Dynamic user authentication

US 20040083394A1
Filed: 02/21/2003
Published: 04/29/2004
Est. Priority Date: 02/22/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of authenticating a users ability to carry out a transaction, the method including the steps of:

a user initiating an authentication request in order to carry out a secure transaction;

dynamically collecting and assessing a plurality of confidence parameters, said confidence parameters reflecting factors related to the security of the Transaction context; and

dynamically maintaining a confidence level based on the plurality of confidence parameters whereby if the confidence level drops below a predetermined confidence threshold, the transaction is not authenticated and if the confidence level exceeds a predetermined confidence threshold, the transaction is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method of authenticating a users ability to carry out a transaction. The method includes the steps of:

a user initiating an authentication request in order to carry out a secure transaction;

dynamically collecting and assessing a plurality of confidence parameters, said confidence parameters reflecting factors related to the security of the transaction context; and

dynamically maintaining a confidence level based on the plurality of confidence parameters whereby if the confidence level drops below a predetermined confidence threshold, the transaction is not authenticated and if the confidence level exceeds a predetermined confidence threshold, the transaction is authenticated.

Confidence parameters may include factors such as binary login processes, the location of the user, collocation of multiple users and other factors of the transaction context which might affect the security of the transaction. The invention may be applied to the authentication of financial transactions and verifying the identity of a user in other security sensitive contexts. The invention also provides for a system for carrying out the invention.

215 Citations

15 Claims

1. A method of authenticating a users ability to carry out a transaction, the method including the steps of:
- a user initiating an authentication request in order to carry out a secure transaction;
  
  dynamically collecting and assessing a plurality of confidence parameters, said confidence parameters reflecting factors related to the security of the Transaction context; and
  
  dynamically maintaining a confidence level based on the plurality of confidence parameters whereby if the confidence level drops below a predetermined confidence threshold, the transaction is not authenticated and if the confidence level exceeds a predetermined confidence threshold, the transaction is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method claimed in claim 1 wherein the predetermined confidence threshold reflects the sensitivity of the transaction.
  - 3. A method as claimed in claim 1 or 2 wherein a static confidence window is defined in response to substantially static confidence parameters, the confidence window having an upper and lower limit reflecting an inherent upper and lower limit that the confidence level can reach.
  - 4. A method as claimed in claim 3 wherein user authentication is inhibited if the confidence threshold of the transaction is outside the confidence window.
  - 5. A method as claimed in any preceding claim wherein the user alters the confidence level, either autonomously or in response to an external request, by varying and/or adding one or more confidence parameters.
  - 6. A method as claimed in any preceding claim wherein the confidence level varies with time and/or transaction context.
  - 7. A method as claimed in any preceding claim, wherein the confidence level decays over time.
  - 8. A method as claimed in any preceding claim wherein the confidence parameters include:
    - intrinsic context parameters such as user input device security, user location, user identity, multiple user co-location, time after users authentication request initiation, required transaction security level, required resource security level and the like; and
      
      /or extrinsic context parameters such as changes in network characteristics, dynamic changes in the sensitivity of the transaction and the like.
  - 9. A method as claimed in any preceding claim wherein the transaction corresponds to a user requesting access to a resource.
  - 10. A method as claimed in any preceding claims wherein the confidence threshold changes as a function of the capability of the users input device.
  - 11. A method as claimed in any preceding claim wherein the confidence level is determined based the confidence parameters and/or on accumulated statistical data relating to the behaviour of the user.

12. A system for dynamically authenticating a transaction including:
- a confidence engine adapted to;
  
  dynamically maintain at least one confidence level by monitoring a plurality of confidence parameters, the confidence level reflecting the security of the Transaction context;
  
  ii. compare the derived confidence level with a predetermined confidence threshold, the confidence threshold reflecting the security required to perform the transaction;
  
  iii. when the confidence level is below the confidence threshold, requesting new confidence parameters or varying existing confidence parameters; and
  
  iv when the confidence level is above the confidence threshold, authenticating the transaction; and
  
  v. a plurality of authentication means adapted to dynamically provide, to the confidence engine, confidence parameters relating to the security of the transaction context.
- View Dependent Claims (13, 14, 15)
- - 13. A system as claimed in claim 12 further including a rule database adapted to correlate the plurality of confidence parameters with the confidence level.
  - 14. A system-as claimed in claim 12 or 13 further including a guard means adapted to act as a proxy for the resources which are the subject of the transaction.
  - 15. A system as claimed in any one of claims 12 to 14 further including device means adapted so that the user can interact with the authentication system, wherein the device has an authentication level which is taken into account when authenticating the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Brebner, Gavin, Gittler, Mihaela

Application Number

US10/375,907
Publication Number

US 20040083394A1
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/382   insuring higher security of...

Dynamic user authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

215 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Dynamic user authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

215 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others