Multi-dimensional framework for defining criteria that indicate when authentication should be revoked
First Claim
Patent Images
1. An aggregator system comprising:
- a storage system configured to store;
authentication information associated with an identified client device, wherein the authentication information indicates that the client device has been authenticated; and
rules information comprising rules of different rule types, wherein the different rule types comprise at least one rule type that is based on time and at least one rule type that is based on something other than time, the rules being associated with a plurality of interested parties, wherein each of the rules has a priority associated therewith;
circuitry implementing a credentials engine comprising a multi-dimensional framework that defines criteria indicating when authentication of the identified client device should be revoked based on the authentication information, on the rules information, and on the priority associated with each rule, wherein the credentials engine is configured to reconcile the rules associated with the plurality of interested parties, including when a conflict exists; and
invalidation circuitry configured to revoke authentication for the identified client device based on the criteria.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are presented for defining criteria that indicate when authentication for an identified client device should be revoked based on rules associated with interested parties. Authentication information is stored that indicates that an identified client device is authenticated. Rules that are associated with a plurality of interested parties and include rules of different rule types may also be stored. Criteria may be defined based on the rules and the authentication information, the criteria indicating when authentication of the identified client device should be revoked. Authentication of the identified client device may be revoked based on the criteria.
-
Citations
22 Claims
-
1. An aggregator system comprising:
-
a storage system configured to store; authentication information associated with an identified client device, wherein the authentication information indicates that the client device has been authenticated; and rules information comprising rules of different rule types, wherein the different rule types comprise at least one rule type that is based on time and at least one rule type that is based on something other than time, the rules being associated with a plurality of interested parties, wherein each of the rules has a priority associated therewith; circuitry implementing a credentials engine comprising a multi-dimensional framework that defines criteria indicating when authentication of the identified client device should be revoked based on the authentication information, on the rules information, and on the priority associated with each rule, wherein the credentials engine is configured to reconcile the rules associated with the plurality of interested parties, including when a conflict exists; and invalidation circuitry configured to revoke authentication for the identified client device based on the criteria. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
storing, on a storage device, authentication information associated with an identified client device, wherein the authentication information indicates that the client device has been authenticated; storing, on a storage device, rules information comprising rules of different rule types, wherein the different rule types comprise at least one rule type that is based on time and at least one rule type that is based on something other than time, the rules being associated with a plurality of interested parties, wherein each of the rules has a priority associated therewith; defining, using a credentials engine, criteria that indicate when authentication of the identified client device should be revoked based on the authentication information, on the rules information, and on the priority associated with each rule, wherein defining the criteria comprises reconciling the rules associated with the plurality of interested parties when a conflict exists; and revoking, using invalidation circuitry, authentication for the identified client device based on the criteria. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
Specification