Authentication policy orchestration for a user device
First Claim
1. A server, comprising:
- a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol;
at least one hardware processor configured to;
direct a plurality of authorization policies which are separately configurable between those received from a relying party policy engine located on the server and those received from an authorizing party policy engine located on a authorizing party user device and control authorization requirements of the authorizing party user device being sent authorization requests;
obtain, from a client device via the network, a transaction request for a transaction;
determine the authorization requirement for the transaction request based on the plurality of authorization policies;
a first policy of the plurality of authorization policies being configurable by the relying party policy engine but not the authorizing party policy engine;
a second policy of the plurality of authorization policies being configurable by the authorizing party policy engine;
a third policy of the plurality of authorization policies being configurable by the authorizing party policy engine, and authorizing completion of the transaction without input from the authorizing party user device based on automatic authorization criterion; and
a fourth policy of the plurality of authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine or the authorizing party policy engine;
wherein the plurality of authorization policies include;
a status of the authorizing party user device, providing a notification of the transaction, a location of at least one of the client device and the authorizing party user device, a status of the network, and a habit of at least one of the client device and the authorizing party user device;
determine that the automatic authorization criterion has not been met;
based on the determination that the automatic authorization criterion has not been met, transmit a respective authorization request to the authorizing party user device;
receive at least one authorization response per transaction request from the authorizing party user device; and
complete the transaction by approving the transaction based on the authorization requirement having been met and based on having received an authorization approval in each of the authorization responses.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.
68 Citations
42 Claims
-
1. A server, comprising:
-
a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol; at least one hardware processor configured to; direct a plurality of authorization policies which are separately configurable between those received from a relying party policy engine located on the server and those received from an authorizing party policy engine located on a authorizing party user device and control authorization requirements of the authorizing party user device being sent authorization requests; obtain, from a client device via the network, a transaction request for a transaction; determine the authorization requirement for the transaction request based on the plurality of authorization policies; a first policy of the plurality of authorization policies being configurable by the relying party policy engine but not the authorizing party policy engine; a second policy of the plurality of authorization policies being configurable by the authorizing party policy engine; a third policy of the plurality of authorization policies being configurable by the authorizing party policy engine, and authorizing completion of the transaction without input from the authorizing party user device based on automatic authorization criterion; and a fourth policy of the plurality of authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine or the authorizing party policy engine; wherein the plurality of authorization policies include;
a status of the authorizing party user device, providing a notification of the transaction, a location of at least one of the client device and the authorizing party user device, a status of the network, and a habit of at least one of the client device and the authorizing party user device;determine that the automatic authorization criterion has not been met; based on the determination that the automatic authorization criterion has not been met, transmit a respective authorization request to the authorizing party user device; receive at least one authorization response per transaction request from the authorizing party user device; and complete the transaction by approving the transaction based on the authorization requirement having been met and based on having received an authorization approval in each of the authorization responses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16)
-
-
14. The server of aim 1, wherein the first, second or third policy is a habit policy.
-
17. A system, comprising:
-
a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol; a hardware processor to execute a policy engine configured to; direct a plurality of authorization policies which are separately configurable between those received from a relying party policy engine located on a server and those received from an authorizing party policy engine located on an authorizing party user device and control authorization requirements of the authorizing party user device being sent authorization requests; obtain, from a client device via the network, a transaction request for a transaction; and determine the authorization requirement for the transaction request based on the plurality of authorization policies; a hardware-implemented information engine comprising a processor and instructions executing on the processor, configured to receive a configuration of at least one of the plurality of authorization policies; a first policy of the plurality of authorization policies being configurable by the relying party server policy engine but not the authorizing party policy engine; a second policy of the plurality of authorization policies being configurable by the authorizing party policy engine, the first policy taking precedence over the second policy; and a third policy of the plurality of authorization policies being configurable by the authorizing party policy engine, and authorizing completion of the transaction without input from the authorizing party based on an automatic authorization criterion; and a fourth policy of the plurality of authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine or the authorizing party policy engine; wherein the plurality of authorization policies include;
a status of the authorizing party user device, providing a notification of the transaction, a location of at least one of the client device and the authorizing party user device, a status of the network, and a habit of at least one of the client device and the authorizing party user devicewherein the information engine is further configured to; determine that the automatic authorization criterion has not been met; based on the determination that the automatic authorization criterion has not been met, transmit a receptive authorization request to the authorizing party user device; and receive at least one authorization response per transaction request from the authorizing party user device; and a hardware-implemented transaction engine comprising a processor and instructions executing on the processor, configured to complete the transaction based on the authorization requirement having been met. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. An authorizing party user device, comprising:
-
a network interface configured to be communicatively coupled to a network; a hardware processor configured to obtain, from a server via the network utilizing a secure communication protocol, an authorization request associated with a transaction request for a transaction, the authorization request being based, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party policy engine located on the server and an authorizing party policy engine located on an authorizing party user device, a first policy of the plurality of authorization policies being configurable by the relying party policy engine but not the authorizing party policy engine; a second policy of the plurality of authorization policies being configurable by the authorizing party policy engine; a third policy of the plurality of authorization policies being configurable by the authorizing party policy engine, and authorizing completion of the transaction without input from the authorizing party user device based on an automatic authorization criterion; and a fourth policy of the plurality of authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine or the authorizing party policy engine; wherein the plurality of authorization policies include; a status of the authorizing party user device, providing a notification of a transaction, a location of the authorizing party user device, a status of the network, and a habit of the authorizing party user device; determine that the automatic authorization criterion has not been met; and based on the determination that the automatic authorization criterion has not been met, transmit a respective authorization request to the authorizing party user device; a user interface configured to; display information associated with the authorization request; and obtain an authorization response from the authorizing party user device; wherein the hardware processor is configured to transmit the authorization response to the relying party server via the network interface based on having received an authorization approval in each of the authorization responses. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
-
-
34. A method, comprising:
-
obtaining, from a client device via a network, a transaction request for a transaction; directing a plurality of authorization policies which are separately configurable between those received from a relying party policy engine located on a server and those received from an authorizing party policy engine located on an authorizing party user device and controlling authorization requirements of the authorizing party user device being sent authorization requests, wherein a first policy of the plurality of authorization policies being configurable by the relying party policy engine but not the authorizing party policy engine, a second policy of the plurality of authorization policies being configurable by the authorizing party policy engine, a third policy of the plurality of authorization policies being configurable by the authorizing party policy engine, and authorizing completion of the transaction without input from the authorizing party user device based on an automatic authorization criterion, and a fourth policy of the plurality of authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine or the authorizing party policy engine; wherein the plurality of authorization policies include;
a status of the authorizing party user device, providing a notification of the transaction, a location of at least one of the client device and the authorizing party user device, a status of the secure network, and a habit of at least one of the client device and the authorizing party user device;determining that the automatic authorization criterion has not been met; based on the determination that the automatic authorization criterion has not been met, transmitting a respective authorization request to the authorizing party user device; receiving at least one authorization response per transaction request from the authorizing party user device through a secure communication protocol; and completing, with a hardware processor at the relying party server, the transaction by approving the transaction based on the authorization requirement having been met and based on having received an authorization approval in each of the authorization responses. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42)
-
Specification