Authentication surety and decay system and method
First Claim
1. A method in a computing environment for maintaining security and access to a plurality of networked devices, comprising:
- accepting a user identification that has been input by a user via one of a plurality of authentication devices to access a device, wherein said device is one of said plurality of networked devices;
determining a persona related to the user, wherein said persona indicates a user-role indicative of the accessibility of one or more devices in said plurality of networked devices;
storing an indication of said persona;
assigning a persona surety level to said persona, the persona surety level comprising a dynamic value indicative of the probability that the user is who the user claims to be;
applying a rate of decay to said dynamic value, wherein said rate of decay is based, in part, on the input method of the authentication device accepting the user identification and the time stamp;
assigning a surety level to said user identification, wherein said surety level depends on the input method of the authentication device accepting the user identification;
utilizing said user identification, said persona surety level, and said surety level to grant or deny access to said device; and
if access to said device is denied, displaying to the user a location of another authentication device within close proximity to the device for the user to access the device.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to a method and system for use in security authentication in a network environment. The present invention enables shared security information by networked devices. It also allows access to networked devices on the basis of authentication surety. The system assigns surety levels on the basis of the modes and methods of user authentication to the network. Further, the present invention allows the gradual decay, of user authentication and thus access to networked devices over time. Further still, the present invention distinguishes between individual identities and personas within the network environment. Surety levels associated with an authentication provide a predetermined level of access to networked devices or device features. The present invention provides improved security and diminishes the risk of fraudulent access to a network via identity theft.
81 Citations
14 Claims
-
1. A method in a computing environment for maintaining security and access to a plurality of networked devices, comprising:
-
accepting a user identification that has been input by a user via one of a plurality of authentication devices to access a device, wherein said device is one of said plurality of networked devices; determining a persona related to the user, wherein said persona indicates a user-role indicative of the accessibility of one or more devices in said plurality of networked devices; storing an indication of said persona; assigning a persona surety level to said persona, the persona surety level comprising a dynamic value indicative of the probability that the user is who the user claims to be; applying a rate of decay to said dynamic value, wherein said rate of decay is based, in part, on the input method of the authentication device accepting the user identification and the time stamp; assigning a surety level to said user identification, wherein said surety level depends on the input method of the authentication device accepting the user identification; utilizing said user identification, said persona surety level, and said surety level to grant or deny access to said device; and if access to said device is denied, displaying to the user a location of another authentication device within close proximity to the device for the user to access the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method in a network environment for providing access to a plurality of networked devices, based on the network'"'"'s knowledge of a user'"'"'s presence, comprising:
-
obtaining a user identification to access a device, the user identification received by an authentication device; assigning a surety level to the user identification, wherein the surety level depends on the input method of the authentication device accepting the identification from the user; storing attributes associated with the user identification, wherein the attributes include, in part, a time stamp of the user identification, an indication of a geographic location associated with the authentication device, and an initial authorization level associated with the authentication device; determining a persona related to the user based on a least one of said attributes, wherein the persona indicates a user-role indicative of the accessibility of one or more devices in the plurality of networked devices; storing an indication of the persona; denying the user access to the device because the authentication device is located outside of an acceptable proximity for accessing the device; and providing for display on the authentication device, a location of another authentication device within close proximity to the device for the user to access the device. - View Dependent Claims (10, 11, 12)
-
-
13. A method in a computing environment for providing secure access, comprising:
-
associating a surety value with a user identification, wherein the surety value depends on an input method of an authentication device that accepts the user identification;
determining a persona related to the user, wherein said persona indicates a user-role indicative of the accessibility of one or more devices in said plurality of networked devices;storing an indication of said persona; assigning a persona surety level to said persona, the persona surety level comprising a dynamic value indicative of the probability that the user is who the user claims to be; storing said dynamic value on a central database; assigning a persona surety level to said persona, on said central database, applying a rate decay to said dynamic value, wherein said rate of decay depends on the input method of the authentication device accepting the user identification; utilizing the surety value and the persona to provide access to one or more features of the at least one of a plurality of networked devices; and decaying the surety value over time to better secure the provided access, the rate of decay for the surety value varying by the type of user identification and the persona. - View Dependent Claims (14)
-
Specification