Method and system for authentication by defining a demanded level of security
First Claim
Patent Images
1. A computer-implemented method for authentication of a client device to a server, the method comprising:
- using one or more computer processors to perform the operations of;
determining a demanded level of security for a resource on the server, wherein the demanded level of security is independent of any particular authentication instance and defines level of trust necessary to allow access to the resource on the server;
determining, for each of a plurality of authentication instances, an associated server level of trust;
determining which of the plurality of authentication instances are available on the client device;
selecting at least two authentication instances from the plurality of authentication instances determined to be available on the client device based upon a determination that the combined level of trust associated with the at least two selected authentication instances meets or exceeds the determined demanded level of security for access to the resource on the server, wherein one or more combining operators are utilized to combine authentication instances; and
sending a request to the server to utilize the resource, the request comprising information verifying that the computer-implemented client has successfully authenticated utilizing the selected combination of authentication instances,wherein the authentication instances are associated to a reputation which evolves based on a collection of previous experiences associated with determining the server level of trust in the authentication instances.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for authentication involves defining a level of trust required for access to a resource independently of any particular authentication mechanism or instance, determining levels of trust associated with a plurality of authentication instances, and selecting and combining two or more of the authentication instances to meet or exceed the required level of trust.
30 Citations
23 Claims
-
1. A computer-implemented method for authentication of a client device to a server, the method comprising:
-
using one or more computer processors to perform the operations of; determining a demanded level of security for a resource on the server, wherein the demanded level of security is independent of any particular authentication instance and defines level of trust necessary to allow access to the resource on the server; determining, for each of a plurality of authentication instances, an associated server level of trust; determining which of the plurality of authentication instances are available on the client device; selecting at least two authentication instances from the plurality of authentication instances determined to be available on the client device based upon a determination that the combined level of trust associated with the at least two selected authentication instances meets or exceeds the determined demanded level of security for access to the resource on the server, wherein one or more combining operators are utilized to combine authentication instances; and sending a request to the server to utilize the resource, the request comprising information verifying that the computer-implemented client has successfully authenticated utilizing the selected combination of authentication instances, wherein the authentication instances are associated to a reputation which evolves based on a collection of previous experiences associated with determining the server level of trust in the authentication instances. - View Dependent Claims (5, 6, 7, 21)
-
- 2. The method of 1, wherein the server level of trust for one of the authentication instances selected by the client is at least in part based on a trust opinion.
-
8. A non-transitory computer-readable medium that stores instructions which, when performed by a machine, cause the machine to perform operations comprising:
-
using one or more computer processors to perform the operations of; determining a demanded level of security for a resource on the server, wherein the demanded level of security is independent of any particular authentication instance and defines level of trust necessary to allow access to the resource on the server; determining, for each of a plurality of authentication instances, an associated server level of trust; determining which of the plurality of authentication instances are available on a client device; selecting at least two authentication instances from the plurality of authentication instances determined to be available on the client device based upon a determination that the combined level of trust associated with the at least two selected authentication instances meets or exceeds the determined demanded level of security for access to the resource on the server, wherein one or more combining operators are utilized to combine authentication instances; and sending a request to the server to utilize the resource, the request comprising information verifying that the computer-implemented client has successfully authenticated utilizing the selected combination of authentication instances, wherein the authentication instances are associated to a reputation which evolves based on a collection of previous experiences associated with determining the server level of trust in the authentication instances. - View Dependent Claims (9, 10, 11, 12, 13, 22)
-
-
14. A client system for authentication comprising:
-
a memory to store; a demanded level of security for a resource on a server, wherein the demanded level of security is independent of any particular authentication instance and defines a level of trust necessary to allow access to the resource on the server, and for each of a plurality of authentication instances, an associated server level of trust; and a computer processor programmed to execute instructions operable to; determine the demanded level of security for the server; determine the server levels of trust for the plurality of authentication instances; determine which of the plurality of authentication instances are available on a client device; select at least two authentication instances from the plurality of authentication instances determined to be available on the client device based upon a determination that the combined level of trust associated with the at least two selected authentication instances meets or exceeds the determined demanded level of security for access to the resource on the server, wherein one or more combining operators are utilized to combine authentication instances; and send a request to the server to utilize the resource, the request comprising information verifying that the computer-implemented client has successfully authenticated using utilizing the selected combination of authentication instances, wherein the authentication instances are associated to a reputation which evolves based on a collection of previous experiences associated with determining the server level of trust in the authentication instances. - View Dependent Claims (15, 16, 17, 18, 19, 20, 23)
-
Specification