USER AUTHENTICATION

US 20170093920A1
Filed: 03/17/2015
Published: 03/30/2017
Est. Priority Date: 03/18/2014
Status: Active Grant

First Claim

Patent Images

1. A method of user authentication for user access to a restricted resource in a computer system comprising:

receiving an indication of a user request to access the restricted resource, the request having associated a current user context defining one or more characteristics of the user;

receiving a user selected authentication scheme from a set of authentication schemes for the current user context;

comparing the user selected authentication scheme with a set of user-specific rules, each rule indicating one or more authentication schemes for a user context as preferred authentication schemes; and

permitting access to the restricted resource based on the comparison so as to prevent access to the restricted resource when the rules indicate one or more authentication schemes other than the user selected authentication scheme are preferred for the current user context.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication apparatus to authenticate a user requesting access to a restricted resource in a computer system comprising: an interface adapted to receive an indication of a user request to access the restricted resource, the request having associated a current user context defining one or more characteristics of the user; a receiver adapted to receive a user selected authentication scheme from a set of authentication schemes for the current user context; a comparator adapted to compare the user selected authentication scheme with a set of user-specific rules, each rule indicating one or more authentication schemes for a user context as preferred authentication schemes; an access controller adapted to permit access to the restricted resource based on the comparison so as to prevent access to the restricted resource when the rules indicate one or more authentication schemes other than the user selected authentication scheme are preferred for the current user context.

Citations

20 Claims

1. A method of user authentication for user access to a restricted resource in a computer system comprising:
- receiving an indication of a user request to access the restricted resource, the request having associated a current user context defining one or more characteristics of the user;
  
  receiving a user selected authentication scheme from a set of authentication schemes for the current user context;
  
  comparing the user selected authentication scheme with a set of user-specific rules, each rule indicating one or more authentication schemes for a user context as preferred authentication schemes; and
  
  permitting access to the restricted resource based on the comparison so as to prevent access to the restricted resource when the rules indicate one or more authentication schemes other than the user selected authentication scheme are preferred for the current user context.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 20)
- - 2. The method of claim 1 wherein the user context has associated a predetermined authentication level indicating a level of assurance of authentication required for the user context.
  - 3. The method of claim 2 wherein the set of authentication schemes for the current user context is a subset of a set of all authentication schemes available for the computer system, the subset including authentication schemes being predetermined to provide a level of assurance of authentication in accordance with the authentication level for the user context.
  - 4. The method of claim 1 wherein each rule in the set of user-specific rules is defined for a user context in a set of user contexts based on a learning process whereby preferred authentication schemes are identified based on a frequency of use of the authentication schemes in prior requests by the requesting user to access the restricted resource.
  - 5. The method of claim 4 wherein the learning process for a user context includes, for a plurality of prior requests to access the restricted resource by any user:
    - determining a frequency of use of each authentication scheme; and
      
      determining a rate of successful authentication of each authentication scheme.
  - 6. The method of claim 5 wherein the learning process for a user context further includes, for a plurality of prior requests to access the restricted resource by the requesting user:
    - determining a frequency of use of each authentication scheme; and
      
      determining a rate of successful authentication of each authentication scheme.
  - 7. The method of claim 6 wherein the learning process for a user context further includes, for the requesting user, evaluating a probability that the user is authenticated by each authentication scheme.
  - 8. The method of claim 7 wherein the probability for each authentication scheme is a product of the frequency of use by the requesting user and the rate of successful authentication of the requesting user for the authentication scheme.
  - 9. The method of claim 8 wherein one or more preferred authentication schemes for the requesting user in a user context are identified based on authentication schemes having a greatest probability.
  - 10. The method of claim 8 wherein the learning process for a user context further includes evaluating a probability that any user is authenticated by each authentication scheme, andwherein the probability that any user is authenticated by each authentication scheme is a product of the frequency of use by any user and the rate of successful authentication for any user for the authentication scheme.
  - 11. The method of claim 10 wherein one or more preferred authentication schemes for the requesting user in a user context are identified based on authentication schemes having a probability for the requesting user that differs from a probability for any user by at least a predetermined threshold.
  - 12. The method of claim 1 wherein the user context defines characteristics of the requesting user taken from the set of:
    - geographic location characteristics;
      
      computer network location characteristics;
      
      user device characteristics;
      
      user device type;
      
      user device facilities;
      
      user device capabilities;
      
      user device software version; and
      
      a class of the user in an access control system.
  - 13. The method of claim 1 wherein the set of authentication schemes includes at least two of:
    - password based authentication;
      
      passphrase based authentication;
      
      hardware token based authentication;
      
      software token base authentication;
      
      at least one biometric based authentication;
      
      multi-factor authentication including a plurality of authentication methods;
      
      certificate based authentication;
      
      authentication by a cloud security provider;
      
      authentication by a cloud service credential;
      
      authentication by a social network credential; and
      
      a smartcard based authentication.
  - 20. A computer program element comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer to perform the method as claimed in claim 1.

14. An authentication apparatus to authenticate a user requesting access to a restricted resource in a computer system comprising:
- an interface adapted to receive an indication of a user request to access the restricted resource, the request having associated a current user context defining one or more characteristics of the user;
  
  a receiver adapted to receive a user selected authentication scheme from a set of authentication schemes for the current user context;
  
  a comparator adapted to compare the user selected authentication scheme with a set of user-specific rules, each rule indicating one or more authentication schemes for a user context as preferred authentication schemes; and
  
  an access controller adapted to permit access to the restricted resource based on the comparison so as to prevent access to the restricted resource when the rules indicate one or more authentication schemes other than the user selected authentication scheme are preferred for the current user context.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The apparatus of claim 14 wherein the user context has associated a predetermined authentication level indicating a level of assurance of authentication required for the user context.
  - 16. The apparatus of claim 15 wherein the set of authentication schemes for the current user context is a subset of a set of all authentication schemes available for the computer system, the subset including authentication schemes being predetermined to provide a level of assurance of authentication in accordance with the authentication level for the user context.
  - 17. The apparatus of claim 14 wherein each rule in the set of user-specific rules is defined for each context based on a learning process whereby preferred authentication schemes are identified based on a frequency of use of the authentication schemes in prior requests by the requesting user to access the restricted resource.
  - 18. The apparatus of claim 14 wherein the user context defines characteristics of the requesting user taken from the set of:
    - geographic location characteristics;
      
      computer network location characteristics;
      
      user device characteristics;
      
      user device type;
      
      user device facilities;
      
      user device capabilities;
      
      user device software version; and
      
      a class of the user in an access control system.
  - 19. The apparatus of claim 14 wherein the set of authentication schemes includes at least two of:
    - password based authentication;
      
      passphrase based authentication;
      
      hardware token based authentication;
      
      software token base authentication;
      
      at least one biometric based authentication;
      
      multi-factor authentication including a plurality of authentication methods;
      
      certificate based authentication;
      
      authentication by a cloud security provider;
      
      authentication by a cloud service credential;
      
      authentication by a social network credential; and
      
      a smartcard based authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
DUCATEL, Gery Michel, DIMITRAKOS, Theo

Granted Patent

US 10,044,761 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/335   for accessing specific reso...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06N 20/00   Machine learning

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04W 12/68   Gesture-dependent or behavi...

USER AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USER AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links