Data sensitivity based authentication and authorization
First Claim
Patent Images
1. A method comprising:
- receiving, by a mobile device, a request from a user to access data for an application executing on the mobile device;
dynamically determining, by the mobile device, a data sensitivity level associated with the data for the application that is requested, wherein the dynamically determining the data sensitivity level associated with the data comprises;
analyzing, by an access decision engine of the mobile device, at least one of access control data for the requested data, data sensitivity level definitions for the requested, or event log information for the requested data, wherein the event log information comprises a history of data access attempts of the data that is requested;
monitoring a plurality of requests to access the data; and
reclassifying the data sensitivity level of the data based on the plurality of requests to access the data;
determining, by the mobile device, an authentication level associated the user requesting the data;
determining, by the mobile device, whether the authentication level of the user is in accordance with the data sensitivity level associated with the data; and
in response to determining whether the authentication level of the user satisfies the data sensitivity level associated with the data, granting or denying access to the requested data.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.
-
Citations
8 Claims
-
1. A method comprising:
-
receiving, by a mobile device, a request from a user to access data for an application executing on the mobile device; dynamically determining, by the mobile device, a data sensitivity level associated with the data for the application that is requested, wherein the dynamically determining the data sensitivity level associated with the data comprises; analyzing, by an access decision engine of the mobile device, at least one of access control data for the requested data, data sensitivity level definitions for the requested, or event log information for the requested data, wherein the event log information comprises a history of data access attempts of the data that is requested; monitoring a plurality of requests to access the data; and reclassifying the data sensitivity level of the data based on the plurality of requests to access the data; determining, by the mobile device, an authentication level associated the user requesting the data; determining, by the mobile device, whether the authentication level of the user is in accordance with the data sensitivity level associated with the data; and in response to determining whether the authentication level of the user satisfies the data sensitivity level associated with the data, granting or denying access to the requested data. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A mobile device comprising:
-
one or more processors; and a memory communicatively coupled to the one or more processor, wherein the one or more processors are configured to execute instructions to perform operations comprising; receiving a request from a user to access data for an application executing on the mobile device; dynamically determining a data sensitivity level associated with the data for the application that is requested, wherein the dynamically determining the data sensitivity level associated with the data comprises; analyzing at least one of access control data for the requested data, data sensitivity level definitions for the requested, or event log information for the requested data, wherein the event log information comprises a history of data access attempts of the data that is requested; monitoring a plurality of requests to access the data; and reclassifying the data sensitivity level of the data based on the plurality of requests to access the data; determining an authentication level associated the user requesting the data; determining whether the authentication level of the user is in accordance with the data sensitivity level associated with the data; and in response to determining whether the authentication level of the user satisfies the data sensitivity level associated with the data, granting or denying access to the requested data. - View Dependent Claims (7, 8)
-
Specification