User authentication based on network context
First Claim
1. A method, comprising:
- receiving, in response to a request transmitted from a computing device to access a computing solution, a command to authenticate a user of the computing device;
determining, in response to receiving the command, whether a network address corresponding to the request matches at least one network address associated with a protected network;
initiating, in response to the network address corresponding to the request not matching the at least one network address associated with the protected network, authentication of the user via a first number of authentication mechanisms defined via a stack of pluggable authentication modules at an identity provider corresponding to the computing solution; and
delegating, in response to the network address corresponding to the request matching the at least one network address associated with the protected network, the authentication of the user via a second number, that is greater than the first number, of authentication mechanisms defined via a stack of pluggable authentication modules to an identity management system located within the protected network.
2 Assignments
0 Petitions
Accused Products
Abstract
Example systems and methods of user authentication based on network context are presented. In one example, a command to authenticate a user of a computing device is received in response to a request transmitted from the computing device to access a computing solution. In response to the command, a determination is made whether a network address corresponding to the request matches at least one network address associated with a protected network. Based on the network address corresponding to the request not matching the at least one network address associated with the protected network, authentication of the user is initiated at an identity provider corresponding to the computing solution. Otherwise, based on the network address corresponding to the request matching the at least one network address associated with the protected network, authentication of the user is delegated to an identity management system located within the protected network.
-
Citations
15 Claims
-
1. A method, comprising:
- receiving, in response to a request transmitted from a computing device to access a computing solution, a command to authenticate a user of the computing device;
determining, in response to receiving the command, whether a network address corresponding to the request matches at least one network address associated with a protected network; initiating, in response to the network address corresponding to the request not matching the at least one network address associated with the protected network, authentication of the user via a first number of authentication mechanisms defined via a stack of pluggable authentication modules at an identity provider corresponding to the computing solution; and delegating, in response to the network address corresponding to the request matching the at least one network address associated with the protected network, the authentication of the user via a second number, that is greater than the first number, of authentication mechanisms defined via a stack of pluggable authentication modules to an identity management system located within the protected network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- receiving, in response to a request transmitted from a computing device to access a computing solution, a command to authenticate a user of the computing device;
-
8. A system comprising:
-
at least one hardware processor; a user location determination module executable using the at least one hardware processor, configured to; receive, in response to a request transmitted from a computing device to access a computing solution, a command to authenticate a user of the computing device; and determine, in response to receiving the command, whether a network address corresponding to the request matches at least one network address associated with a protected network; an authentication module comprising an identity provider executable using the at least one hardware processor, configured to authenticate the user via a first number of authentication mechanisms defined by a stack of pluggable authentication modules, at the identity provider corresponding to the computing solution, in response to the network address corresponding to the request not matching the at least one network address associated with the protected network; and a delegation module executable using the at least one hardware processor, configured to delegate, in response to the network address corresponding to the request matching the at least one network address associated with the protected network, the authentication of the user via a second number, that is greater than the first number, of authentication mechanisms defined by a stack of pluggable authentication modules to an identity management system located within the protected network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
receiving, from a computing solution in response to a request transmitted from a computing device to access the computing solution, a command to authenticate a user of the computing device, the command including a network address of a communication device from which the request was received at the computing solution; determining whether the network address corresponding to the request matches at least one network address associated with a protected network; initiating, in response to the network address corresponding to the request not matching the at least one network address associated with the protected network, authentication of the user via a first number of authentication mechanisms defined by a stack of pluggable authentication modules an identity provider corresponding to the computing solution; and in response to the network address corresponding to the request matching the at least one network address associated with the protected network, delegating the authentication of the user via a second number, that is greater than the first number, of authentication mechanisms defined via a stack of pluggable authentication modules to an identity management system located within the protected network.
-
Specification