Providing authentication using previously-validated authentication credentials

US 9,317,673 B2
Filed: 02/07/2014
Issued: 04/19/2016
Est. Priority Date: 02/07/2014
Status: Active Grant

First Claim

Patent Images

1. An apparatus for providing authentication using previously-validated authentication credentials, the apparatus comprising:

a memory;

one or more processors; and

computer executable code stored in memory, wherein the computer executable code, when executed by the one or more processors, is configured to cause the one or more processors to;

receive a request, from a user, to access a framework application, wherein access to the framework application requires a primary level of user authentication comprising one of a plurality of authentication types that is selectable by the user, wherein the plurality of authentication types comprises at least one of a hard authentication, a soft authentication, and a zero authentication, wherein the hard authentication is a multi-factor verification requiring the user present at least two authentication credentials, wherein the soft authentication is at least a single factor verification requiring the user to present at least one authentication credential, wherein zero authentication requires the user to present no authentication credentials;

receive a user selected authentication type of the primary level of user authentication, wherein the user selected authentication type is selected from at least one of a hard authentication, a soft authentication, and a zero authentication;

request, from the user, one or more authentication credentials corresponding to the user selected authentication type of the primary level of user authentication;

receive the one or more authentication credentials from the user;

validate the one or more authentication credentials, thereby resulting in a validation of the user selected authentication type of the primary level of user authenticationcreate, using the framework application, an authentication token corresponding to the user selected authentication type based at least partially on the validation of the user selected authentication type of the primary level of user authentication, wherein the authentication token is accessible by at least one non-framework application;

receive a request, from the user, to access the at least one non-framework application;

access the authentication token created by the framework application; and

at least partially authenticate the at least one non-framework application using the authentication token such that the authentication of the at least one non-framework application is at least partially based on the user selected authentication type of the primary level of user authentication,wherein authentication of the user selected authentication type of the primary level of authentication decreases a degree of confidence required for authenticating the one or more non-framework applications from at least a first degree of confidence to a second degree of confidence, and wherein the first degree of confidence is stronger than the second degree of confidence.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to systems, methods and computer program products for providing authentication using previously-validated authentication credentials. An exemplary apparatus is configured to receive a request to access a framework application, request, from a user, one or more authentication credentials corresponding to a primary level of user authentication, receive and validate the one or more authentication credentials, create, using the framework application, an authentication token based at least partially on the validation of the primary level of user authentication, wherein the authentication token is accessible by a plurality of applications, receive a request, from the user, to access one or more non-framework applications; and authenticate the one or more non-framework applications, where authenticating the non-framework applications requires accessing the authentication token created by the framework application such that the authentication is at least partially based on the primary level of user authentication.

138 Citations

18 Claims

1. An apparatus for providing authentication using previously-validated authentication credentials, the apparatus comprising:
- a memory;
  
  one or more processors; and
  
  computer executable code stored in memory, wherein the computer executable code, when executed by the one or more processors, is configured to cause the one or more processors to;
  
  receive a request, from a user, to access a framework application, wherein access to the framework application requires a primary level of user authentication comprising one of a plurality of authentication types that is selectable by the user, wherein the plurality of authentication types comprises at least one of a hard authentication, a soft authentication, and a zero authentication, wherein the hard authentication is a multi-factor verification requiring the user present at least two authentication credentials, wherein the soft authentication is at least a single factor verification requiring the user to present at least one authentication credential, wherein zero authentication requires the user to present no authentication credentials;
  
  receive a user selected authentication type of the primary level of user authentication, wherein the user selected authentication type is selected from at least one of a hard authentication, a soft authentication, and a zero authentication;
  
  request, from the user, one or more authentication credentials corresponding to the user selected authentication type of the primary level of user authentication;
  
  receive the one or more authentication credentials from the user;
  
  validate the one or more authentication credentials, thereby resulting in a validation of the user selected authentication type of the primary level of user authenticationcreate, using the framework application, an authentication token corresponding to the user selected authentication type based at least partially on the validation of the user selected authentication type of the primary level of user authentication, wherein the authentication token is accessible by at least one non-framework application;
  
  receive a request, from the user, to access the at least one non-framework application;
  
  access the authentication token created by the framework application; and
  
  at least partially authenticate the at least one non-framework application using the authentication token such that the authentication of the at least one non-framework application is at least partially based on the user selected authentication type of the primary level of user authentication,wherein authentication of the user selected authentication type of the primary level of authentication decreases a degree of confidence required for authenticating the one or more non-framework applications from at least a first degree of confidence to a second degree of confidence, and wherein the first degree of confidence is stronger than the second degree of confidence.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the computer executable code further comprises instruction code that causes the one or more processors to:
    - deny a second request to at least partially authenticate the at least one non-framework application in response to determining the validation of the user selected authentication type of the primary level of user authentication has expired; and
      
      prompt the user to authenticate the framework application using the primary level of authentication prior to requesting to authenticate the at least one non-framework application.
  - 3. The apparatus of claim 1, wherein the computer executable code further comprises instruction code that causes the one or more processors to:
    - deny a second request to authenticate the at least one non-framework application in response to determining the validation of the primary level of user authentication has expired; and
      
      prompt the user to authenticate the one or more non-framework applications using the primary level of authentication.
  - 4. The apparatus of claim 1, wherein the computer executable code further comprises instruction code that causes the one or more processors to determine a degree of confidence for authenticating the at least one non-framework application based at least partially on the user selected authentication type of the primary level of authentication.
  - 5. The apparatus of claim 1, wherein authenticating the one or more non-framework applications further requires validation of a secondary level of user authentication, and wherein the secondary level of user authentication comprises a single factor authentication.
  - 6. The apparatus of claim 1, wherein authenticating the one or more non-framework applications further requires validation of a secondary level of user authentication, and wherein the secondary level of user authentication comprises a soft authentication or zero authentication.
  - 7. The apparatus of claim 1, wherein the one or more authentication credentials comprise at least one of a user name, a password, a web-based security system, a personal identification number (PIN), a security question, or a biometric screening parameter.
  - 8. The apparatus of claim 1, wherein the computer executable code causes the one or more processors to:
    - determine one or more authentication credentials corresponding to a secondary level of user authentication for authenticating the at least one non-framework application, wherein determining the one or more credentials is based on the user selected authentication type of the primary level of user authentication;
      
      receive, from the user, a response for each of the one or more authentication credentials corresponding to the secondary level of user authentication;
      
      validate the response for each of the one or more authentication credentials corresponding to the secondary level of user authentication, thus resulting in a validation of the secondary level of user authentication; and
      
      authenticate the at least one non-framework application based at least in part on validating the secondary level of user authentication, such that the authentication of the at least one non-framework application is based at least partially on the validation of the secondary level of user authentication and based at least in part on the validation of the user selected authentication type of the primary level of user authentication.

9. A method for providing authentication using previously-validated authentication credentials, the method comprising:
- receiving a request, from a user, to access a framework application, wherein access to the framework application requires a primary level of user authentication comprising one of a plurality of authentication types that is selectable by the user, wherein the plurality of authentication types comprises at least one of a hard authentication, a soft authentication, and a zero authentication, wherein the hard authentication is a multi-factor verification requiring the user present at least two authentication credentials, wherein the soft authentication is at least a single-factor verification requiring the user to present at least one authentication credential, wherein zero authentication requires the user to present no authentication credentials;
  
  receiving a user selected authentication type of the primary level of user authentication, wherein the user selected authentication type is selected from at least one of a hard authentication, a soft authentication, and a zero authentication;
  
  requesting, from the user, one or more authentication credentials corresponding to the user selected authentication type of the primary level of user authentication;
  
  receiving the one or more authentication credentials corresponding to the selected authentication type;
  
  validating the one or more authentication credentials, thereby resulting in a validation of the user selected authentication type of the primary level of user authentication;
  
  creating, using the framework application, an authentication token corresponding to the user selected authentication type based at least partially on the validation of the user selected authentication type of the primary level of user authentication, wherein the authentication token is accessible by at least one non-framework application;
  
  receiving a request, from the user, to access the at least one non-framework application;
  
  accessing the authentication token created by the framework application; and
  
  at least partially authenticating the at least one non-framework application using the authentication token created by the framework application such that the authentication of the at least one non-framework application is at least partially based on the user selected authentication type of the primary level of user authentication,wherein authentication of the user selected authentication type of the primary level of authentication decreases the degree of confidence required for authenticating the one or more non-framework applications from at least a first degree of confidence to a second degree of confidence, and wherein the first degree of confidence is stronger than the second degree of confidence.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, the method further comprising:
    - denying a second request to at least partially authenticate the at least one non-framework application in response to determining the validation of the user selected authentication type of the primary level of user authentication has expired; and
      
      prompting prompt the user to authenticate the framework application using the primary level of authentication prior to requesting to authenticate the at least one non-framework application.
  - 11. The method of claim 9, the method further comprising:
    - denying a second request to authenticate the at least one non-framework application in response to determining the validation of the primary level of user authentication has expired; and
      
      prompting the user to authenticate the one or more non-framework applications using the primary level of authentication.
  - 12. The method of claim 9, the method further comprising determining a degree of confidence for authenticating the at least one non-framework application based at least partially on the user selected authentication type of the primary level of authentication.
  - 13. The method of claim 9, wherein the method further comprises:
    - determining one or more authentication credentials corresponding to a secondary level of user authentication for authenticating the at least one non-framework application, wherein determining the one or more credentials is based on the user selected authentication type of the primary level of user authentication;
      
      receiving, from the user, a response for each of the one or more authentication credentials corresponding to the secondary level of user authentication;
      
      validating the response for each of the one or more authentication credentials corresponding to the secondary level of user authentication, thus resulting in a validation of the secondary level of user authentication; and
      
      authenticating the at least one non-framework application based at least in part on validating the secondary level of user authentication, such that the authentication of the at least one non-framework application is based at least partially on the validation of the secondary level of user authentication and based at least in part on the validation of the user selected authentication type of the primary level of user authentication.

14. A computer program product for providing authentication using previously-validated authentication credentials, the computer program product comprising:
- a non-transitory computer-readable medium comprising a set of codes for causing a computer to;
  
  receive a request, from a user, to access a framework application, wherein access to the framework application requires a primary level of user authentication comprising one of a plurality of authentication types that is selectable by the user, wherein the plurality of authentication types comprises at least one of a hard authentication, a soft authentication, and a zero authentication, wherein the hard authentication is a multi-factor verification requiring the user present at least two authentication credentials, wherein the soft authentication is at least a single factor verification requiring the user to present at least one authentication credential, wherein zero authentication requires the user to present no authentication credentials;
  
  receive a user selected authentication type of the primary level of user authentication, wherein the user selected authentication type is selected from at least one of a hard authentication, a soft authentication, and a zero authentication;
  
  request, from the user, one or more authentication credentials corresponding to the user selected authentication type of the primary level of user authentication;
  
  receive the one or more authentication credentials from the user;
  
  validate the one or more authentication credentials, thereby resulting in a validation of the user selected authentication type of the primary level of user authentication;
  
  create, using the framework application, an authentication token corresponding to the user selected authentication type based at least partially on the validation of the user selected authentication type of the primary level of user authentication, wherein the authentication token is accessible by at least one non-framework application;
  
  receive a request, from the user, to access the at least one non-framework application;
  
  access the authentication token created by the framework application; and
  
  at least partially authenticate the at least one non-framework application using the authentication token created by the framework application such that the authentication of the at least one non-framework application is at least partially based on the user selected authentication type of the primary level of user authentication,wherein authentication of the user selected authentication type of the primary level of authentication decreases the degree of confidence required for authenticating the one or more non-framework applications from at least a first degree of confidence to a second degree of confidence, and wherein the first degree of confidence is stronger than the second degree of confidence.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer program product of claim 14, the computer program product further comprising a set of code for causing a computer to:
    - deny a second request to at least partially authenticate the at least one non-framework application in response to determining the validation of the user selected authentication type of the primary level of user authentication has expired; and
      
      prompt the user to authenticate the framework application using the primary level of authentication prior to requesting to authenticate the at least one non-framework application.
  - 16. The computer program product of claim 14, the computer program product further comprising a set of code for causing a computer to:
    - deny a second request to authenticate the at least one non-framework application in response to determining the validation of the primary level of user authentication has expired; and
      
      prompt the user to authenticate the one or more non-framework applications using the primary level of authentication.
  - 17. The computer program product of claim 14, the computer program product further comprising a set of code for causing a computer to determine a degree of confidence for authenticating the at least one non-framework application based at least partially on the user selected authentication type of the primary level of authentication.
  - 18. The computer program product of claim 14, wherein the computer program product further comprising a set of code for causing a computer to:
    - determine one or more authentication credentials corresponding to a secondary level of user authentication for authenticating the at least one non-framework application, wherein determining the one or more credentials is based on the user selected authentication type of the primary level of user authentication;
      
      receive, from the user, a response for each of the one or more authentication credentials corresponding to the secondary level of user authentication;
      
      validate the response for each of the one or more authentication credentials corresponding to the secondary level of user authentication, thus resulting in a validation of the secondary level of user authentication; and
      
      authenticate the at least one non-framework application based at least in part on validating the secondary level of user authentication, such that the authentication of the at least one non-framework application is based at least partially on the validation of the secondary level of user authentication and based at least in part on the validation of the user selected authentication type of the primary level of user authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Grigg, David M., Bertanzetti, Peter John, Qaim-Maqami, Hood
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Naghdali, Khalil

Application Number

US14/175,146
Publication Number

US 20150227725A1
Time in Patent Office

802 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2149   Restricted operating enviro...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/126   the source of the received ...

Providing authentication using previously-validated authentication credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

138 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Providing authentication using previously-validated authentication credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others