication input, the strength attribute representing a permutational complexity or a cryptographic complexity of the authentication input; comparing the strength attribute of the authentication input with a directory that includes a plurality of predefined representations, each representation providing a corresponding level of access to one or more resources; selecting a matching predefined representation from the plurality of predefined representations when the matching predefined representation matches the strength attribute of the authentication input that identifies the user that requests the access to the resource; selecting a default predefined representation from the plurality of predefined representations when no other predefined representation matches the strength attribute of the authentication input that identifies the user; and providing the matching predefined representation or the default predefined representation to the client device in a token.
-
Specification