System, method and computer program product for providing unified authentication services for online applications

US 9,009,798 B2
Filed: 09/11/2008
Issued: 04/14/2015
Est. Priority Date: 03/23/2000
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having an executable computer readable program embodied therein for authenticating a user via a communication medium, wherein the executable computer readable program instructs a processor to perform the following steps:

receiving, by a first module of the executable computer readable program, a request from a user to access information;

establishing, by a second module of the executable computer readable program, at least one credential of the user;

establishing, by a third module of the executable computer readable program, a policy of the user,wherein the user defines a first level of protection for a first account and a second level of protection for a second account, wherein the second level of protection is more secure than the first level of protection;

storing, by a fourth module of the executable computer readable program, the at least one credential and the policy of the user in a database; and

authenticating, by a fifth module of the executable computer readable program, the user by implementing the policy of the user by using at least one credential of the first level of protection as a credential for the second level of protection, wherein the credential comprises information from at least one identification device, the information of the credential of the first level of protection is the same as information of the credential of the second level of protection, and the credential gathered by the identification device is used to authenticate the user for a first account having the first level of protection and a second account having the second level of protection during one session.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.

138 Citations

20 Claims

1. A non-transitory computer readable medium having an executable computer readable program embodied therein for authenticating a user via a communication medium, wherein the executable computer readable program instructs a processor to perform the following steps:
- receiving, by a first module of the executable computer readable program, a request from a user to access information;
  
  establishing, by a second module of the executable computer readable program, at least one credential of the user;
  
  establishing, by a third module of the executable computer readable program, a policy of the user,wherein the user defines a first level of protection for a first account and a second level of protection for a second account, wherein the second level of protection is more secure than the first level of protection;
  
  storing, by a fourth module of the executable computer readable program, the at least one credential and the policy of the user in a database; and
  
  authenticating, by a fifth module of the executable computer readable program, the user by implementing the policy of the user by using at least one credential of the first level of protection as a credential for the second level of protection, wherein the credential comprises information from at least one identification device, the information of the credential of the first level of protection is the same as information of the credential of the second level of protection, and the credential gathered by the identification device is used to authenticate the user for a first account having the first level of protection and a second account having the second level of protection during one session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer readable medium according claim 1, further comprising a sixth module for negotiating a session key with a web browser.
  - 3. The computer readable, medium according to claim 2, wherein the sixth module is instantiated for each session.
  - 4. The computer readable medium according to claim 1, wherein the fifth module retrieves the policy from the database.
  - 5. The computer readable medium according to claim 4, wherein the fifth module sends a message of authentication requirements.
  - 6. The computer readable medium according to claim 1, wherein the fifth module is downloaded to the user'"'"'s computer only at an enrollment or a first authentication.
  - 7. The computer readable medium according to claim 1, further comprising a seventh component for filtering requests from a user that are to be forwarded to the fifth module for authentication.
  - 8. The computer readable medium according to claim 1, wherein the second module captures the credential of the user from a plurality of identification devices.
  - 9. The computer readable medium according to claim 1, wherein the fifth module implements the policy to authenticate the user to access the first account with a first identification device, and to authenticate the user to access the second account with a second identification device.
  - 10. The computer readable medium according to claim 9, wherein the first account and the second account are websites.
  - 11. The computer readable medium according to claim 9, wherein the first identification device comprises biometric measurement.
  - 12. The computer readable medium according to claim 1, wherein the first level of protection is the same as the second level of protection.

13. A computer-implemented method for authenticating a user to access a first or second account via a communication medium, the method comprising:
- establishing a first policy component for the user for access to the first account as defined by the user, wherein the first policy component requires a first type of credential for access;
  
  storing the first policy component in a first database;
  
  establishing a second policy component for the user to access the second account as defined by the user, wherein the second policy component requires a second type of credential for access that is different than the first type of credential;
  
  storing the second policy component in a second database;
  
  capturing at least the first credential and the second credential;
  
  storing the at least the first credential and the second credential in a database;
  
  receiving a request by the user to access the first account;
  
  retrieving the first policy component based on the request for access to the first account;
  
  implementing the first policy component;
  
  requesting the first credential from the user;
  
  receiving the first credential from the user;
  
  authenticating the user if the first credential is authentic;
  
  allowing the user to access the first account;
  
  receiving a request by the user to access the second account; and
  
  authenticating the user by implementing the second policy component for the user by using at least one credential of the first level of protection as a credential for the second level of protection, wherein the credential comprises information from at least one identification device, the information of the credential of the first level of protection is the same as information of the credential of the second level of protection, and the credential gathered by the identification device is used to authenticate the user for the first account having the first level of protection and the second account having the second level of protection during one session.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method according to claim 13, wherein the first and second accounts are web applications.
  - 15. The method according to claim 13, wherein the first policy component is the same as the second policy component.
  - 16. The method according to claim 13, wherein the first database is the same as the second database.
  - 17. The method according to claim 13, further comprising the step of reusing the first credential for establishing access to a third account.
  - 18. The method according to claim 13, wherein the step of capturing the first credential comprises receiving a biometric measurement of the user.
  - 19. The method according to claim 13, wherein capturing the second credential comprises receiving a password of the user.
  - 20. The method according to claim 13, further comprising determining whether the received first credential passes a threshold value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Bakshi, Bikram S., Helms, David W., Rochon, Anthony C., Walker, Trevor J.
Primary Examiner(s)
Brown, Christopher
Assistant Examiner(s)
JACKSON, JENISE E

Application Number

US12/232,167
Publication Number

US 20090019534A1
Time in Patent Office

2,406 Days
Field of Search

726/1, 726/6, 713/166
US Class Current

726/6
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 2221/2117   User registration

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

System, method and computer program product for providing unified authentication services for online applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for providing unified authentication services for online applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links