×

Methods and apparatus for risk-based authentication between two servers on behalf of a user

  • US 10,592,978 B1
  • Filed: 06/29/2012
  • Issued: 03/17/2020
  • Est. Priority Date: 06/29/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for controlling access by a consumer to a service provider on behalf of a user, the method comprising the steps of:

  • obtaining by an authentication manager and gateway one or more rules from said user specifying one or more permissions of the consumer;

    issuing an authentication request responsive to an initial access request from the consumer to access the service provider on behalf of the user in accordance with a server-to-server protocol;

    providing an access token to the consumer upon approval from the user to grant access to the consumer on behalf of said user, wherein said access token authorizes the consumer to act on behalf of said user until said access token is revoked;

    enabling said consumer to use said access token for initial access to the service provider on behalf of the user;

    receiving, using at least one processing device of the authentication manager and gateway, a subsequent access request from the consumer with said access token to access the service provider on behalf of the user, wherein the subsequent access request is subsequent to said initial access to the service provider;

    performing a risk analysis, using at least one processing device of the authentication manager and gateway, in response to receiving from said consumer said subsequent access request with said access token authorizing the consumer to act on behalf of said user when said access token has not been revoked, to improve security by detecting an anomalous access request by said authorized consumer, wherein said risk analysis (i) determines when the subsequent access request from said consumer to act on behalf of said user should be granted, and (ii) determines when said subsequent access request demonstrates anomalous behavior comprising one or more of abnormal, risky and atypical behavior relative to (a) prior transactions, stored in at least one memory, performed by said consumer on behalf of said user, and (b) said one or more rules, stored in said at least one memory, specified by said user who has granted access to the consumer on behalf of said user;

    initiating an investigating by the user when the subsequent access request is denied by the authentication manager and gateway based upon said risk analysis; and

    prompting said user, by the authentication manager and gateway, based on said risk analysis, to specify whether to allow said subsequent access request by said consumer when said subsequent access request is determined to demonstrate said anomalous behavior;

    receiving an updating of the one or more rules by the user based upon the results of the user investigating when the subsequent access request was denied; and

    validating the updated one or more rules by the authentication manager and gateway.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×