Adjusting multi-factor authentication using context and pre-registration of objects
First Claim
1. A method for authenticating a user device requesting access to a system or network resource of an entity, said method comprising:
- determining, via said user device, that a first context of a user of said user device has been met, the first context having a first pre-defined authentication value;
determining, via said user device, that at least a second context of the user of said user device has been met, the second context having a second pre-defined authentication value;
computing an aggregated authentication value from at least the first and second pre-defined authentication values;
determining a required authentication value, the required authentication value comprising a minimum value that is required to authenticate the user of said user device;
comparing the required authentication value to the aggregated authentication value;
determining based on the comparison that the aggregated authentication value does not meet the required authentication value;
in response to determining based on the comparison that the aggregated authentication value does not meet the required authentication value, determining a difference between the required authentication value and the aggregated authentication value;
identifying, based on the difference, a first authentication challenge to be used for authentication of the user from a plurality of authentication challenges, each of the plurality of authentication challenges having a pre-defined authentication value, the first authentication challenge having a third pre-defined authentication value that, when aggregated with the aggregated authentication value, is sufficient to meet the required authentication value, the first authentication challenge having a reduced complexity as compared to a second authentication challenge of the plurality of authentication challenges, the second authentication challenged having a fourth pre-defined authentication value that is, on its own, sufficient to meet the required authentication value without the determination that the first and second contexts have been met; and
presenting the first authentication challenge to the user of said user device as an authentication challenge that the user is required to meet for authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method and computer program product for user authentication that uses information about a user'"'"'s context or context of their personal device(s) to dynamically modify that user'"'"'s authentication or login requirements to an application in a computer or mobile device. The system is configured to run methods that detect and make use of a user'"'"'s context that includes: a current environment or personal context, and uses this capability to enable variable strength authentication when attempting to log in or enter another application or resource. In one embodiment, the system implements methods to dynamically adjust the authentication challenge as a differential of all accumulated user contexts (e.g., providing a shorter password or pin-code).
17 Citations
20 Claims
-
1. A method for authenticating a user device requesting access to a system or network resource of an entity, said method comprising:
-
determining, via said user device, that a first context of a user of said user device has been met, the first context having a first pre-defined authentication value; determining, via said user device, that at least a second context of the user of said user device has been met, the second context having a second pre-defined authentication value; computing an aggregated authentication value from at least the first and second pre-defined authentication values; determining a required authentication value, the required authentication value comprising a minimum value that is required to authenticate the user of said user device; comparing the required authentication value to the aggregated authentication value; determining based on the comparison that the aggregated authentication value does not meet the required authentication value; in response to determining based on the comparison that the aggregated authentication value does not meet the required authentication value, determining a difference between the required authentication value and the aggregated authentication value; identifying, based on the difference, a first authentication challenge to be used for authentication of the user from a plurality of authentication challenges, each of the plurality of authentication challenges having a pre-defined authentication value, the first authentication challenge having a third pre-defined authentication value that, when aggregated with the aggregated authentication value, is sufficient to meet the required authentication value, the first authentication challenge having a reduced complexity as compared to a second authentication challenge of the plurality of authentication challenges, the second authentication challenged having a fourth pre-defined authentication value that is, on its own, sufficient to meet the required authentication value without the determination that the first and second contexts have been met; and presenting the first authentication challenge to the user of said user device as an authentication challenge that the user is required to meet for authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for authenticating a user device requesting access to a system or network resource of an entity, said system comprising:
-
a memory device; a processor unit in communication with said memory device, said processor unit configured to; determine, via said user device, that a first context of a user of said user device has been met, the first context having a first pre-defined authentication value; determine, via said user device, that at least a second context of the user of said user device has been met, the second context having a second pre-defined authentication value; compute an aggregated authentication value from at least the first and second pre-defined authentication values; determine a required authentication value, the required authentication value comprising a minimum value that is required to authenticate the user of said user device; compare the required authentication value to the aggregated authentication value; determine based on the comparison that the aggregated authentication value does not meet the required authentication value; in response to determining based on the comparison that the aggregated authentication value does not meet the required authentication value, determine a difference between the required authentication value and the aggregated authentication value; identify, based on the difference, a first authentication challenge to be used for authentication of the user from a plurality of authentication challenges, each of the plurality of authentication challenges having a pre-defined authentication value, the first authentication challenge having a third pre-defined authentication value that, when aggregated with the aggregated authentication value, is sufficient to meet the required authentication value, the first authentication challenge having a reduced complexity as compared to a second authentication challenge of the plurality of authentication challenges, the second authentication challenged having a fourth pre-defined authentication value that is, on its own, sufficient to meet the required authentication value without the determination that the first and second contexts have been met; and present the first authentication challenge to the user of said user device as an authentication challenge that the user is required to meet for authentication. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product for authenticating a user device requesting access to a system or network resource of an entity, said program product comprising:
-
a storage medium, the medium not a propagating signal, readable by a processor and storing instructions for execution by the processor for performing a method comprising; determining, via said user device, that a first context of a user of said user device has been met, the first context having a first pre-defined authentication value; determining, via said user device, that at least a second context of the user of said user device has been met, the second context having a second pre-defined authentication value; computing an aggregated authentication value from at least the first and second pre-defined authentication values; determining a required authentication value, the required authentication value comprising a minimum value that is required to authenticate the user of said user device; comparing the required authentication value to the aggregated authentication value; determining based on the comparison that the aggregated authentication value does not meet the required authentication value; in response to determining based on the comparison that the aggregated authentication value does not meet the required authentication value, determining a difference between the required authentication value and the aggregated authentication value; identifying, based on the difference, a first authentication challenge to be used for authentication of the user from a plurality of authentication challenges, each of the plurality of authentication challenges having a pre-defined authentication value, the first authentication challenge having a third pre-defined authentication value that, when aggregated with the aggregated authentication value, is sufficient to meet the required authentication value, the first authentication challenge having a reduced complexity as compared to a second authentication challenge of the plurality of authentication challenges, the second authentication challenged having a fourth pre-defined authentication value that is, on its own, sufficient to meet the required authentication value without the determination that the first and second contexts have been met; and presenting the first authentication challenge to the user of said user device as an authentication challenge that the user is required to meet for authentication. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification