Data sensitivity based authentication and authorization
First Claim
Patent Images
1. A method comprising:
- receiving, by a mobile device including one or more processors, a request by a user to access data required to be used by an application executing on the mobile device;
determining, by the mobile device, a data sensitivity level associated with the data, wherein data having a higher data sensitivity level requires a greater authentication level to access the data and data having a lower data sensitivity level requires a lower authentication level to access the data, wherein the data sensitivity level associated with the data is dependent on a plurality of security inputs, wherein the data sensitivity level varies between a first user having a first set of security inputs and a second user having a second set of security inputs different from the first user, and wherein the data sensitivity level varies according to a type of the data required to be used by the application requested by the user;
determining, by the mobile device, an authentication level associated with the user making the request in order to access the data requested by the user;
comparing, by the mobile device, the data sensitivity level of the data requested by the user to the authentication level associated with the user;
determining, by the mobile device, whether the authentication level of the user satisfies the data sensitivity level required to be used by the application;
in response to determining that the authentication level of the user is lower than the data sensitivity level for the data, sending a request to the user for authentication information;
in response to sending the request for authentication information, receiving authentication information from the user; and
in response to determining whether the authentication level of the user and the authentication information received from the user satisfies the data sensitivity level required for the data required to be used by the application, providing or denying access to the data required to be used by the application.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.
-
Citations
21 Claims
-
1. A method comprising:
-
receiving, by a mobile device including one or more processors, a request by a user to access data required to be used by an application executing on the mobile device; determining, by the mobile device, a data sensitivity level associated with the data, wherein data having a higher data sensitivity level requires a greater authentication level to access the data and data having a lower data sensitivity level requires a lower authentication level to access the data, wherein the data sensitivity level associated with the data is dependent on a plurality of security inputs, wherein the data sensitivity level varies between a first user having a first set of security inputs and a second user having a second set of security inputs different from the first user, and wherein the data sensitivity level varies according to a type of the data required to be used by the application requested by the user; determining, by the mobile device, an authentication level associated with the user making the request in order to access the data requested by the user; comparing, by the mobile device, the data sensitivity level of the data requested by the user to the authentication level associated with the user; determining, by the mobile device, whether the authentication level of the user satisfies the data sensitivity level required to be used by the application; in response to determining that the authentication level of the user is lower than the data sensitivity level for the data, sending a request to the user for authentication information; in response to sending the request for authentication information, receiving authentication information from the user; and in response to determining whether the authentication level of the user and the authentication information received from the user satisfies the data sensitivity level required for the data required to be used by the application, providing or denying access to the data required to be used by the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile device, comprising:
-
one or more processors; and a memory communicatively coupled to the one or more processors, wherein the one or more processors are configured to execute instructions included in the memory to perform operations for a data sensitivity module, the operations comprising; a request by a user to access data required to be used by an application executing on the mobile device; determining a data sensitivity level associated with the data, wherein data having a higher data sensitivity level requires a greater authentication level to access the data and data having a lower data sensitivity level requires a lower authentication level to access the data, wherein the data sensitivity level associated with the data is dependent on a plurality of security inputs, wherein the data sensitivity level varies between a first user having a first set of security inputs and a second user having a second set of security inputs different from the first user, and wherein the data sensitivity level varies according to a type of the data required to be used by the application requested by the user; determining an authentication level associated with the user making the request in order to access the data requested by the user; comparing the data sensitivity level of the data requested by the user to the authentication level associated with the user; determining, by the mobile device, whether the authentication level of the user satisfies the data sensitivity level for the data required to be used by the application; in response to determining that the authentication level of the user is lower than the data sensitivity level for the data, sending a request to the user for authentication information; in response to sending the request for authentication information, receiving authentication information from the user; and in response to determining whether the authentication level of the user and the authentication information from the user satisfies the data sensitivity level required for the data required to be used by the application, providing or denying access to the data required to be used by the application. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
receiving a request from an administrator to register a first user through an application executing on a mobile device; presenting, to the administrator, one or more predefined security profiles, each of the one or more predefined security profiles including customization points that are configurable for varying a sensitivity level for a selection of data required to be used by the application executing on the mobile device; receiving, from the administrator, a selection of a predefined security profile and one or more customizations for the customization points corresponding to the selected predefined security profile, the one or more customizations including the selection of data required to be used by the application and a sensitivity level, wherein data having a higher data sensitivity level requires a greater authentication level and additional authentication information for the first time user in order to access the data required to be used by the application and data having a lower data sensitivity level requires a lower authentication level and authentication information for the first user in order to access the data required to be used by the application, and wherein the data sensitivity level varies according to a type of the data required to be used by the application; and registering the first user with a custom security profile based on the predefined security profile and the one or more customizations, wherein the data sensitivity level for the first user indicated by the custom security profile is different from other users with different customizations. - View Dependent Claims (19, 20, 21)
-
Specification