Search

US-12621291-B2 - Method and apparatus for an identity assurance score with ties to an ID-less and password-less authentication system

US12621291B2US 12621291 B2US12621291 B2US 12621291B2US-12621291-B2

Abstract

A technique is provided by which a user goes to a site and instead of the authentication system of the site going to their own databases to match an ID and password given by the user, because doing so is not secure, the site companies makes a call to an identity assurance score server (with ties to the ID-less and password-less system) and send a parameter such as a number. Then, based on that parameter (e.g., number or score), the identity assurance score server (with ties to the ID-less and password-less system, such as described hereinabove) sends a corresponding login protocol or factors to be satisfied to authenticate the user.

Inventors

  • Nelson A. Cicchitto

Assignees

  • Avatier, IP LLC

Dates

Publication Date
20260505
Application Date
20240520

Claims (14)

  1. 1 . A computer-implemented method, comprising: receiving, at an identity assurance server, a first request initiated from a company server for an identity assurance score corresponding to an entity requesting the company server for access to an asset of the company; generating, in response to the request, the identity assurance score and determining a collection of requirements that the entity must satisfy to access the asset, wherein the collection of requirements are based on a predetermined hierarchy of levels of requirements to be satisfied for the request to be approved and are based on the generated identity assurance score; transmitting by the identity assurance server for delivery to the company server, the identity assurance score and the collection of requirements for the entity to satisfy; receiving, at the identity assurance server and originating from the company server, informational data corresponding to the collection of requirements completed by the entity; confirming, at the identity assurance server, that the received informational data matches data previously saved on a database at the identity assurance server; and notifying the company that the received information data has been confirmed; wherein one or more steps are performed on at least a processor coupled to at least a memory; and wherein the hierarchy of levels comprises the following levels of requirements for granting access to the asset: first level—ID of user and No Password; second level—ID and Password; third level—Description of something the entity knows; fourth level—Description of something the entity has; fifth level—Number of social network connections the entity has; sixth level—Location of the entity; seventh level—One biometric identifier; eighth level—Two biometric identifiers; ninth level—Three biometric identifiers; tenth level—Financial information corresponding to the entity; eleventh level—One health identifier; twelfth level—Second health identifier; and thirteenth level—DNA (Deoxyribonucleic acid) of the entity.
  2. 2 . The method of claim 1 , wherein the asset of the company is any of a computer-related account or service or a room or building under control of the company.
  3. 3 . The method of claim 1 , wherein the requirements of each level in the hierarchy of levels are cumulative, meaning that the identity assurance score causes the requirements for a current level and previous levels to be checked for satisfaction before approving the request.
  4. 4 . The method of claim 1 , wherein the identity assurance score for a current level does not have to incorporate requirements of any other level of any other identity assurance score before approving the request.
  5. 5 . The method of claim 1 , wherein a biometric identifier is fingerprint or voice of the entity.
  6. 6 . The method of claim 5 , wherein financial information comprises any of: current bank balances; the number of bank accounts; whether the entity is a homeowner; or whether the entity has any personal loans.
  7. 7 . The method of claim 6 , wherein a health identifier is 1 Blood Type; dental information; or type of surgeries.
  8. 8 . An apparatus, comprising: a first receiving processor configured to receive, at an identity assurance server, a first request initiated from a company server for an identity assurance score corresponding to an entity requesting the company server for access to an asset of the company; a generating processor configured to generate, in response to the request, the identity assurance score and determine a collection of requirements that the entity must satisfy to access the asset, wherein the collection of requirements are based on a predetermined hierarchy of levels of requirements to be satisfied for the request to be approved and are based on the generated identity assurance score; a transmitting processor configured to transmit by the identity assurance server for delivery to the company server, the identity assurance score and the collection of requirements for the entity to satisfy; a second receiving processor configured to receive, at the identity assurance server and originating from the company server, informational data corresponding to the collection of requirements completed by the entity; a confirming processor configured to confirm, at the identity assurance server, that the received informational data matches data previously saved on a database at the identity assurance server; a notifying processor configured to notify the company that the received information data has been confirmed; and at least one memory operable to store computer program instructions executable by at least one of said processors, wherein the hierarchy of levels comprises the following levels of requirements for granting access to the asset: first level—ID of user and No Password; second level—ID and Password; third level—Description of something the entity knows; fourth level—Description of something the entity has; fifth level—Number of social network connections the entity has; sixth level—Location of the entity; seventh level—One biometric identifier; eighth level—Two biometric identifiers; ninth level—Three biometric identifiers; tenth level—Financial information corresponding to the entity; eleventh level—One health identifier; twelfth level—Second health identifier; and thirteenth level—DNA (Deoxyribonucleic acid) of the entity.
  9. 9 . The apparatus of claim 8 , wherein the asset of the company is any of a computer-related account or service or a room or building under control of the company.
  10. 10 . The apparatus of claim 8 , wherein the requirements of each level are cumulative, meaning that the identity assurance score causes the requirements for a current level and previous levels to be checked for satisfaction before approving the request.
  11. 11 . The apparatus of claim 8 , wherein the identity assurance score for a current level does not have to incorporate requirements of any other level of any other identity assurance score before approving the request.
  12. 12 . The apparatus of claim 8 , wherein a biometric identifier is fingerprint or voice of the entity.
  13. 13 . The apparatus of claim 12 , wherein financial information comprises any of: current bank balances; the number of bank accounts; whether the entity is a homeowner; or whether the entity has any personal loans.
  14. 14 . The apparatus of claim 13 , wherein a health identifier is 1 Blood Type; dental information; or type of surgeries.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This patent application is a continuation of U.S. patent application Ser. No. 17/472,355, filed Sep. 10, 2021, which is a continuation of U.S. patent application Ser. No. 15/970,796, (now U.S. Pat. No. 11,122,034) METHOD AND APPARATUS FOR AN IDENTITY ASSURANCE SCORE WITH TIES TO AN ID-LESS AND PASSWORD-LESS AUTHENTICATION SYSTEM, filed May 3, 2018, which is continuation-in-part of U.S. patent application Ser. No. 15/626,997 (now U.S. Pat. No. 9,979,715), AGGREGATOR TECHNOLOGY WITHOUT USERNAMES AND PASSWORDS, filed Jun. 19, 2017, which is incorporated herein by reference in its entirety, which is a divisional of U.S. patent application Ser. No. 15/052,747 (now U.S. Pat. No. 9,686,273), AGGREGATOR TECHNOLOGY WITHOUT USERNAMES AND PASSWORDS, filed Feb. 24, 2016, which is incorporated herein by reference in its entirety, and additionally claims priority from U.S. Provisional Patent Application No. 62/120,153, SOCIAL SINGLE SIGN-ON AGGREGATOR WITHOUT USERNAMES AND PASSWORDS, filed Feb. 24, 2015, which is also incorporated herein by this reference in its entirety, and this patent application claims priority from U.S. Provisional Patent Application No. 62/501,027, MOBILE DEVICE ENABLED DESKTOP TETHERED AND TETHERLESS AUTHENTICATION AND METHOD AND APPARATUS FOR A SOCIAL NETWORK SCORE AND IDENTITY ASSURANCE SCORE TIES TO ID-LESS AND PASSWORD-LESS AUTHENTICATION SYSTEM, filed May 3, 2017, which is incorporated herein by reference in its entirety. BACKGROUND OF THE INVENTION Technical Field This invention relates generally to the field of digital authentication. More specifically, this invention relates to performing digital authentication based on a generated identity assurance score with ties to an ID-less and password-less authentication system. Description of the Related Art Presently, an individual has accounts on many online applications and/or services. These applications and/or services each require the individual to have a user ID and a password as part of their authentication to having access to their account on these applications or services. That individual must maintain knowledge about each of these ID's and passwords to manage their access to each of these accounts and services. An authentication system and method for offering greater degree of flexibility in using authentication devices while maintaining a high level of security is taught in U.S. Pat. Application No. US 2004/0039909, FLEXIBLE AUTHENTICATION WITH MULTIPLE LEVELS AND FACTORS (Feb. 26, 2004) to D. Cheng. However, the technique is limited to an authorizee requesting the access authorization level. As well, many organizations rely on technological identity and access management solutions to keep pace with the growth of their organizations, e.g. gaming and hospitality enterprises. Thus, for example, such organizations deploy automated user de-provisioning or password policy enforcement. In today's environment, partner enterprises allow an external user from one organization outside of their network to have access to an internal application of their organization within their own network. This type of partnership can be referred to as federated identity management. With using federated identity management, an internal application written at Company A can be made publicly available. For a user at Company B on one type of network to access on an entirely different network the internal application written at Company A, the user has to perform the following procedure. The user creates an internal ID at Company A, enters the internal application and maps his external ID from his own network to his internal ID on Company A's network. Further, Company A can allow the user to access their internal application by the user using a social network account, such as a LinkedIn (Mountain View, CA; “LinkedIn”) account for example. Then, Company A can link the external user's social network account sign on to Company A's internal application. The technique described above allows Company A to manage their partners' access to their internal applications. Today, there's a technology known as federation, which allows an enterprise to manage their partners' access to their internal applications. However, federation requires high maintenance for every partner company and a lot of initial effort to set up and configure. SUMMARY OF THE INVENTION A technique is provided by which a user goes to a site and instead of the authentication system of the site going to their own databases to match an ID and password given by the user, because doing so is not secure, the site companies makes a call to an identity assurance score server (with ties to the ID-less and password-less system) and send a parameter such as a number. Then, based on that parameter (e.g., number or score), the identity assurance score server (with ties to the ID-less and password-less system, such as described hereinabove) sends a corresponding login protocol or fact