Systems and methods for event-based authentication

US 10,326,748 B1
Filed: 02/25/2015
Issued: 06/18/2019
Est. Priority Date: 02/25/2015
Status: Active Grant

First Claim

Patent Images

1. A method of dynamic event-based authentication comprising, by a computer system:

receiving a request to authenticate a user of a user device currently accessing an enterprise computing system;

determining an authentication context of the request, the authentication context identifying at least the user device and a current physical location of the user device;

dynamically selecting an authentication template, from among a plurality of stored authentication templates, based, at least part, on a discrete level of security deemed warranted by the authentication context;

wherein the plurality of stored authentication templates each specify one or more user-initiated event types in combination with one or more corresponding user-initiated event requests;

responsive to the request, selecting a set of previous user-initiated events of the user on the enterprise computing platform based, at least part, on the specified one or more user-initiated event types of the dynamically selected authentication template, the previous user-initiated events each relating to a discrete user action with respect to a resource on the enterprise computing system;

accessing user-specific event information related to the selected set of previous user-initiated events, wherein the user-specific event information corresponds to a field of at least one of the one or more corresponding user-initiated event requests of the selected authentication template;

generating, from at least a portion of the user-specific event information, a user-specific authentication sequence comprising a plurality of event-information requests that conform to the one or more corresponding user-initiated event requests of the authentication template; and

administering the user-specific authentication sequence to the user, the administering comprising requiring the user to provide a valid response to each of the plurality of event-information requests as a precondition to successful authentication.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method is performed by a computer system. The method includes receiving a request to authenticate a user of an enterprise computing system. The method further includes, responsive to the request, selecting a set of previous user-initiated events of the user on the enterprise computing platform. Further, the method includes accessing user-specific event information related to the selected set of previous user-initiated events. In addition, the method includes generating, from at least a portion of the user-specific event information, a user-specific authentication sequence comprising a plurality of event-information requests. Additionally, the method includes administering the user-specific authentication sequence to the user, the administering comprising requiring the user to provide a valid response to each of the event-information requests as a precondition to successful authentication.

404 Citations

14 Claims

1. A method of dynamic event-based authentication comprising, by a computer system:
- receiving a request to authenticate a user of a user device currently accessing an enterprise computing system;
  
  determining an authentication context of the request, the authentication context identifying at least the user device and a current physical location of the user device;
  
  dynamically selecting an authentication template, from among a plurality of stored authentication templates, based, at least part, on a discrete level of security deemed warranted by the authentication context;
  
  wherein the plurality of stored authentication templates each specify one or more user-initiated event types in combination with one or more corresponding user-initiated event requests;
  
  responsive to the request, selecting a set of previous user-initiated events of the user on the enterprise computing platform based, at least part, on the specified one or more user-initiated event types of the dynamically selected authentication template, the previous user-initiated events each relating to a discrete user action with respect to a resource on the enterprise computing system;
  
  accessing user-specific event information related to the selected set of previous user-initiated events, wherein the user-specific event information corresponds to a field of at least one of the one or more corresponding user-initiated event requests of the selected authentication template;
  
  generating, from at least a portion of the user-specific event information, a user-specific authentication sequence comprising a plurality of event-information requests that conform to the one or more corresponding user-initiated event requests of the authentication template; and
  
  administering the user-specific authentication sequence to the user, the administering comprising requiring the user to provide a valid response to each of the plurality of event-information requests as a precondition to successful authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein:
    - the authentication template specifies a form of the plurality of event-information requests; and
      
      the generating comprises populating the authentication template with the at least a portion of the user-specific event information.
  - 3. The method of claim 1, wherein the authentication context comprises information related to a content-based classification of a network resource requested by the user.
  - 4. The method of claim 1, wherein the selecting comprises randomly selecting the set subject to one or more constraints.
  - 5. The method of claim 4, wherein the one or more constraints comprise event-timing information.
  - 6. The method of claim 1, wherein the user-specific authentication sequence is single-use.
  - 7. The method of claim 1, comprising, responsive to successful authentication, granting the user access to a requested network resource.

8. An information handling system comprising a processor and memory, wherein the processor and memory in combination are operable to implement a method comprising:
- receiving a request to authenticate a user of a user device currently accessing an enterprise computing system;
  
  determining an authentication context of the request, the authentication context identifying at least the user device and a current physical location of the user device;
  
  dynamically selecting an authentication template, from among a plurality of stored authentication templates, based, at least part, on a discrete level of security deemed warranted by the authentication context;
  
  wherein the plurality of stored authentication templates each specify one or more user-initiated event types in combination with one or more corresponding user-initiated event requests;
  
  responsive to the request, selecting a set of previous user-initiated events of the user on the enterprise computing platform based, at least part, on the specified one or more user-initiated event types of the dynamically selected authentication template, the previous user-initiated events each relating to a discrete user action with respect to a resource on the enterprise computing system;
  
  accessing user-specific event information related to the selected set of previous user-initiated events, wherein the user-specific event information corresponds to a field of at least one of the one or more corresponding user-initiated event requests of the selected authentication template;
  
  generating, from at least a portion of the user-specific event information, a user-specific authentication sequence comprising a plurality of event-information requests that conform to the one or more corresponding user-initiated event requests of the authentication template; and
  
  administering the user-specific authentication sequence to the user, the administering comprising requiring the user to provide a valid response to each of the plurality of event-information requests as a precondition to successful authentication.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The information handling system of claim 8, wherein:
    - the authentication template specifies a form of the plurality of event-information requests; and
      
      the generating comprises populating the authentication template with the at least a portion of the user-specific event information.
  - 10. The information handling system of claim 8, wherein the authentication context comprises information related to a content-based classification of a network resource requested by the user.
  - 11. The information handling system of claim 8, wherein the selecting comprises randomly selecting the set subject to one or more constraints.
  - 12. The information handling system of claim 11, wherein the one or more constraints comprise event-timing information.
  - 13. The information handling system of claim 8, wherein the user-specific authentication sequence is single-use.

14. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
- receiving a request to authenticate a user of a user device currently accessing an enterprise computing system;
  
  determining an authentication context of the request, the authentication context identifying at least the user device and a current physical location of the user device;
  
  dynamically selecting an authentication template, from among a plurality of stored authentication templates, based, at least part, on a discrete level of security deemed warranted by the authentication context;
  
  wherein the plurality of stored authentication templates each specify one or more user-initiated event types in combination with one or more corresponding user-initiated event requests;
  
  responsive to the request, selecting a set of previous user-initiated events of the user on the enterprise computing platform based, at least part, on the specified one or more user-initiated event types of the dynamically selected authentication template, the previous user-initiated events each relating to a discrete user action with respect to a resource on the enterprise computing system;
  
  accessing user-specific event information related to the selected set of previous user-initiated events, wherein the user-specific event information corresponds to a field of at least one of the one or more corresponding user-initiated event requests of the selected authentication template;
  
  generating, from at least a portion of the user-specific event information, a user-specific authentication sequence comprising a plurality of event-information requests that conform to the one or more corresponding user-initiated event requests of the authentication template; and
  
  administering the user-specific authentication sequence to the user, the administering comprising requiring the user to provide a valid response to each of the plurality of event-information requests as a precondition to successful authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Brisebois, Michel Albert, Johnstone, Curtis T.
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
McCoy, Richard A

Application Number

US14/631,826
Time in Patent Office

1,574 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31 User authentication

H04L 63/08 for authentication of entit...

Systems and methods for event-based authentication

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

404 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for event-based authentication

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

404 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others