Dynamic change in plurality of security layers based on projected risk

US 10,242,214 B2
Filed: 10/19/2016
Issued: 03/26/2019
Est. Priority Date: 10/19/2016
Status: Active Grant

First Claim

Patent Images

1. A method of accessing a secured resource, comprising:

monitoring activity of a user;

storing, by one or more processors of a computer system, a historical record including a historical pattern of activity of a user, wherein said historical record is updated based on said activity of said user;

receiving, by the one or more processors, a request from said user to access a secured resource;

performing, by the one or more processors, a first security check with respect to said user to determine whether a first security protocol is satisfied by the user in order to be permitted to access the secured resource;

allowing, by the one or more processors, the user to access the secured resource in response to a determination that the first security check is satisfied by the user;

conducting, by the one or more processors, a comparison of current activity of said user with the historical record of said user;

deriving, by the one or more processors, a risk factor based on said comparison;

performing, by the one or more processors, based on said risk factor, a selection process for selecting from a plurality of additional security choices a second security check with respect to said user to determine whether a second security protocol is satisfied by the user in order to be permitted to continue to access the secured resource, said second security check being selected from said plurality of additional security choices based on a relative scaling factor related to said risk factor;

allowing, by the one or more processors, the user to continue to access the secured resource in response to a determination that the second security condition is satisfied by the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and associated system. Before allowing a user to use a secured resource, a first security check may be performed with respect to the user and/or the secured resource to determine whether a first security condition is satisfied. In response to a first security condition being satisfied, allowing the user to use the secured resource. In response to failing to satisfy the at least one first security condition, performing a second security check on the user with a second security condition. In response to passing a second security condition, allowing the user to use the secured resource. The first security condition may include a dynamic evaluation of at least one available data point to calculate a projected security risk of the user using the secured resource and the level of complexity of the second security condition may be set based on the calculated projected security risk.

Citations

19 Claims

1. A method of accessing a secured resource, comprising:
- monitoring activity of a user;
  
  storing, by one or more processors of a computer system, a historical record including a historical pattern of activity of a user, wherein said historical record is updated based on said activity of said user;
  
  receiving, by the one or more processors, a request from said user to access a secured resource;
  
  performing, by the one or more processors, a first security check with respect to said user to determine whether a first security protocol is satisfied by the user in order to be permitted to access the secured resource;
  
  allowing, by the one or more processors, the user to access the secured resource in response to a determination that the first security check is satisfied by the user;
  
  conducting, by the one or more processors, a comparison of current activity of said user with the historical record of said user;
  
  deriving, by the one or more processors, a risk factor based on said comparison;
  
  performing, by the one or more processors, based on said risk factor, a selection process for selecting from a plurality of additional security choices a second security check with respect to said user to determine whether a second security protocol is satisfied by the user in order to be permitted to continue to access the secured resource, said second security check being selected from said plurality of additional security choices based on a relative scaling factor related to said risk factor;
  
  allowing, by the one or more processors, the user to continue to access the secured resource in response to a determination that the second security condition is satisfied by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising:
    - changing, by the one or more processors, said second security protocol based on said risk factor by applying said scaling factor to select both a number of additional security layers and a type of additional security layers, where both said number and said type are chosen from said plurality of additional security choices based on said risk factor.
  - 3. The method of claim 1, wherein the secured resource is at least one of data, at least one tool, at least one device, at least one application, a security system, or a vehicle.
  - 4. The method of claim 1, wherein the second security protocol is based on an evaluation of at least one data point stored in said historical record to calculate said risk factor of the user.
  - 5. The method of claim 4, wherein the evaluation evaluates the at least one data point stored in said historical record collected to determine the risk factor based on at least one of predefined rules or predefined preferences of at least one of a system administrator or the user.
  - 6. The method of claim 5, wherein the at least one data point is passively collected by an analytics engine.
  - 7. The method of claim 3, further comprising:
    - in response to the user failing to satisfy the first security check, performing, by the one or more processors, said second security check on the user with said second security protocol; and
      
      in response to the user passing the at least one second security protocol, allowing, by the one or more processors, the user to access the secured resource,wherein the second security protocol comprises more than two additional security layer depending on the risk factor of the user using the security resource based on the comparison.
  - 8. The method of claim 7, comprising dynamically adjusting a number of security layers of the second security protocol when the risk factor is relatively high to be greater than a number of security layers of the at least one security layer when the risk factor is relatively low.
  - 9. The method of claim 7, wherein the second security protocol prompts the user for at least one of a password, passcode, fingerprint, voice recognition sample, retinal scan, biometric data, or identifying picture contents.
  - 10. The method of claim 1, comprising:
    - in response to a determination that the at least one first security protocol is satisfied, monitoring, by the one or more processors, the activity of the user for a change in said risk factor.
  - 11. The method of claim 10, comprising:
    - in response to a determination that the monitoring the activity of the user causes a change in said risk factor, terminating, by the one or more processors, the user'"'"'s use of the secured resource.
  - 12. The method of claim 10, comprising:
    - in response to a determination that the monitoring the activity of the user causes a change in said risk factor, performing, by the one or more processors, said second security check on the user.
  - 13. The method of claim 12, wherein a change in said risk factor is caused by an actual activity of the user that is different than a recorded activity of the user.
  - 14. The method of claim 10, wherein the monitoring the activity of the user for a change in said risk factor comprises collecting data in the historical record related to a violation of the first security condition.
  - 15. The method of claim 1, wherein the first security protocol is based on at least one of a proximity and a presence of peer devices.
  - 16. The method of claim 15, wherein the proximity or presence of peer devices includes the ability to detect at least one of said proximity or presence of at least one of:
    - a family member of the user;
      
      a friend of the user;
      
      a colleague of the user;
      
      ora secondary device whose proximity indicates a secure location.
  - 17. The method of claim 1, wherein the historical record comprises data including past locations of said user, a social network of said user, and a degree of separation of said user from said social network.
  - 18. The method of claim 1, wherein the first security protocol is based on at least one of historical locations of the user or historical locations of a device used by the user.
  - 19. The method of claim 18, wherein the first security protocol is based on at least one of a type of the location, historical frequency of presence at the location, or a historical frequency of usage at the location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Gadepalli, Venkata V., Hewitt, Trudy L., Iyengar, Ashok K., Moreno, James M.
Primary Examiner(s)
Korsak, Oleg

Application Number

US15/297,275
Publication Number

US 20180107833A1
Time in Patent Office

888 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

Dynamic change in plurality of security layers based on projected risk

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic change in plurality of security layers based on projected risk

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links