STEP-UP AUTHENTICATION FOR SINGLE SIGN-ON
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.
6 Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A method for providing step-up authentication in a system providing single-sign on to a plurality of applications, comprising:
-
receiving a request to authenticate a user for a first application using a primary token associated with a single-sign on capability; determining that the primary token is insufficient to authenticate the user for the first application; requesting a step-up authentication for the user; updating the primary token to reflect the step-up authentication; and granting access to the first application based on an updated primary token. - View Dependent Claims (22, 23, 24, 25, 26, 27, 34)
-
-
28. A system for providing step-up authentication with single sign-on, comprising:
-
a client device configured to provide a request to authenticate a user for a first application using a primary token associated with a single-sign on capability; and one or more servers configured to; determine that the primary token is insufficient to authenticate the user for the first application; request a step-up authentication for the user; update the primary token to reflect the step-up authentication; and grant access to the first application based on an updated primary token. - View Dependent Claims (29, 30, 31, 32, 33)
-
-
35. A computer-readable medium comprising instruction which, when executed by a processor, provide step-up authentication with single-sign by executing a series of steps comprising:
-
receiving a request to authenticate a user for a first application using a primary token associated with a single-sign on capability; determining that the primary token is insufficient to authenticate the user for the first application; requesting a step-up authentication for the user; updating the primary token to reflect the step-up authentication; and granting access to the first application based on an updated primary token. - View Dependent Claims (36, 37, 38, 39, 40)
-
Specification