Systems, methods, and computing platforms for executing credential-less network-based communication exchanges
US-12184638-B2 · Dec 31, 2024 · US
Dynamic trust federation
US9094391B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9094391-B2 |
| Application number | US-201314051073-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 10, 2013 |
| Priority date | Oct 10, 2013 |
| Publication date | Jul 28, 2015 |
| Grant date | Jul 28, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Aspects of the present disclosure are directed to methods and systems dynamic trust federation. In one aspect, a computer implemented method may include a security token that enables sign-on into a group applications based on applicable trust criteria. In one aspect, when a user interacts with one application in the group, the trust is elevated through the application internal authentication application program interface (API). The trust may be included in the security token to make available to other applications in the group. Applications can be in multiple groups with variable level of authentication based on location and other transactions variables.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer implemented method in an electronic computer network, comprising: electronically maintaining a plurality of different applications associated with a plurality of different user accounts in a database of computer readable memory connected to an electronic computer network; the plurality of different applications forming an electronic federated group having a computer readable security token of the federated group associated therewith; the security token having a first level of authentication stored therein for access to the federated group, the security token including a federation identification attribute for identification of the federation group, and a geo-location attribute; at a computer processor server, electronically receiving a request for sign-on to at least one of the different applications in the federated group associated with at least one user account, wherein the request for sign-on originates from a mobile computing device connected to the electronic computer network; responsive to the request for the sign-on at a computer processor server, electronically determining a level of authentication associated with the least one user account; electronically validating the level of authentication with the first level of authentication of the security token associated with the federated group; electronically transmitting the security token to a computer readable memory of the mobile computing device; electronically receiving a request to change the first level of authentication; and electronically modifying at the first level of authentication associated with the security token stored in the computer readable memory of the mobile computing device for the federated group to a second level of authentication and electronically storing the second level of authentication in the security token for the federated group thereby permitting a subsequent request for sign-on by another user account on another computing device to be validated with the second level of authentication, the first level of authentication being different from the second level of authentication. 2. The method according to claim 1 , wherein the level of authentication is modified based on a network node location associated with the request to change the first level of authentication. 3. The method according to claim 1 , wherein the level of authentication is modified based on a global positioning coordinates associated with the request to change the first level of authentication. 4. The method of according to claim 1 , wherein the level of authentication is modified based on a range during a time of day of the request to change the first level of authentication. 5. The method according to claim 1 , further comprising a step of electronically saving the security token with the second level of authentication for a predetermined period of time and then reverting back to the first level of authentication. 6. The method according to claim 1 , further comprising electronically maintaining a first subgroup of the plurality of different applications in the federated group associated with the plurality of different user accounts in a network; the first subgroup of the plurality of different applications having a first subgroup security token wherein the first subgroup security token includes a third level of authentication stored therein for access to the federated subgroup, the security token including the federation identification attribute for identification of the federation group, subgroup identification attribute, and the geo-location attribute. 7. The method according to claim 6 , further comprising electronically receiving a request for sign-on to at least one of the different applications in the first subgroup; responsive to the request for the sign-on, electronically determining a level of authentication associated with the least one user account; electronically validating a level of authentication with the first subgroup security token associated with the subgroup of the plurality of different applications; electronically receiving a request to change the level of authentication for the first subgroup of the plurality of different applications; and electronically modifying the level of authentication associated with the first subgroup security token. 8. The method according to claim 7 , wherein the level of authentication for the first subgroup is modified based on a network node location associated with the request to change the level of authentication. 9. The method according to claim 7 , wherein the level of authentication for the first subgroup is modified based on a global positioning coordinates associated with the request to change the level of authentication. 10. One or more non-transitory computer readable media storing computer executable instructions that, when executed by at least one processor, cause the at least one processor to perform a method comprising: electronically maintaining a plurality of different applications associated with a plurality of different user accounts in a database of computer readable memory connected to an electronic computer network; the plurality of different applications forming an electronic federated group having a computer readable security token of the federated group associated therewith; the security token having a first level of authentication stored therein for access to the federated group, the security token including a federation identification attribute for identification of the federation group, and a geo-location attribute; electronically receiving a request for sign-on to at least one of the different applications in the federated group associated with at least one user account, wherein the request for sign-on originates from a mobile computing device connected to the electronic computer network; responsive to the request for the sign-on, electronically determining a level of authentication associated with the least one user account; electronically validating the level of authentication with the first level of authentication of the security token associated with the federated group; electronically transmitting the security token to a computer readable memory of the mobile computing device; electronically receiving a request to change the first level of authentication; and electronically modifying at the first level of authentication associated with the security token stored in the computer readable memory of the mobile computing device for the federated group to a second level of authentication and electronically storing the second level of authentication in the security token for the federated group thereby permitting a subsequent request for sign-on by another user account on another computing device to be validated with the second level of authentication, the first level of authentication being different from the second level of authentication. 11. The one or more non-transitory computer readable media of claim 10 , wherein the level of authentication is modified based on a network node location associated with the request to change the first level of authentication. 12. The one or more non-transitory computer readable media of claim 10 , wherein the level of authentication is modified based on a global positioning associated with the request to change the first level of authentication. 13. The one or more non-transitory computer readable media of claim 10 , wherein the level of authentication is modified based on a range of a time of day of the request to change the first level of authentication. 14. The one or more non-transitory computer readable media of claim 10 , f
Assignees
Inventors
Classifications
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title
Multiple levels of security · CPC title
for group communications (cryptographic mechanisms or cryptographic arrangements for key management involving conference or group key H04L9/0833) · CPC title
Grouping of entities · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9094391B2 cover?
- Aspects of the present disclosure are directed to methods and systems dynamic trust federation. In one aspect, a computer implemented method may include a security token that enables sign-on into a group applications based on applicable trust criteria. In one aspect, when a user interacts with one application in the group, the trust is elevated through the application internal authentication ap…
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 28 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).