Granular authorization for network user sessions
First Claim
1. In a computing device including a security module that grants a user session access to network resources based on dynamic combinations of security characteristics associated with a user session, a method for granting dynamic mobile user session access to network resources depending on one or more authentication methods and the security of one or more devices associated with the mobile user session so as to grant dynamic access that corresponds to the trustworthiness of the associated authentication methods and devices, the method comprising:
- an act of accessing one or more security characteristics of one or more authentication methods for a user device that is associated with the mobile user session, the one or more security characteristics accounting for security differences in different authentication methods, different users devices, or both, in that different security characteristics correspond to different levels of trustworthiness;
an act of generating an authentication bundle representative of access to network resources by synthesizing the one or more accessed security characteristics, wherein the authentication bundle is used to grant the mobile user session one of a plurality of access levels to network resources, the granted level of access corresponding to a level of trustworthiness identified by the one or more accessed security characteristics synthesized in the authentication bundle, but wherein the mobile user session is granted a dynamically variable level of access; and
in response to detecting a change in a security characteristic that reduces security of the device or the mobile user session, dynamically reducing the granted level of access to a level of access which is less than the maximium level of access associated with the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Providing access to a mobile user session in a manner that more closely corresponds access to network resources to the trustworthiness of authentication methods and devices associated with the mobile user session. Characteristics of authentication methods associated with a mobile user session are synthesized to generate an authentication bundle. Characteristics may include data associated with passwords, biometric data or devices used to execute an authentication method. By synthesizing characteristics in varied manners, a non-binary sliding scale of access to network resources may be generated. An authentication bundle may be accessed to grant a mobile user session appropriate access to network resources. Granting access may include generating an authorization token that is passed to a filter or reverse proxy. Access to network resources may be dynamically modified as authentication methods associated with a mobile user session change.
181 Citations
47 Claims
-
1. In a computing device including a security module that grants a user session access to network resources based on dynamic combinations of security characteristics associated with a user session, a method for granting dynamic mobile user session access to network resources depending on one or more authentication methods and the security of one or more devices associated with the mobile user session so as to grant dynamic access that corresponds to the trustworthiness of the associated authentication methods and devices, the method comprising:
-
an act of accessing one or more security characteristics of one or more authentication methods for a user device that is associated with the mobile user session, the one or more security characteristics accounting for security differences in different authentication methods, different users devices, or both, in that different security characteristics correspond to different levels of trustworthiness; an act of generating an authentication bundle representative of access to network resources by synthesizing the one or more accessed security characteristics, wherein the authentication bundle is used to grant the mobile user session one of a plurality of access levels to network resources, the granted level of access corresponding to a level of trustworthiness identified by the one or more accessed security characteristics synthesized in the authentication bundle, but wherein the mobile user session is granted a dynamically variable level of access; and in response to detecting a change in a security characteristic that reduces security of the device or the mobile user session, dynamically reducing the granted level of access to a level of access which is less than the maximium level of access associated with the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 39, 40, 43, 44, 45, 46, 47)
-
-
28. In a computing device including an access granting module that grants a user session access to network resources based on dynamic combinations of security characteristics associated with a user session, a method for granting dynamic mobile user session access to network resources depending on one or more authentication methods and the security of one or more devices associated with the mobile user session so as to grant dynamic access that corresponds to the trustworthiness of the associated authentication methods and devices, the method comprising:
-
an act of accessing an authentication bundle, the authentication bundle having been generated by synthesizing one or more security characteristics of one or more authentication methods for a user device that is associated with the mobile user session the one or more security characteristics accounting for security differences in different authentication methods, different users devices, or both, in different security characteristics correspond to different levels of trustworthiness; an act of granting one of a plurality of access levels to network resources, the granted level of access corresponding to a level of trustworthiness identified by the one or more accessed security characteristics synthesized in the authentication bundle, wherein granting one of the plurality of access levels comprises granting a mobile user session a dynamically variable level of access; and in response to detecting a change in a security characteristic that reduces security of the device or the mobile user session, dynamically reducing the granted level of access to a level of access which is less than the maximum level of access associated with the user. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 41, 42)
-
Specification