Service channel authentication processing hub
First Claim
1. An apparatus comprising:
- at least one memory device;
at least one processor coupled to the at least one memory device and configured to perform, based on instructions stored in the at least one memory device;
receiving a service request over a first service channel from a user device, wherein the first service channel is one of a plurality of service channels and the service request includes an authentication token and a received set of attributes of the user device;
extracting, from the received authentication token, a signed set of attributes of an authenticated device when the authentication token was created;
comparing the received set of attributes with the signed set of attributes to obtain an authentication indicator;
when the authentication indicator is indicative that the received set of attributes and the signed attributes do not match, denying the service request;
when the authentication indicator is indicative that the received set of attributes and the signed attributes match, extracting an initial level of authentication from the authentication token, wherein the initial level of authentication is one of a plurality of authentication levels;
when the initial level of authentication is not sufficient for the first service channel, generating a challenge message to the user device requesting a further authentication information based on at least one additional authenticator;
determining an achieved level of authentication based on the initial level of authentication and the further authentication information; and
when the achieved level of authentication is at least as great as a first target authentication level for the first service channel, continue processing the service request by the first service channel.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system receives a service request over a service channel from a user device, initiates a challenge to the user device to provide authentication information based on a set of authenticators, and determines an initial level of authentication. When the initial level of authentication is not sufficient for the service channel or protected resource, the apparatus generates a challenge to the user device with at least one additional authenticator and determines an achieved level of authentication based on the further authentication information. When the achieved level of authentication reaches a target authentication level for the service channel, the apparatus continues processing the service request by the service channel. The computer may transfer the service request to another service channel with the authentication token obtained on the original service channel and further challenges the user device with additional authenticators when a higher level of authentication is necessary.
134 Citations
20 Claims
-
1. An apparatus comprising:
-
at least one memory device; at least one processor coupled to the at least one memory device and configured to perform, based on instructions stored in the at least one memory device; receiving a service request over a first service channel from a user device, wherein the first service channel is one of a plurality of service channels and the service request includes an authentication token and a received set of attributes of the user device; extracting, from the received authentication token, a signed set of attributes of an authenticated device when the authentication token was created; comparing the received set of attributes with the signed set of attributes to obtain an authentication indicator; when the authentication indicator is indicative that the received set of attributes and the signed attributes do not match, denying the service request; when the authentication indicator is indicative that the received set of attributes and the signed attributes match, extracting an initial level of authentication from the authentication token, wherein the initial level of authentication is one of a plurality of authentication levels; when the initial level of authentication is not sufficient for the first service channel, generating a challenge message to the user device requesting a further authentication information based on at least one additional authenticator; determining an achieved level of authentication based on the initial level of authentication and the further authentication information; and when the achieved level of authentication is at least as great as a first target authentication level for the first service channel, continue processing the service request by the first service channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-assisted method for authenticating a user device, the method comprising:
-
receiving a service request over a first service channel from a user device, wherein the first service channel is one of a plurality of service channels and the service request includes an authentication token and a received set of attributes of the user device; extracting, from the received authentication token, a signed set of attributes of an authenticated device when the authentication token was created; comparing the received set of attributes with the signed set of attributes to obtain an authentication indicator; when the authentication indicator is indicative that the received set of attributes and the signed attributes do not match, denying the service request; when the authentication indicator is indicative that the received set of attributes and the signed attributes match, extracting an initial level of authentication from the authentication token, wherein the initial level of authentication is one of a plurality of authentication levels; when the initial level of authentication is not sufficient for the first service channel, generating a challenge message to the user device requesting a further authentication information based on at least one additional authenticator; determining an achieved level of authentication based on the initial level of authentication and the further authentication information; and when the achieved level of authentication is at least as great as a first target authentication level for the first service channel, continue processing the service request by the first service channel. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium storing computer-executable instructions that, when executed, cause a processor at least to perform operations comprising:
-
receiving a service request over a first service channel from a user device, wherein the first service channel is one of a plurality of service channels and the service request includes an authentication token and a received set of attributes of the user device; extracting, from the received authentication token, a signed set of attributes of an authenticated device when the authentication token was created; comparing the received set of attributes with the signed set of attributes to obtain an authentication indicator; when the authentication indicator is indicative that the received set of attributes and the signed attributes do not match, denying the service request; when the authentication indicator is indicative that the received set of attributes and the signed attributes match, extracting an initial level of authentication from the authentication token, wherein the initial level of authentication is one of a plurality of authentication levels; when the initial level of authentication is not sufficient for the first service channel, generating a challenge message to the user device requesting a further authentication information based on at least one additional authenticator; determining an achieved level of authentication based on the initial level of authentication and the further authentication information; and when the achieved level of authentication is at least as great as a first target authentication level for the first service channel, continue processing the service request by the first service channel. - View Dependent Claims (19, 20)
-
Specification