Transaction authentication management system with multiple authentication levels
First Claim
1. An authentication method, the method comprising:
- receiving from an initiating user, by a security tool, a request for a transaction, the security tool including a security information store that includes a personal profile information store, an application profile information store and an authentication layer information store,wherein the personal profile information store stores for each initiating user a respective initiating user personal ID key, a respective interacting user relationship ID and a respective authentication key,wherein the application profile information store stores for each initiating user a respective initiating user personal ID key, a respective application ID key and a respective authentication key,wherein the authentication layer information store stores the authentication keys of the personal profile information store and the application profile information store, and for each of the authentication keys stores a respective authentication name, a respective authentication method, a respective authentication type, and a respective application ID key;
performing, by the security tool, a first authentication of the initiating user for the transaction, the first authentication employing a first authentication level, the security tool employing the authentication key of the initiating user in the personal profile information store to map to and access security attribute information in the authentication layer information store corresponding to the initiating user, thus specifying an authentication method and an authentication type to be used in performing the first authentication;
authorizing the transaction to proceed, by the security tool, in response to the first authentication of the initiating user; and
performing, by the security tool, a plurality of subsequent authentications of the initiating user after the first authentication of the initiating user and during the transaction;
wherein at least one of the plurality of subsequent authentications employs a different authentication level than the first authentication level.
1 Assignment
0 Petitions
Accused Products
Abstract
An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine the user'"'"'s type and invokes a user personal profile and application profile information that pertains to the transaction. The security tool may use the user personal profile and application profile information during user authentications. The security tool determines an initial authentication level and may modify that authentication level during user-to-user transaction operations. The security tool may perform substantially continuous user authentication during transaction operations by employing learned behavior, historical knowledge, and other information that the security tool maintains in a security information store.
56 Citations
20 Claims
-
1. An authentication method, the method comprising:
-
receiving from an initiating user, by a security tool, a request for a transaction, the security tool including a security information store that includes a personal profile information store, an application profile information store and an authentication layer information store, wherein the personal profile information store stores for each initiating user a respective initiating user personal ID key, a respective interacting user relationship ID and a respective authentication key, wherein the application profile information store stores for each initiating user a respective initiating user personal ID key, a respective application ID key and a respective authentication key, wherein the authentication layer information store stores the authentication keys of the personal profile information store and the application profile information store, and for each of the authentication keys stores a respective authentication name, a respective authentication method, a respective authentication type, and a respective application ID key; performing, by the security tool, a first authentication of the initiating user for the transaction, the first authentication employing a first authentication level, the security tool employing the authentication key of the initiating user in the personal profile information store to map to and access security attribute information in the authentication layer information store corresponding to the initiating user, thus specifying an authentication method and an authentication type to be used in performing the first authentication; authorizing the transaction to proceed, by the security tool, in response to the first authentication of the initiating user; and performing, by the security tool, a plurality of subsequent authentications of the initiating user after the first authentication of the initiating user and during the transaction; wherein at least one of the plurality of subsequent authentications employs a different authentication level than the first authentication level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An information handling system (IHS), comprising:
-
a processor; a memory, coupled to the processor, the memory being configured with a security tool that includes a security information store, the security information store including a personal profile information store, an application profile information store and an authentication layer information store, wherein the personal profile information store stores for each initiating user a respective initiating user personal ID key, a respective interacting user relationship ID and a respective authentication key, wherein the application profile information store stores for each initiating user a respective initiating user personal ID key, a respective application ID key and a respective authentication key, wherein the authentication layer information store stores the authentication keys of the personal profile information store and the application profile information store, and for each of the authentication keys stores a respective authentication name, a respective authentication method, a wherein the security tool; receives from an initiating user a request for a transaction; performs a first authentication of the initiating user for the transaction, the first authentication employing a first authentication level, the security tool employing the authentication key of the initiating user in the personal profile information store to map to and access security attribute information in the authentication layer information store corresponding to the initiating user, thus specifying an authentication method and an authentication type to be used in performing the first authentication; authorizes the transaction to commence in response to the first authentication of the initiating user; and performs a plurality of subsequent authentications of the initiating user after the first authentication of the initiating user and during the transaction, wherein at least one of the plurality of subsequent authentications employs a different authentication level than the first authentication level. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A security tool computer program product, comprising:
-
a non-transitory computer readable storage medium; first instructions that receive a request for a transaction from an initiating user, the first instructions accessing a security information store that include a personal profile information store, an application profile information store and an authentication layer information store, wherein the personal profile information store stores for each initiating user a respective initiating user personal ID key, a respective interacting user relationship ID and a respective authentication key, wherein the application profile information store stores for each initiating user a respective initiating user personal ID key, a respective application ID key and a respective authentication key, wherein the authentication layer information store stores the authentication keys of the personal profile information store and the application profile information store, and for each of the authentication keys stores a respective authentication name, a respective authentication method, a respective authentication type, and a respective application ID key; second instructions that perform a first authentication of the initiating user for the transaction, the first authentication employing a first authentication level of the initiating user, the second instructions employing the authentication key of the initiating user in the personal profile information store to map to and access security attribute information in the authentication layer information store corresponding to the initiating user, thus specifying an authentication method and an authentication type to be used in performing the first authentication; third instructions that authorize the transaction to proceed in response to the first authentication of the initiating user; fourth instructions that perform a plurality of subsequent authentications of the initiating user after the first authentication of the initiating user and during the transaction, wherein at least one of the plurality of subsequent authentications employs a different authentication level than the first authentication; wherein the first, second, third and fourth instructions are stored on the computer readable storage medium. - View Dependent Claims (18, 19, 20)
-
Specification