Method and system for authentication by defining a demanded level of security

US 9,083,750 B2
Filed: 07/15/2013
Issued: 07/14/2015
Est. Priority Date: 12/11/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authentication of a client device to a server, the method comprising:

using one or more computer processors to perform the operations of;

determining a demanded level of security for a resource on the server, wherein the demanded level of security is independent of any particular authentication instance and defines level of trust necessary to allow access to the resource on the server;

determining, for each of a plurality of authentication instances, an associated server level of trust;

determining which of the plurality of authentication instances are available on the client device;

selecting at least two authentication instances from the plurality of authentication instances determined to be available on the client device based upon a determination that the combined level of trust associated with the at least two selected authentication instances meets or exceeds the determined demanded level of security for access to the resource on the server, wherein one or more combining operators are utilized to combine authentication instances; and

sending a request to the server to utilize the resource, the request comprising information verifying that the computer-implemented client has successfully authenticated utilizing the selected combination of authentication instances,wherein the authentication instances are associated to a reputation which evolves based on a collection of previous experiences associated with determining the server level of trust in the authentication instances.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for authentication involves defining a level of trust required for access to a resource independently of any particular authentication mechanism or instance, determining levels of trust associated with a plurality of authentication instances, and selecting and combining two or more of the authentication instances to meet or exceed the required level of trust.

30 Citations

View as Search Results

23 Claims

1. A computer-implemented method for authentication of a client device to a server, the method comprising:
- using one or more computer processors to perform the operations of;
  
  determining a demanded level of security for a resource on the server, wherein the demanded level of security is independent of any particular authentication instance and defines level of trust necessary to allow access to the resource on the server;
  
  determining, for each of a plurality of authentication instances, an associated server level of trust;
  
  determining which of the plurality of authentication instances are available on the client device;
  
  selecting at least two authentication instances from the plurality of authentication instances determined to be available on the client device based upon a determination that the combined level of trust associated with the at least two selected authentication instances meets or exceeds the determined demanded level of security for access to the resource on the server, wherein one or more combining operators are utilized to combine authentication instances; and
  
  sending a request to the server to utilize the resource, the request comprising information verifying that the computer-implemented client has successfully authenticated utilizing the selected combination of authentication instances,wherein the authentication instances are associated to a reputation which evolves based on a collection of previous experiences associated with determining the server level of trust in the authentication instances.
- View Dependent Claims (5, 6, 7, 21)
- - 5. The method of claim 1, wherein the one or more combining operators are operators of subjective logic.
  - 6. The method of claim 1, comprising authenticating using one of the selected authentication instances with an authentication server, the authentication server being different than the server.
  - 7. The method of claim 1, wherein one of the selected authentication instances comprises a username and password.
  - 21. The method of claim 1, wherein the at least two selected authentication instances comprise at least three authentication instances selected from the plurality of authentication instances.

2. The method of 1, wherein the server level of trust for one of the authentication instances selected by the client is at least in part based on a trust opinion.
- View Dependent Claims (3, 4)
- - 3. The method of claim 2, wherein the trust opinion comprises an objective criteria and a subjective criteria.
  - 4. The method of claim 2, wherein the trust opinion is expressed in subjective logic.

8. A non-transitory computer-readable medium that stores instructions which, when performed by a machine, cause the machine to perform operations comprising:
- using one or more computer processors to perform the operations of;
  
  determining a demanded level of security for a resource on the server, wherein the demanded level of security is independent of any particular authentication instance and defines level of trust necessary to allow access to the resource on the server;
  
  determining, for each of a plurality of authentication instances, an associated server level of trust;
  
  determining which of the plurality of authentication instances are available on a client device;
  
  selecting at least two authentication instances from the plurality of authentication instances determined to be available on the client device based upon a determination that the combined level of trust associated with the at least two selected authentication instances meets or exceeds the determined demanded level of security for access to the resource on the server, wherein one or more combining operators are utilized to combine authentication instances; and
  
  sending a request to the server to utilize the resource, the request comprising information verifying that the computer-implemented client has successfully authenticated utilizing the selected combination of authentication instances,wherein the authentication instances are associated to a reputation which evolves based on a collection of previous experiences associated with determining the server level of trust in the authentication instances.
- View Dependent Claims (9, 10, 11, 12, 13, 22)
- - 9. The computer-readable medium of claim 8, wherein the server level of trust for one of the selected authentication instances selected by the client is at least in part based on a trust opinion.
  - 10. The computer-readable medium of claim 9, wherein the trust opinion comprises an objective criteria and a subjective criteria.
  - 11. The computer-readable medium of claim 9, wherein the trust opinion is expressed in subjective logic.
  - 12. The computer-readable medium of claim 8, wherein the one or more combining operators are operators of subjective logic.
  - 13. The computer-readable medium of claim 8, wherein the instructions comprise instructions, which when performed by the machine cause the machine to perform the operations comprising authenticating using one of the selected authentication instances with an authentication server, the authentication server being different than the server.
  - 22. The computer-readable medium of claim 8, wherein the at least two selected authentication instances comprise at least three authentication instances selected from the plurality of authentication instances.

14. A client system for authentication comprising:
- a memory to store;
  
  a demanded level of security for a resource on a server, wherein the demanded level of security is independent of any particular authentication instance and defines a level of trust necessary to allow access to the resource on the server, andfor each of a plurality of authentication instances, an associated server level of trust; and
  
  a computer processor programmed to execute instructions operable to;
  
  determine the demanded level of security for the server;
  
  determine the server levels of trust for the plurality of authentication instances;
  
  determine which of the plurality of authentication instances are available on a client device;
  
  select at least two authentication instances from the plurality of authentication instances determined to be available on the client device based upon a determination that the combined level of trust associated with the at least two selected authentication instances meets or exceeds the determined demanded level of security for access to the resource on the server, wherein one or more combining operators are utilized to combine authentication instances; and
  
  send a request to the server to utilize the resource, the request comprising information verifying that the computer-implemented client has successfully authenticated using utilizing the selected combination of authentication instances,wherein the authentication instances are associated to a reputation which evolves based on a collection of previous experiences associated with determining the server level of trust in the authentication instances.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 23)
- - 15. The system of claim 14, wherein the server level of trust for one of the selected authentication instances is at least in part based on a trust opinion.
  - 16. The system of claim 15, wherein the trust opinion comprises an objective criteria and a subjective criteria.
  - 17. The system of claim 15, wherein the trust opinion is expressed in subjective logic.
  - 18. The system of claim 14, wherein the one or more combining operators are operators of subjective logic.
  - 19. The system of claim 14, wherein the processor is programmed to authenticate using one of the selected authentication instances with an authentication server, the authentication server being different than the server.
  - 20. The system of claim 14, wherein one of the three authentication instances comprises a biometric authentication.
  - 23. The system of claim 14, wherein the at least two selected authentication instances comprise at least three authentication instances selected from the plurality of authentication instances.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Gomez, Laurent Y., Scherfenberg, Ivonne
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US13/941,882
Publication Number

US 20130305312A1
Time in Patent Office

729 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Method and system for authentication by defining a demanded level of security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authentication by defining a demanded level of security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links