GRADUATED AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM

US 20170006042A1
Filed: 06/02/2016
Published: 01/05/2017
Est. Priority Date: 06/16/2004
Status: Active Grant

First Claim

Patent Images

1-22. -22. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.

15 Citations

View as Search Results

42 Claims

1-22. -22. (canceled)

23. A computer-readable storage device storing instructions that, when executed by a computing system, cause the computing system to perform acts for verifying response security, the acts comprising:
- sending, to a first computing system, a first request for information, the first request including a first transaction security level;
  
  receiving a first response to the first request, wherein the first response is transmitted in accordance with a response security level determined by the first computing system based on the first transaction security level included in the first request;
  
  verifying that the first response was sent using a first response security level based on the first transaction security level;
  
  sending, to a second computing system, a second request for information, the second request including a second transaction security level;
  
  receiving a second response corresponding to the second request;
  
  determining that the second response does not meet minimum requirements associated with the second transaction security level; and
  
  responsive to the determining that the second response does not meet the minimum requirements, providing an indication that an attack may be in progress.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36)
- - 24. The computer-readable storage device of claim 23, wherein the acts further comprise terminating a connection with the second computing system, responsive to the determination that the second response does not meet minimum requirements.
  - 25. The computer-readable storage device of claim 23, wherein the acts further comprise providing an indication to a user that the second computing system did not respond as expected, responsive to the determination that the second response does not meet minimum requirements,
  - 26. The computer-readable storage device of claim 23, wherein the acts further comprise logging an IP address of the second computing system, responsive to the determination that the second response does not meet minimum requirements,
  - 27. The computer-readable storage device of claim 23,wherein the second transaction security level comprises a transaction authentication security level;
    - andwherein the determining that the second response does not meet minimum requirements associated with the transaction authentication security level comprises determining that an authentication mechanism that was selected to transmit the second response does not have an authentication security level corresponding to the transaction authentication security level.
  - 28. The computer-readable storage device of claim 23,wherein the second transaction security level comprises a transaction channel security level;
    - andwherein the determining that the second response does not meet minimum requirements associated with the transaction channel security level comprises determining that a channel that was selected to transmit the second response does not have a channel security level corresponding to the transaction channel security level.
  - 29. The computer-readable storage device of claim 23,wherein the second transaction security level comprises a transaction time sensitivity security level;
    - andwherein the determining that the second response does not meet minimum requirements associated with the transaction time sensitivity security level comprises determining that the second response was not received within a specified time limit corresponding to the transaction time sensitivity security level,
  - 30. The computer-readable storage device of claim 23, wherein the second response comprises an attempt to provide an authentication of a user identity.
  - 31. The computer-readable storage device of claim 23, wherein the second transaction security level is selected based on a previous communication with the second computing system.
  - 32. The computer-readable storage device of claim 23, wherein the second transaction security level is selected based on user preferences.
  - 33. The computer-readable storage device of claim 32, wherein the user preferences are associated with the information requested in the received second request.
  - 35. The system of claim 33 wherein the security analysis module is further configured to, responsive to the indication that the attack may be in progress, terminate a connection with the second computing system or log an IP address of the second computing system.
  - 36. The system of claim 33, wherein the second transaction security level is selected based on a previous communication with the second computing system.

34. A system for analyzing security characteristics of esponses, the system comprising:
- a memory;
  
  one or more processors;
  
  an interface configured to;
  
  receive, from a first computing system, a first response to a first request for user information, wherein the first request indicates a first transaction security level, and wherein the first response is transmitted in accordance with a response security level determined by the first computing system based on the first transaction security level indicated by the first request; and
  
  receive, from a second computing system, a second response to a second request for information, wherein the second request indicates a second transaction security level; and
  
  a security analysis module configured to;
  
  verify that the first response was sent using a first response security level based on the first transaction security level;
  
  determine that the second response does not meet minimum requirements associated with the second transaction security level; and
  
  provide an indication that an attack may be in progress, responsive to the determination that the second response does not meet the minimum requirements.

37. A method for verifying response security, comprising:
- sending, to a computing system, a request for information, the request including a transaction security level;
  
  receiving a response corresponding to the request;
  
  determining that the response does not meet minimum requirements associated with the transaction security level; and
  
  responsive to the determining that the response does not meet the minimum requirements, providing an indication that an attack may be in progress.
- View Dependent Claims (38, 39, 40, 41, 42)
- - 38. The method of claim 37 further comprising, responsive to the determination that the response does not meet minimum requirements, terminating a connection with the computing system.
  - 39. The method of claim 37 further comprising, responsive to the determination that the response does not meet minimum requirements, logging an IP address of the computing system.
  - 40. The method of claim 37,wherein the transaction security level comprises a transaction authentication security level;
    - andwherein the determining that the response does not meet minimum requirements associated with the transaction authentication security level comprises determining that an authentication mechanism that was selected to transmit the response does not have an authentication security level corresponding to the transaction authentication security level.
  - 41. The method of claim 37,wherein the transaction security level comprises a transaction channel security level:
    - andwherein the determining that the response does not meet minimum requirements associated with the transaction channel security level comprises determining that a channel that was selected to transmit the response does not have a channel security level corresponding to the transaction channel security level
  - 42. The method of claim 37,wherein the transaction security level comprises a transaction time sensitivity security level;
    - andwherein the determining that the response does not meet minimum requirements associated with the transaction time sensitivity security level comprises determining that the response was not received within a specified time limit corresponding to the transaction time sensitivity security level,

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Inventors
Hardt, Dick C.

Granted Patent

US 10,298,594 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

GRADUATED AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

GRADUATED AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links