| CPC H04L 63/0884 (2013.01) [H04L 63/06 (2013.01); H04L 63/0861 (2013.01); H04L 63/0853 (2013.01); H04L 2463/082 (2013.01)] | 17 Claims |
|
1. An authentication server to authenticate a user in communication with an enterprise server, comprising:
a memory of the authentication server to store a first plurality of user credentials received from a user device associated with the user, wherein the first plurality of user credentials:
comprise one or more biometric-type parameters, one or more possession-type parameters, or one or more knowledge base-type parameters, or any combination there of, and
do not comprise an identification of the user; and
a processor of the authentication server coupled to the memory of the authentication server to:
receive, by the authentication server from the enterprise server, a request to authenticate the user, wherein the request:
does not identify the user, and
does not include an identification of which at least one of the first plurality of user credentials is to be used to authenticate the user;
obtain, by the authentication server from the user device, an authentication parameter, wherein:
the authentication parameter is based, at least in part, on an enterprise policy of the enterprise server,
the authentication parameter is derived, at least in part, from a device ID,
the device ID is bound to hardware of the user device, and
the device ID comprises a parameter that uniquely identifies the user device; and
responsive to selecting, by the authentication server, for comparison a one or more of the first plurality of user credentials based, at least in part, on the enterprise policy, authenticate, by the authentication server, the user, at least in part, via a comparison of the obtained authentication parameter with the one or more of the first plurality of user credentials.
|