Authenticator centralization and protection
US-10084782-B2 · Sep 25, 2018 · US
Authenticator centralization and protection based on authenticator type and authentication policy
US10616222B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10616222-B2 |
| Application number | US-201916268243-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 5, 2019 |
| Priority date | Sep 21, 2015 |
| Publication date | Apr 7, 2020 |
| Grant date | Apr 7, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by comparing the received authenticator with the stored first authenticator.
First claim
Opening claim text (preview).
What is claimed is: 1. An authentication server for authenticating a user who is communicating with an enterprise via a network, comprising: a memory for receiving, via the network, authenticators for a user from a user device associated with the user, and storing the received authenticators; and a processor for: receiving, from the enterprise, a request to authenticate the user with an authentication policy for authenticating the user, wherein the request does not identify which of the stored authenticators is to be used for authenticating the user, wherein the authentication policy establishes a type of authenticator to be used for authenticating the user; determining a first authenticator from the stored authenticators to be used for authenticating the user based on the authentication policy received from the enterprise; transmitting an authentication request to the user device via the network requesting the first authenticator; in response to the authentication request, receiving from the first user device, an authenticator in response to the authentication request, and authenticating the user by comparing the received authenticator with the stored first authenticator. 2. The authentication server of claim 1 , wherein the stored authenticators include a plurality of authenticators including at least two different authenticators in different categories of authenticators, the different categories including a knowledge category including information known to the user, a possession category including something physically possessed by the user, and a biometric category identifying physical attributes of the user. 3. The authentication server of claim 1 , wherein the stored authenticators include a plurality of authenticators including one or more of: (i) at least two different authenticators in different categories of authenticators, the different categories including at least two of a knowledge category including information known to the user, a possession category including something physically possessed by the user, and a biometric category identifying physical attributes of the user; (ii) at least two different types of authenticators in a same category of authenticators; or (iii) at least two different species of authenticators of the same type of authenticator. 4. The authentication server of claim 1 , further comprising: receiving from the user device, via the network, a device identifier that identifies the user device and storing the device identifier in association with a user account identifier, the stored received authenticators being stored with the user account identifier; storing a relationship identifier that identifies a relationship between the enterprise and the user device using the device identifier; and the determining whether the stored authenticators include the first authenticator comprises identifying the stored authenticators using the relationship identifier to identify the device identifier and using the device identifier to identify the user account identifier stored with the received authenticators. 5. The authentication server of claim 1 , wherein the stored authenticators are stored in a hierarchy based on predetermined level of trust associated with each of the received authenticators. 6. The authentication server of claim 5 , wherein the first authenticator of the stored authenticators is used for authenticating the user by applying the authentication policy to the stored hierarchy of authenticators. 7. The authentication server of claim 1 , further comprising: transmitting to the enterprise, via the network, a result of the authentication including a type of authenticator used for the authentication. 8. The authentication server of claim 1 , wherein the authentication server does not store the true identity of the user. 9. The authentication server of claim 1 , wherein the enterprise does not know what authenticators are stored in the memory of the authentication server. 10. A computer implemented method for authenticating a user who is communicating with an enterprise via a user device, comprising: receiving authenticators for a user and storing the received authenticators; receiving, from the enterprise, a request to authenticate the user with an authentication policy for authenticating the user, wherein the request does not identify which of the stored authenticators is to be used for authenticating the user, wherein the authentication policy establishes a type of authenticator to be used for authenticating the user; determining whether the stored authenticators include a first authenticator to be used for authenticating the user based on the authentication policy; when the stored indicators include the first authenticator, transmitting an authentication request to the user device requesting the first authenticator, receiving, from the user device, an authenticator in response to the authentication request, and authenticating the user by comparing the received authenticator with the stored first authenticator; and when the stored authenticators do not include the first authenticator, transmitting to the entity an identification of at least one of the stored authenticators, for the entity to determine if the at least one of stored authenticators is to be used for authentication. 11. The method of claim 10 , wherein the stored authenticators include a plurality of authenticators including at least two different authenticators in different categories of authenticators, the different categories including a knowledge category including information known to the user, a possession category including something physically possessed by the user, and a biometric category identifying physical attributes of the user. 12. The method of claim 10 , wherein the stored authenticators include a plurality of authenticators including one or more of: (i) at least two different authenticators in different categories of authenticators, the different categories including at least two of a knowledge category including information known to the user, a possession category including something physically possessed by the user, and a biometric category identifying physical attributes of the user; (ii) at least two different types of authenticators in a same category of authenticators; or (iii) at least two different species of authenticators of the same type of authenticator. 13. The method of claim 10 , further comprising: receiving from the user device, via the network, a device identifier that identifies the user device and storing the device identifier in association with a user account identifier, the stored received authenticators being stored with the user account identifier; storing a relationship identifier that identifies a relationship between the enterprise and the user device using the device identifier; and the determining whether the stored authenticators include the first authenticator comprises identifying the stored authenticators using the relationship identifier to identify the device identifier and using the device identifier to identify the user account identifier stored with the received authenticators. 14. The method of claim 10 , wherein the stored authenticators are stored in a hierarchy based on predetermined level of trust associated with each of the received authenticators. 15. The method of claim 14 , wherein the first authenticator of the stored authenticators is used for authenticating the user by applying the authentication policy to the stored hierarchy of authenticators. 16. The method of claim 10 , further comprising: transmitting to the enter
Assignees
Inventors
Classifications
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
- H04L63/0884Primary
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
applying multi-factor authentication · CPC title
- H04L63/0861Primary
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10616222B2 cover?
- Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication polic…
- Who is the assignee on this patent?
- Early Warning Services Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0884. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 07 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).