| CPC H04L 63/0876 (2013.01) [H04L 63/0861 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for use in determining a type of authentication of a user for a given interaction based on associated context for the user and/or the interaction, the method comprising:
receiving, at a mobile device, from a relying party, a request for an attribute of a user associated with the mobile device in connection with an interaction between the user and the relying party, the request including data indicative of the relying party and an authentication policy of the relying party;
determining, by the mobile device, a type of authentication, from among multiple types of authentication available at the mobile device, to be used for said interaction between the user and the relying party, based on the authentication policy of the relying party and at least one of multiple context signals stored in the mobile device, prior to providing the attribute to the relying party, the multiple context signals indicative of one or more patterns of the user and/or the mobile device based, at least in part, on historical authentication data;
soliciting, by the mobile device, authentication data from the user consistent with the determined type of authentication;
receiving, by the mobile device, the solicited authentication from the user; and
in response to the user being authenticated at the mobile device based on the authentication data, providing the attribute to the relying party, whereby the determined type of authentication is specific to the relying party and/or the multiple context signals, and not based on a default type of authentication.
|