METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR POLICY-DRIVEN ADAPTIVE MULTI-FACTOR AUTHENTICATION

US 20090187962A1
Filed: 01/17/2008
Published: 07/23/2009
Est. Priority Date: 01/17/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing policy-driven, adaptive, multi-factor authentication procedures, the method including:

defining a pool of potential authentication challenges;

assigning each of the potential authentication challenges a category and a weighted difficulty level;

selecting one or more authentication challenges from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies; and

utilizing one or more historical access patterns in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention include methods for providing policy-driven, adaptive, multi-factor authentication procedures. A pool of potential authentication challenges is defined. Each of the potential authentication challenges is assigned a category and a weighted difficulty level. One or more authentication challenges are selected from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies. One or more historical access patterns are utilized in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location. One or more dummy challenges are used to authenticate the user.

56 Citations

View as Search Results

20 Claims

1. A method for providing policy-driven, adaptive, multi-factor authentication procedures, the method including:
- defining a pool of potential authentication challenges;
  
  assigning each of the potential authentication challenges a category and a weighted difficulty level;
  
  selecting one or more authentication challenges from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies; and
  
  utilizing one or more historical access patterns in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further including using one or more dummy challenges to authenticate the user.
  - 3. The method of claim 1 wherein the one or more security policies are defined using one or more business rules.
  - 4. The method of claim 1 wherein the one or more security policies consider one or more of:
    - (A) a location from which a user is initiating the authentication procedure;
      
      (B) a date and a time at which a user is initiating the authentication procedure;
      
      (C) a number of times that the user has attempted to log in or authenticate but failed;
      
      (D) a historic access pattern for the user;
      
      or (E) a communication channel presently being used by the user.
  - 5. The method of claim 1 wherein the one or more security policies output one or more conditions precedent for authenticating the user.
  - 6. The method of claim 1 wherein the one or more security policies are defined using a language including at least one of Web Services Policy language (WS-Policy) or an XML policy language used by IBM'"'"'s Policy Management for Autonomic Computing (PMAC) toolkit.
  - 7. The method of claim 1 wherein utilizing one or more historical access patterns is performed using a combination of Bayesian interference and creating an N-dimensional index of access history properties where N is a positive integer.

8. A computer program product for providing policy-driven, adaptive, multi-factor authentication procedures, the computer program product including a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for facilitating a method including:
- defining a pool of potential authentication challenges;
  
  assigning each of the potential authentication challenges a category and a weighted difficulty level;
  
  selecting one or more authentication challenges from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies; and
  
  utilizing one or more historical access patterns in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8 further including instructions for using one or more dummy challenges to authenticate the user.
  - 10. The computer program product of claim 8 wherein the one or more security policies are defined using one or more business rules.
  - 11. The computer program product of claim 8 wherein the one or more security policies consider one or more of:
    - (A) a location from which a user is initiating the authentication procedure;
      
      (B) a date and a time at which a user is initiating the authentication procedure;
      
      (C) a number of times that the user has attempted to log in or authenticate but failed;
      
      (D) a historic access pattern for the user;
      
      or (E) a communication channel presently being used by the user.
  - 12. The computer program product of claim 8 wherein the one or more security policies output one or more conditions precedent for authenticating the user.
  - 13. The computer program product of claim 8 wherein the one or more security policies are defined using a language including at least one of Web Services Policy language (WS-Policy) or an XML policy language used by a policy management framework.
  - 14. The computer program product of claim 8 wherein utilizing one or more historical access patterns is performed using a combination of Bayesian interference and creating an N-dimensional index of access history properties where N is a positive integer.

15. An authentication server for providing policy-driven, adaptive, multi-factor authentication procedures, the authentication server including:
- an input mechanism for receiving a pool of potential authentication challenges;
  
  the input mechanism capable of accepting inputs indicative of an assigned category and an assigned weighted difficulty level for each of a plurality of potential authentication challenges in the pool of potential authentication challenges;
  
  a processing mechanism, operatively coupled to the input mechanism, the processing mechanism being programmed to select one or more authentication challenges from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies;
  
  wherein the processing mechanism is further programmed to utilize one or more historical access patterns in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The authentication server of claim 15 wherein the input mechanism is capable of accepting one or more dummy challenges for authenticating the user.
  - 17. The authentication server of claim 15 wherein the one or more security policies are defined using one or more business rules.
  - 18. The authentication server of claim 15 wherein the one or more security policies consider one or more of:
    - (A) a location from which a user is initiating the authentication procedure;
      
      (B) a date and a time at which a user is initiating the authentication procedure;
      
      (C) a number of times that the user has attempted to log in or authenticate but failed;
      
      (D) a historic access pattern for the user;
      
      or (E) a communication channel presently being used by the user.
  - 19. The authentication server of claim 15 wherein the one or more security policies are defined using a language including at least one of Web Services Policy language (WS-Policy) or an XML policy language used by a policy management framework.
  - 20. The authentication server of claim 15 wherein utilizing one or more historical access patterns is performed using a combination of Bayesian interference and creating an N-dimensional index of access history properties where N is a positive integer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Smith, Kyle M., Browne, Michael E., Huie, William J., Brenneman, Robert J., Sheppard, Sarah J.

Application Number

US12/015,587
Publication Number

US 20090187962A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/316 by observing the pattern of...

METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR POLICY-DRIVEN ADAPTIVE MULTI-FACTOR AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

56 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR POLICY-DRIVEN ADAPTIVE MULTI-FACTOR AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links