CA2668710A1 - Authentication system for service provisioning - Google Patents

Authentication system for service provisioning Download PDF

Info

Publication number
CA2668710A1
CA2668710A1 CA002668710A CA2668710A CA2668710A1 CA 2668710 A1 CA2668710 A1 CA 2668710A1 CA 002668710 A CA002668710 A CA 002668710A CA 2668710 A CA2668710 A CA 2668710A CA 2668710 A1 CA2668710 A1 CA 2668710A1
Authority
CA
Canada
Prior art keywords
user
service
executable
executable authentication
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA002668710A
Other languages
French (fr)
Inventor
Rajandra Laxman Kulkarni
Adam Greenberg
Anthony M. Marotto
Alexander L. Popowycz
Michael Francis Lopiano
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FMR LLC
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/593,992 external-priority patent/US20080115192A1/en
Application filed by Individual filed Critical Individual
Publication of CA2668710A1 publication Critical patent/CA2668710A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)
  • Stored Programmes (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Described are methods, systems, and apparatus, including computer program products for providing authentication for service provisioning. A first user is enabled to customize an authentication system associated with a service type. Customizing the authentication system includes defining one or more executable authentication rules for determining access for a second user to a service for the service type. At least a first executable authentication rule is selected from the one or more executable authentication rules. A rules credential is generated. A request is received from the second user. It is determined, at an enforcement point, if the first executable authentication rule applies to the user.

Claims (176)

1. A computerized method for providing authentication for service provisioning, the method comprising:

providing one or more executable authentication rules for determining access by a user to one or more services;

selecting at least a first executable authentication rule from the one or more executable authentication rules, the first executable authentication rule for determining access by the user to at least a first service from the one or more services, wherein selecting the first executable authentication rule is based on: a characteristic of the user, a characteristic of a request, a characteristic of an acquisition point, or any combination thereof;

generating a rules credential, the rules credential including the first executable authentication rule; and providing access by the user to the first service if the user satisfies the first executable authentication rule.
2. The method of claim 1, wherein the rules credential includes the first executable authentication rule in a compressed form.
3. The method of claim 1, wherein the characteristic of the user comprises an identification credential of the user, an identification credential of a group of users including the user, or any combination thereof.
4. The method of claim 3, wherein the group of users comprises: one or more employees of an organization, one or more customers of the organization, or any combination thereof.
5. The method of claim 1, wherein the characteristic of the request comprises:
an access-channel characteristic, an access-point characteristic, a device characteristic, or any combination thereof.
6. The method of claim 5 further comprising selecting the first executable authentication rule based on the access-channel characteristic when the user sends the request in: a web message, a universal resource locator (URL) message, electronic mail, text messaging, instant messaging, a session initiation protocol (SIP) message, a short message service (SMS) message, a multimedia messaging service (MMS) message, an enhanced messaging service (EMS) message, an IP multimedia system (IMS) message, a live voice call, an automated voice call, an interactive voice response (IVR) call, or any combination thereof.
7. The method of claim 5 further comprising selecting the first executable authentication rule based on the access-point characteristic when the request originates from a specified network access-point, the specified network access-point comprising: an IP
address, a network IP address, a telephone number, an area code, a country code, or any combination thereof.
8. The method of claim 5 further comprising selecting the first executable authentication rule based on the device characteristic when the request originates from a specified device, the specified device characterized by a software characteristic or a hardware characteristic.
9. The method of claim 1, wherein the characteristic of the acquisition point comprises: a time characteristic, a policy characteristic, a service type characteristic, a function type characteristic, or any combination thereof.
10. The method of claim 9 further comprising selecting the first executable authentication rule based on the time characteristic when the request is received during: a specified time range, a specified day of the week, a specified set of dates, or any combination thereof.
11. The method of claim 9 further comprising selecting the first executable authentication rule based on the service type characteristic when the first service is associated with: a retail services type, an employment services type, an insurance services type, or any combination thereof.
12. The method of claim 9 further comprising selecting the first executable authentication rule based on the function type characteristic when the first service is associated with: a financial service, an accounting service, a personnel service, an administrative service, a trade service, or any combination thereof.
13. The method of claim 1, wherein the rules credential is generated at an acquisition point.
14. The method of claim 1 further comprising:

receiving, from the user, a request for the first service at an enforcement point;
and determining, at the enforcement point, if the first executable authentication rule applies to the user, wherein determining if the first executable authentication rule applies comprises determining if one or more triggers specified by the first executable authentication rule are triggered.
15. The method of claim 14, wherein the one or more triggers comprise: a user trigger, a request trigger, an enforcement point trigger, a policy trigger, or any combination thereof.
16. The method of claim 15, wherein the user trigger comprises an identification credential of the user, an identification credential of a group of users including the user, or any combination thereof.
17. The method of claim 15, wherein the request trigger comprises: an access-channel trigger, an access-point trigger, a device trigger, or any combination thereof
18. The method of claim 15, wherein the enforcement point trigger comprises: a time trigger, a service type trigger, a function trigger, an expiration-of-time trigger, or any combination thereof.
19. The method of claim 1 further comprising:

receiving, from the user, a request for the first service at an enforcement point;
determining if the user satisfies the first executable authentication rule;
and executing an authentication action if the user does not satisfy the first executable authentication rule.
20. The method of claim 19, wherein determining if the user satisfies the first executable authentication rule comprises determining a satisfaction state of the first executable authentication rule.
21. The method of claim 19, wherein the authentication action comprises: a hard token action, a soft token action, a personal identification number (PIN) action, a password (PW) action, a knowledge action, a biometric action, a modify-user information action, or any combination thereof.
22. The method of claim 19, wherein executing the authentication action comprises directing the user to a site different from the enforcement point.
23. The method of claim 19, wherein executing the authentication action comprises:
providing access by the user to the first service; and executing a supplemental action when the user accesses the first service.
24. The method of claim 19, wherein the authentication action is specified by at least one of:
the first executable authentication rule or the enforcement point.
25. The method of claim 19 further comprising modifying a satisfaction state of the first executable authentication rule based on a result of the authentication action.
26. The method of claim 1 further comprising:

determining if the user satisfies the first executable authentication rule;
and providing access by the user to the first service if the user does not satisfy the first executable authentication rule.
27. The method of claim 26, wherein the first service comprises an authentication service for satisfying the first executable authentication rule.
28. The method of claim 26, wherein the rules credential includes at least a second executable authentication rule from the one or more executable authentication rules.
29. The method of claim 28 further comprising bypassing processing of the second executable authentication rule if the user does not satisfy the first executable authentication rule.
30 The method of claim 1, wherein the one or more executable authentication rules comprise: a mandatory configurable rule, an optional configurable rule, a mandatory non-configurable rule, an optional non-configurable rule, or any combination thereof.
31. The method of claim 1, wherein the one or more services comprise: a financial service, an accounting service, a personnel service, an administrative service, a trade service, or any combination thereof.
32. The method of claim 1, wherein a type of the one or more services comprise: a retail service type, an employment service type, an insurance services type, or any combination thereof.
33. A computer program product, tangibly embodied in an information carrier, the computer program product including instructions being operable to cause a data processing apparatus to:

provide one or more executable authentication rules for determining access by a user to one or more services;

select at least a first executable authentication rule from the one or more executable authentication rules, the first executable authentication rule for determining access by the user to at least a first service from the one or more services, wherein selecting the first executable authentication rule is based on: a characteristic of the user, a characteristic of a request, a characteristic of an acquisition point, or any combination thereof;

generate a rules credential, the rules credential including the first executable authentication rule; and provide access by the user to the first service if the user satisfies the first executable authentication rule.
34. A system for providing authentication for service provisioning, the system comprising an authentication system adapted to:

provide one or more executable authentication rules for determining access by a user to one or more services;

select at least a first executable authentication rule from the one or more executable authentication rules, the first executable authentication rule for determining access by the user to at least a first service from the one or more services, wherein selecting the first executable authentication rule is based on: a characteristic of the user, a characteristic of a request, a characteristic of an acquisition point, or any combination thereof;

generate a rules credential, the rules credential including the first executable authentication rule; and provide access by the user to the first service if the user satisfies the first executable authentication rule.
35. A computerized method for providing customizable authentication for service provisioning, the method comprising:

enabling a client of a service provider to customize an authentication system of the service provider, wherein customizing the authentication system comprises defining one or more executable authentication rules for determining access by a consumer to a service provided by the service provider; and providing access by the consumer to the service if the consumer satisfies a first executable authentication rule from the one or more executable authentication rules.
36. The method of claim 35, wherein the client is the consumer.
37. The method of claim 35, wherein the client comprises a client organization or one or more subgroups of the client organization.
38. The method of claim 35, wherein the consumer comprises one or more individuals associated with the client, the one or more individuals comprising: one or more employees of the client, one or more customers of the client, or any combination thereof.
39. The method of claim 35 further comprising enabling the consumer to customize the authentication system associated with the service.
40. The method of claim 39, wherein enabling the consumer to customize the authentication system comprises enabling the consumer to edit one or more of the one or more executable authentication rules.
41. The method of claim 39, wherein enabling the consumer to customize the authentication system comprises enabling the consumer to define one or more consumer executable authentication rules for determining access by the consumer to the service, wherein the one or more consumer executable authentication rules are different from the one or more executable authentication rules.
42. The method of claim 35, wherein the one or more executable authentication rules comprise: a configurable rule, a non-configurable rule, or any combination thereof
43. The method of claim 35, wherein the one or more executable authentication rules comprise: a mandatory rule, an optional rule, or any combination thereof
44. The method of claim 43 further comprising enabling the consumer to select enrollment in at least one of the one or more executable authentication rules when the at least one of the one or more executable authentication rules is optional.
45. The method of claim 35 further comprising:

selecting the first executable authentication rule from the one or more executable authentication rules, wherein selecting the first executable authentication rule is based on:
a characteristic of the consumer, a characteristic of a request, a characteristic of an acquisition point, or any combination thereof; and generating a rules credential, the rules credential including the first executable authentication rule.
46. The method of claim 45, wherein the characteristic of the consumer comprises an identification credential of the consumer, an identification credential of a group of consumers including the consumer, or any combination thereof.
47. The method of claim 45, wherein the characteristic of the request comprises: an access-channel characteristic, an access-point characteristic, a device characteristic, or any combination thereof.
48. The method of claim 45, wherein the characteristic of the acquisition point comprises: a time characteristic, a policy characteristic, a service type characteristic, a function type characteristic, or any combination thereof.
49. The method of claim 48, wherein the rules credential is generated at an acquisition point.
50. The method of claim 35 further comprising:

receiving, from the consumer, a request for the service at an enforcement point;
and determining, at the enforcement point, if the first executable authentication rule from the one or more executable authentication rules applies to the consumer, wherein determining if the first executable authentication rule applies comprises determining if one or more triggers specified by the first executable authentication rule are triggered.
51. The method of claim 50, wherein the one or more triggers comprise: a user trigger, a request trigger, an enforcement point trigger, a policy trigger, or any combination thereof.
52. The method of claim 51, wherein the user trigger comprises an identification credential of the consumer, an identification credential of a group of consumers including the consumer, or any combination thereof.
53. The method of claim 51, wherein the request trigger comprises: an access-channel trigger, an access-point trigger, a device trigger, or any combination thereof.
54. The method of claim 51, wherein the enforcement point trigger comprises: a time trigger, a service type trigger, a function trigger, an expiration-of-time trigger, or any combination thereof.
55. The method of claim 35 further comprising:

receiving, from the consumer, a request for the service at an enforcement point;
determining if the consumer satisfies the first executable authentication rule; and executing an authentication action if the consumer does not satisfy the first executable authentication rule.
56. The method of claim 55, wherein determining if the consumer satisfies the first executable authentication rule comprises determining a satisfaction state of the first executable authentication rule.
57. The method of claim 55, wherein the authentication action comprises: a hard token action, a soft token action, a personal identification number (PIN) action, a password (PW) action, a knowledge action, a biometric action, a modify-user information action, or any combination thereof.
58. The method of claim 55, wherein executing the authentication action comprises directing the consumer to a site different from the enforcement point.
59. The method of claim 55, wherein the authentication action is specified by at least one of:
the first executable authentication rule or the enforcement point.
60. The method of claim 55 further comprising modifying a satisfaction state of the first executable authentication rule based on a result of the authentication action.
61. The method of claim 35, wherein the service comprises: a financial service, an accounting service, a personnel service, an administrative service, a trade service, or any combination thereof.
62. The method of claim 35, wherein a type of the service comprises: a retail service type, an employment service type, an insurance services type, or any combination thereof
63. A computer program product, tangibly embodied in an information carrier, the computer program product including instructions being operable to cause a data processing apparatus to:

enable a client of a service provider to customize an authentication system of the service provider, wherein customizing the authentication system comprises defining one or more executable authentication rules for determining access by a consumer to a service provided by the service provider; and provide access by the consumer to the service if the consumer satisfies a first executable authentication rule from the one or more executable authentication rules.
64. A system for providing customizable authentication for service provisioning, the system comprising an authentication system adapted to:

enable a client of a service provider to customize the authentication system of the service provider, wherein customizing the authentication system comprises defining one or more executable authentication rules for determining access by a consumer to a service provided by the service provider; and provide access by the consumer to the service if the consumer satisfies a first executable authentication rule from the one or more executable authentication rules.
65. A computerized method for providing customizable authentication for service provisioning, the method comprising:

enabling a first user to customize an authentication system associated with a service, wherein customizing the authentication system comprises defining a first executable authentication rule for a second user and a second executable authentication rule for a third user, the second executable authentication rule being different from the first executable authentication rule, the second user being different from the third user, the first executable authentication rule being employed for determining access by the second user to the service, the second executable authentication rule being employed for determining access by the third user to the service; and providing access by the second user to the service if the second user satisfies the first executable authentication rule.
66. The method of claim 65, wherein the first user comprises a service provider, a client organization of the service provider, or one or more subgroups of the client organization.
67. The method of claim 65, wherein the second and third users comprise: one or more client organizations of the service provider, one or more subgroups of the one or more client organizations, one or more individuals, or any combination thereof.
68. The method of claim 67, wherein the one or more individuals comprise: one or more employees of the one or more client organizations, one or more customers of the one or more client organizations, one or more customers of the service provider, or any combination thereof.
69. The method of claim 65 further comprising enabling the second user to customize the authentication system associated with the service.
70. The method of claim 69, wherein enabling the second user to customize the authentication system comprises enabling the second user to edit the first executable authentication rule.
71. The method of claim 69, wherein enabling the second user to customize the authentication system comprises enabling the second user to define one or more second user executable authentication rules for determining access by the second user to the service, wherein the one or more second user executable authentication rules are different from the first executable authentication rule.
72. The method of claim 65, wherein the first and second executable authentication rules comprise: a configurable rule, a non-configurable rule, or any combination thereof.
73. The method of claim 65, wherein the first and second executable authentication rules comprise: a mandatory rule, an optional rule, or any combination thereof.
74. The method of claim 73 further comprising enabling the second user to select enrollment in the first executable authentication rule when the first executable authentication rule is optional.
75. The method of claim 65 further comprising:

selecting the first executable authentication rule, wherein selecting the first executable authentication rule is based on: a characteristic of the second user, a characteristic of a request, a characteristic of an acquisition point, or any combination thereof; and generating a rules credential, the rules credential including the first executable authentication rule.
76. The method of claim 75, wherein the characteristic of the second user comprises an identification credential of the second user, an identification credential of a group of users including the second user, or any combination thereof.
77. The method of claim 75, wherein the characteristic of the request comprises: an access-channel characteristic, an access-point characteristic, a device characteristic, or any combination thereof.
78. The method of claim 75, wherein the characteristic of the acquisition point comprises: a time characteristic, a policy characteristic, a service type characteristic, a function type characteristic, or any combination thereof.
79. The method of claim 78, wherein the rules credential is generated at an acquisition point.
80. The method of claim 65 further comprising:

receiving, from the second user, a request for the service at an enforcement point;
and determining, at the enforcement point, if at least the first executable authentication rule applies to the second user, wherein determining if the first executable authentication rule applies comprises determining if one or more triggers specified by the first executable authentication rule are triggered.
81. The method of claim 80, wherein the one or more triggers comprise: a user trigger, a request trigger, an enforcement point trigger, a policy trigger, or any combination thereof.
82. The method of claim 81, wherein the user trigger comprises an identification credential of the second user, an identification credential of a group of users including the second user, or any combination thereof.
83. The method of claim 81, wherein the request trigger comprises: an access-channel trigger, an access-point trigger, a device trigger, or any combination thereof.
84. The method of claim 81, wherein the enforcement point trigger comprises: a time trigger, a service type trigger, a function trigger, an expiration-of-time trigger, or any combination thereof.
85. The method of claim 65 further comprising:

receiving, from the second user, a request for the service at an enforcement point;
determining if the second user satisfies the first executable authentication rule;
and executing an authentication action if the second user does not satisfy the first executable authentication rule.
86. The method of claim 85, wherein determining if the second user satisfies the first executable authentication rule comprises determining a satisfaction state of the first executable authentication rule.
87. The method of claim 85, wherein the authentication action comprises: a hard token action, a soft token action, a personal identification number (PIN) action, a password (PW) action, a knowledge action, a biometric action, a modify-user information action, or any combination thereof.
88. The method of claim 85, wherein executing the authentication action comprises directing the second user to a site different from the enforcement point.
89. The method of claim 85, wherein the authentication action is specified by at least one of:
the first executable authentication rule or the enforcement point.
90. The method of claim 85 further comprising modifying a satisfaction state of the first executable authentication rule based on a result of the authentication action.
91. The method of claim 65, wherein the service comprises: a financial service, an accounting service, a personnel service, an administrative service, a trade service, or any combination thereof.
92. The method of claim 65, wherein a type of the service comprises: a retail service type, an employment service type, an insurance services type, or any combination thereof
93. A computer program product, tangibly embodied in an information carrier, the computer program product including instructions being operable to cause a data processing apparatus to:

enable a first user to customize an authentication system associated with a service, wherein customizing the authentication system comprises defining a first executable authentication rule for a second user and a second executable authentication rule for a third user, the second executable authentication rule being different from the first executable authentication rule, the second user being different from the third user, the first executable authentication rule being employed for determining access by the second user to the service, the second executable authentication rule being employed for determining access by the third user to the service; and provide access by the second user to the service if the second user satisfies the first executable authentication rule.
94. A system for providing customizable authentication for service provisioning, the system comprising an authentication system adapted to:

enable a first user to customize an authentication system associated with a service, wherein customizing the authentication system comprises defining a first executable authentication rule for a second user and a second executable authentication rule for a third user, the second executable authentication rule being different from the first executable authentication rule, the second user being different from the third user, the first executable authentication rule being employed for determining access by the second user to the service, the second executable authentication rule being employed for determining access by the third user to the service; and provide access by the second user to the service if the second user satisfies the first executable authentication rule.
95. A computerized method for providing authentication for service provisioning, the method comprising:

providing one or more executable authentication rules for determining access by a user to one or more services;

receiving, from the user, a request for a first service from the one or more services at an enforcement point;

determining, at the enforcement point, if at least a first executable authentication rule from the one or more executable authentication rules applies to the user, the first executable authentication rule for determining access by the user to the first service, wherein determining if the first executable authentication rule applies comprises determining if one or more triggers specified by the first executable authentication rule are triggered; and providing access by the user to the first service if the user satisfies the first executable authentication rule.
96. The method of claim 95, wherein providing the one or more executable authentication rules comprises providing a rules credential including the one or more executable authentication rules.
97. The method of claim 95, wherein the one or more triggers comprise: a user trigger, a request trigger, an enforcement point trigger, a policy trigger, or any combination thereof.
98. The method of claim 97, wherein the user trigger comprises an identification credential of the user, an identification credential of a group of users including the user, or any combination thereof.
99. The method of claim 98, wherein the group of users comprises: one or more employees of an organization, one or more customers of the organization, or any combination thereof.
100. The method of claim 97, wherein the request trigger comprises: an access-channel trigger, an access-point trigger, a device trigger, or any combination thereof.
101. The method of claim 100 further comprising triggering the access-channel trigger when the user sends the request in: a web message, a universal resource locator (URL) message, electronic mail, text messaging, instant messaging, a session initiation protocol (SIP) message, a short message service (SMS) message, a multimedia messaging service (MMS) message, an enhanced messaging service (EMS) message, an IP multimedia system (IMS) message, a live voice call, an automated voice call, an interactive voice response (IVR) call, or any combination thereof.
102. The method of claim 100 further comprising triggering the access-point trigger when the request originates from a specified network access-point, the specified network access-point comprising: an IP address, a network IP address, a telephone number, an area code, a country code, or any combination thereof.
103. The method of claim 100 further comprising triggering the device trigger when the request originates from a specified device, the specified device characterized by a software characteristic or a hardware characteristic.
104. The method of claim 97, wherein the enforcement point trigger comprises:
a time trigger, a service type trigger, a function trigger, an expiration-of-time trigger, or any combination thereof.
105. The method of claim 104 further comprising triggering the time trigger when the request is received during: a specified time range, a specified day of the week, a specified set of dates, or any combination thereof.
106. The method of claim 104 further comprising triggering the service type trigger when the first service is associated with: a retail services type, an employment services type, an insurance services type, or any combination thereof.
107. The method of claim 104 further comprising triggering the function trigger when the first service is associated with: a financial service, an accounting service, a personnel service, an administrative service, a trade service, or any combination thereof.
108. The method of claim 97, wherein the policy trigger comprises a fraud trigger.
109. The method of claim 95 further comprising determining by default, at the enforcement point, that the first executable authentication rule applies to the user if the first executable authentication rule does not specify at least a first trigger.
110. The method of claim 95 further comprising determining, at the enforcement point, if at least a second executable authentication rule from the one or more executable authentication rules applies to the user, wherein determining if the second executable authentication rule applies comprises determining if one or more triggers specified by the second executable authentication rule are triggered.
111. The method of claim 110, wherein the steps of determining if the first and the second executable authentication rules apply to the user are processed in an order specified by one or more priority characteristics of at least one of the first or the second executable authentication rule, the one or more priority characteristics comprising: a priority code, a priority class, a priority type, a priority context, or any combination thereof.
112. The method of claim 95, when the first executable authentication rule applies, further comprising:

determining if the user satisfies the first executable authentication rule;
and executing an authentication action if the user does not satisfy the first executable authentication rule.
113. The method of claim 112, wherein determining if the user satisfies the first executable authentication rule comprises determining a satisfaction state of the first executable authentication rule.
114. The method of claim 112, wherein the authentication action comprises: a hard token action, a soft token action, a personal identification number (PIN) action, a password (PW) action, a knowledge action, a biometric action, a modify-user information action, or any combination thereof.
115. The method of claim 112, wherein executing the authentication action comprises directing the user to a site different from the enforcement point.
116. The method of claim 115, wherein executing the authentication action further comprises blocking the user from accessing the first service.
117. The method of claim 95, when the first executable authentication rule applies, further comprising:

providing access by the user to the first service; and executing an authentication action when the user accesses the first service.
118. The method of claim 117, wherein the authentication action comprises a monitoring action.
119. The method of claim 117, when the first executable authentication rule does not apply, further comprising providing access by the user to the first service.
120. The method of claim 95 further comprising:

providing, when the first executable authentication rule applies, access by the user to the first service; and directing, when the first executable authentication rule does not apply, the user to a redirect service different from the first service.
121. The method of claim 120, wherein the first service comprises a fraud service.
122. The method of claim 112, wherein the authentication action is specified by at least one of: the first executable authentication rule or the enforcement point.
123. The method of claim 112 further comprising modifying a satisfaction state of the first executable authentication rule based on a result of the authentication action.
124. The method of claim 112 further comprising determining, at the enforcement point and before the user is provided access to the first service, if at least a second executable authentication rule from the one or more executable authentication rules applies to the user, wherein determining if the second executable authentication rule applies comprises determining if one or more triggers specified by the second executable authentication rule are triggered.
125. The method of claim 95 further comprising:

determining if the user satisfies the first executable authentication rule;
and providing access by the user to the first service if the user does not satisfy the first executable authentication rule.
126. The method of claim 126, wherein the first service comprises an authentication service for satisfying the first executable authentication rule.
127. The method of claim 126, wherein providing the one or more executable authentication rules comprises providing a rules credential including the one or more executable authentication rules.
128. The method of claim 128 further comprising bypassing processing of at least a second executable authentication rule from the one or more executable authentication rules if the user does not satisfy the first executable authentication rule.
129. The method of claim 95, wherein the one or more executable authentication rules comprise: a mandatory configurable rule, an optional configurable rule, a mandatory non-configurable rule, an optional non-configurable rule, or any combination thereof
130. The method of claim 95 further comprising:

determining if a second executable authentication rule from the one or more executable authentication rules applies to the user at the enforcement point;

determining if the second executable authentication rule is grouped with the first executable authentication rule;

executing an authentication action specified by the first executable authentication rule; and modifying a satisfaction state of the second executable authentication rule based on a result of the authentication action if the second executable authentication rule is grouped with the first executable authentication rule.
131. The method of claim 95, wherein the first service comprises: a financial service, an accounting service, a personnel service, an administrative service, a trade service, or any combination thereof.
132. The method of claim 95, wherein a type of the first service comprises: a retail service type, an employment service type, an insurance services type, or any combination thereof.
133. A computer program product, tangibly embodied in an information carrier, the computer program product including instructions being operable to cause a data processing apparatus to:

provide one or more executable authentication rules for determining access by a user to one or more services;

receive, from the user, a request for a first service from the one or more services at an enforcement point;

determine if at least a first executable authentication rule from the one or more executable authentication rules applies to the user at the enforcement point, the first executable authentication rule for determining access by the user to the first service, wherein determining if the first executable authentication rule applies comprises determining if one or more triggers specified by the first executable authentication rule is triggered;

execute an authentication action specified by the first executable authentication rule when the first executable authentication rule applies; and provide access by the user to the first service if the user satisfies the first executable authentication rule.
134. A system for providing authentication for service provisioning, the system comprising an authentication system adapted to:

provide one or more executable authentication rules for determining access by a user to one or more services;

receive, from the user, a request for a first service from the one or more services at an enforcement point;

determine if at least a first executable authentication rule from the one or more executable authentication rules applies to the user at the enforcement point, the first executable authentication rule for determining access by the user to the first service, wherein determining if the first executable authentication rule applies comprises determining if one or more triggers specified by the first executable authentication rule is triggered;

execute an authentication action specified by the first executable authentication rule when the first executable authentication rule applies; and provide access by the user to the first service if the user satisfies the first executable authentication rule.
135. A computerized method for providing authentication for service provisioning, the method comprising:

providing an executable authentication rule for determining access by a user to a service;

receiving, from the user, a request for the service at a first enforcement point;

determining if the user satisfies the executable authentication rule; and providing access by the user to the service if the user does not satisfy the executable authentication rule.
136. The method of claim 136 further comprising providing access by the user to the service if the user satisfies the executable authentication rule.
137. The method of claim 136 further comprising directing the user to a site different from the first enforcement point if the user satisfies the executable authentication rule.
138. The method of claim 136, wherein the service comprises an authentication service for satisfying the executable authentication rule.
139. The method of claim 139 further comprising modifying a satisfaction state of the executable authentication rule based on a result of the user accessing the service.
140. The method of claim 136, wherein providing the executable authentication rule comprises providing a rules credential including the executable authentication rule and one or more other executable authentication rules.
141. The method of claim 141 further comprising bypassing processing of the one or more other executable authentication rules if the user does not satisfy the executable authentication rule.
142. The method of claim 136, wherein determining if the user satisfies the executable authentication rule comprises determining a satisfaction state of the executable authentication rule.
143. The method of claim 136 further comprising executing an authentication action if the user does not satisfy the executable authentication rule.
144. The method of claim 144, wherein the authentication action is specified by at least one of: the first executable authentication rule or the first enforcement point.
145. The method of claim 136 further comprising:

receiving, from the user, a second request for a second service from the one or more services at a second enforcement point;

determining if the user satisfies the first executable authentication rule;
providing access by the user to the second service if the user satisfies the first executable authentication rule; and executing an authentication action if the user does not satisfy the first executable authentication rule.
146. The method of claim 146, wherein the authentication action comprises: a hard token action, a soft token action, a personal identification number (PIN) action, a password (PW) action, a knowledge action, a biometric action, a modify-user information action, or any combination thereof.
147. The method of claim 146, wherein executing the authentication action comprises directing the user to the first enforcement point.
148. The method of claim 146, wherein executing the authentication action further comprises blocking the user from accessing the second service.
149. A computer program product, tangibly embodied in an information carrier, the computer program product including instructions being operable to cause a data processing apparatus to:

provide an executable authentication rule for determining access by a user to a service;

receive, from the user, a request for the service at an enforcement point;
determine if the user satisfies the executable authentication rule; and provide access by the user to the service if the user does not satisfy the executable authentication rule.
150. A system for providing authentication for service provisioning, the system comprising an authentication system adapted to:

provide an executable authentication rule for determining access by a user to a service;

receive, from the user, a request for the service at an enforcement point;
determine if the user satisfies the executable authentication rule; and provide access by the user to the service if the user does not satisfy the executable authentication rule.
151. A computerized method for providing authentication for service provisioning, the method comprising:

providing at least a first and a second executable authentication rule, one or both of the first and second executable authentications for determining access by a user to a service;

selecting the first executable authentication rule when a lifecycle state associated with the user is in a first state;

selecting the second executable authentication rule when the lifecycle state is in a second state;

generating a rules credential, the rules credential including the selected executable authentication rule; and providing access by the user to the service if the user satisfies the selected executable authentication rule.
152. The method of claim 152 further comprising transitioning the lifecycle state from the first state to the second state.
153. The method of claim 153, wherein the lifecycle state transitions when the first executable authentication rule is satisfied.
154. The method of claim 153, wherein the lifecycle state transitions when an expiration period elapses.
155. The method of claim 153, wherein the first executable authentication rule is the second authentication rule, further comprising:

selecting a first set of rule triggers to include in the first executable authentication rule when the lifecycle state is in a first state; and selecting a second set of rule triggers to include in the second executable authentication rule when the lifecycle state is in a second state.
156. The method of claim 153, wherein the first executable authentication rule is the second authentication rule, further comprising:

selecting a first set of rule actions to include in the first executable authentication rule when the lifecycle state is in a first state; and selecting a second set of rule actions to include in the second executable authentication rule when the lifecycle state is in a second state.
157. The method of claim 152 further comprising wherein selecting the first or second executable authentication rule is also based on: a characteristic of the consumer, a characteristic of a request, a characteristic of an acquisition point, or any combination thereof.
158. The method of claim 158, wherein the characteristic of the consumer comprises an identification credential of the consumer, an identification credential of a group of consumers including the consumer, or any combination thereof.
159. The method of claim 158, wherein the characteristic of the request comprises: an access-channel characteristic, an access-point characteristic, a device characteristic, or any combination thereof.
160. The method of claim 158, wherein the characteristic of the acquisition point comprises: a time characteristic, a policy characteristic, a service type characteristic, a function type characteristic, or any combination thereof.
161. The method of claim 161, wherein the rules credential is generated at an acquisition point.
162. The method of claim 152 further comprising:

receiving, from the user, a request for the service at an enforcement point;
and determining, at the enforcement point, if the selected executable authentication rule applies to the user, wherein determining if the selected executable authentication rule applies comprises determining if one or more triggers specified by the selected executable authentication rule are triggered.
163. The method of claim 163, wherein the one or more triggers comprise: a user trigger, a request trigger, an enforcement point trigger, a policy trigger, or any combination thereof.
164. The method of claim 164, wherein the user trigger comprises an identification credential of the user, an identification credential of a group of users including the user, or any combination thereof.
165. The method of claim 164, wherein the request trigger comprises: an access-channel trigger, an access-point trigger, a device trigger, or any combination thereof.
166. The method of claim 164, wherein the enforcement point trigger comprises:
a time trigger, a service type trigger, a function trigger, an expiration-of-time trigger, or any combination thereof.
167. The method of claim 152 further comprising:

receiving, from the user, a request for the service at an enforcement point;
determining if the user satisfies the selected executable authentication rule;
and executing an authentication action if the user does not satisfy the selected executable authentication rule.
168. The method of claim 168, wherein determining if the user satisfies the selected executable authentication rule comprises determining a satisfaction state of the selected executable authentication rule.
169. The method of claim 168, wherein the authentication action comprises: a hard token action, a soft token action, a personal identification number (PIN) action, a password (PW) action, a knowledge action, a biometric action, a modify-user information action, or any combination thereof.
170. The method of claim 168, wherein executing the authentication action comprises directing the user to a site different from the enforcement point.
171. The method of claim 168, wherein the authentication action is specified by at least one of: the selected executable authentication rule or the enforcement point.
172. The method of claim 168 further comprising modifying a satisfaction state of the selected executable authentication rule based on a result of the authentication action.
173. The method of claim 152, wherein the service comprises: a financial service, an accounting service, a personnel service, an administrative service, a trade service, or any combination thereof.
174. The method of claim 152, wherein a type of the service comprises: a retail service type, an employment service type, an insurance services type, or any combination thereof.
175. A computer program product, tangibly embodied in an information carrier, the computer program product including instructions being operable to cause a data processing apparatus to:

provide at least a first and a second executable authentication rule, one or both of the first and second executable authentications for determining access by a user to a service;

select the first executable authentication rule when a lifecycle state associated with the user is in a first state;

select the second executable authentication rule when the lifecycle state is in a second state;

generate a rules credential, the rules credential including the selected executable authentication rule; and provide access by the user to the service if the user satisfies the selected executable authentication rule.
176. A system for providing customizable authentication for service provisioning, the system comprising an authentication system adapted to:

provide at least a first and a second executable authentication rule, one or both of the first and second executable authentications for determining access by a user to a service;

select the first executable authentication rule when a lifecycle state associated with the user is in a first state;

select the second executable authentication rule when the lifecycle state is in a second state;

generate a rules credential, the rules credential including the selected executable authentication rule; and provide access by the user to the service if the user satisfies the selected executable authentication rule.
CA002668710A 2006-11-07 2007-11-06 Authentication system for service provisioning Abandoned CA2668710A1 (en)

Applications Claiming Priority (13)

Application Number Priority Date Filing Date Title
US11/593,992 2006-11-07
US11/593,992 US20080115192A1 (en) 2006-11-07 2006-11-07 Customizable authentication for service provisioning
US11/742,923 US20080109365A1 (en) 2006-11-07 2007-05-01 Granular customizable authentication for service provisioning
US11/742,891 2007-05-01
US11/742,912 2007-05-01
US11/742,940 US8505077B2 (en) 2006-11-07 2007-05-01 Acquisition of authentication rules for service provisioning
US11/742,959 US8356341B2 (en) 2006-11-07 2007-05-01 Life cycle management of authentication rules for service provisioning
US11/742,891 US20080109884A1 (en) 2006-11-07 2007-05-01 Triggering of Authentication Rules for Service Provisioning
US11/742,912 US20080109869A1 (en) 2006-11-07 2007-05-01 Authentication Rule Overrides For Service Provisioning
US11/742,940 2007-05-01
US11/742,959 2007-05-01
US11/742,923 2007-05-01
PCT/US2007/083815 WO2008058144A2 (en) 2006-11-07 2007-11-06 Authentication system for service provisioning

Publications (1)

Publication Number Publication Date
CA2668710A1 true CA2668710A1 (en) 2008-05-15

Family

ID=39283884

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002668710A Abandoned CA2668710A1 (en) 2006-11-07 2007-11-06 Authentication system for service provisioning

Country Status (4)

Country Link
EP (1) EP2084645A2 (en)
AU (1) AU2007316435B2 (en)
CA (1) CA2668710A1 (en)
WO (1) WO2008058144A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800985B (en) * 2010-02-10 2014-12-17 中兴通讯股份有限公司 Authentication method and system, terminal, server and data downloading method and device
US20130080325A1 (en) * 2011-09-27 2013-03-28 Ebay, Inc. Depositing and withdrawing funds

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7464162B2 (en) * 2000-07-10 2008-12-09 Oracle International Corporation Systems and methods for testing whether access to a resource is authorized based on access information
US6961773B2 (en) * 2001-01-19 2005-11-01 Esoft, Inc. System and method for managing application service providers
US7231657B2 (en) * 2002-02-14 2007-06-12 American Management Systems, Inc. User authentication system and methods thereof

Also Published As

Publication number Publication date
AU2007316435A2 (en) 2009-07-09
EP2084645A2 (en) 2009-08-05
WO2008058144A3 (en) 2008-07-24
WO2008058144A2 (en) 2008-05-15
AU2007316435A1 (en) 2008-05-15
AU2007316435B2 (en) 2013-07-04

Similar Documents

Publication Publication Date Title
US11461805B2 (en) Call tracking
US20110112901A1 (en) Trust-based personalized offer portal
US8325893B2 (en) Click-to-call attack prevention
US9525640B2 (en) System and method for controlling lifespan of interaction requests
US8077849B2 (en) Systems and methods to block communication calls
US9009785B2 (en) System and method for implementing adaptive security zones
US9912806B1 (en) Computer-implemented system and method for determining call status
US20100146259A1 (en) Multi factor authorisations utilising a closed loop information management system
US10795987B2 (en) Rate-limiting API calls for an account in a customer-relationship-management system based on predicted abusive behavior
CA3039773C (en) System and method for secure interactive voice response
US20130226678A1 (en) System and method for messaging system
US20150341499A1 (en) Method and system for managing voice calls in association with social media content
US20040024817A1 (en) Selectively restricting access of automated agents to computer services
US8831192B1 (en) Telemarketer identity verification
US8831188B1 (en) Method and device for preventing misuse of personal information
US20030023850A1 (en) Verifying messaging sessions by digital signatures of participants
CA2668710A1 (en) Authentication system for service provisioning
JP2016502203A (en) Control your online trading platform account
CN113727288A (en) Silence customer service robot based on 5G message
Schryen Anti-spam legislation: An analysis of laws and their effectiveness
US9628297B2 (en) Communication authentication using multiple communication media
CN112866081A (en) Event reminding method and device, storage medium and electronic device

Legal Events

Date Code Title Description
EEER Examination request
FZDE Discontinued

Effective date: 20141106