Method and system for implementing and managing an enterprise identity management for distributed security
First Claim
Patent Images
1. An audit system comprising:
- a processor;
a memory;
a network interface communicating with the memory;
said memory communicating with the processor for auditing; and
said processor, when executing a computer program, performs operations comprising;
monitoring, by said processor, changes in a relationship between a user and an identity of an account over a period of time to periodically perform an automatic adjustment of authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user;
assigning, by said processor, a positive weight for a successful transaction by said user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account;
evaluating, by said processor, a current transaction of said user by comparing said current transaction to previous transactions performed by said user;
assigning, by said processor, a positive weight for a similar transaction by said user;
assigning, by said processor, a negative weight for an unsuccessful transaction by said user on said account, wherein the assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing;
aggregating, by said processor, said positive and negative weights to determine a usage history of said user;
removing, by said processor, a relationship between said identity and said account in response to said aggregation failing to meet a predetermined criteria; and
monitoring, by said processor, aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account, said operations further comprising receiving a request for the identity, said operations further comprising issuing said identity to said user in response to at least a portion of said authentication questions being correctly answered, wherein said authentication questions to be asked are based upon authentication rules associated with said account.
4 Assignments
0 Petitions
Accused Products
Abstract
An Enterprise Identity Management system includes a registration component, an ownership component, and an audit component. The registration component is configured to associate a user ID with specific accounts that are accessible via a computer system. The ownership component is configured to verify the ownership of the accounts. The audit component is configured to perform periodic checks to ensure the validity of the association between the user ID and the ownership of the accounts.
-
Citations
10 Claims
-
1. An audit system comprising:
-
a processor; a memory; a network interface communicating with the memory;
said memory communicating with the processor for auditing; and
said processor, when executing a computer program, performs operations comprising;monitoring, by said processor, changes in a relationship between a user and an identity of an account over a period of time to periodically perform an automatic adjustment of authentication questions in response to a deterioration of said relationship, wherein said deterioration of said relationship is based upon activity of said user; assigning, by said processor, a positive weight for a successful transaction by said user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account; evaluating, by said processor, a current transaction of said user by comparing said current transaction to previous transactions performed by said user; assigning, by said processor, a positive weight for a similar transaction by said user; assigning, by said processor, a negative weight for an unsuccessful transaction by said user on said account, wherein the assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing; aggregating, by said processor, said positive and negative weights to determine a usage history of said user; removing, by said processor, a relationship between said identity and said account in response to said aggregation failing to meet a predetermined criteria; and
monitoring, by said processor, aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account, said operations further comprising receiving a request for the identity, said operations further comprising issuing said identity to said user in response to at least a portion of said authentication questions being correctly answered, wherein said authentication questions to be asked are based upon authentication rules associated with said account. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
assigning, by a computer for facilitating issuance of an identity associated with an account, a positive weight for a successful transaction by a user on said account, wherein said successful transaction is based on security requirements of said account and risk factors relating to various transaction types associated with said account; evaluating, by said computer, a current transaction of said user by comparing said current transaction to previous transactions performed by said user; assigning, by said computer, a positive weight for a similar transaction by said user; assigning, by said computer, a negative weight for an unsuccessful transaction by said user on said account, wherein the assigning the positive weight for the similar transaction and the assigning the negative weight are based on the comparing; aggregating, by said computer, said positive and negative weights to determine a usage history of said user; removing, by said computer, a relationship between said identity and said account when said aggregating step fails to meet a predetermined criteria; monitoring, by said computer, aggregated behaviors, wherein said aggregated behaviors are used to weight transactions to further verify ownership of said account; issuing, by said computer, said identity to a user associated with said account, in response to at least a portion of authentication questions being correctly answered, wherein said authentication questions to be asked are based upon authentication rules associated with said account; and monitoring, by said computer, changes in a relationship between said user and said identity over a period of time to periodically perform an automatic adjustment of said authentication questions in response to a deterioration. - View Dependent Claims (8, 9, 10)
-
Specification