| 发明名称 | Service channel authentication processing hub | ||
| 摘要 | A computer system receives a service request over a service channel from a user device, initiates a challenge to the user device to provide authentication information based on a set of authenticators, and determines an initial level of authentication. When the initial level of authentication is not sufficient for the service channel or protected resource, the apparatus generates a challenge to the user device with at least one additional authenticator and determines an achieved level of authentication based on the further authentication information. When the achieved level of authentication reaches a target authentication level for the service channel, the apparatus continues processing the service request by the service channel. The computer may transfer the service request to another service channel with the authentication token obtained on the original service channel and further challenges the user device with additional authenticators when a higher level of authentication is necessary. | ||
| 申请公布号 | US9548997(B2) | 申请公布日期 | 2017.01.17 |
| 申请号 | US201615042669 | 申请日期 | 2016.02.12 |
| 申请人 | Bank of America Corporation | 发明人 | Keys Andrew T.;Pruthi Kapil;Zhang Xianhong;Pender Mark A.;Carpenter Daniel Lynn |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Banner & Witcoff, Ltd. | 代理人 | Banner & Witcoff, Ltd. ;Springs Michael A. |
| 主权项 | 1. An apparatus comprising: at least one memory device; at least one processor coupled to the at least one memory device and configured to perform, based on instructions stored in the at least one memory device: receiving a service request over a first service channel from a user device, wherein the first service channel is one of a plurality of service channels and the service request includes an authentication token and a received set of attributes of the user device; extracting, from the received authentication token, a signed set of attributes of an authenticated device when the authentication token was created; comparing the received set of attributes with the signed set of attributes to obtain an authentication indicator; when the authentication indicator is indicative that the received set of attributes and the signed attributes do not match, denying the service request; when the authentication indicator is indicative that the received set of attributes and the signed attributes match, extracting an initial level of authentication from the authentication token, wherein the initial level of authentication is one of a plurality of authentication levels; when the initial level of authentication is not sufficient for the first service channel, generating a challenge message to the user device requesting a further authentication information based on at least one additional authenticator; determining an achieved level of authentication based on the initial level of authentication and the further authentication information; and when the achieved level of authentication is at least as great as a first target authentication level for the first service channel, continue processing the service request by the first service channel. | ||
| 地址 | Charlotte NC US | ||