| CPC H04L 63/0884 (2013.01) [H04L 63/0892 (2013.01); H04L 63/105 (2013.01); H04L 2463/082 (2013.01)] | 16 Claims |
|
1. A computer-executed method comprising:
receiving, from a particular client, a first request, within a particular session, to perform a first action in an application;
wherein the application supports:
a first set of actions that require authentication at a first authentication tier, and
a second set of actions that require authentication at a second authentication tier that is higher than the first authentication tier;
wherein the first action belongs to the first set of actions;
wherein the first request identifies the particular session with a non-Additional Authentication Step Deferral (AASD) session identifier;
in response to the first request:
authenticating the client to the first authentication tier;
generating an AASD session identifier for the particular session, wherein the AASD session identifier is different than the non-AASD session identifier;
storing data that indicates that the particular session has been authenticated to the first authentication tier but not the second authentication tier;
returning to the client the AASD session identifier;
allowing the client to perform the second action;
receiving, from the particular client, a second request, within the particular session, to perform a second action in the application;
wherein the second action belongs to the first set of actions;
wherein the second request identifies the particular session with the AASD session identifier;
in response to the second request and based on the AASD session identifier:
allowing the client to perform the second action without repeating authenticating the client to the first authentication tier;
wherein the method is performed by one or more computing devices.
|