Tiered identification federated authentication network system
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-017/30
출원번호
US-0606724
(2017-05-26)
등록번호
US-9965523
(2018-05-08)
발명자
/ 주소
Votaw, Elizabeth S.
Jones-McFadden, Alicia C.
출원인 / 주소
Bank of America Corporation
대리인 / 주소
Springs, Michael A.
인용정보
피인용 횟수 :
0인용 특허 :
127
초록▼
The present disclosure describes a tiered identification federated authentication network system. Embodiments compile one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each application. The system may aggregate the
The present disclosure describes a tiered identification federated authentication network system. Embodiments compile one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each application. The system may aggregate the plurality of authentication sets to form a tiered federated authentication module having multiple rankings, wherein each rank is associated with an authentication set; wherein a higher ranked authentication set corresponds to more stringent authentication credentials and a lower ranked authentication set corresponds to less stringent authentication credentials. The system may receive a request from a user for access to a current application, determine if the user has previously authenticated to a higher ranked application and, if so, enable access to the current application, without requiring the user to authenticate again.
대표청구항▼
1. A system for tiered identification federated authentication, the system comprising: a computer apparatus comprising at least one processor and a memory; anda software module, stored in the memory, comprising computer readable code executable by the processor, and configured to: compile one or mor
1. A system for tiered identification federated authentication, the system comprising: a computer apparatus comprising at least one processor and a memory; anda software module, stored in the memory, comprising computer readable code executable by the processor, and configured to: compile one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each of the plurality applications, thereby generating a plurality of authentication sets for the plurality of applications, wherein more than one application may share a same authentication set;aggregate the plurality of authentication sets to form a tiered federated authentication module having multiple authentication rankings, wherein each authentication ranking is associated with one of the authentication sets, and wherein authentication sets with a higher authentication ranking corresponds to more stringent authentication credentials and a lower ranked authentication set or application corresponds to less stringent authentication credentials; andauthenticate a user to access two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings. 2. The system of claim 1, wherein the software module is further configured to: store the plurality of authentication sets in an authentication set database; andwherein authenticating the user to access the two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings further comprises: receiving, from a user, a request for access to a first application, wherein the first application is one of the plurality of applications;identifying, based on the authentication set database, a first authentication set associated with the first application;identifying, based on the tiered federated authentication module, a first authentication rank associated with the first authentication set;determining that the user is currently authenticated to a second application;identifying, based on the authentication set database, a second authentication set associated with the second application;identifying, based on the tiered federated authentication module, a second authentication rank associated with the second authentication set; andenabling access to the first application for the user based on a comparison of the first authentication rank and the second authentication rank. 3. The system of claim 2, wherein the software module is further configured to: determine that the second authentication rank is higher than or equivalent to the first authentication rank; andenable access to the first application for the user without requiring the user to provide authentication credentials for the first application. 4. The system of claim 3, wherein the software module is further configured to: determine that the user is currently not authenticated to a third application;identify, based on the authentication set database, a third authentication set associated with the third application;identify, based on the tiered federated authentication module, a third authentication rank associated with the third authentication set;determine that the third authentication rank is lower than or equivalent to the first authentication rank; andautomatically enable access to the third application for the user. 5. The system of claim 2, wherein the software module is further configured to: determine that the second authentication rank is lower than the first authentication rank;identify, based on the tiered federated authentication module, additional authentication credentials required for access to the first authentication rank, wherein the additional authentication credentials comprise fewer authentication credentials than original authentication credentials for the first authentication rank and more authentication credentials than original authentication credentials for the second authentication rank;prompt the user to provide the additional authentication credentials for the first authentication rank;receive, from the user, the additional authentication credentials for the first authentication rank;validate the additional authentication credentials for the first authentication rank; andenable access to the first application, based on validating the additional authentication credentials. 6. The system of claim 2, wherein enabling comprises generating a security token and providing the token to the user, wherein the security token enables access to one or more applications of the plurality of applications. 7. The system of claim 2, wherein the authentication credentials comprises one or more of a username, a password, a passcode, a personal identification number (PIN), security questions, biometric data, device information associated with a mobile device of the user, user account information, or any combination thereof. 8. A computer-implemented method for tiered identification federated authentication, the method comprising: compiling one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each of the plurality applications, thereby generating a plurality of authentication sets for the plurality of applications, wherein more than one application may share a same authentication set;aggregating the plurality of authentication sets to form a tiered federated authentication module having multiple authentication rankings, wherein each authentication ranking is associated with one of the authentication sets, and wherein authentication sets with a higher authentication ranking corresponds to more stringent authentication credentials and a lower ranked authentication set or application corresponds to less stringent authentication credentials; andauthenticating a user to access two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings. 9. The method of claim 8, further comprising: storing the plurality of authentication sets in an authentication set database; andwherein authenticating the user to access the two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings further comprises: receiving, from a user, a request for access to a first application, wherein the first application is one of the plurality of applications;identifying, based on the authentication set database, a first authentication set associated with the first application;identifying, based on the tiered federated authentication module, a first authentication rank associated with the first authentication set;determining that the user is currently authenticated to a second application;identifying, based on the authentication set database, a second authentication set associated with the second application;identifying, based on the tiered federated authentication module, a second authentication rank associated with the second authentication set; anddetermining whether or not the user has authenticated to an application and the rank of the application; andenabling access to the first application for the user based on a comparison of the first authentication rank and the second authentication rank. 10. The method of claim 9, further comprising: determining that the second authentication rank is higher than or equivalent to the first authentication rank; andenabling access to the first application for the user without requiring the user to provide authentication credentials for the first application. 11. The method of claim 10, further comprising: determining that the user is currently not authenticated to a third application;identifying, based on the authentication set database, a third authentication set associated with the third application;identifying, based on the tiered federated authentication module, a third authentication rank associated with the third authentication set;determining that the third authentication rank is lower than or equivalent to the first authentication rank; andautomatically enabling access to the third application for the user. 12. The method of claim 9, further comprising: determining that the second authentication rank is lower than the first authentication rank;identifying, based on the tiered federated authentication module, additional authentication credentials required for access to the first authentication rank, wherein the additional authentication credentials comprise fewer authentication credentials than original authentication credentials for the first authentication rank and more authentication credentials than original authentication credentials for the second authentication rank;prompting the user to provide the additional authentication credentials for the first authentication rank;receiving, from the user, the additional authentication credentials for the first authentication rank;validating the additional authentication credentials for the first authentication rank; andenabling access to the first application, based on validating the additional authentication credentials. 13. The method of claim 9, wherein enabling comprises generating a security token and providing the token to the user, wherein the security token enables access to one or more applications of the plurality of applications. 14. The method of claim 9, wherein the authentication credentials comprises one or more of a username, a password, a passcode, a personal identification number (PIN), security questions, biometric data, device information associated with a mobile device of the user, user account information, or any combination thereof. 15. A computer program product for tiered identification federated authentication, the computer program product comprising a non-transitory computer readable medium having one or more computer-readable programs stored therein, and the computer readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps: compiling, via a computing device processor, one or more authentication credentials required for access to each of a plurality of applications to generate an authentication set for each of the plurality applications, thereby generating a plurality of authentication sets for the plurality of applications, wherein more than one application may share a same authentication set;aggregating, via a computing device processor, the plurality of authentication sets to form a tiered federated authentication module having multiple authentication rankings, wherein each authentication ranking is associated with one of the authentication sets, and wherein authentication sets with a higher authentication ranking corresponds to more stringent authentication credentials and a lower ranked authentication set or application corresponds to less stringent authentication credentials; andauthenticating, via a computing device processor, a user to access two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings. 16. The computer program product of claim 15, further comprising computer readable programs that, when executed by a computer apparatus, cause the apparatus to perform the following steps: storing, via a computing device processor, the plurality of authentication sets in an authentication set database; andwherein authenticating the user to access the two or more applications of the plurality of applications based on the tiered federated authentication module having multiple authentication rankings further comprises: receiving, via a computing device processor, from a user, a request for access to a first application, wherein the first application is one of the plurality of applications;identifying, via a computing device processor, based on the authentication set database, a first authentication set associated with the first application;identifying, via a computing device processor, based on the tiered federated authentication module, a first authentication rank associated with the first authentication set;determining, via a computing device processor, that the user is currently authenticated to a second application;identifying, via a computing device processor, based on the authentication set database, a second authentication set associated with the second application;identifying, via a computing device processor, based on the tiered federated authentication module, a second authentication rank associated with the second authentication set; anddetermining, via a computing device processor, whether or not the user has authenticated to an application and the rank of the application; andenabling access, via a computing device processor, to the first application for the user based on a comparison of the first authentication rank and the second authentication rank. 17. The computer program product of claim 16 further comprising computer readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps: determining, via a computing device processor, that the second authentication rank is higher than or equivalent to the first authentication rank; andenabling, via a computing device processor, access to the first application for the user without requiring the user to provide authentication credentials for the first application. 18. The computer program product of claim 17 further comprising computer readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps: determining, via a computing device processor, that the user is currently not authenticated to a third application;identifying, via a computing device processor, based on the authentication set database, a third authentication set associated with the third application;identifying, via a computing device processor, based on the tiered federated authentication module, a third authentication rank associated with the third authentication set;determining, via a computing device processor, that the third authentication rank is lower than or equivalent to the first authentication rank; andautomatically enabling, via a computing device processor, access to the third application for the user. 19. The computer program product of claim 16, further comprising computer readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps: determining, via a computing device processor, that the second authentication rank is lower than the first authentication rank;identifying, via a computing device processor, based on the tiered federated authentication module, additional authentication credentials required for access to the first authentication rank, wherein the additional authentication credentials comprise fewer authentication credentials than original authentication credentials for the first authentication rank and more authentication credentials than original authentication credentials for the second authentication rank;prompting, via a computing device processor, the user to provide the additional authentication credentials for the first authentication rank;receiving, via a computing device processor, from the user, the additional authentication credentials for the first authentication rank;validating, via a computing device processor, the additional authentication credentials for the first authentication rank; andenabling access, via a computing device processor, to the first application, based on validating the additional authentication credentials. 20. The computer program product of claim 16, wherein enabling comprises generating a security token and providing the token to the user, wherein the security token enables access to one or more applications of the plurality of applications.
Kao, I-Lung; Milman, Ivan Matthew; Schneider, David J.; Willard, Ronald Gene, Authentication framework for multiple authentication processes and mechanisms.
de Silva, Andrew; Zhuang, Jianning; Mazas, Jose; Panganiban, Alex, Automatic updating of favorite places for navigation system upon change of home address.
Grigg, David M.; Bertanzetti, Peter John; Burrell, Charles Jason; Hanson, Carrie Anne; Johansen, Joseph Neil; Toth, Michael E., Determining user authentication requirements based on the current location of the user being within a predetermined area requiring altered authentication requirements.
Grigg, David M.; Bertanzetti, Peter John; Burrell, Charles Jason; Hanson, Carrie Anne; Johansen, Joseph Neil; Toth, Michael E., Determining user authentication requirements based on the current location of the user in comparison to the users's normal boundary of location.
Vermeulen, Allan H.; Atlas, Alan B.; Barth, David M.; Cormie, John David; Fischman, Ami K.; Sorenson, III, James Christopher; Wagner, Eric M., Distributed storage system with web services client interface.
Ayanamcottil, Antony Aloysius; Chandrappa, Varun Yarehalli; Revankar, Natesh Shridhar; Verma, Priya; Alam, Mohammad Dilshad; Sharma, Nitin Prakash; Pullaikudi, Praveen Prakash Thazhalhu, Method for destructive readout of data in case of mobile theft.
Natsuno,Takeshi, Method for inhibiting use of mobile communication terminal having memory where card information is stored, mobile communication network, and mobile communication terminal.
Aravamudan, Murali; Rajasekharan, Ajit; Ramakrishnan, Kajamalai G.; Gupta, Mayank, Methods and systems for segmenting relative user preferences into fine-grain and coarse-grain collections.
Nair Parameswaran B. (Acworth GA) Evans John C. (Atlanta GA) Price James F. (Alpharetta GA) Choudhuri Kumar S. (Kennesaw GA) Stills James T. (Atlanta GA) Goulding Victor V. (Lawrenceville GA), Multi-reader transaction terminal.
Zhou, Tiger T G; Zhou, Dylan T X; Zhou, Andrew H B, One-touch payment using haptic control via a messaging and calling multimedia system on mobile device and wearable device, currency token interface, point of sale device, and electronic payment card.
Grigg, David M.; Thomas, Susan Smith; Harkey, Scott Lee; Bondesen, Laura; Calman, Matthew A., Providing automated initial and final payment for an activity based on determining the location of an activity participant's mobile communication device.
Votaw, Elizabeth S.; Burrell, Charles Jason; Hanson, Carrie Anne; Jones, Alicia C.; Lynch, Michael Patrick; Qaim-Maqami, Hood, Remote revocation of application access based on non-co-location of a transaction vehicle and a mobile device.
Gopinathan Krishna M. ; Jost Allen ; Biafore Louis S. ; Ferguson William M. ; Lazarus Michael A. ; Pathria Anu K., Risk determination and management using predictive modeling and transaction profiles for individual transacting entities.
Grigg, David M.; Johansen, Joseph Neil; Hanson, Carrie Anne; Burrell, Charles Jason; Votaw, Elizabeth S., Self-selected user access based on specific authentication types.
Grigg, David M.; Qaim-Maqami, Hood; Jones, Alicia C.; Votaw, Elizabeth S.; Johansen, Joseph Neil; Burrell, Charles Jason; Hanson, Carrie Anne; Lynch, Michael Patrick, Shutting down access to all user accounts.
Grigg, David M.; Johansen, Joseph Neil; Toth, Michael E.; Carpenter, Daniel Lynn; Qaim-Maqami, Hood; Hanson, Carrie Anne; Votaw, Elizabeth S., Sorting mobile banking functions into authentication buckets.
Ellis, Stephen M.; Kennedy, Michael J.; Kurani, Ashish Bhoopen; Lowry, Melissa; Meyyappan, Uma; Sahni, Bipin; Stroke, Nikolai, System and method for a mobile wallet.
Berardi,Michael J.; Bliman,Michal; Bonalle,David S.; Elwood,Jennifer Anne; Hood,Matthew C.; Isenberg,Susan E.; Mayers,Alexandra; Saunders,Peter D.; Scheding,Kathryn D.; Shah,Sejal Ajit; Williamson,Jo, System and method for payment using radio frequency identification in contact and contactless transactions.
Dhesi, Rajkaran Singh; Hunt, Simon; Parke, Paul Martin, System, method, and computer program product for disabling a communication channel during authentication.
Grigg, David M.; Bertanzetti, Peter John; Toth, Michael E.; Hanson, Carrie Anne; Votaw, Elizabeth S., User authentication based on historical transaction data.
Grigg, David M.; Bertanzetti, Peter John; Burrell, Charles Jason; Hanson, Carrie Anne; Johansen, Joseph Neil; Toth, Michael E.; Votaw, Elizabeth S., User authentication based on other applications.
Grigg, David M.; Johansen, Joseph Neil; Hanson, Carrie Anne; Burrell, Charles Jason; Votaw, Elizabeth S., User authentication based on self-selected preferences.
Grigg, David M.; Bertanzetti, Peter John; Toth, Michael E.; Hanson, Carrie Anne, User authentication by geo-location and proximity to user's close network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.