Graduated authentication in an identity management system

US 10,567,391 B2
Filed: 05/20/2019
Issued: 02/18/2020
Est. Priority Date: 06/16/2004
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A computer-implemented method for implementing variable transaction security levels, the method comprising:

receiving a first request for user authentication as part of a first usage event, wherein the first request for user authentication includes information about a first type of transaction to be performed by a user during the first usage event;

receiving a second request for user authentication as part of a second usage event,wherein the second request for user authentication includes information about a second type of transaction to be performed by the user during the second usage event, and wherein the second type of transaction is different from the first type of transaction;

performing, using one or more hardware processors, at least one transaction associated with the first request at a first transaction security level by selecting a first transaction mechanism having the first transaction security level, wherein the first transaction mechanism is selected based on the first type of transaction to be performed by the user during a first usage event; and

performing, using the one or more hardware processors, at least one transaction associated with the second request at a second transaction security level by selecting a second transaction mechanism having the second transaction security level,wherein the second transaction mechanism is selected based on the second type of transaction to be performed by the user during the second usage event,and wherein the first transaction security level is different from the second transaction security level.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.

Citations

20 Claims

1. A computer-implemented method for implementing variable transaction security levels, the method comprising:
- receiving a first request for user authentication as part of a first usage event, wherein the first request for user authentication includes information about a first type of transaction to be performed by a user during the first usage event;
  
  receiving a second request for user authentication as part of a second usage event,wherein the second request for user authentication includes information about a second type of transaction to be performed by the user during the second usage event, and wherein the second type of transaction is different from the first type of transaction;
  
  performing, using one or more hardware processors, at least one transaction associated with the first request at a first transaction security level by selecting a first transaction mechanism having the first transaction security level, wherein the first transaction mechanism is selected based on the first type of transaction to be performed by the user during a first usage event; and
  
  performing, using the one or more hardware processors, at least one transaction associated with the second request at a second transaction security level by selecting a second transaction mechanism having the second transaction security level,wherein the second transaction mechanism is selected based on the second type of transaction to be performed by the user during the second usage event,and wherein the first transaction security level is different from the second transaction security level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first transaction security level, the second transaction security level, or both comprise at least one of:
    - a transaction authentication security level, a transaction channel security level, or a transaction time sensitivity security level.
  - 3. The method of claim 2, wherein the performance of transaction comprises:
    - selecting, using the one or more hardware processors, a channel with a channel security level to perform the transaction, the channel selected based on a correspondence between the transaction channel security level for the transaction and the channel security level of the selected channel, orselecting, using the one or more hardware processors, an authentication mechanism with an authentication security level to perform the transaction, the authentication mechanism selected based on a correspondence between the transaction authentication security level for the transaction and the authentication security level of the selected authentication mechanism, orperforming, using the one or more hardware processors, at least a part of the transaction within a specified time limit corresponding to the transaction time sensitivity security level for the transaction.
  - 4. The method of claim 3, wherein one or more of the selected channel, the selected authentication mechanism, or the specified time limit used for performing the transaction is based on one or more policies specifying a minimum security level required for a response.
  - 5. The method of claim 1, wherein the first request for user authentication is sent via a first data path and the second request for user authentication is sent via a second data path different from the first data path.
  - 6. The method of claim 1 further comprising:
    - selecting a first channel having a first channel security level to perform the at least one transaction associated with the first request, the first channel selected based on a correspondence between the first transaction security level and the first channel security level; and
      
      transmitting first data to perform the at least one transaction associated with the first request over the selected first channel.
  - 7. The method of claim 1 further comprising:
    - selecting a second channel having a second channel security level to perform the at least one transaction associated with the second request, the second channel selected based on a correspondence between the second transaction security level and the second channel security level; and
      
      transmitting second data to perform the at least one transaction associated with the second request over the selected second channel.
  - 8. The method of claim 1 further comprising:
    - determining that the first transaction security level, the second transaction security level, or both are below a minimum threshold;
      
      providing an indication that a more secure transaction security procedure is required or an indication of a minimum security level; and
      
      redirecting the first request, the second request, or both to a computing system that requires a higher security level.
  - 9. The method of claim 1, wherein the first transaction mechanism, the second transaction mechanism, or both are selected based on user preferences, wherein the user preferences are associated with information requested in the first request, the second request, or both.

10. A computer-readable storage device storing instructions that, when executed by a computing system, cause the computing system to perform acts for implementing variable transaction security levels, the acts comprising:
- receiving a first request for user authentication as part of a first usage event, wherein the first request for user authentication includes information about a first type of transaction to be performed by a user during the first usage event;
  
  receiving a second request for user authentication as part of a second usage event,wherein the second request for user authentication includes information about a second type of transaction to be performed by the user during the second usage event, and wherein the second type of transaction is different from the first type of transaction;
  
  performing, using one or more hardware processors, at least one transaction associated with the first request at a first transaction security level by selecting a first transaction mechanism having the first transaction security level, wherein the first transaction mechanism is selected based on the first type of transaction to be performed by the user during a first usage event; and
  
  performing, using the one or more hardware processors, at least one transaction associated with the second request at a second transaction security level by selecting a second transaction mechanism having the second transaction security level,wherein the second transaction mechanism is selected based on the second type of transaction to be performed by the user during the second usage event,and wherein the first transaction security level is different from the second transaction security level.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer-readable storage device of claim 10, wherein the first transaction security level, the second transaction security level, or both comprise at least one of:
    - a transaction authentication security level, a transaction channel security level, or a transaction time sensitivity security level, andwherein the performance of transaction comprises;
      
      selecting, using the one or more hardware processors, a channel with a channel security level to perform the transaction, the channel selected based on a correspondence between the transaction channel security level for the transaction and the channel security level of the selected channel, orselecting, using the one or more hardware processors, an authentication mechanism with an authentication security level to perform the transaction, the authentication mechanism selected based on a correspondence between the transaction authentication security level for the transaction and the authentication security level of the selected authentication mechanism, orperforming, using the one or more hardware processors, at least a part of the transaction within a specified time limit corresponding to the transaction time sensitivity security level for the transaction.
  - 12. The computer-readable storage device of claim 11, wherein one or more of the selected channel, the selected authentication mechanism, or the specified time limit used for performing the transaction is based on one or more policies specifying a minimum security level required for a response.
  - 13. The computer-readable storage device of claim 10, wherein the first request for user authentication is sent via a first data path and the second request for user authentication is sent via a second data path different from the first data path.
  - 14. The computer-readable storage device of claim 10, wherein the acts further comprise:
    - selecting a first channel having a first channel security level to perform the at least one transaction associated with the first request, the first channel selected based on a correspondence between the first transaction security level and the first channel security level; and
      
      transmitting first data to perform the at least one transaction associated with the first request over the selected first channel.
  - 15. The computer-readable storage device of claim 10, wherein the acts further comprise:
    - selecting a second channel having a second channel security level to perform the at least one transaction associated with the second request, the second channel selected based on a correspondence between the second transaction security level and the second channel security level; and
      
      transmitting second data to perform the at least one transaction associated with the second request over the selected second channel.
  - 16. The computer-readable storage device of claim 10, wherein the acts further comprise:
    - determining that the first transaction security level, the second transaction security level, or both are below a minimum threshold;
      
      providing an indication that a more secure transaction security procedure is required or an indication of a minimum security level; and
      
      redirecting the first request, the second request, or both to a computing system that requires a higher security level.
  - 17. The computer-readable storage device of claim 10, wherein the first transaction mechanism, the second transaction mechanism, or both are selected based on user preferences, wherein the user preferences are associated with information requested in the first request, the second request, or both.

18. A system for implementing variable transaction security levels, the system comprising:
- at least one memory;
  
  at least one interface configured to;
  
  receive a first request for user authentication as part of a first usage event, wherein the first request for user authentication includes information about a first type of transaction to be performed by a user during the first usage event;
  
  receive a second request for user authentication as part of a second usage event,wherein the second request for user authentication includes information about a second type of transaction to be performed by the user during the second usage event,and wherein the second type of transaction is different from the first type of transaction; and
  
  one or more processors configured to;
  
  perform at least one transaction associated with the first request at a first transaction security level by selecting a first transaction mechanism having the first transaction security level, wherein the first transaction mechanism is selected based on the first type of transaction to be performed by the user during a first usage event; and
  
  perform at least one transaction associated with the second request at a second transaction security level by selecting a second transaction mechanism having the second transaction security level,wherein the second transaction mechanism is selected based on the second type of transaction to be performed by the user during the second usage event,and wherein the first transaction security level is different from the second transaction security level.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the first transaction security level, the second transaction security level, or both comprise at least one of:
    - a transaction authentication security level, a transaction channel security level, or a transaction time sensitivity security level, andwherein the performance of transaction comprises;
      
      selecting, using the one or more hardware processors, a channel with a channel security level to perform the transaction, the channel selected based on a correspondence between the transaction channel security level for the transaction and the channel security level of the selected channel, orselecting, using the one or more hardware processors, an authentication mechanism with an authentication security level to perform the transaction, the authentication mechanism selected based on a correspondence between the transaction authentication security level for the transaction and the authentication security level of the selected authentication mechanism, orperforming, using the one or more hardware processors, at least a part of the transaction within a specified time limit corresponding to the transaction time sensitivity security level for the transaction.
  - 20. The system of claim 18, wherein one or more of the selected channel, the selected authentication mechanism, or the specified time limit used for performing the transaction is based on one or more policies specifying a minimum security level required for a response.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Inventors
Hardt, Dick C.
Primary Examiner(s)
Rahim, Monjur

Application Number

US16/417,361
Publication Number

US 20190273747A1
Time in Patent Office

274 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

Graduated authentication in an identity management system

First Claim

1 Assignment

Litigations

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Graduated authentication in an identity management system

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links