Adaptive authentication solution that rewards almost correct passwords and that simulates access for incorrect passwords
First Claim
1. A method to authenticate users of a computing system comprising:
- monitoring a number of attempts of access to at least one secured computing asset;
receiving, for at least a portion of the attempts, incorrect authentication information for accessing the at least one secured computing asset;
determining a similarity score for each attempt, wherein for the portion of attempts the determining of the similarly score compares the incorrect authentication information and previously stored correct authentication information;
computing an average authorization score based on the similarity scores for each attempt, and the number of attempts;
comparing the average authorization score with an established threshold;
responsive to the average authorization score being greater than the established threshold, assigning an access level based on the average authorization score, wherein said assigned access level is an emulation access level or a limited access to a portion of at least one secured computing asset; and
granting access consistent with the assigned access level, wherein said receiving, determining, comparing, assigning, and granting are performed automatically by at least one machine in accordance with at least one computer program having a plurality of code sections that are executable by the at least one machine, said at least one computer program being stored in a non-transitory machine readable medium.
1 Assignment
0 Petitions
Accused Products
Abstract
In the invention, incorrect authentication information for accessing at least one secured computing asset can be received. A similarity score between the incorrect authentication information and correct authentication information can be determined. One of many different access levels can be assigned to a computing session based upon the similarity score. Access consistent with the assigned access level can be granted. One access level can be an emulation access level that grants access to at least one simulated asset designed to mimic the secured asset. Access to the simulated asset can be provided in a fashion so that a user, who is likely an intruder, is unaware that they are not receiving the secured asset information. A tracking action can be optionally initiated against the intruder. Further, user behavior with the simulated session or a limited access session can be compared against a behavior profile to dynamically increase or decrease session permissions.
24 Citations
19 Claims
-
1. A method to authenticate users of a computing system comprising:
-
monitoring a number of attempts of access to at least one secured computing asset; receiving, for at least a portion of the attempts, incorrect authentication information for accessing the at least one secured computing asset; determining a similarity score for each attempt, wherein for the portion of attempts the determining of the similarly score compares the incorrect authentication information and previously stored correct authentication information; computing an average authorization score based on the similarity scores for each attempt, and the number of attempts; comparing the average authorization score with an established threshold; responsive to the average authorization score being greater than the established threshold, assigning an access level based on the average authorization score, wherein said assigned access level is an emulation access level or a limited access to a portion of at least one secured computing asset; and granting access consistent with the assigned access level, wherein said receiving, determining, comparing, assigning, and granting are performed automatically by at least one machine in accordance with at least one computer program having a plurality of code sections that are executable by the at least one machine, said at least one computer program being stored in a non-transitory machine readable medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A security system for accessing secure content comprising:
-
a similarity engine, comprising a program stored on a non-transitory medium, where said program is able to be executed by hardware, configured to determine a similarity score by comparing an incorrect password and a previously stored correct password; at least one program stored on a non-transitory storage medium configured to monitor a number of attempts to access secured assets, and to compute average authorization scores based on the similarity scores for each of the attempts and based on the number of the attempts; an authentication engine, comprising a program stored on a non-transitory medium, where said program is able to be executed by hardware, configured to grant users varying levels of access to the secured assets, wherein a granted level of access is based upon the computed average authorization score; a secure asset server, comprising a combination of hardware and software, configured to manage secured assets accessible by authorized users, wherein a user providing a correct password to the security system is granted full user access to an approved set of the secured assets associated with that user, wherein a user providing an incorrect password that has an average authorization score over an established threshold is granted limited-user access to at least a portion of the approved set of the secured assets associated with that user; and a simulated server, comprising a combination of hardware and software, configured to manage simulated assets designed to mimic the secured assets, wherein a user providing an incorrect password that has an average authorization score under the established threshold is granted access to at least a portion of the simulated assets, wherein the simulated assets lack accurate information that is included in the secured assets that are being mimicked by the simulated assets. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product comprising:
-
one or more computer-readable, tangible storage devices; program instructions, stored on at least one of the one or more storage devices, to monitor a number of attempts of access to at least one secured computing asset; program instructions, stored on at least one of the one or more storage devices, to receive, for at least a portion of the attempts, incorrect authentication information for accessing the at least one secured computing asset; program instructions, stored on at least one of the one or more storage devices, to determine a similarity score for each attempt, wherein for the portion of attempts the determining of the similarly score compares the incorrect authentication information and previously stored correct authentication information; program instructions, stored on at least one of the one or more storage devices, to compute an average authorization score based on the similarity scores for each attempt, and the number of attempts; program instructions, stored on at least one of the one or more storage devices, to compare the average authorization score with an established threshold; program instructions, stored on at least one of the one or more storage devices, to, responsive to the average authorization score being greater than the established threshold, assign an access level based on the average authorization score, wherein said assigned access level is an emulation access level or a limited access to a portion of at least one secured computing asset; and program instructions, stored on at least one of the one or more storage devices, to grant access consistent with the assigned access level. - View Dependent Claims (17, 18, 19)
-
Specification