GLOBALLY AWARE AUTHENTICATION SYSTEM

US 20080222706A1
Filed: 03/06/2007
Published: 09/11/2008
Est. Priority Date: 03/06/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for computer-system authentication monitoring that can detect and report a response to both global unauthorized computer-access threats across independent, external networks and local unauthorized computer-access threats at a local network, while remaining transparent to individual users of the local network, the method comprising:

receiving input data, wherein the input data includes;

statistical information on authorized and unauthorized computer-access at the local network, wherein the statistical information includes both historical computer-access patterns and current computer-access attempts at the local network;

externally received information on potential and actual security threats at one or more of the independent, external networks; and

administrator-specified access metrics associated with the local network;

analyzing the input data to generate at least one security status parameter based on the analyzed input data, wherein the analysis is configurable by a system administrator associated with the local network;

producing human-readable output including;

alerts to users of the local network, andreports to the system administrator associated with the local network; and

,providing scaled network security responses for at least the local network, wherein the scaled responses provide a higher degree of network access security measures to the users for accessing the local network when the at least one security status parameter indicates a higher network security threat, and a lower degree of network access security measures to the users for accessing the local network when the at least one security status parameter indicates a lower network security threat.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer security monitoring method and system includes receiving input data, wherein the input data includes user account data associated with a user'"'"'s security-related interaction with a particular network, security-related local network data associated with the particular network, and security-related external network data regarding security threats at one or more independent, external networks. The input data is analyzed to generate at least one composite security status score, wherein the analyzing includes an analysis of the user account data based on previously stored data associated with the user account, and an analysis of the security-related local and external network data to adjust the composite security status score when the analysis of the security-related local and external network data indicates an increased security threat. The method and system may produce human-readable output including an alert associated with the at least one composite security status score. Other features are disclosed.

353 Citations

20 Claims

1. A method for computer-system authentication monitoring that can detect and report a response to both global unauthorized computer-access threats across independent, external networks and local unauthorized computer-access threats at a local network, while remaining transparent to individual users of the local network, the method comprising:
- receiving input data, wherein the input data includes;
  
  statistical information on authorized and unauthorized computer-access at the local network, wherein the statistical information includes both historical computer-access patterns and current computer-access attempts at the local network;
  
  externally received information on potential and actual security threats at one or more of the independent, external networks; and
  
  administrator-specified access metrics associated with the local network;
  
  analyzing the input data to generate at least one security status parameter based on the analyzed input data, wherein the analysis is configurable by a system administrator associated with the local network;
  
  producing human-readable output including;
  
  alerts to users of the local network, andreports to the system administrator associated with the local network; and
  
  ,providing scaled network security responses for at least the local network, wherein the scaled responses provide a higher degree of network access security measures to the users for accessing the local network when the at least one security status parameter indicates a higher network security threat, and a lower degree of network access security measures to the users for accessing the local network when the at least one security status parameter indicates a lower network security threat.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the historical computer-access patterns include a number of attempts to access a selected electronic account, and wherein the current computer-access attempts includes approximately concurrent but geographically different access attempts to access the selected account.
  - 3. The method of claim 1, wherein the externally received information on potential and actual security threats at one or more of the independent, external networks includes data received from an external system that gathers information on fraud attempts at networks external to the local network, and wherein the administrator-specified access metrics include a global measure that provides a weighting based on an institution employing the method.

4. A computer-readable medium storing computer-executable instructions that provide an electronic access authentication monitoring method associated with a specific network, the method comprising:
- receiving data on authorized and unauthorized access attempts at the specific network, wherein the access attempts data includes both successful and unsuccessful access attempts to the specific network;
  
  receiving at least one system administrator-specified value;
  
  receiving external information on current, historical, or potential security threats associated with other networks;
  
  storing the received data;
  
  processing the access attempts data, the administrator-specified value, and the external information based on at least one configurable threshold; and
  
  displaying security report information, including notifications and near real-time risk monitoring associated with the processing of the access attempts data, the administrator-specified value, and the external information, wherein at least some of the security report information is provided in a single display to at least a system administrator, and wherein the near real-time risk monitoring includes a display of a measure of a present security risk to the specific network.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. The computer-readable medium of claim 4, further comprising:
    - providing at least one configurable, scaled response based on either temporarily increased authentication requirements for the selected network, or deviation from a previously stored tolerance for at least one user account; and
      
      ,monitoring time-sensitive, temporary changes to authentication requirements or deviation tolerances.
  - 6. The computer-readable medium of claim 4 wherein the access attempts data includes a number of attempts to access at least one user account over a selected time period.
  - 7. The computer-readable medium of claim 4 wherein the access attempts data includes data associated with approximately concurrent but geographically different access attempts to access at least one user account.
  - 8. The computer-readable medium of claim 4 wherein the external data includes data received from an external fraud network data source that gathers information on fraud attempts at other networks.
  - 9. The computer-readable medium of claim 4 wherein the administrator-specific value includes a global measure that provides a weighting based on an overall sensitivity of data associated with the specific network.
  - 10. The computer-readable medium of claim 4 wherein the displayed notifications include warning messages regarding current threats to the specific network.

11. A computer security monitoring method, comprising:
- receiving input data, wherein the input data includes;
  
  user account data associated with a security-related interaction with a particular local network, and,security-related network data regarding security threats at the particular local network or at one or more independent, external networks;
  
  analyzing the input data to generate at least one composite security status score, wherein the analyzing includes an analysis of the user account data based on previously stored data associated with the user account, and an analysis of the security-related local or external network data to adjust the composite security status score when the analysis of the security-related local or external network data indicates an increased security threat;
  
  producing human-readable output including;
  
  an alert associated with the at least one composite security status score.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer security monitoring method of claim 11 wherein the user account data includes user behavior data associated with a security-related interaction with the particular network.
  - 13. The computer security monitoring method of claim 11 wherein the security-related network data includes historical security-related interaction data of multiple users with the particular network.
  - 14. The computer security monitoring method of claim 11 wherein the security-related network data includes data received by a system administrator of the particular network from system administrators of independent, external networks.
  - 15. The computer security monitoring method of claim 11 wherein the method further comprises automatically increasing security measures for accessing the particular network based on the composite security status score.
  - 16. The computer security monitoring method of claim 11 wherein the method further comprises retesting an authenticity of the security-related interaction with the particular network and gathering data from other sources except those requiring user input.
  - 17. The computer security monitoring method of claim 11 wherein the method further comprises comparing current user input to a user profile for consistency with typical values or range of values for this user based on past authentication behavior.
  - 18. The computer security monitoring method of claim 11 wherein the analyzing includes associating risk probabilities to at least some of the user account data and the local or external network data before generating the composite security status score.
  - 19. The computer security monitoring method of claim 11 wherein the human-readable output includes providing a security related message to a user regarding a potential current security threat proximate to a user authentication session.

20. A computer security system, comprising:
- input means for receiving input data, wherein the input data includes;
  
  user account data associated with a security-related interaction with a particular network,security-related local network data associated with the particular network, and,security-related external network data regarding security threats at one or more independent, external networks;
  
  processing, coupled to the input means, means for processing the input data to generate a security status score, wherein the means for processing includes means for analyzing the user account data based on previously stored data associated with the user account, and for analyzing the security-related local and external network data to adjust the composite security status score when the analysis of the security-related local and external network data indicates an increased security threat; and
  
  output means, coupled to the processing means, for producing human-readable output including human-readable output associated with the at least one composite security status score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cogneto Development, Inc.
Original Assignee
Cogneto Development, Inc.
Inventors
Renaud, Martin, Bradley, John, Audley, Patrick

Application Number

US11/682,769
Publication Number

US 20080222706A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/1408 by monitoring network traff...

GLOBALLY AWARE AUTHENTICATION SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

353 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

GLOBALLY AWARE AUTHENTICATION SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

353 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links