Authentication surety and decay system and method

US 7,636,853 B2
Filed: 01/30/2003
Issued: 12/22/2009
Est. Priority Date: 01/30/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a computing environment for maintaining security and access to a plurality of networked devices, comprising:

accepting a user identification that has been input by a user via one of a plurality of authentication devices to access a device, wherein said device is one of said plurality of networked devices;

determining a persona related to the user, wherein said persona indicates a user-role indicative of the accessibility of one or more devices in said plurality of networked devices;

storing an indication of said persona;

assigning a persona surety level to said persona, the persona surety level comprising a dynamic value indicative of the probability that the user is who the user claims to be;

applying a rate of decay to said dynamic value, wherein said rate of decay is based, in part, on the input method of the authentication device accepting the user identification and the time stamp;

assigning a surety level to said user identification, wherein said surety level depends on the input method of the authentication device accepting the user identification;

utilizing said user identification, said persona surety level, and said surety level to grant or deny access to said device; and

if access to said device is denied, displaying to the user a location of another authentication device within close proximity to the device for the user to access the device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a method and system for use in security authentication in a network environment. The present invention enables shared security information by networked devices. It also allows access to networked devices on the basis of authentication surety. The system assigns surety levels on the basis of the modes and methods of user authentication to the network. Further, the present invention allows the gradual decay, of user authentication and thus access to networked devices over time. Further still, the present invention distinguishes between individual identities and personas within the network environment. Surety levels associated with an authentication provide a predetermined level of access to networked devices or device features. The present invention provides improved security and diminishes the risk of fraudulent access to a network via identity theft.

81 Citations

View as Search Results

14 Claims

1. A method in a computing environment for maintaining security and access to a plurality of networked devices, comprising:
- accepting a user identification that has been input by a user via one of a plurality of authentication devices to access a device, wherein said device is one of said plurality of networked devices;
  
  determining a persona related to the user, wherein said persona indicates a user-role indicative of the accessibility of one or more devices in said plurality of networked devices;
  
  storing an indication of said persona;
  
  assigning a persona surety level to said persona, the persona surety level comprising a dynamic value indicative of the probability that the user is who the user claims to be;
  
  applying a rate of decay to said dynamic value, wherein said rate of decay is based, in part, on the input method of the authentication device accepting the user identification and the time stamp;
  
  assigning a surety level to said user identification, wherein said surety level depends on the input method of the authentication device accepting the user identification;
  
  utilizing said user identification, said persona surety level, and said surety level to grant or deny access to said device; and
  
  if access to said device is denied, displaying to the user a location of another authentication device within close proximity to the device for the user to access the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein said user identification is provided through a biometric device.
  - 3. A method as recited in claim 2, wherein said biometric device is an iris scanner.
  - 4. A method as recited in claim 2, wherein said biometric device is a voice recognition system.
  - 5. A method as recited in claim 1, wherein said user identification is provided through a text password input.
  - 6. A method as recited in claim 1, further comprising sharing said user identification and said surety level across a network.
  - 7. A method as recited in claim 1, wherein said decay is by the length of time since the user authentication.
  - 8. A method as recited in claim 1, wherein said surety level is aggregated across the network.

9. A method in a network environment for providing access to a plurality of networked devices, based on the network'"'"'s knowledge of a user'"'"'s presence, comprising:
- obtaining a user identification to access a device, the user identification received by an authentication device;
  
  assigning a surety level to the user identification, wherein the surety level depends on the input method of the authentication device accepting the identification from the user;
  
  storing attributes associated with the user identification, wherein the attributes include, in part, a time stamp of the user identification, an indication of a geographic location associated with the authentication device, and an initial authorization level associated with the authentication device;
  
  determining a persona related to the user based on a least one of said attributes, wherein the persona indicates a user-role indicative of the accessibility of one or more devices in the plurality of networked devices;
  
  storing an indication of the persona;
  
  denying the user access to the device because the authentication device is located outside of an acceptable proximity for accessing the device; and
  
  providing for display on the authentication device, a location of another authentication device within close proximity to the device for the user to access the device.
- View Dependent Claims (10, 11, 12)
- - 10. A method as recited in claim 9, wherein said user identification is provided through a biometric device.
  - 11. A method as recited in claim 10, wherein said biometric device is an iris scanner.
  - 12. A method as recited in claim 10, wherein said biometric device is a voice recognition system.

13. A method in a computing environment for providing secure access, comprising:
- associating a surety value with a user identification, wherein the surety value depends on an input method of an authentication device that accepts the user identification;
  
  determining a persona related to the user, wherein said persona indicates a user-role indicative of the accessibility of one or more devices in said plurality of networked devices;
  
  storing an indication of said persona;
  
  assigning a persona surety level to said persona, the persona surety level comprising a dynamic value indicative of the probability that the user is who the user claims to be;
  
  storing said dynamic value on a central database;
  
  assigning a persona surety level to said persona,on said central database, applying a rate decay to said dynamic value, wherein said rate of decay depends on the input method of the authentication device accepting the user identification;
  
  utilizing the surety value and the persona to provide access to one or more features of the at least one of a plurality of networked devices; and
  
  decaying the surety value over time to better secure the provided access, the rate of decay for the surety value varying by the type of user identification and the persona.
- View Dependent Claims (14)
- - 14. A method as recited in claim 13, further comprising:
    - accepting a subsequent user authentication; and
      
      updating said surety value in response to said subsequent user authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Cluts, Jonathan C., Heath, Pamela J., Pleyer, Sven
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Pearson; David J

Application Number

US10/354,589
Publication Number

US 20040153656A1
Time in Patent Office

2,518 Days
Field of Search

None
US Class Current

713/186
CPC Class Codes

G06F 21/31   User authentication

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 67/535   Tracking the activity of th...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Authentication surety and decay system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication surety and decay system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links