Tiered identification federated authentication network system

US 9,965,523 B2
Filed: 05/26/2017
Issued: 05/08/2018
Est. Priority Date: 10/30/2015
Status: Active Grant

First Claim

Patent Images

1. A system for tiered identification federated authentication, the system comprising:

a computer apparatus comprising at least one processor and a memory; and

a software module, stored in the memory, comprising computer readable code executable by the processor, and configured to;

compile one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each of the plurality applications, thereby generating a plurality of authentication sets for the plurality of applications, wherein more than one application may share a same authentication set;

aggregate the plurality of authentication sets to form a tiered federated authentication module having multiple authentication rankings, wherein each authentication ranking is associated with one of the authentication sets, and wherein authentication sets with a higher authentication ranking corresponds to more stringent authentication credentials and a lower ranked authentication set or application corresponds to less stringent authentication credentials; and

authenticate a user to access two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes a tiered identification federated authentication network system. Embodiments compile one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each application. The system may aggregate the plurality of authentication sets to form a tiered federated authentication module having multiple rankings, wherein each rank is associated with an authentication set; wherein a higher ranked authentication set corresponds to more stringent authentication credentials and a lower ranked authentication set corresponds to less stringent authentication credentials. The system may receive a request from a user for access to a current application, determine if the user has previously authenticated to a higher ranked application and, if so, enable access to the current application, without requiring the user to authenticate again.

350 Citations

20 Claims

1. A system for tiered identification federated authentication, the system comprising:
- a computer apparatus comprising at least one processor and a memory; and
  
  a software module, stored in the memory, comprising computer readable code executable by the processor, and configured to;
  
  compile one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each of the plurality applications, thereby generating a plurality of authentication sets for the plurality of applications, wherein more than one application may share a same authentication set;
  
  aggregate the plurality of authentication sets to form a tiered federated authentication module having multiple authentication rankings, wherein each authentication ranking is associated with one of the authentication sets, and wherein authentication sets with a higher authentication ranking corresponds to more stringent authentication credentials and a lower ranked authentication set or application corresponds to less stringent authentication credentials; and
  
  authenticate a user to access two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the software module is further configured to:
    - store the plurality of authentication sets in an authentication set database; and
      
      wherein authenticating the user to access the two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings further comprises;
      
      receiving, from a user, a request for access to a first application, wherein the first application is one of the plurality of applications;
      
      identifying, based on the authentication set database, a first authentication set associated with the first application;
      
      identifying, based on the tiered federated authentication module, a first authentication rank associated with the first authentication set;
      
      determining that the user is currently authenticated to a second application;
      
      identifying, based on the authentication set database, a second authentication set associated with the second application;
      
      identifying, based on the tiered federated authentication module, a second authentication rank associated with the second authentication set; and
      
      enabling access to the first application for the user based on a comparison of the first authentication rank and the second authentication rank.
  - 3. The system of claim 2, wherein the software module is further configured to:
    - determine that the second authentication rank is higher than or equivalent to the first authentication rank; and
      
      enable access to the first application for the user without requiring the user to provide authentication credentials for the first application.
  - 4. The system of claim 3, wherein the software module is further configured to:
    - determine that the user is currently not authenticated to a third application;
      
      identify, based on the authentication set database, a third authentication set associated with the third application;
      
      identify, based on the tiered federated authentication module, a third authentication rank associated with the third authentication set;
      
      determine that the third authentication rank is lower than or equivalent to the first authentication rank; and
      
      automatically enable access to the third application for the user.
  - 5. The system of claim 2, wherein the software module is further configured to:
    - determine that the second authentication rank is lower than the first authentication rank;
      
      identify, based on the tiered federated authentication module, additional authentication credentials required for access to the first authentication rank, wherein the additional authentication credentials comprise fewer authentication credentials than original authentication credentials for the first authentication rank and more authentication credentials than original authentication credentials for the second authentication rank;
      
      prompt the user to provide the additional authentication credentials for the first authentication rank;
      
      receive, from the user, the additional authentication credentials for the first authentication rank;
      
      validate the additional authentication credentials for the first authentication rank; and
      
      enable access to the first application, based on validating the additional authentication credentials.
  - 6. The system of claim 2, wherein enabling comprises generating a security token and providing the token to the user, wherein the security token enables access to one or more applications of the plurality of applications.
  - 7. The system of claim 2, wherein the authentication credentials comprises one or more of a username, a password, a passcode, a personal identification number (PIN), security questions, biometric data, device information associated with a mobile device of the user, user account information, or any combination thereof.

8. A computer-implemented method for tiered identification federated authentication, the method comprising:
- compiling one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each of the plurality applications, thereby generating a plurality of authentication sets for the plurality of applications, wherein more than one application may share a same authentication set;
  
  aggregating the plurality of authentication sets to form a tiered federated authentication module having multiple authentication rankings, wherein each authentication ranking is associated with one of the authentication sets, and wherein authentication sets with a higher authentication ranking corresponds to more stringent authentication credentials and a lower ranked authentication set or application corresponds to less stringent authentication credentials; and
  
  authenticating a user to access two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - storing the plurality of authentication sets in an authentication set database; and
      
      wherein authenticating the user to access the two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings further comprises;
      
      receiving, from a user, a request for access to a first application, wherein the first application is one of the plurality of applications;
      
      identifying, based on the authentication set database, a first authentication set associated with the first application;
      
      identifying, based on the tiered federated authentication module, a first authentication rank associated with the first authentication set;
      
      determining that the user is currently authenticated to a second application;
      
      identifying, based on the authentication set database, a second authentication set associated with the second application;
      
      identifying, based on the tiered federated authentication module, a second authentication rank associated with the second authentication set; and
      
      determining whether or not the user has authenticated to an application and the rank of the application; and
      
      enabling access to the first application for the user based on a comparison of the first authentication rank and the second authentication rank.
  - 10. The method of claim 9, further comprising:
    - determining that the second authentication rank is higher than or equivalent to the first authentication rank; and
      
      enabling access to the first application for the user without requiring the user to provide authentication credentials for the first application.
  - 11. The method of claim 10, further comprising:
    - determining that the user is currently not authenticated to a third application;
      
      identifying, based on the authentication set database, a third authentication set associated with the third application;
      
      identifying, based on the tiered federated authentication module, a third authentication rank associated with the third authentication set;
      
      determining that the third authentication rank is lower than or equivalent to the first authentication rank; and
      
      automatically enabling access to the third application for the user.
  - 12. The method of claim 9, further comprising:
    - determining that the second authentication rank is lower than the first authentication rank;
      
      identifying, based on the tiered federated authentication module, additional authentication credentials required for access to the first authentication rank, wherein the additional authentication credentials comprise fewer authentication credentials than original authentication credentials for the first authentication rank and more authentication credentials than original authentication credentials for the second authentication rank;
      
      prompting the user to provide the additional authentication credentials for the first authentication rank;
      
      receiving, from the user, the additional authentication credentials for the first authentication rank;
      
      validating the additional authentication credentials for the first authentication rank; and
      
      enabling access to the first application, based on validating the additional authentication credentials.
  - 13. The method of claim 9, wherein enabling comprises generating a security token and providing the token to the user, wherein the security token enables access to one or more applications of the plurality of applications.
  - 14. The method of claim 9, wherein the authentication credentials comprises one or more of a username, a password, a passcode, a personal identification number (PIN), security questions, biometric data, device information associated with a mobile device of the user, user account information, or any combination thereof.

15. A computer program product for tiered identification federated authentication, the computer program product comprising a non-transitory computer readable medium having one or more computer-readable programs stored therein, and the computer readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps:
- compiling, via a computing device processor, one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each of the plurality applications, thereby generating a plurality of authentication sets for the plurality of applications, wherein more than one application may share a same authentication set;
  
  aggregating, via a computing device processor, the plurality of authentication sets to form a tiered federated authentication module having multiple authentication rankings, wherein each authentication ranking is associated with one of the authentication sets, and wherein authentication sets with a higher authentication ranking corresponds to more stringent authentication credentials and a lower ranked authentication set or application corresponds to less stringent authentication credentials; and
  
  authenticating, via a computing device processor, a user to access two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, further comprising computer readable programs that, when executed by a computer apparatus, cause the apparatus to perform the following steps:
    - storing, via a computing device processor, the plurality of authentication sets in an authentication set database; and
      
      wherein authenticating the user to access the two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings further comprises;
      
      receiving, via a computing device processor, from a user, a request for access to a first application, wherein the first application is one of the plurality of applications;
      
      identifying, via a computing device processor, based on the authentication set database, a first authentication set associated with the first application;
      
      identifying, via a computing device processor, based on the tiered federated authentication module, a first authentication rank associated with the first authentication set;
      
      determining, via a computing device processor, that the user is currently authenticated to a second application;
      
      identifying, via a computing device processor, based on the authentication set database, a second authentication set associated with the second application;
      
      identifying, via a computing device processor, based on the tiered federated authentication module, a second authentication rank associated with the second authentication set; and
      
      determining, via a computing device processor, whether or not the user has authenticated to an application and the rank of the application; and
      
      enabling access, via a computing device processor, to the first application for the user based on a comparison of the first authentication rank and the second authentication rank.
  - 17. The computer program product of claim 16 further comprising computer readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps:
    - determining, via a computing device processor, that the second authentication rank is higher than or equivalent to the first authentication rank; and
      
      enabling, via a computing device processor, access to the first application for the user without requiring the user to provide authentication credentials for the first application.
  - 18. The computer program product of claim 17 further comprising computer readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps:
    - determining, via a computing device processor, that the user is currently not authenticated to a third application;
      
      identifying, via a computing device processor, based on the authentication set database, a third authentication set associated with the third application;
      
      identifying, via a computing device processor, based on the tiered federated authentication module, a third authentication rank associated with the third authentication set;
      
      determining, via a computing device processor, that the third authentication rank is lower than or equivalent to the first authentication rank; and
      
      automatically enabling, via a computing device processor, access to the third application for the user.
  - 19. The computer program product of claim 16, further comprising computer readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps:
    - determining, via a computing device processor, that the second authentication rank is lower than the first authentication rank;
      
      identifying, via a computing device processor, based on the tiered federated authentication module, additional authentication credentials required for access to the first authentication rank, wherein the additional authentication credentials comprise fewer authentication credentials than original authentication credentials for the first authentication rank and more authentication credentials than original authentication credentials for the second authentication rank;
      
      prompting, via a computing device processor, the user to provide the additional authentication credentials for the first authentication rank;
      
      receiving, via a computing device processor, from the user, the additional authentication credentials for the first authentication rank;
      
      validating, via a computing device processor, the additional authentication credentials for the first authentication rank; and
      
      enabling access, via a computing device processor, to the first application, based on validating the additional authentication credentials.
  - 20. The computer program product of claim 16, wherein enabling comprises generating a security token and providing the token to the user, wherein the security token enables access to one or more applications of the plurality of applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Votaw, Elizabeth S., Jones-McFadden, Alicia C.
Primary Examiner(s)
McNally, Michael S

Application Number

US15/606,724
Publication Number

US 20170262452A1
Time in Patent Office

347 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 16/24578   using ranking

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

Tiered identification federated authentication network system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

350 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Tiered identification federated authentication network system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

350 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links