Context sensitive dynamic authentication in a cryptographic system

US 7,802,104 B2
Filed: 08/16/2007
Issued: 09/21/2010
Est. Priority Date: 09/20/1999
Status: Expired due to Fees

First Claim

Patent Images

1. An article of manufacture comprising:

a non-transitory computer readable storage medium comprising instructions, said instructions comprising instructions for;

obtaining first circumstantial data during a first authentication attempt by a first user;

storing said first circumstantial data;

obtaining second circumstantial data during a second authentication attempt by a second user;

obtaining authorization data during said second authentication attempt by said second user;

comparing said second circumstantial data to said stored first circumstantial data; and

assigning a level of trust to said second user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for performing authentication of a first user to a second user includes the ability for the first user to submit multiple instances of authentication data which are evaluated and then used to generate an overall level of confidence in the claimed identity of the first user. The individual authentication instances are evaluated based upon: the degree of match between the user provided by the first user during the authentication and the data provided by the first user during his enrollment; the inherent reliability of the authentication technique being used; the circumstances surrounding the generation of the authentication data by the first user; and the circumstances surrounding the generation of the enrollment data by the first user. This confidence level is compared with a required trust level which is based at least in part upon the requirements of the second user, and the authentication result is based upon this comparison.

Citations

24 Claims

1. An article of manufacture comprising:
- a non-transitory computer readable storage medium comprising instructions, said instructions comprising instructions for;
  
  obtaining first circumstantial data during a first authentication attempt by a first user;
  
  storing said first circumstantial data;
  
  obtaining second circumstantial data during a second authentication attempt by a second user;
  
  obtaining authorization data during said second authentication attempt by said second user;
  
  comparing said second circumstantial data to said stored first circumstantial data; and
  
  assigning a level of trust to said second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The article of manufacture of claim 1, wherein said first user attempts said first authorization from a first location, and said second user attempts said second authorization from a second location, which is separate and distinct from said first location.
  - 3. The article of manufacture of claim 1, wherein said first user and said second user are the same user.
  - 4. The article of manufacture of claim 1, wherein said first authentication attempt is successful.
  - 5. The article of manufacture of claim 2, wherein a session is created after said successful first authentication attempt and said session is closed prior to said second authentication attempt.
  - 6. The article of manufacture of claim 1, wherein said circumstantial data is data describing one or more aspects of the current circumstances surrounding the authentication attempt with which it is associated.
  - 7. The article of manufacture of claim 6, wherein said circumstantial data comprises one or more datum selected from the group consisting of the user'"'"'s processor serial number, the user'"'"'s IP address, the type of network the user is connected to, or a time stamp associated with each authorization attempt.
  - 8. The article of manufacture of claim 1, wherein assigning said level of trust to said second user comprises examining the results of said comparison of said second circumstantial data to said stored first circumstantial data.
  - 9. The article of manufacture of claim 1, wherein said authorization data is generated using one or more of one or more authorization techniques.
  - 10. The article of manufacture of claim 9, wherein said authorization technique is one or more authorization techniques selected from the group consisting of fingerprint analysis, password comparison, and smart card identification.
  - 11. The article of manufacture of claim 9, wherein each of said one or more authorization techniques is assigned a reliability index based upon the inherent reliability of that technique.
  - 12. The article of manufacture of claim 1, wherein assigning said level of trust to said second user comprises examining the reliability indexes of the one or more authentication techniques used to generate said authentication data.

13. An apparatus for graded user authentication over a network comprising:
- first circumstantial data;
  
  second circumstantial data;
  
  authorization data; and
  
  a trust engine;
  
  wherein said first circumstantial data is obtained during a first authentication attempt by a first user;
  
  wherein said second circumstantial data is obtained during a second authentication attempt by a second user;
  
  wherein said authorization data is obtained during said second authentication attempt by said second user; and
  
  wherein a trust engine assigns a level of trust to said second user.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The apparatus claim 13, wherein said first user attempts said first authorization from a first location, and said second user attempts said second authorization from a second location, which is separate and distinct from said first location.
  - 15. The apparatus of claim 13, wherein said first user and said second user are the same user.
  - 16. The apparatus of claim 13, wherein said first authentication attempt is successful.
  - 17. The apparatus of claim 14, wherein a session is created after said successful first authentication attempt and said session is closed prior to said second authentication attempt.
  - 18. The apparatus of claim 13, wherein said circumstantial data is data describing one or more aspects of the current circumstances surrounding the authentication attempt with which it is associated.
  - 19. The apparatus of claim 18, wherein said circumstantial data comprises one or more datum selected from the group consisting of the user'"'"'s processor serial number, the user'"'"'s IP address, the type of network the user is connected to, or a time stamp associated with each authorization attempt.
  - 20. The apparatus of claim 13, wherein assigning said level of trust to said second user comprises examining the results of said comparison of said second circumstantial data to said stored first circumstantial data.
  - 21. The apparatus of claim 13, wherein said authorization data is generated using one or more of one or more authorization techniques.
  - 22. The apparatus of claim 21, wherein said authorization technique is one or more authorization techniques selected from the group consisting of fingerprint analysis, password comparison, and smart card identification.
  - 23. The apparatus of claim 21, wherein each of said one or more authorization techniques is assigned a reliability index based upon the inherent reliability of that technique.
  - 24. The apparatus of claim 13, wherein assigning said level of trust to said second user comprises examining the reliability indexes of the one or more authentication techniques used to generate said authentication data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Dobson, Robert T. Jr., Dickinson, Alexander G., Berger, Brian
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US11/839,927
Publication Number

US 20080034209A1
Time in Patent Office

1,132 Days
Field of Search

726/8
US Class Current

713/182
CPC Class Codes

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 9/3226   using a predetermined code,...

H04L 9/3297   involving time stamps, e.g....

H04W 12/67   Risk-dependent, e.g. select...

Context sensitive dynamic authentication in a cryptographic system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Context sensitive dynamic authentication in a cryptographic system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links