Adaptive authentication solution that rewards almost correct passwords and that simulates access for incorrect passwords

US 8,234,499 B2
Filed: 06/26/2007
Issued: 07/31/2012
Est. Priority Date: 06/26/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method to authenticate users of a computing system comprising:

monitoring a number of attempts of access to at least one secured computing asset;

receiving, for at least a portion of the attempts, incorrect authentication information for accessing the at least one secured computing asset;

determining a similarity score for each attempt, wherein for the portion of attempts the determining of the similarly score compares the incorrect authentication information and previously stored correct authentication information;

computing an average authorization score based on the similarity scores for each attempt, and the number of attempts;

comparing the average authorization score with an established threshold;

responsive to the average authorization score being greater than the established threshold, assigning an access level based on the average authorization score, wherein said assigned access level is an emulation access level or a limited access to a portion of at least one secured computing asset; and

granting access consistent with the assigned access level, wherein said receiving, determining, comparing, assigning, and granting are performed automatically by at least one machine in accordance with at least one computer program having a plurality of code sections that are executable by the at least one machine, said at least one computer program being stored in a non-transitory machine readable medium.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the invention, incorrect authentication information for accessing at least one secured computing asset can be received. A similarity score between the incorrect authentication information and correct authentication information can be determined. One of many different access levels can be assigned to a computing session based upon the similarity score. Access consistent with the assigned access level can be granted. One access level can be an emulation access level that grants access to at least one simulated asset designed to mimic the secured asset. Access to the simulated asset can be provided in a fashion so that a user, who is likely an intruder, is unaware that they are not receiving the secured asset information. A tracking action can be optionally initiated against the intruder. Further, user behavior with the simulated session or a limited access session can be compared against a behavior profile to dynamically increase or decrease session permissions.

24 Citations

View as Search Results

19 Claims

1. A method to authenticate users of a computing system comprising:
- monitoring a number of attempts of access to at least one secured computing asset;
  
  receiving, for at least a portion of the attempts, incorrect authentication information for accessing the at least one secured computing asset;
  
  determining a similarity score for each attempt, wherein for the portion of attempts the determining of the similarly score compares the incorrect authentication information and previously stored correct authentication information;
  
  computing an average authorization score based on the similarity scores for each attempt, and the number of attempts;
  
  comparing the average authorization score with an established threshold;
  
  responsive to the average authorization score being greater than the established threshold, assigning an access level based on the average authorization score, wherein said assigned access level is an emulation access level or a limited access to a portion of at least one secured computing asset; and
  
  granting access consistent with the assigned access level, wherein said receiving, determining, comparing, assigning, and granting are performed automatically by at least one machine in accordance with at least one computer program having a plurality of code sections that are executable by the at least one machine, said at least one computer program being stored in a non-transitory machine readable medium.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the assigned access level is the emulation access level, wherein said granting step grants access to at least one simulated asset designed to mimic the secured computing asset wherein the simulated asset lacks accurate information that is included in the secured assets, and wherein the granting step occurs in a manner designed to obscure a fact that access has been provided for the simulated asset instead of the secured asset.
  - 3. The method of claim 2, further comprising:
    - initiating at least one tracking action designed to determine an identity and associated information for a user of the computing session which has been assigned the emulation access level, whereby unauthorized intruders are able to be granted access to the simulated assets without their awareness while the intruders are being tracked by the initiated tracking action.
  - 4. The method of claim 1, further comprising:
    - after granting access for at least one of the attempts, recording computing session behavior;
      
      for the at least one of the attempts, comparing the recorded computing session behavior of a user against a profile established for a user identity associated with the correct authentication information; and
      
      for the at least one of the attempts, dynamically changing the assigned access level of a current computing session based upon results of the comparing step.
  - 5. The method of claim 4, further comprising:
    - for the current computing session, programmatically determining based upon the recorded computing session behavior and based upon the average authorization score that a user of the current computing session is an authorized user; and
      
      for the current computing session, increasing the assigned access level for the at least one secured computing asset to grant full access to the authorized user.
  - 6. The method of claim 4, further comprising:
    - for the current computing session, programmatically determining based upon the recorded computing session behavior and based upon the average authorization score that a user of the current computing session is a potential intruder; and
      
      for the current computing session, decreasing the assigned access level so that after the changing step, the user is granted access to the at least one simulated asset, wherein before the changing step access was granted to the secured computing asset which the simulated asset mimics.
  - 7. The method of claim 4, further comprising:
    - for the current computing session, programmatically determining based upon the recorded computing session behavior and based upon the average authorization score that a user of the current computing session is a potential intruder; and
      
      for the current computing session, initiating at least one tracking action designed to determine an identity, a location, and associated information for the potential intruder.
  - 8. The method of claim 1, wherein an average authorization score needed as a minimum for full access to the at least one secured computing asset is greater than a different average authorization score that is needed as a minimum for the limited access.

9. A security system for accessing secure content comprising:
- a similarity engine, comprising a program stored on a non-transitory medium, where said program is able to be executed by hardware, configured to determine a similarity score by comparing an incorrect password and a previously stored correct password;
  
  at least one program stored on a non-transitory storage medium configured to monitor a number of attempts to access secured assets, and to compute average authorization scores based on the similarity scores for each of the attempts and based on the number of the attempts;
  
  an authentication engine, comprising a program stored on a non-transitory medium, where said program is able to be executed by hardware, configured to grant users varying levels of access to the secured assets, wherein a granted level of access is based upon the computed average authorization score;
  
  a secure asset server, comprising a combination of hardware and software, configured to manage secured assets accessible by authorized users, wherein a user providing a correct password to the security system is granted full user access to an approved set of the secured assets associated with that user, wherein a user providing an incorrect password that has an average authorization score over an established threshold is granted limited-user access to at least a portion of the approved set of the secured assets associated with that user; and
  
  a simulated server, comprising a combination of hardware and software, configured to manage simulated assets designed to mimic the secured assets, wherein a user providing an incorrect password that has an average authorization score under the established threshold is granted access to at least a portion of the simulated assets, wherein the simulated assets lack accurate information that is included in the secured assets that are being mimicked by the simulated assets.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The security system of claim 9, wherein the security system is configured to selectively provide the secured assets and the simulated assets in a fashion that a receiving user is unable to distinguish which type of assets are being received.
  - 11. The security system of claim 9, wherein users granted at least one of limited-user access and access to the simulated assets are unable to discern that full-user access has been denied.
  - 12. The security system of claim 9, further comprising:
    - a tracking engine, comprising a program stored on a non-transitory medium, where said program is able to be executed by hardware, configured to take at least one programmatic action designed to determine an identity and associated information for a user who has received an average authorization score below an established threshold.
  - 13. The security system of claim 9, further comprising:
    - a behavior metric database configured to store behavioral metrics for a plurality of authorized users of the secure asset server;
      
      a behavior tracking engine, comprising a program stored on a non-transitory medium, where said program is able to be executed by hardware, configured to ascertain user behavior for a computing session for which at least one of limited-user access and access to the simulated assets has been granted; and
      
      an access adjustment engine, comprising a program stored on a non-transitory medium, where said program is able to be executed by hardware, configured to dynamically modify an access level granted to the computing session based upon comparisons of the ascertained user behavior and the stored behavioral metrics associated with a user identity associated with the computing session.
  - 14. The security system of claim 13, wherein when the access level is dynamically increased beyond the established threshold, one of the users is situationally presented with the secured assets from the secure asset server where prior to the dynamic increase the user was presented with simulated assets from the simulated server.
  - 15. The security system of claim 13,wherein when the access level is dynamically decreased below the established threshold, a user is situationally presented with the simulated assets from the simulated server where prior to the dynamic decrease the user was presented with secured assets from the secure asset server.

16. A computer program product comprising:
- one or more computer-readable, tangible storage devices;
  
  program instructions, stored on at least one of the one or more storage devices, to monitor a number of attempts of access to at least one secured computing asset;
  
  program instructions, stored on at least one of the one or more storage devices, to receive, for at least a portion of the attempts, incorrect authentication information for accessing the at least one secured computing asset;
  
  program instructions, stored on at least one of the one or more storage devices, to determine a similarity score for each attempt, wherein for the portion of attempts the determining of the similarly score compares the incorrect authentication information and previously stored correct authentication information;
  
  program instructions, stored on at least one of the one or more storage devices, to compute an average authorization score based on the similarity scores for each attempt, and the number of attempts;
  
  program instructions, stored on at least one of the one or more storage devices, to compare the average authorization score with an established threshold;
  
  program instructions, stored on at least one of the one or more storage devices, to, responsive to the average authorization score being greater than the established threshold, assign an access level based on the average authorization score, wherein said assigned access level is an emulation access level or a limited access to a portion of at least one secured computing asset; and
  
  program instructions, stored on at least one of the one or more storage devices, to grant access consistent with the assigned access level.
- View Dependent Claims (17, 18, 19)
- - 17. The computer program product of claim 16, wherein the assigned access level is the emulation access level, wherein said program instructions to grant access are to grant access to at least one simulated asset designed to mimic the secured computing asset wherein the simulated asset lacks accurate information that is included in the secured assets, and wherein said program instructions to grant access do so in a manner designed to obscure a fact that access has been provided for the simulated asset instead of the secured asset.
  - 18. The computer program product of claim 17, further comprising:
    - program instructions, stored on at least one of the one or more storage devices, to, for at least the portion of the attempts, initiate at least one tracking action designed to determine an identity and associated information for a user of the computing session which has been assigned the emulation access level, whereby unauthorized intruders are able to be granted access to the simulated assets without their awareness while the intruders are being tracked by the initiated tracking action.
  - 19. The computer program product of claim 16, further comprising:
    - program instructions, stored on at least one of the one or more storage devices, to, after granting access for at least one of the attempts, record computing session behavior;
      
      program instructions, stored on at least one of the one or more storage devices, to, for the at least one of the attempts, compare the recorded computing session behavior of a user against a profile established for a user identity associated with the correct authentication information; and
      
      program instructions, stored on at least one of the one or more storage devices, to, for the at least one of the attempts, dynamically change the assigned access level of a current computing session based upon results of comparing the recorded computing session behavior.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Abraham, Subil M., Cheng, Tsz Simon, Thomas, Mathews, Carbonell, Lee A.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
PLECHA, THADDEUS J

Application Number

US11/768,693
Publication Number

US 20090006856A1
Time in Patent Office

1,862 Days
Field of Search

726/5, 713/182
US Class Current

713/182
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

Adaptive authentication solution that rewards almost correct passwords and that simulates access for incorrect passwords

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Adaptive authentication solution that rewards almost correct passwords and that simulates access for incorrect passwords

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others