Fabric assisted identity and authentication

US 10,313,343 B2
Filed: 12/28/2016
Issued: 06/04/2019
Est. Priority Date: 12/28/2016
Status: Active Grant

First Claim

Patent Images

1. A machine readable storage device or storage disk comprising instructions that, when executed, cause a machine for context-based authentication in a secure network including multiple interconnected programmable devices to at least:

obtain, from a programmable device, identity data and contextual data associated with a current authentication of a user attempting to access the secure network, the user being associated with the programmable device, the contextual data indicating a number of authentication factors implementable by the programmable device in connection with the current authentication, whether the programmable device is an approved device for the secure network, and whether the programmable device is attempting to access the secure network via a physical communication mechanism;

determine, based on the identity data and the contextual data, one or more patterns associated with the current authentication of the user;

determine, based on the identity data, the number of authentication factors indicated by the contextual data, and the one or more patterns, a risk level associated with the current authentication of the user;

access the secure network in response to the determined risk level satisfying a threshold;

request additional identity data in response to the determined risk level not satisfying the threshold; and

determine whether to permit access to the secure network based on the current authentication and the additional identity data.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Context-based authentication in a secure network comprised of multiple interconnected programmable devices is described. One technique includes receiving, from a programmable device, identity data and contextual data associated with a current authentication of a user attempting to access a secure network. The user is associated with the programmable device. The technique may include determining, based on the identity data and the contextual data, one or more patterns associated with the current authentication of the user. Furthermore, a risk level associated with the current authentication of the user may be determined based on the identity data, the contextual data, and the one or more patterns. In at least one scenario, access is granted to the secure network in response to the determined risk level. Other advantages and embodiments are described.

Citations

19 Claims

1. A machine readable storage device or storage disk comprising instructions that, when executed, cause a machine for context-based authentication in a secure network including multiple interconnected programmable devices to at least:
- obtain, from a programmable device, identity data and contextual data associated with a current authentication of a user attempting to access the secure network, the user being associated with the programmable device, the contextual data indicating a number of authentication factors implementable by the programmable device in connection with the current authentication, whether the programmable device is an approved device for the secure network, and whether the programmable device is attempting to access the secure network via a physical communication mechanism;
  
  determine, based on the identity data and the contextual data, one or more patterns associated with the current authentication of the user;
  
  determine, based on the identity data, the number of authentication factors indicated by the contextual data, and the one or more patterns, a risk level associated with the current authentication of the user;
  
  access the secure network in response to the determined risk level satisfying a threshold;
  
  request additional identity data in response to the determined risk level not satisfying the threshold; and
  
  determine whether to permit access to the secure network based on the current authentication and the additional identity data.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The machine readable storage device or storage disk of claim 1, wherein the requested additional identity data is randomized.
  - 3. The machine readable storage device or storage disk of claim 1, wherein the instructions, when executed, further cause the machine to invoke an authorization entity based on the determined risk level not satisfying the threshold and the additional identity data.
  - 4. The machine readable storage device or storage disk of claim 1, wherein one or more of the identity data, the contextual data, and the one or more patterns is communicated via an enterprise service bus (ESB).
  - 5. The machine readable storage device or storage disk of claim 4, wherein the ESB includes a data exchange layer.
  - 6. The machine readable storage device or storage disk of claim 4, wherein the ESB is to utilize message queuing telemetry transport messages for data exchange.

7. A method for context-based authentication in a secure network including multiple interconnected programmable devices, the method comprising:
- obtaining, from a programmable device, identity data and contextual data associated with a current authentication of a user attempting to access the secure network, the user being associated with the programmable device, the contextual data indicating a number of authentication factors implementable by the programmable device in connection with the current authentication, whether the programmable device is an approved device for the secure network, and whether the programmable device is attempting to access the secure network via a physical communication mechanism;
  
  determining, based on the identity data and the contextual data, one or more patterns associated with the current authentication of the user;
  
  determining, based on the identity data, the number of authentication factors indicated by the contextual data, and the one or more patterns, a risk level associated with the current authentication of the user;
  
  permitting access to the secure network in response to one or more processors determining the determined risk level satisfies a threshold;
  
  requesting additional identity data in response to the one or more processors determining the determined risk level does not satisfy the threshold; and
  
  determining whether to permit access to the secure network based on the current authentication and the additional identity data.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the requested additional identity data is randomized.
  - 9. The method of claim 7, further including invoking an authorization entity based on the determined risk level not satisfying the threshold and the additional identity data.
  - 10. The method of claim 7, further including communicating one or more of the identity data, the contextual data, and the one or more patterns via an enterprise service bus (ESB).
  - 11. The method of claim 10, further including utilizing a data exchange layer of the ESB.
  - 12. The method of claim 10, further including utilizing message queuing telemetry transport messages for data exchange via the ESB.

13. A system for context-based authentication in a secure network including multiple interconnected programmable devices, the system comprising:
- one or more processors; and
  
  a memory including instructions that, when executed, cause the one or more processors to;
  
  access identity data and contextual data associated with a current authentication of a user attempting to access the secure network with a programmable device of the multiple interconnected programmable devices, the contextual data indicating a number of authentication factors implementable by the programmable device in connection with the current authentication, whether the programmable device is an approved device for the secure network, and whether the programmable device is attempting to access the secure network via a physical communication mechanism;
  
  determine, based on the identity data and the contextual data, one or more patterns associated with the current authentication of the user;
  
  determine, based on the identity data, the number of authentication factors indicated by the contextual data, and the one or more patterns, a risk level associated with the current authentication of the user;
  
  permit access to the secure network in response the determined risk level satisfying a threshold;
  
  request additional identity data in response to the determined risk level not satisfying the threshold; and
  
  determine whether to permit access to the secure network based on the current authentication and the additional identity data.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein the requested additional identity data is randomized.
  - 15. The system of claim 13, wherein the one or more processors are to invoke an authorization entity based on the determined risk level not satisfying the threshold and the additional identity information.
  - 16. The system of claim 13, wherein the one or more processors are to communicate one or more of the identity data, the contextual data, and the one or more patterns via an enterprise service bus (ESB).
  - 17. The system of claim 16, wherein the ESB includes a data exchange layer.
  - 18. The system of claim 16, wherein the ESB is to utilize message queuing telemetry transport messages for data exchange.
  - 19. The system of claim 13, wherein at least one of the one or more processors is a crypto processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Tischart, James, Anderson, Jonathan
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US15/392,454
Publication Number

US 20180183789A1
Time in Patent Office

888 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/105   Multiple levels of security

H04L 63/1433   Vulnerability analysis

H04L 63/162   at the data link layer

H04W 12/069   using certificates or pre-s...

Fabric assisted identity and authentication

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Fabric assisted identity and authentication

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links