| 发明名称 | Identity attribute exchange and validation broker | ||
| 摘要 | Methods and systems are described herein for performing attribute authentication for use by a relying party in providing access to a resource as requested by a user. Attribute authentication may be performed entirely by a single identity service provider, or by multiple identity service providers each authenticating a subset of a plurality of user attributes, such as name, address, phone, email, and the like. Each attribute may be authenticated with a level of assurance. Levels of assurance may vary from attribute to attribute. Different levels of assurance may be required for different attributes before the relying party may grant access to the user-desired resource. An authentication broker may act as a registry or broker of identity service providers, and may store information usable by relying parties to establish a trust relationship with a particular identity service provider on demand, as needed by a relying party. | ||
| 申请公布号 | US8935808(B2) | 申请公布日期 | 2015.01.13 |
| 申请号 | US201213718602 | 申请日期 | 2012.12.18 |
| 申请人 | Bank of America Corporation | 发明人 | Barbir Abdulkader |
| 分类号 | G06F7/04;G06F15/16;G06F17/30;H04L29/06;H04N7/16 | 主分类号 | G06F7/04 |
| 代理机构 | Banner & Witcoff, Ltd. | 代理人 | Banner & Witcoff, Ltd. ;Springs Michael A. |
| 主权项 | 1. A method comprising: receiving, by a computing device, a request from a user for access to a computer protected resource; determining, by the computing device, a first plurality of user attributes and a second plurality of user attributes needed to access the computer protected resource based on a first context and a second context of the request, respectively; querying an authentication broker for first identity service provider information associated with the user; establishing, on-demand, a trust relationship with a first identity service provider specified in the first identity service provider information associated with the user; requesting the first identity service provider to authenticate a requested user attribute, wherein the requested user attribute comprises a first attribute from the first plurality with the first context and a second attribute from the second plurality with the second context of the user; receiving a first authentication response from the first identity service provider, wherein the first authentication response comprises a corresponding level of assurance associated with the requested user attribute; and determining whether to grant access to the computer protected resource based at least in part on the first authentication response. | ||
| 地址 | Charlotte NC US | ||