System and method for identity consolidation

US 20080184349A1
Filed: 01/30/2007
Published: 07/31/2008
Est. Priority Date: 01/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method for attributing user-authentication credentials to an individual, the method comprising:

a) receiving a plurality of user-authentication credentials;

b) associating at least a subset of the plurality of user-authentication credentials based on consistencies in the authentication credentials and applications usage attributed thereto;

c) creating an identity signature based on the associated user-authentication credentials; and

d) attributing the identity signature to an individual.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Application-specific and single-sign-on user-authentication credentials are analyzed and consolidated based on commonalities among the credentials and usage of the applications to which they are attributed.

110 Citations

30 Claims

1. A method for attributing user-authentication credentials to an individual, the method comprising:
- a) receiving a plurality of user-authentication credentials;
  
  b) associating at least a subset of the plurality of user-authentication credentials based on consistencies in the authentication credentials and applications usage attributed thereto;
  
  c) creating an identity signature based on the associated user-authentication credentials; and
  
  d) attributing the identity signature to an individual.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16)
- - 2. The method of claim 1 wherein the user-authentication credentials comprise one or more of an identification code, a secure access code, a screen name, and/or a password for granting a user'"'"'s access to one or more applications.
  - 3. The method of claim 1 wherein the plurality of user-authentication credentials are encrypted.
  - 4. The method of claim 3 wherein the plurality of user-authentication credentials are encrypted prior to receipt.
  - 5. The method of claim 3 wherein the encryption comprises application of a hash to the plurality of user-authentication credentials, and the associating step using the hashed user-authentication credentials.
  - 6. The method of claim 1 wherein the user-authentication credentials comprise biometric data.
  - 7. The method of claim 1 wherein the observed application usage comprises one or more of logging into an operating system, logging into an application, using one or more functions within an application and navigating to one or more screens within an application.
  - 8. The method of claim 1 wherein the observed application usage comprises one or more of static observations and dynamic observations.
  - 9. The method of claim 1 wherein the consistencies are inferred based on similarities of application usage attributed to the authentication credentials.
  - 10. The method of claim 1 further comprising calculating a match probability for at least one of the associations.
  - 11. The method of claim 10 wherein the authentication credentials included in the identity signature is determined at least in part by the calculated probabilities.
  - 12. The method of claim 11 further comprising weighting each of the authentication credentials prior to calculating the match probability.
  - 13. The method of claim 1 further comprising determining whether a match probability exceeds a threshold, the identity signature being attributed to an individual only if the match probability exceeds the threshold.
  - 14. The method of claim 1 further comprising receiving physical access data and including the physical access data in the identity signature.
  - 16. The system of claim 13 further comprising a single-sign-on agent for:
    - (i) receiving the user-authentication credentials from the identification server;
      
      (ii) transmitting at least a part of the user-authentication credentials to one or more computer applications;
      
      (iii) receiving, from the one or more computer applications, user-authentication credentials attributed to each of the plurality of computer applications; and
      
      (iv) transmitting the user-authentication credentials attributed to each of the plurality of computer applications to the mapping module.

15. A system for attributing computer system user-authentication credentials to an individual, the system comprising:
- a) an identity signature data store for storing user-authentication credentials in connection with a plurality of computer applications; and
  
  b) a mapping module for creating a user signature based on the user-authentication credentials and mapping the user signature to an individual.
- View Dependent Claims (17, 18)
- - 17. The system of claim 15 wherein the identity mapping module infers relationships among the user-authentication credentials.
  - 18. The system of claim 15 further comprising a physical access system interface configured to receive data from a physical access system.

19. An article of manufacture having computer-readable program portions embodied thereon for attributing user-authentication credentials to an individual, the article comprising computer-readable instructions for:
- a) receiving a plurality of user-authentication credentials;
  
  b) associating a subset of the plurality of user-authentication credentials based on consistencies in the authentication credentials and applications usage attributed thereto;
  
  c) creating an identity signature based on the associated user-authentication credentials; and
  
  d) attributing the identity signature to an individual.

20. A method for attributing user-authentication credentials to an individual, the method comprising:
- a) receiving a plurality of user-authentication credentials;
  
  b) monitoring activities of the user; and
  
  c) based on the monitored activities, inferentially determining whether a likelihood that a new activity is associated with the user exceeds a predetermined threshold.
- View Dependent Claims (21, 22, 23)
- - 21. The method of claim 20 wherein the monitored activities comprise logging on to one or more secure computer systems.
  - 22. The method of claim 20 wherein the monitored activities comprise physically entering a secure environment.
  - 23. The method of claim 20 wherein the monitored activities comprise computer application usage activities.

24. A method of detecting shared usage of user-authentication credentials, the method comprising:
- receiving a plurality of requests for access to a secure resource, each request comprising one or more user-authentication credentials;
  
  constructing a request profile for each request based at least in part on the provided user-authentication credentials; and
  
  identifying common user-authentication credentials received in two or more of the requests having different request profiles, thereby detecting shared usage of the one or more user-authentication credentials.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24 wherein the common user-authentication credentials are exact matches.
  - 26. The method of claim 24 wherein the user-authentication credentials comprise one or more of an identification code, a secure access code, a screen name, and/or a password for granting a user'"'"'s access to one or more applications.
  - 27. The method of claim 24 wherein the plurality of user-authentication credentials are encrypted.
  - 28. The method of claim 27 wherein the plurality of user-authentication credentials are encrypted prior to receipt.
  - 29. The method of claim 27 wherein the encryption comprises application of a hash to the plurality of user-authentication credentials, and the associating step using the hashed user-authentication credentials.
  - 30. The method of claim 24 wherein the user-authentication credentials comprise biometric data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Ting, David M.T.

Granted Patent

US 8,327,421 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

System and method for identity consolidation

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

110 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for identity consolidation

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links