System, method and computer program product for providing unified authentication services for online applications
First Claim
Patent Images
1. A computer-implemented method comprising:
- assigning, by a user management server, a globally unique ID (GUID) for a user;
receiving, by the user management server, a first username for a first website associated with a first account of the user and a second username for a second website associated with a second account of the user;
associating, by the user management server, the first username and the second username with the GUID;
establishing, by the user management server, a first policy component of an authentication server for access to the first account, wherein the first policy component requires a first type of credential for access;
establishing, by the user management server, a second policy component of an authentication server for access to the second account, wherein the second policy component requires a second type of credential for access;
capturing, by the user management server, the first type of credential and the second type of credential;
storing, by the user management component, the first type of credential as the first policy component with the GUID in a database;
storing, by the user management component, the second type of credential as the second policy component with the GUID in the database;
providing, by the user management component, access to the first account of the user when receiving input of the GUID and the first type of credential; and
providing, by the user management server, access to the second account of the user when receiving input of the GUID and second type of credential,wherein the first type of credential comprises a first level of protection and the second type of credential requires a second level of protection, the second level of protection requiring the first type of credential and the second type of credential; and
wherein the first level of protection is defined by the first policy component and the second level or protection is defined by the second policy component.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.
146 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
assigning, by a user management server, a globally unique ID (GUID) for a user; receiving, by the user management server, a first username for a first website associated with a first account of the user and a second username for a second website associated with a second account of the user; associating, by the user management server, the first username and the second username with the GUID; establishing, by the user management server, a first policy component of an authentication server for access to the first account, wherein the first policy component requires a first type of credential for access; establishing, by the user management server, a second policy component of an authentication server for access to the second account, wherein the second policy component requires a second type of credential for access; capturing, by the user management server, the first type of credential and the second type of credential; storing, by the user management component, the first type of credential as the first policy component with the GUID in a database; storing, by the user management component, the second type of credential as the second policy component with the GUID in the database; providing, by the user management component, access to the first account of the user when receiving input of the GUID and the first type of credential; and providing, by the user management server, access to the second account of the user when receiving input of the GUID and second type of credential, wherein the first type of credential comprises a first level of protection and the second type of credential requires a second level of protection, the second level of protection requiring the first type of credential and the second type of credential; and wherein the first level of protection is defined by the first policy component and the second level or protection is defined by the second policy component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a user management processor configured to execute instructions stored on a non-transitory computer-readable medium, the instructions configured to; assign a globally unique ID (GUID) for a user; receive a first username for a first website associated with a first account of the user and a second username for a second website associated with a second account of the user; associate the first username and the second username with the GUID; establish a first policy component for access to the first account, wherein the first policy component requires a first type of credential for access; establish a second policy component for access to the second account, wherein the second policy component requires a second type of credential for access; capture the first type of credential and the second type of credential; store the first type of credential as the first policy component with the GUID in a database; store the second type of credential as the second policy component with the GUID in the database; provide access to the first account of the user when receiving input of the GUID and the first type of credential; and provide access to the second account of the user when receiving input of the GUID and second type of credential, wherein the first type of credential comprises a first level of protection and the second type of credential requires a second level of protection, the second level of protection requiring the first type of credential and the second type of credential; and wherein the first level of protection is defined by the first policy component and the second level or protection is defined by the second policy component. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCitibank (South Dakota) NA (Citigroup Incorporated)
-
Original AssigneeCitibank (South Dakota) NA (Citigroup Incorporated)
-
InventorsBakshi, Bikram S., Helms, David W., Rochon, Anthony C., Walker, Trevor J.
-
Primary Examiner(s)Pham, Luu
-
Assistant Examiner(s)Jackson, Jenise
-
Application NumberUS14/684,083Time in Patent Office515 DaysField of Search726/1US Class Current1/1CPC Class CodesG06F 21/335 for accessing specific reso...G06F 2221/2117 User registrationG06F 2221/2119 Authenticating web pages, e...G06F 2221/2141 Access rights, e.g. capabil...H04L 63/08 for authentication of entit...H04L 63/10 for controlling access to d...H04L 63/105 Multiple levels of securityH04L 63/20 for managing network securi...
