System, method and computer program product for providing unified authentication services for online applications
First Claim
1. A non-transitory computer readable medium having an executable computer readable program embodied therein for authenticating a user via a communication medium, wherein the executable computer readable program instructs a processor to perform the following steps:
- receiving, by a first module of the executable computer readable program, a request from a user to access information;
establishing, by a second module of the executable computer readable program, at least one credential of the user;
establishing, by a third module of the executable computer readable program, a policy of the user,wherein the user defines a first level of protection for a first account and a second level of protection for a second account, wherein the second level of protection is more secure than the first level of protection;
storing, by a fourth module of the executable computer readable program, the at least one credential and the policy of the user in a database; and
authenticating, by a fifth module of the executable computer readable program, the user by implementing the policy of the user by using at least one credential of the first level of protection as a credential for the second level of protection, wherein the credential comprises information from at least one identification device, the information of the credential of the first level of protection is the same as information of the credential of the second level of protection, and the credential gathered by the identification device is used to authenticate the user for a first account having the first level of protection and a second account having the second level of protection during one session.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.
-
Citations
20 Claims
-
1. A non-transitory computer readable medium having an executable computer readable program embodied therein for authenticating a user via a communication medium, wherein the executable computer readable program instructs a processor to perform the following steps:
-
receiving, by a first module of the executable computer readable program, a request from a user to access information; establishing, by a second module of the executable computer readable program, at least one credential of the user; establishing, by a third module of the executable computer readable program, a policy of the user, wherein the user defines a first level of protection for a first account and a second level of protection for a second account, wherein the second level of protection is more secure than the first level of protection; storing, by a fourth module of the executable computer readable program, the at least one credential and the policy of the user in a database; and authenticating, by a fifth module of the executable computer readable program, the user by implementing the policy of the user by using at least one credential of the first level of protection as a credential for the second level of protection, wherein the credential comprises information from at least one identification device, the information of the credential of the first level of protection is the same as information of the credential of the second level of protection, and the credential gathered by the identification device is used to authenticate the user for a first account having the first level of protection and a second account having the second level of protection during one session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method for authenticating a user to access a first or second account via a communication medium, the method comprising:
-
establishing a first policy component for the user for access to the first account as defined by the user, wherein the first policy component requires a first type of credential for access; storing the first policy component in a first database; establishing a second policy component for the user to access the second account as defined by the user, wherein the second policy component requires a second type of credential for access that is different than the first type of credential; storing the second policy component in a second database; capturing at least the first credential and the second credential; storing the at least the first credential and the second credential in a database; receiving a request by the user to access the first account; retrieving the first policy component based on the request for access to the first account; implementing the first policy component; requesting the first credential from the user; receiving the first credential from the user; authenticating the user if the first credential is authentic; allowing the user to access the first account; receiving a request by the user to access the second account; and authenticating the user by implementing the second policy component for the user by using at least one credential of the first level of protection as a credential for the second level of protection, wherein the credential comprises information from at least one identification device, the information of the credential of the first level of protection is the same as information of the credential of the second level of protection, and the credential gathered by the identification device is used to authenticate the user for the first account having the first level of protection and the second account having the second level of protection during one session. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification