Unsecured asset detection via correlated authentication anomalies
First Claim
1. A method of detecting an unsecured computing device, comprising:
- during a session, receiving a request from the unsecured computing device and made by a user, the request being a federated single sign-on (F-SSO) request to access an identity provider;
invoking a federated single sign-on (F-SSO) to the identity provider on behalf of the user;
receiving results from the invoked F-SSO;
analyzing information returned in the results to detect an authentication anomaly; and
upon detecting an authentication anomaly, initiating an anomaly workflow.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus and computer program product for detecting that a computing device may not be secure based on inconsistent identity associations identified during Federated Single Sign-On (F-SSO). A detection proxy detects when a user with a particular session is accessing an identity provider (IdP) that is associated with an account that is not the current user'"'"'s account. When a user performs a login to an F-SSO-enabled IdP, the proxy performs an F-SSO, and the results are compared with known aliases for that particular federation partner. If an anomaly is detected (e.g., the in-line device sees that a user logs into a web site as someone else), a workflow is initiated to perform a given action, such as blocking access, issuing an alert, or the like.
-
Citations
20 Claims
-
1. A method of detecting an unsecured computing device, comprising:
-
during a session, receiving a request from the unsecured computing device and made by a user, the request being a federated single sign-on (F-SSO) request to access an identity provider; invoking a federated single sign-on (F-SSO) to the identity provider on behalf of the user; receiving results from the invoked F-SSO; analyzing information returned in the results to detect an authentication anomaly; and upon detecting an authentication anomaly, initiating an anomaly workflow. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus to detect an unsecured computing device, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; during a session, receiving a request from the unsecured computing device and made by a user, the request being a federated single sign-on (F-SSO) request to access an identity provider; invoking a federated single sign-on (F-SSO) to the identity provider on behalf of the user; receiving results from the invoked F-SSO; analyzing information returned in the results to detect an authentication anomaly; and upon detecting an authentication anomaly, initiating an anomaly workflow. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system to detect an unsecured computing device, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
during a session, receiving a request from the unsecured computing device and made by a user, the request being a federated single sign-on (F-SSO) request to access an identity provider; invoking a federated single sign-on (F-SSO) to the identity provider on behalf of the user; receiving results from the invoked F-SSO; analyzing information returned in the results to detect an authentication anomaly; and upon detecting an authentication anomaly, initiating an anomaly workflow. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification