CA2403383A1 - System, method and computer program product for providing unified authentication services for online applications - Google Patents

System, method and computer program product for providing unified authentication services for online applications Download PDF

Info

Publication number
CA2403383A1
CA2403383A1 CA002403383A CA2403383A CA2403383A1 CA 2403383 A1 CA2403383 A1 CA 2403383A1 CA 002403383 A CA002403383 A CA 002403383A CA 2403383 A CA2403383 A CA 2403383A CA 2403383 A1 CA2403383 A1 CA 2403383A1
Authority
CA
Canada
Prior art keywords
user
server
account
determined policy
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002403383A
Other languages
French (fr)
Other versions
CA2403383C (en
Inventor
Bikram Singh Bakshi
David W. Helms
Anthony C. Rochon
Trevor J. Walker
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BioNetrix Systems Corp
Original Assignee
Bionetrix Systems Corporation
Bikram Singh Bakshi
David W. Helms
Anthony C. Rochon
Trevor J. Walker
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bionetrix Systems Corporation, Bikram Singh Bakshi, David W. Helms, Anthony C. Rochon, Trevor J. Walker filed Critical Bionetrix Systems Corporation
Publication of CA2403383A1 publication Critical patent/CA2403383A1/en
Application granted granted Critical
Publication of CA2403383C publication Critical patent/CA2403383C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system, method, and computer program product for providing authentication services in an Application Service Provider setting to a user of one or more online (or web) applications. The system includes, client side components: user management component (207), a web browser (212), device specific components (210), and authentication control (208). The system also includes server side components: authentication server (202), web/application server (214), communication components (204), and filter (206). The client side components authentication control component (208) manages the process of capturing a user-determined policy for a first account and user credentials.
This allows the user to define the level of protection to access the first account.

Furthermore, the user's credentials that are stored in the user management component (207) can be reused to access other accounts or applications.

Claims (22)

1. A system for providing user authentication to a first account provided by a first server via a communication medium, comprising:
client side components;
a user management component coupled to said client side components via the communication medium; and server side components coupled to said user management component via the communication medium, wherein said client side components include an authentication control component that manages the process of capturing a user-determined policy for the first account and user credentials, thereby allowing the user to define the level of protection to access the first account and wherein said client side components communicate the result of capturing said user-determined policy and said user credentials to said user management component, wherein said user management component stores said user-determined policy and said user credentials in a centralized location and organizes said user-determined policy and said user credentials such that said user credentials can be reused for user authentication to a second account provided by a second server; and wherein said server side components include an authentication server, and wherein said user management component indicates to said authentication server to use said user-determined policy for user authentication to the first account.
2. The system of claim 1, wherein the communication medium is the Internet.
3. The system of claim 1, wherein the communication medium is a local network.
4. The system of claim 1, wherein the communication medium is a wireless network.
5. The system of claim 1, wherein the first server and said second server are web servers.
6. The system of claim 1, wherein the first server and said second server are application servers.
7. The system of claim 1, wherein said authentication control component is checked for integrity each time it is invoked.
8. The system of claim 1, wherein said user-determined policy for the first account is the same as a second user-determined policy for said second account.
9. The system of claim 1, wherein said user-determined policy for the first account is different from a second user-determined policy for said second account.
10. The system of claim 1, wherein the first server and said second server are unrelated.
11. The system of claim 1, wherein the first server and said second server are related.
12. A method for providing user authentication to a first account provided by a first server via a communication medium, comprising the steps of:
managing, via an authentication control component, the process of capturing a user-determined policy for the first account and user credentials, thereby allowing the user to define the level of protection to access the first account;
communicating, from said authentication control component to a user management component, the result of capturing said user-determined policy and said user credentials;
organizing, by said user management component, said user-determined policy and said user credentials in a centralized location such that said user credentials can be reused for user authentication to a second account provided by a second server; and indicating, by said user management component to said authentication server, to use said user-determined policy for user authentication to the first account.
13. The method of claim 12, wherein the communication medium is the Internet.
14. The method of claim 12, wherein the communication medium is a local network.
15. The method of claim 12, wherein the communication medium is a wireless network.
16. The method of claim 12, wherein the first server and said second server are web servers.
17. The method of claim 12 wherein the first server and said second server are application servers.
18. The method of claim 12 wherein said authentication control component is checked for integrity each time it is invoked.
19. The method of claim 12, wherein said user-determined policy for the first server is the same as a second user-determined policy for said second server.
20. The method of claim 12 wherein said user-determined policy for the first server is different from a second user-determined policy for said second server.
21. The method of claim 12, wherein the first server and said second server are unrelated.
22. The method of claim 12, wherein the first server and said second server are related.
CA2403383A 2000-03-23 2001-03-23 System, method and computer program product for providing unified authentication services for online applications Expired - Lifetime CA2403383C (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US19147100P 2000-03-23 2000-03-23
US60/191,471 2000-03-23
US69506000A 2000-10-25 2000-10-25
US09/695,060 2000-10-25
PCT/US2001/009188 WO2001071961A1 (en) 2000-03-23 2001-03-23 System, method and computer program product for providing unified authentication services for online applications

Publications (2)

Publication Number Publication Date
CA2403383A1 true CA2403383A1 (en) 2001-09-27
CA2403383C CA2403383C (en) 2011-06-28

Family

ID=26887076

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2403383A Expired - Lifetime CA2403383C (en) 2000-03-23 2001-03-23 System, method and computer program product for providing unified authentication services for online applications

Country Status (4)

Country Link
JP (1) JP2004524591A (en)
AU (1) AU2001243706A1 (en)
CA (1) CA2403383C (en)
WO (1) WO2001071961A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7441263B1 (en) 2000-03-23 2008-10-21 Citibank, N.A. System, method and computer program product for providing unified authentication services for online applications
GB2386445A (en) * 2002-03-13 2003-09-17 Hewlett Packard Co Application server functions
US8458775B2 (en) 2006-08-11 2013-06-04 Microsoft Corporation Multiuser web service sign-in client side components
CN105450629A (en) * 2015-10-29 2016-03-30 东莞酷派软件技术有限公司 Biological-information-verification-based router connecting method and apparatus, and router

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06223041A (en) * 1993-01-22 1994-08-12 Fujitsu Ltd Rarge-area environment user certification system
US5724423A (en) * 1995-09-18 1998-03-03 Telefonaktiebolaget Lm Ericsson Method and apparatus for user authentication
US5930804A (en) * 1997-06-09 1999-07-27 Philips Electronics North America Corporation Web-based biometric authentication system and method
US6052468A (en) * 1998-01-15 2000-04-18 Dew Engineering And Development Limited Method of securing a cryptographic key
US6178511B1 (en) * 1998-04-30 2001-01-23 International Business Machines Corporation Coordinating user target logons in a single sign-on (SSO) environment

Also Published As

Publication number Publication date
CA2403383C (en) 2011-06-28
JP2004524591A (en) 2004-08-12
WO2001071961A1 (en) 2001-09-27
AU2001243706A1 (en) 2001-10-03
WO2001071961A9 (en) 2001-12-20

Similar Documents

Publication Publication Date Title
CN100464518C (en) Green internet-accessing system based on concentrated management and dictributed control, and method therefor
DE60220718T2 (en) METHOD AND SYSTEM FOR SAFE TREATMENT OF ELECTRONIC BUSINESS ON THE INTERNET
DE60027971T2 (en) Single sign-on to a network system that includes several separately controllable resources with limited access
DE69818008T2 (en) DATA ACCESS CONTROL
CN104184832B (en) Data submission method and device in network application
CN107995215A (en) Control method, device and the cloud platform server of smart home device
WO2000029922A3 (en) Providing web browsing companion tools and services
CN108322472A (en) Multi-tenant identity and data security management cloud service
CN107733922A (en) Method and apparatus for calling service
HK1036539A1 (en) Method and embedded system for instantiating an object in a network
CN105144111A (en) Relay service for different WEB service architectures
CN101076033B (en) Method and system for storing authentication certificate
WO2005069911A3 (en) Client-server data execution flow
CN106814975A (en) A kind of memory management method and its system for polymorphic type storage device
DK1095491T3 (en) Method, server system and device for making a secure communication network
JP2007213397A (en) Data management program, data management device and switching method of protocol
CN107070894A (en) A kind of software integrating method based on enterprise's cloud service platform
CN103023935B (en) M2M platforms cloud system and its method of processing M2M services
SE0003925D0 (en) Method and apparatus for an application
CN101378329B (en) Distributed business operation support system and method for implementing distributed business
CA2538693A1 (en) Personalisation
CN103379093B (en) A kind of method and device for realizing account intercommunication
CN101594342A (en) log recording method and device
CN106021375B (en) Data bank access method and database broker node
CA2403383A1 (en) System, method and computer program product for providing unified authentication services for online applications

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20210323