System, method and computer program product for providing unified authentication services for online applications
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-017/00
H04L-029/06
출원번호
US-0684083
(2015-04-10)
등록번호
US-9438633
(2016-09-06)
발명자
/ 주소
Bakshi, Bikram S.
Helms, David W.
Rochon, Anthony C.
Walker, Trevor J.
출원인 / 주소
Citibank, N.A.
대리인 / 주소
Sophir, Eric L.
인용정보
피인용 횟수 :
0인용 특허 :
131
초록▼
A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled
A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.
대표청구항▼
1. A computer-implemented method comprising: assigning, by a user management server, a globally unique ID (GUID) for a user;receiving, by the user management server, a first username for a first website associated with a first account of the user and a second username for a second website associated
1. A computer-implemented method comprising: assigning, by a user management server, a globally unique ID (GUID) for a user;receiving, by the user management server, a first username for a first website associated with a first account of the user and a second username for a second website associated with a second account of the user;associating, by the user management server, the first username and the second username with the GUID;establishing, by the user management server, a first policy component of an authentication server for access to the first account, wherein the first policy component requires a first type of credential for access;establishing, by the user management server, a second policy component of an authentication server for access to the second account, wherein the second policy component requires a second type of credential for access;capturing, by the user management server, the first type of credential and the second type of credential;storing, by the user management component, the first type of credential as the first policy component with the GUID in a database;storing, by the user management component, the second type of credential as the second policy component with the GUID in the database;providing, by the user management component, access to the first account of the user when receiving input of the GUID and the first type of credential; andproviding, by the user management server, access to the second account of the user when receiving input of the GUID and second type of credential,wherein the first type of credential comprises a first level of protection and the second type of credential requires a second level of protection, the second level of protection requiring the first type of credential and the second type of credential; andwherein the first level of protection is defined by the first policy component and the second level or protection is defined by the second policy component. 2. The method of claim 1, wherein the first type of credential comprises information from a first identification device and the second type of credential comprises information from a second identification device. 3. The method of claim 2, wherein the first identification device comprises biometric measurement. 4. The method of claim 2, wherein the first identification device and the second identification device measure credential information differently. 5. The method of claim 1, further comprising: receiving, by the user management server, a third username for a third website associated with a third account of the user; andassociating, by the user management server, the third username with the GUID. 6. The method of claim 5, further comprising: establishing, by the user management server, a third policy component for access to the third account, wherein the third policy component requires a third type of credential for access. 7. The method of claim 6, further comprising: capturing, by the user management server, the third type of credential; andstoring, by the user management server, the third type of credential as the third policy component with the GUID in the database. 8. The method of claim 7, further comprising: providing, by the user management server, access to the third account of the user when receiving input of the GUID and the third type of credential. 9. The method of claim 8, wherein the third type of credential comprises a third level of protection, the third level of protection requiring the first type of credential, the second type of credential, and the third type of credential. 10. The method of claim 8, wherein the third type of credential comprises a third level of protection, the third level of protection requiring the first type of credential and the third type of credential. 11. A system comprising: a user management processor configured to execute instructions stored on a non-transitory computer-readable medium, the instructions configured to:assign a globally unique ID (GUID) for a user;receive a first username for a first website associated with a first account of the user and a second username for a second website associated with a second account of the user;associate the first username and the second username with the GUID;establish a first policy component for access to the first account, wherein the first policy component requires a first type of credential for access;establish a second policy component for access to the second account, wherein the second policy component requires a second type of credential for access;capture the first type of credential and the second type of credential;store the first type of credential as the first policy component with the GUID in a database;store the second type of credential as the second policy component with the GUID in the database;provide access to the first account of the user when receiving input of the GUID and the first type of credential; andprovide access to the second account of the user when receiving input of the GUID and second type of credential,wherein the first type of credential comprises a first level of protection and the second type of credential requires a second level of protection, the second level of protection requiring the first type of credential and the second type of credential; andwherein the first level of protection is defined by the first policy component and the second level or protection is defined by the second policy component. 12. The system of claim 11, wherein the first type of credential comprises information from a first identification device and the second type of credential comprises information from a second identification device. 13. The system of claim 12, wherein the first identification device comprises biometric measurement. 14. The system of claim 13, wherein the first identification device and the second identification device measure credential information differently. 15. The system of claim 11, wherein the user management processor is further configured to: receive a third username for a third website associated with a third account of the user; andassociate the third username with the GUID. 16. The system of claim 15, wherein the user management processor is further configured to: establish a third policy component for access to the third account, wherein the third policy component requires a third type of credential for access. 17. The system of claim 16, wherein the user management processor is further configured to: capture the third type of credential; andstore the third type of credential as the third policy component with the GUID in the database. 18. The system of claim 17, wherein the user management processor is further configured to: provide access to the third account of the user when receiving input of the GUID and the third type of credential. 19. The system of claim 18, wherein the third type of credential comprises a third level of protection, the third level of protection requiring the first type of credential, the second type of credential, and the third type of credential. 20. The system of claim 18, wherein the third type of credential comprises a third level of protection, the third level of protection requiring the first type of credential and the third type of credential.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (131)
Durinovic-Johri Sanja (Aberdeen NJ) Wirth Patricia E. (Old Bridge NJ), Access control system with lockout.
Cheng Jane (Spring Valley Rockland NY) Martinez Edgar (East White Plains NY) Naik Jayant (Stamford Fairfield CT), Apparatus and accompanying methods for preventing toll fraud through use of centralized caller voice verification.
Kapp Michael A. (New Philadelphia) Protheroe Robert L. (Cambridge) Onega Albert (Lore City OH), Apparatus and method for producing a digitized transaction record including an encrypted signature.
Berson William (Westport CT) Zemlok Kenneth C. (Shelton CT), Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic.
Regnier Barbara Ann ; Youngers David Nicholas ; Dettinger Richard Dean ; Spors Daniel Arlan ; Thorson John David, Client/server computer system having personalizable and securable views of database data.
Gainsboro Jay L. (5 Bancroft Cir. Framingham MA 01701), Computer-based method and apparatus for controlling, monitoring, recording and reporting telephone access.
Sehr Richard P. (2276 Creek Bed Ct. Santa Clara CA 95054), Computerized theme park information management system utilizing partitioned smart cards and biometric verification.
Matchett Noel D. (1001 Spring St. ; Ste. 123 Silver Spring MD 20910) Kehoe Brian D. (1001 Spring St. ; Ste. 123 Silver Spring MD 20910), Continuous biometric authentication matrix.
Cohen Richard Jay ; Forsberg Richard Allen ; Kallfelz ; Jr. Paul A. ; Meckstroth John Robert ; Pascoe Christopher James ; Snow-Weaver Andrea Lynn, Coordinating user target logons in a single sign-on (SSO) environment.
Dean Jeffrey Randell ; Howard Jeffrey Langdon ; Rodriguez Ingrid Milagros, Data processing system, method, and program product for automating account creation in a network.
See Michael E. ; Bailey John W. ; Panza Charles L. ; Pikover Yuri ; Stone Geoffrey C., Deterministic user authentication service for communication network.
Schneider John K. (Snyder NY) Keeney Frank W. (Williamsville NY) Drakes Russell J. (Cheektowaga NY) Gojevic Stephen M. (Buffalo NY) Leszczynski Nicholas G. (Amherst NY) Schneider Mark C. (East Amhers, High resolution ultrasonic imaging apparatus and method.
Abtahi Nooral S. (4924 Carmel Rd. Charlotte NC 28226) Shumate ; Sr. Grady C. (Charlotte NC) Heyward Waddie (Charlotte NC) Yang Hedong (Charlotte NC), Method and apparatus for confirming the identity of an individual presenting an identification card.
Lang Gerald S. (812 Downs Dr. Silver Spring MD 20904), Method and apparatus for protecting material on storage media and for transferring material on storage media to various.
Penzias Arno A. (Chatham NJ), Method and apparatus for restrospectively identifying an individual who had engaged in a commercial or retail transactio.
Tomko George J.,CAX ; Stoianov Alexei,CAX, Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniq.
Tal Peter (53 Driftwood Dr. Port Washington NY 11050), Method and apparatus for uniquely identifying individuals by particular physical characteristics and security system uti.
Larose Gordon Edward,CAX ; Allan David Ian,CAX, Method and system for networked installation of uniquely customized, authenticable, and traceable software application.
Smithies Christopher Paul Kenneth (Corfe Mullen ; Wimborne GB2) Newman Jeremy Mark (Frome ; Somerset GB2), Method and system for the verification of handwritten signatures.
Ugon Michel (Maurepas FRX) Oisel Andr (Elancourt FRX), Method for checking the integrity of a program or data, and apparatus for implementing this method.
Prokoski Francine J. (1510 Inlet Ct. Reston VA 22090) Coffin Jeffrey S. (Sterling VA) Riedel Robert B. (Great Falls VA), Method for identifying individuals from analysis of elemental shapes derived from biosensor data.
Blakley III,George R.; Clark,Gregory Scott; Milman,Ivan Matthew; Turner,Brian, Method of enabling an intermediary server to impersonate a client user's identity to a plurality of authentication domains.
Monroe Midori J. (Vancouver IL CAX) Huang George Y. (Chicago IL) Martin Tony D. (Arlington Heights IL), Method of verifying fake-proof video identification data.
Puhl Larry C. (Sleepy Hollow IL) Comroe Richard A. (Dundee IL) Furtaw Robert W. (Arlington Heights IL) Cantarutti Tracey L. (Barrington IL), Portable authentification system.
Turner Stephen J. (Saffron Walden GB2) Lilley John B. (Brentwood GB2), Recognition procedure and an apparatus for carrying out the recognition procedure.
Rodwin Andrew S. ; Wenocur Jonathan H. ; Feinstein Michael G., Remote access apparatus and method which allow dynamic internet protocol (IP) address management.
McAllister Alex (Wheaton MD) Cheston Frank (Potomac MD) Young David E. (Silver Spring MD) Hanle John P. (Silver Spring MD), Selection of a voice recognition data base responsive to video data.
Wood, David L.; Norton, Derk; Weschler, Paul; Ferris, Chris; Wilson, Yvonne, Single sign-on framework with trust-level mapping to authentication requirements.
Schwalm Robert C. (Plano TX) Deffner Gerhard P. H. (Dallas TX), System and method for authenticating transmission and receipt of electronic information.
Vlcan, Steve; Bakshi, Bikram S, System and method for automatically detecting and then self-repairing corrupt, modified of non-existent files via a communication medium.
Houvener Robert C. ; Hoenisch Ian P., System and method of providing system integrity and positive audit capabilities to a positive identification system.
Monroe Midori J. (Vancouver IL CAX) Huang George Y. (Chicago IL) Martin Tony D. (Arlington Heights IL), System for encoding personalized identification for storage on memory storage devices.
Bogosian ; Jr. Charles A. (Warwick RI), System for verifying use of a credit/identification card including recording of physical attributes of unauthorized user.
Bianco Peter Garrett ; Boon William Taylor ; Sterling Robert Brewster ; Ware Karl Roger, System, method and computer program product for allowing access to enterprise resources using biometric devices.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.