Graduated authentication in an identity management system
US-10567391-B2 · Feb 18, 2020 · US
Graduated authentication in an identity management system
US10904262B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10904262-B2 |
| Application number | US-202016790071-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 13, 2020 |
| Priority date | Jun 16, 2004 |
| Publication date | Jan 26, 2021 |
| Grant date | Jan 26, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method comprising: receiving, at a webservice provider, a request from a user of a homesite for information, the homesite acting as an agent of the user, and the homesite permitted to directly interact with the webservice provider on behalf of the user; issuing, by the webservice provider to the homesite, a request for user authentication, wherein the request for user authentication is configured to include a required authentication security level that defines a lowest authentication security level from a plurality of authentication security levels for the user authentication; receiving, at the webservice provider from the homesite, a message comprising a response to the request for user authentication; and in response to successful user authentication based on the received message comprising the response to the request for user authentication, issuing, by the webservice provider, a message comprising the information requested by the user. 2. The method of claim 1 , wherein the request for information is configured to include an explanation of the information requested by the user. 3. The method of claim 1 , wherein the user is an affiliate of the webservice provider. 4. The method of claim 1 , wherein the request for user authentication is configured to include a security level at least one of: a channel security level, or a time sensitivity security level. 5. The method of claim 1 , wherein the message comprising the response to the request for user authentication is received over a channel selected from a plurality of channels. 6. The method of claim 5 , wherein the channel is selected in accordance with a determined response security level, and wherein the response security level is determined based on a security level associated with the request for user authentication. 7. The method of claim 1 , wherein the homesite determines, in accordance with the security level associated with the request for user authentication, a response security level for transmitting the message comprising the response to the request for user authentication. 8. The method of claim 7 , wherein the response security level is determined in accordance with: a response security level specified in the received request for user authentication, information specified in the received request for user authentication, user preference information, at least one homesite policy, or any combination thereof. 9. At least one non-transitory, computer-readable medium carrying instructions, which when executed by at least one data processor, performs operations comprising: receiving, at a webservice provider, a request from a user of a homesite for information, the homesite acting as an agent of the user, the homesite permitted to directly interact with the webservice provider on behalf of the user; issuing, by the webservice provider to the homesite, a request for user authentication, wherein the request for user authentication is configured to include a required authentication security level that defines a lowest authentication security level from a plurality of authentication security levels for the user authentication; receiving, at the webservice provider from the homesite, a message comprising a response to the request for user authentication; and in response to successful user authentication based on the received message comprising the response to the request for user authentication, issuing, by the webservice provider, a message comprising the information requested by the user. 10. The at least one non-transitory, computer-readable medium of claim 9 , wherein the request from the user is configured to include an explanation of the information requested by the user. 11. The at least one non-transitory, computer-readable medium of claim 9 , wherein the user is an affiliate of the webservice provider. 12. The at least one non-transitory, computer-readable medium of claim 9 , wherein the request for user authentication is further configured to include at least one of: a channel security level, or a time sensitivity security level. 13. The at least one non-transitory, computer-readable medium of claim 9 , wherein the message comprising the response to the request for user authentication is received over a channel selected from a plurality of channels. 14. The at least one non-transitory, computer-readable medium of claim 13 , wherein the channel is selected in accordance with a determined response security level, and wherein the response security level is determined based on a security level associated with the request for user authentication. 15. The at least one non-transitory, computer-readable medium of claim 9 , wherein the homesite determines, in accordance with the security level associated with the request for user authentication, a response security level for transmitting the message comprising the response to the request. 16. The at least one non-transitory, computer-readable medium of claim 15 , wherein the response security level is determined in accordance with: a response security level specified in the received request for user authentication, information specified in the received request for user authentication, user preference information, at least one homesite policy, or any combination thereof. 17. A system comprising: at least one hardware processor; at least one non-transitory memory, coupled to the at least one hardware processor and storing instructions, which when executed by the at least one hardware processor, perform a process, the process comprising: receiving, at a webservice provider, a request from a user of a homesite for information, the homesite acting as an agent of the user, the homesite permitted to directly interact with the webservice provider on behalf of the user; issuing, by the webservice provider to the homesite, a request for user authentication, wherein the request for user authentication is configured to include a required authentication security level that defines a lowest authentication security level from a plurality of authentication security levels for the user authentication; receiving, at the webservice provider from the homesite, a message comprising a response to the request for user authentication; and in response to successful user authentication based on the received message comprising the response to the request for user authentication, issuing, by the webservice provider, a message comprising the information requested by the user. 18. The system of claim 17 , wherein the homesite determines, in accordance with the security level associated with the request for user authentication, a response security level for transmitting the message comprising the response to the request.
Assignees
Inventors
Classifications
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Event detection, e.g. attack signature detection · CPC title
- H04L63/105Primary
Multiple levels of security · CPC title
providing single-sign-on or federations · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10904262B2 cover?
- A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.
- Who is the assignee on this patent?
- Callahan Cellular Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/105. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 26 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).