In order to regulate access to computer systems, networks, and information systems, authentication procedures have been established to implement basic levels of security. The most common authentication procedure is the use of login information such as, for example, a user identification (e.g., user name) and password, to restrict the access to a computer system, network, and/or information system to designated individuals. This basic authentication model is the standard conventional means of implementing access control on computer systems, networks, and information systems. Other less widely used authentication models include, among others, security keys (e.g., radio frequency cards) which work in a similar manner by matching a code associated with the key to a code that has been permitted access to the system in question. One alternative example of the conventional basic authentication model is the use of radio frequency codes (e.g., on radio frequency cards) to provide login information (e.g., user identifier) to a system. Though the technical media is different, the basic authentication model functions in the same way as for the more standard keying in of user identification and password data.
Some authentication models may use the login information (e.g., user name and password or radio frequency code) to determine the services provided to the user upon login. Service determination in these conventional embodiments is based on the information used in the basic authentication model (e.g., user name and password or radio frequency code) and does not contemplate other considerations that may be pertinent in determining the services presented to a user. For example, users accessing an information system of an insurance provider may all be given access to the same services instead of tailoring the services offered according to the type of policy in effect between the user and the bank. This limitation on tailoring services is based on the restricted authentication criteria (e.g., user name and password) used in making the service determination. In order to overcome this limitation, some systems may designate specific services for each user. However, these services are still determined by the user login information (i.e., the allowed services are linked to the user login information). The conventional means for access authorization is limited by the reliance on the login information in determining access privileges and services.
Moreover, a common feature in virtually all conventional authentication models regulating access to computer systems, networks, and information systems is the binary nature of the authentication either granting or denying access based on matching a user's login data or code with an associated system recognized value. For example, if a user name and password entered by a user matches data in a record/row in a security database of an information system, the user is granted access to the information system. Otherwise, the user is denied access. Intermediate processing is not available whereby a user may be granted access based on other considerations such as the user's contractual relationship with the computer system, network, and/or information systems provider. This represents a further limitation imposed by conventional authentication models.