Method and System for Implementing and Managing an Enterprise Identity Management for Distributed Security

US 20100257205A1
Filed: 06/15/2010
Published: 10/07/2010
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. An audit system with a processor and a memory, said audit system configured to:

monitor changes in a relationship between a user and an identity of an account over a period of time to periodically perform an automatic adjustment of authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user;

assign a positive weight for a successful transaction by said user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account;

evaluate a current transaction of said user by comparing said current transaction to previous transactions performed by said user;

assign a positive weight for a similar transaction by said userassign a negative weight for an unsuccessful transaction by said user on said account, wherein assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing;

aggregate said positive and negative weights to determine a usage history of said user;

remove a relationship between said identity and said account in response to said aggregation failing to meet a predetermined criteria; and

monitor aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Enterprise Identity Management system includes a registration component, an ownership component, and an audit component. The registration component is configured to associate a user ID with specific accounts that are accessible via a computer system. The ownership component is configured to verify the ownership of the accounts. The audit component is configured to perform periodic checks to ensure the validity of the association between the user ID and the ownership of the accounts.

31 Citations

View as Search Results

18 Claims

1. An audit system with a processor and a memory, said audit system configured to:
- monitor changes in a relationship between a user and an identity of an account over a period of time to periodically perform an automatic adjustment of authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user;
  
  assign a positive weight for a successful transaction by said user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account;
  
  evaluate a current transaction of said user by comparing said current transaction to previous transactions performed by said user;
  
  assign a positive weight for a similar transaction by said userassign a negative weight for an unsuccessful transaction by said user on said account, wherein assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing;
  
  aggregate said positive and negative weights to determine a usage history of said user;
  
  remove a relationship between said identity and said account in response to said aggregation failing to meet a predetermined criteria; and
  
  monitor aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The audit system of claim 1 further comprising an ownership server configured to confirm ownership of said account.
  - 3. The audit system of claim 1, further comprising an ownership server configured to confirm ownership of said account by analyzing ownership data and generating said authentication questions to be asked of said user to verify said identity actually belongs to said user.
  - 4. The audit of claim 1, further comprising an ownership server configured to determine said authentication rules associated with said account.
  - 5. The audit system of claim 1, further comprising a registration server component configured to receive a request for an identity.
  - 6. The audit system of claim 5, wherein said registration server component is further configured to issue said identity to said user in response to at least a portion of said authentication questions being correctly answered, wherein said authentication questions to be asked are based upon said authentication rules associated with said account.
  - 7. The audit system of claim 1, further comprising an ownership component configured to determine authentication rules associated with said account, wherein authentication questions to be asked of a user are based upon said authentication rules.
  - 8. The audit system of claim 1, further comprising a registration server configured to receive a request for an identity associated with said account.
  - 9. The audit system of claim 1, further configured to monitor aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account.

10. A method for facilitating issuance of an identity associated with an account, said method comprising:
- assigning, by a computer, a positive weight for a successful transaction by a user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account;
  
  evaluating, by said computer, a current transaction of said user by comparing said current transaction to previous transactions performed by said user;
  
  assigning, by said computer, a positive weight for a similar transaction by said user;
  
  assigning, by said computer, a negative weight for an unsuccessful transaction by said user on said account, wherein assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing;
  
  aggregating, by said computer, said positive and negative weights to determine a usage history of said user;
  
  removing, by said computer, a relationship between said identity and said account when said aggregating step fails to meet a predetermined criteria; and
  
  monitoring, by said computer, aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising issuing, by said computer, said identity to a user associated with said account, in response to at least a portion of authentication questions being correctly answered, wherein said authentication questions to be asked are based upon authentication rules associated with said account.
  - 12. The method of claim 11, further comprising monitoring, by said computer, changes in a relationship between said user and said identity over a period of time to periodically perform an automatic adjustment of said authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user.
  - 13. The method of claim 10, further comprising analyzing said aggregation of said positive weights and said negative weights to determine a validity of said identity.
  - 14. The method of claim 10, further comprising:
    - evaluating a current transaction of said user;
      
      comparing said current transaction to previous transactions performed by said user; and
      
      ,assigning a positive weight for a similar transaction by said user.
  - 15. The method of claim 10, further comprising removing a relationship between said identity and said account when said analyzing step fails to meet a predetermined criteria.
  - 16. The method of claim 10, further comprising assigning a negative weight for a non-similar transaction by said user.

17. A method implemented by a computer for facilitating issuance of an identity associated with an account, said method comprising:
- issuing, by said computer, said identity to said user in response to at least a portion of authentication questions being correctly answered, wherein said authentication questions to be asked are based upon said authentication rules associated with said account;
  
  monitoring, by said computer, changes in a relationship between said user and said identity over a period of time to periodically perform an automatic adjustment of said authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user;
  
  evaluating, by said computer, a current transaction of said user;
  
  comparing, by said computer, said current transaction to previous transactions performed by said user; and
  
  assigning, by said computer, a positive weight for a similar transaction by said user.
- View Dependent Claims (18)
- - 18. The method of claim 17, further comprisingassigning a positive weight for a successful transaction by said user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account;
    - assigning a negative weight for an unsuccessful transaction by said user on said account; and
      
      aggregating said positive and negative weights to determine a usage history of said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Glazer, Elliott, Bishop, Fred, Armes, David, Barrett, Michael Richard, Gibbons, Stephen P., Steitz, Phillip W., Shelby, James

Granted Patent

US 8,015,205 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/783
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 40/00   Finance; Insurance; Tax str...

Y10S 707/99931   Database or file accessing

Method and System for Implementing and Managing an Enterprise Identity Management for Distributed Security

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Method and System for Implementing and Managing an Enterprise Identity Management for Distributed Security

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others