Graduated authentication in an identity management system
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, at a homesite, from a membersite, a request for user information, wherein responding to the request requires two or more transactions, wherein at least a first of the two or more transactions is associated with a first security level, and wherein at least a second of the two or more transactions is associated with a second security level different from the first security level;
selecting a first channel with a first channel security level to perform the first transaction the first channel selected based on a correspondence between the first security level and the first channel security level;
selecting a second channel with a second channel security level to perform the second transaction, the second channel selected based on, a correspondence between the second security level and the second channel security level;
transmitting, from the homesite, first data to perform the first transaction over the selected first channel; and
transmitting, from the homesite, second data to perform the second transaction over the selected second channel.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.
-
Citations
18 Claims
-
1. A computer-implemented method comprising:
-
receiving, at a homesite, from a membersite, a request for user information, wherein responding to the request requires two or more transactions, wherein at least a first of the two or more transactions is associated with a first security level, and wherein at least a second of the two or more transactions is associated with a second security level different from the first security level; selecting a first channel with a first channel security level to perform the first transaction the first channel selected based on a correspondence between the first security level and the first channel security level; selecting a second channel with a second channel security level to perform the second transaction, the second channel selected based on, a correspondence between the second security level and the second channel security level; transmitting, from the homesite, first data to perform the first transaction over the selected first channel; and transmitting, from the homesite, second data to perform the second transaction over the selected second channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable storage device storing instructions configured to, by being executed by a computing device with one or more processors, cause the computing device to perform operations that:
-
send, to a first homesite, a first request for user information, the first request including an associated first security level; receive, from the first homesite over a first channel selected from a first plurality of channels, a first response to the first request, wherein the first channel is selected in accordance with a response security level determined by the first homesite, and the response security level is based on the first security level associated with the first request, and wherein at least at least one channel of the first plurality of channels has a different level of security than another channel of the first plurality of channels; verify that the first response was sent using a first response security level based on the first security level; send, to a second homesite, a second request for user information, the second request including an associated second security level; receive a second response to the second request; determine that the second response does not meet minimum requirements associated with the second security level; and responsive to the determination that the response does not meet the minimum requirements, provide an indication that an attack may be in progress. - View Dependent Claims (15, 16)
-
-
17. A computer-implemented method comprising:
-
sending, to a first homesite, a first request for user information, the first request including an associated first security level; receiving, from the first homesite over a first channel selected from a first plurality of channels, a first response to the first request, wherein the first channel is selected in accordance with a response security level determined by the first homesite, and the response security level is based on the first security level associated with the first request, and wherein at least one channel of the first plurality of channels has a different level of security than another channel of the first plurality of channels; verifying that the first response was sent using a first response security level based on the first security level; sending, to a second homesite, a second request for user information, the second request including an associated second security level; receiving a second response to the second request; determining that the second response does not meet minimum requirements associated with the second security level; and responsive to the determination that the response does not meet the minimum requirements, providing an indication that an attack may be in progress. - View Dependent Claims (18)
-
Specification