Context sensitive dynamic authentication in a cryptographic system

US 7,260,724 B1
Filed: 09/20/2000
Issued: 08/21/2007
Est. Priority Date: 09/20/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method of performing graded user authentication over a network, the method comprising:

obtaining first circumstantial data during a first authentication attempt by a first user;

storing said first circumstantial data;

obtaining second circumstantial data during a second authentication attempt by a second user;

obtaining authorization data during said second authentication attempt by said second user;

comparing said second circumstantial data to said stored first circumstantial data; and

assigning a level of trust to said second user.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for performing authentication of a first user to a second user includes the ability for the first user to submit multiple instances of authentication data which are evaluated and then used to generate an overall level of confidence in the claimed identity of the first user. The individual authentication instances are evaluated based upon: the degree of match between the user provided by the first user during the authentication and the data provided by the first user during his enrollment; the inherent reliability of the authentication technique being used; the circumstances surrounding the generation of the authentication data by the first user; and the circumstances surrounding the generation of the enrollment data by the first user. This confidence level is compared with a required trust level which is based at least in part upon the requirements of the second user, and the authentication result is based upon this comparison.

241 Citations

40 Claims

1. A method of performing graded user authentication over a network, the method comprising:
- obtaining first circumstantial data during a first authentication attempt by a first user;
  
  storing said first circumstantial data;
  
  obtaining second circumstantial data during a second authentication attempt by a second user;
  
  obtaining authorization data during said second authentication attempt by said second user;
  
  comparing said second circumstantial data to said stored first circumstantial data; and
  
  assigning a level of trust to said second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein said first user attempts said first authorization from a first location and said second user attempts said second authorization from a second location which is separate and distinct from said first location.
  - 3. The method of claim 1, wherein said first user and said second user are the same user.
  - 4. The method of claim 1, wherein said first authentication attempt is successful.
  - 5. The method of claim 2, wherein a session is created after said successful first authentication attempt and said session is closed prior to said second authentication attempt.
  - 6. The method of claim 1, wherein said circumstantial data is data describing one or more aspects of the current circumstances surrounding the authentication attempt with which it is associated.
  - 7. The method of claim 6, wherein said circumstantial data is data describing one or more aspects of the current circumstances surrounding the system of the user seeking to be authorized.
  - 8. The method of claim 7, wherein said circumstantial data comprises an identification associated with said system.
  - 9. The method of claim 8, wherein the identification comprises a processor serial number.
  - 10. The method of claim 7, wherein the circumstantial data comprises an identification associated with the network location of said system.
  - 11. The method of claim 10, wherein the identification comprises an IP address.
  - 12. The method of claim 7, wherein the circumstantial data comprises an identifier associated with the type of network to which said system is connected.
  - 13. The method of claim 6, wherein the circumstantial data comprises a time stamp associated with the time at which the authorization was attempted.
  - 14. The method of claim 1, wherein assigning a level of trust to said second user comprises examining the results of said comparison of said second circumstantial data to said stored first circumstantial data.
  - 15. The method of claim 1, wherein said authorization data is generated using one or more of one or more authorization techniques.
  - 16. The method of claim 15, wherein one of said one or more authorization techniques comprises fingerprint analysis.
  - 17. The method of claim 15, wherein one of said one or more authorization techniques comprises password comparison.
  - 18. The method of claim 15, wherein one of said one or more authorization techniques comprises smart card identification.
  - 19. The method of claim 15, wherein each of said one or more authorization techniques is assigned a reliability index based upon the inherent reliability of that technique.
  - 20. The method of claim 19, wherein assigning a level of trust to said second user comprises examining the reliability indexes of the one or more authentication techniques used to generate said authentication data.

21. A system for graded user authentication over a network comprising:
- a trust engine comprising;
  
  a secure server;
  
  wherein first circumstantial data obtained during a first authentication attempt by a first user is stored on said trust engine;
  
  wherein second circumstantial data obtained during a second authentication attempt by a second user is stored on said trust engine;
  
  wherein authorization data obtained during said second authentication attempt by said second user is stored on said trust engine; and
  
  wherein said trust engine which assigns a level of trust to said second user.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 22. The system of claim 21, wherein said first user attempts said first authorization from a first location and said second user attempts said second authorization from a second location which is separate and distinct from said first location.
  - 23. The system of claim 21, wherein said first user and said second user are the same user.
  - 24. The system of claim 21, wherein said first authentication attempt is successful.
  - 25. The system of claim 21, wherein a session is created after said successful first authentication attempt and said session is closed prior to said second authentication attempt.
  - 26. The system of claim 21, wherein said circumstantial data is data describing one or more aspects of the current circumstances surrounding the authentication attempt with which it is associated.
  - 27. The system of claim 26, wherein said circumstantial data is data describing one or more aspects of the current circumstances surrounding the system of the user seeking to be authorized.
  - 28. The system of claim 27, wherein said circumstantial data comprises an identification associated with said system.
  - 29. The system of claim 28, wherein the identification comprises a processor serial number.
  - 30. The system of claim 27, wherein the circumstantial data comprises an identification associated with the network location of said system.
  - 31. The system of claim 30, wherein the identification comprises an IP address.
  - 32. The system of claim 27, wherein the circumstantial data comprises an identifier associated with the type of network to which said system is connected.
  - 33. The system of claim 26, wherein the circumstantial data comprises a time stamp associated with the time at which the authorization was attempted.
  - 34. The system of claim 21, wherein assigning a level of trust to said second user comprises examining the results of said comparison of said second circumstantial data to said stored first circumstantial data.
  - 35. The system of claim 21, wherein said authorization data is generated using one or more of one or more authorization techniques.
  - 36. The system of claim 35, wherein one of said one or more authorization techniques comprises fingerprint analysis.
  - 37. The system of claim 35, wherein one of said one or more authorization techniques comprises password comparison.
  - 38. The system of claim 35, wherein one of said one or more authorization techniques comprises smart card identification.
  - 39. The system of claim 35, wherein each of said one or more authorization techniques is assigned a reliability index based upon the inherent reliability of that technique.
  - 40. The system of claim 39, wherein assigning a level of trust to said second user comprises examining the reliability indexes of the one or more authentication techniques used to generate said authentication data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Dickinson, Alexander G., Berger, Brian, Dobson, Robert T. Jr.
Primary Examiner(s)
Smithers; Matthew

Application Number

US09/666,377
Time in Patent Office

2,526 Days
Field of Search

713/182, 713/185, 726 5- 7, 726 8- 9
US Class Current

713/182
CPC Class Codes

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 9/3226   using a predetermined code,...

H04L 9/3297   involving time stamps, e.g....

H04W 12/67   Risk-dependent, e.g. select...

Context sensitive dynamic authentication in a cryptographic system

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

241 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Context sensitive dynamic authentication in a cryptographic system

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

241 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links