| CPC H04L 63/083 (2013.01) [G06F 16/25 (2019.01); G06F 21/316 (2013.01); H04L 63/105 (2013.01); H04L 2463/082 (2013.01)] | 13 Claims |
|
1. An authentication framework comprising steps of:
(a) a Client making an authentication request to a User currently attempting to sign in or to be authenticated by the Client via a Point of Client Authentication Requirement in order to access an electronic system;
(b) the Client receiving a first Identity Factor from the User;
(c) when a second Identity Factor is required by the Client for the User to sign in or be authenticated by the Client, the Client receiving a second Identity Factor from the User;
(d) the Client determining whether the first Identity Factor and the second Identity Factor, when received by the Client, match corresponding information in a Client database;
(e) the Client informing a Central Global Database, wherein the Central Global Database includes a database, that the User is attempting to sign in or to be authenticated by the Client, forwarding the first Identity Factor and the second Identity Factor when received by the Client to the Central Global Database, and reporting said determination made during step (d);
(f) the Central Global Database searching for current knowledge about the User, including
employing data gathered from the User's current attempt to sign in or to be authenticated by the Client,
employing data from a history of previous attempts by the User to sign in or otherwise to be authenticated by the Client via other Points of Client Authentication Requirement,
other metrics including an IP address from which the User is currently attempting to sign in or be authenticated,
past and/or present key entry speed of the User,
previous habits of the User,
information that the User has previously inputted to the Central Global Database, and/or
other information which the Central Global Database received through subscription to third party resources;
(g) the Central Global Database determining whether any Flags exist with respect to the User's current attempt to sign in or to be authenticated by the Client;
(h) when no Flags exist, next performing steps (l) through (m);
(i) asking the User to provide an additional Identity Factor, wherein
(1) when the Client uses a first additional factor protocol, the Central Global Database transmits to the Client a request to ask the User for said additional Identity Factor, the Client asks the User for said additional Identity Factor,
and when the User responds to the Client's request, the Client returns said response of the User to the Central Global Database; and
(2) when the Client uses a second additional factor protocol, the Client proxies the Central Global Database to ask the User for said additional Identity Factor;
wherein the additional Identity Factor includes an activity, location and/or authentication transaction of the User occurring within a day of the User's current attempt to sign in or to be authenticated by the Client;
(j) after receiving the additional Identity Factor, the Central Global Database evaluates the authentication of the User;
(k) when one or more Flags exist regarding said authentication of the User, returning to step (i) to request a further additional Identity Factor from the User;
(l) the Central Global Database providing confirmation of authentication of the User to the Client;
(m) the Client granting the User access to said electronic system; and
(n) when the Central Global Database or the Client received a changed first Identity Factor, a changed second Identity Factor and/or a changed additional Identity Factor from the User prior to the User's current attempt to sign in or to be authenticated by the Client, the Central Global Database or the Client providing said changed first Identity Factor, said changed second Identity Factor and/or said changed additional Identity Factor to the other of the Central Global Database or the Client, and the Central Global Database or the Client receiving said changed first Identity Factor, said changed second Identity Factor and/or said changed additional Identity Factor updating the respective database of the Central Global Database or the Client with said changed first Identity Factor, said changed second Identity Factor and/or said changed additional Identity Factor.
|