Authentication policy orchestration for a user device
First Claim
1. A server, comprising:
- a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol;
at least one hardware processor configured to;
implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices;
obtain, from a client device via the network, a transaction request for a transaction;
determine an authorization requirement for the transaction request based on the authorization policies as follows;
a first policy of the authorization policies being configurable by the relying party policy engine but not the authorizing party policy engine;
a second policy of the authorization policies being configurable by the authorizing party policy engine;
a third policy of the authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine; and
a fourth policy of the plurality of authorization policies based on a habit of at least one of the authorizing party user devices;
obtain for the relying party policy engine a status of the plurality of the authorizing party user devices,provide a notification of the transaction and an associated transaction context;
divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices and transmit the subtransaction authorization requests to the plurality of authorizing party user devices;
receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and
complete the transaction by approving the transaction based on the authorization requirement having been met.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.
59 Citations
24 Claims
-
1. A server, comprising:
-
a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol; at least one hardware processor configured to; implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on the server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices; obtain, from a client device via the network, a transaction request for a transaction; determine an authorization requirement for the transaction request based on the authorization policies as follows; a first policy of the authorization policies being configurable by the relying party policy engine but not the authorizing party policy engine; a second policy of the authorization policies being configurable by the authorizing party policy engine; a third policy of the authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine; and a fourth policy of the plurality of authorization policies based on a habit of at least one of the authorizing party user devices; obtain for the relying party policy engine a status of the plurality of the authorizing party user devices, provide a notification of the transaction and an associated transaction context; divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices and transmit the subtransaction authorization requests to the plurality of authorizing party user devices; receive authorization responses for the subtransaction authorization requests from the plurality of authorizing party user devices; and complete the transaction by approving the transaction based on the authorization requirement having been met. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system, comprising:
-
a network interface configured to be communicatively coupled to a network utilizing a secure communication protocol; a hardware processor to execute a policy engine configured to; implement authorization policies which are separately configurable between the authorization policies received from a relying party policy engine located on a server and the authorization policies received from an authorizing party policy engine located on at least one of a plurality of authorizing party user devices; obtain, from a client device via the network, a transaction request for a transaction; and determine the authorization requirement for the transaction request based on the authorization policies; a hardware-implemented information engine comprising a processor and instructions executing on the processor, configured to receive a configuration of the authorization policies; a first policy of the authorization policies being configurable by the relying party server policy engine but not the authorizing party policy engine; a second policy of the authorization policies being configurable by the authorizing party policy engine, the first policy taking precedence over the second policy; a third policy of the plurality of authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine; and a fourth policy of the plurality of authorization policies based on a habit of the authorizing party user device; wherein the relying party obtains a status of the plurality of authorizing party user devices, provides a notification of the transaction, and an associated transaction context; wherein the hardware-implemented information engine is further configured to;
divide the transaction request into subtransaction authorization requests that are separately subject to approval by the plurality of authorizing party user devices and transmit subtransaction authorization requests to the plurality of authorizing party user devices; andreceive authorization responses for the transaction request from the plurality of authorizing party user devices; and a hardware-implemented transaction engine configured to complete the transaction based on the authorization requirement having been met. - View Dependent Claims (20, 21)
-
-
22. At least one of a plurality of authorizing party user devices, comprising:
-
a network interface configured to be communicatively coupled to a network; a hardware processor configured to; obtain, from a server via the network utilizing a secure communication protocol, a subtransaction authorization request associated with a transaction request which has been divided for separate approval from the plurality of authorizing party user devices, the subtransaction authorization request being based on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party policy engine located on the server and an authorizing party policy engine located on the at least one of the authorizing party user devices; a first policy of the plurality of authorization policies being configurable by the relying party policy engine but not the authorizing party policy engine; a second policy of the plurality of authorization policies being configurable by the authorizing party policy engine; a third policy of the plurality of authorization policies being based on risk factors related to the transaction and configurable by the relying party policy engine; and a fourth policy of the plurality of authorization policies based on a habit of the at least one of a plurality of authorizing party user devices; receive the subtransaction authorization request; a user interface configured to; display information associated with the subtransaction authorization request; and
obtain an-authorization response from an authorizing party;wherein the hardware processor is further configured to transmit the authorization response to the server via the network interface. - View Dependent Claims (23, 24)
-
Specification