Method and system for implementing and managing an enterprise identity management for distributed security
First Claim
Patent Images
1. A computing system for facilitating the management of user identities, said computing system comprising:
- a processor;
a memory;
a registration server component, of said computing system, configured to receive a request for an identity, wherein said identity is associated with an account;
an ownership component, of said computing system, configured to determine authentication rules associated with said account, wherein authentication questions to be asked of a user are based upon said authentication rules;
a registration server component, of said computing system, further configured to issue said identity to said user in response to at least a portion of said authentication questions being correctly answered, wherein said authentication questions to be asked are based upon said authentication rules associated with said account; and
an audit server, of said computing system, configured to monitor changes in a relationship between said user and said identity over a period of time to periodically perform an automatic adjustment of said authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user;
said audit server further configured to assign a positive weight for a successful transaction by said user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account;
said audit server further configured to evaluate a current transaction of said user by comparing said current transaction to previous transactions performed by said user;
assign a positive weight for a similar transaction by said user;
assign a negative weight for an unsuccessful transaction by said user on said account, wherein the assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing;
aggregate said positive and negative weights to determine a usage history of said user;
remove a relationship between said identity and said account when said aggregation fails to meet a predetermined criteria; and
wherein said audit server is further configured to monitor aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account.
6 Assignments
0 Petitions
Accused Products
Abstract
An Enterprise Identity Management system includes a registration component, an ownership component, and an audit component. The registration component is configured to associate a user ID with specific accounts that are accessible via a computer system. The ownership component is configured to verify the ownership of the accounts. The audit component is configured to perform periodic checks to ensure the validity of the association between the user ID and the ownership of the accounts.
30 Citations
4 Claims
-
1. A computing system for facilitating the management of user identities, said computing system comprising:
-
a processor; a memory; a registration server component, of said computing system, configured to receive a request for an identity, wherein said identity is associated with an account; an ownership component, of said computing system, configured to determine authentication rules associated with said account, wherein authentication questions to be asked of a user are based upon said authentication rules; a registration server component, of said computing system, further configured to issue said identity to said user in response to at least a portion of said authentication questions being correctly answered, wherein said authentication questions to be asked are based upon said authentication rules associated with said account; and an audit server, of said computing system, configured to monitor changes in a relationship between said user and said identity over a period of time to periodically perform an automatic adjustment of said authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user; said audit server further configured to assign a positive weight for a successful transaction by said user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account; said audit server further configured to evaluate a current transaction of said user by comparing said current transaction to previous transactions performed by said user; assign a positive weight for a similar transaction by said user; assign a negative weight for an unsuccessful transaction by said user on said account, wherein the assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing; aggregate said positive and negative weights to determine a usage history of said user;
remove a relationship between said identity and said account when said aggregation fails to meet a predetermined criteria; andwherein said audit server is further configured to monitor aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account. - View Dependent Claims (2, 3)
-
-
4. A method for facilitating issuance of an identity associated with an account, said method comprising:
-
receiving, by a computer, a request for an identity, wherein said identity is associated with said account; determining authentication rules associated with said account, wherein authentication questions to be asked of a user are based upon said authentication rules; issuing, by said computer, said identity to said user in response to at least a portion of said authentication questions being correctly answered, wherein said authentication questions to be asked are based upon said authentication rules associated with said account; monitoring, by said computer, changes in a relationship between said user and said identity over a period of time to periodically perform an automatic adjustment of said authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user; assigning a positive weight for a successful transaction by said user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account; evaluating a current transaction of said user by comparing said current transaction to previous transactions performed by said user; assigning a positive weight for a similar transaction by said user; assigning a negative weight for an unsuccessful transaction by said user on said account, wherein the assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing; and aggregating said positive and negative weights to determine a usage history of said user; removing a relationship between said identity and said account when said aggregating step fails to meet a predetermined criteria; and monitoring aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeLiberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
-
Original AssigneeAmerican Express Travel Related Services Company, Inc. (American Express Company)
-
InventorsGlazer, Elliott, Bishop, Fred, Barrett, Michael Richard, Shelby, James, Gibbons, Stephen P, Armes, David, Seitz, Philip W
-
Primary Examiner(s)Truong, Cam Y T
-
Application NumberUS11/457,076Publication NumberTime in Patent Office1,476 DaysField of SearchNoneUS Class Current707/783CPC Class CodesG06F 21/34 involving the use of extern...G06Q 40/00 Finance; Insurance; Tax str...Y10S 707/99931 Database or file accessing
