Reusable Authentication Experience Tool
Original Publication Date: 2016-Sep-08
Included in the Prior Art Database: 2016-Sep-08
Conceptual flowcharts and wireframes
< Reusable Authentication Experience Tool >
<November 14, 2008>
What does it do
The Reusable Authentication Experience Tool provides an easy way to quickly add standardized secure authentication processes to multiple web pages, and provide users with a quick response time throughout the authentication process. This is especially useful to add complex multi-step authentication processes to a wide variety of web pages all using a common authentication service.
What is currently being done
Current authentication systems do one of three things:
- many systems collect only user id and password and then verify the ID and password combination when they are submitted leading to a single page refresh reflecting whether the user passed or failed authentication.
- Due to new regulation in several countries, including the
US, as well as enlightened self interest based on Internet threats, many organizations are deploying multi-factor authentication. Multi-factor authentication can take many forms, but often involves additional authentication process steps that may or may not be visible to the user. Multi-factor authentication usually involves multiple factors – the password you know, plus something you have (like a smart card, token, cookie, or PC), or something you are (like a fingerprint or DNA). Some also talk about sometime, or someplace you are, using time and location as factors that help authenticate people. In these cases, performing multi-factor authentication information may be collected simultaneously with collecting the password, or it may be collected during separate process steps either before or after the password is collected.
- A few systems, including and SSL are capable of supporting mutual authentication. Normal, password based authentication only authenticates the user to the system. In mutual authentication, the user is able to verify the system they are logging into, and the system is able to verify the user they are letting in.
In all of these current systems, the authentication factors and process steps have been implemented as multiple separate web pages requiring a full refresh of the whole web page during each step. With the current invention, we have utilized new technologies to create a simpler experience – one that can be deployed on multiple web sites with minimal effort, and one that maintains a consistent experience while minimizing processing time – no whole web pages are refreshed until the process through the tool is complete. Within this document we may refer more or less interchangeably to the tool as the Widget, or the widget, or the tool. The widget is the specific implementation made by . The invention described herein should be considered to cover additional instances of a reusable, secure, authentication tool with similar characteristics.
What makes it unique
Several things make the Reusable Authentication Experience Tool unique.