METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR POLICY-DRIVEN ADAPTIVE MULTI-FACTOR AUTHENTICATION
First Claim
1. A method for providing policy-driven, adaptive, multi-factor authentication procedures, the method including:
- defining a pool of potential authentication challenges;
assigning each of the potential authentication challenges a category and a weighted difficulty level;
selecting one or more authentication challenges from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies; and
utilizing one or more historical access patterns in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention include methods for providing policy-driven, adaptive, multi-factor authentication procedures. A pool of potential authentication challenges is defined. Each of the potential authentication challenges is assigned a category and a weighted difficulty level. One or more authentication challenges are selected from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies. One or more historical access patterns are utilized in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location. One or more dummy challenges are used to authenticate the user.
56 Citations
20 Claims
-
1. A method for providing policy-driven, adaptive, multi-factor authentication procedures, the method including:
-
defining a pool of potential authentication challenges; assigning each of the potential authentication challenges a category and a weighted difficulty level; selecting one or more authentication challenges from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies; and utilizing one or more historical access patterns in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for providing policy-driven, adaptive, multi-factor authentication procedures, the computer program product including a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for facilitating a method including:
-
defining a pool of potential authentication challenges; assigning each of the potential authentication challenges a category and a weighted difficulty level; selecting one or more authentication challenges from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies; and utilizing one or more historical access patterns in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An authentication server for providing policy-driven, adaptive, multi-factor authentication procedures, the authentication server including:
-
an input mechanism for receiving a pool of potential authentication challenges; the input mechanism capable of accepting inputs indicative of an assigned category and an assigned weighted difficulty level for each of a plurality of potential authentication challenges in the pool of potential authentication challenges; a processing mechanism, operatively coupled to the input mechanism, the processing mechanism being programmed to select one or more authentication challenges from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies;
wherein the processing mechanism is further programmed to utilize one or more historical access patterns in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification