Context sensitive dynamic authentication in a cryptographic system

US 8,726,033 B2
Filed: 07/02/2012
Issued: 05/13/2014
Est. Priority Date: 09/20/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method of performing graded authentication of a user wherein the method obtains and evaluates circumstantial data associated with an authentication attempt, the method comprising:

obtaining user data from a user during an authentication attempt;

obtaining circumstantial data associated with the authentication attempt and associated with enrollment data for the user; and

determining a level of trust associated with the authentication attempt based on the comparison of the circumstantial data with previously stored data, the previously stored data comprising past circumstantial data associated with one or more past successful authentications for the user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for performing authentication of a first user to a second user includes the ability for the first user to submit multiple instances of authentication data which are evaluated and then used to generate an overall level of confidence in the claimed identity of the first user. The individual authentication instances are evaluated based upon: the degree of match between the user provided by the first user during the authentication and the data provided by the first user during his enrollment; the inherent reliability of the authentication technique being used; the circumstances surrounding the generation of the authentication data by the first user; and the circumstances surrounding the generation of the enrollment data by the first user.

73 Citations

View as Search Results

42 Claims

1. A method of performing graded authentication of a user wherein the method obtains and evaluates circumstantial data associated with an authentication attempt, the method comprising:
- obtaining user data from a user during an authentication attempt;
  
  obtaining circumstantial data associated with the authentication attempt and associated with enrollment data for the user; and
  
  determining a level of trust associated with the authentication attempt based on the comparison of the circumstantial data with previously stored data, the previously stored data comprising past circumstantial data associated with one or more past successful authentications for the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as in claim 1 wherein said act of determining the level of trust associated with the authentication attempt is further based on the comparison of the user data with previously stored data.
  - 3. A method as in claim 1 wherein the past circumstantial data comprises in part a historical record of the previous successful authentications for the user.
  - 4. A method as in claim 1 wherein the circumstantial data comprises an identification associated with the system from which the user data is obtained.
  - 5. A method as in claim 4 wherein the identification comprises a processor serial number.
  - 6. A method as in claim 1 wherein the circumstantial data comprises an identification associated with the network location of the system from which the user data is obtained.
  - 7. A method as in claim 6 wherein the identification comprises an IP address.
  - 8. A method as in claim 1 wherein the circumstantial data comprises a time stamp associated with the time at which the user data was obtained.
  - 9. A method as in claim 1 wherein the circumstantial data comprises an identifier representing the medium over which the user data is obtained.
  - 10. A method as in claim 1 wherein the circumstantial data represents more than one circumstantial aspect of the authentication attempt.
  - 11. A method as in claim 10 wherein the circumstantial data comprises a time stamp associated with the time at which the user data was obtained and an identification associated with the network location of the system from which the user data is obtained.

12. A system for graded authentication comprising user data obtained from a user during at least one previously successful authentication attempt, past circumstantial data associated with the at least one previously successful authentication attempt and associated with enrollment data for the user, and a trust engine which generates a level of trust associated with a current authentication attempt based on the comparison of current circumstantial data associated with the current authentication attempt with the past circumstantial data associated with the at least one previously successful authentication attempt.
- View Dependent Claims (13, 14, 15, 16)
- - 13. A system as in claim 12 wherein the user data represents an intent to assent to a transaction.
  - 14. A system as in claim 12 wherein the current circumstantial data represents a network address associated with the authentication attempt.
  - 15. A system as in claim 12 wherein the current circumstantial data represents a time stamp associated with the authentication attempt.
  - 16. A system as in claim 12 wherein the level of trust is also based upon the comparison of the user data to previously stored user data.

17. A method for authenticating a user comprising:
- obtaining user data associated with an authentication operation;
  
  obtaining metadata related to the authentication operation and related to enrollment data for a user being authenticated by the authentication operation;
  
  comparing the metadata with previously stored data, the previously stored data comprising past circumstantial data associated with one or more past successful authentications for the user; and
  
  determining a level of trust associated with the authentication operation.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. A method as in claim 17 wherein the user data associated with the authentication operation represents the intent of a user to assent to a transaction.
  - 19. A method as in claim 18 wherein the metadata related to the authentication operation are made available at a later time to contest a repudiation of the authentication operation by the user.
  - 20. A method as in claim 17 wherein the act of determining a level of trust associated with the authentication operation comprises assigning a percentage to the authentication operation which represents the degree of confidence in the authentication of the user.
  - 21. A method as in claim 17 further comprising determining an intermediate level of trust associated with the metadata based upon the comparison of the metadata with previously stored data.
  - 22. A method as in claim 21 wherein the act of determining an intermediate level of trust comprises assigning a percentage to the metadata which represents the degree of correspondence between the metadata and the previously stored data.
  - 23. A method as in claim 22 wherein the act of determining a level of trust associated with the authentication operation comprises multiplying the percentage representing the intermediate level of trust and a percentage which represents a degree of correspondence between the user data and the previously stored data.
  - 24. A method as in claim 23 wherein additional factors are used to weight the percentage representing the intermediate level of trust and the percentage which represents the degree of correspondence between the user data and the previously stored data differently.

25. A method for authenticating a user comprising:
- obtaining user data associated with an authentication operation;
  
  obtaining metadata related to the authentication operation and related to enrollment data for a user being authenticated by the authentication operation; and
  
  determining a level of trust associated with the authentication operation based on comparing the metadata to past circumstantial data associated with one or more past successful authentications for the use.
- View Dependent Claims (26, 27, 28, 29)
- - 26. A method as in claim 25 wherein the act of determining a level of trust compares the metadata with previously stored data.
  - 27. A method as in claim 25 further comprising providing the user with a plurality of authentication techniques which may be used to generate the user data.
  - 28. A method as in claim 27 wherein the user data is generated using more than one of the plurality of authentication techniques.
  - 29. A method as in claim 28 wherein the user data generated using each authentication technique is compared with a different portion of a set of previously stored data.

30. A method for grading an authentication operation that relies on a variable set of authentication techniques to obtain authentication data, the method comprising:
- defining the reliability of a set of authentication techniques that may be used in an authentication operation;
  
  receiving authentication data during an authentication operation, said authentication data generated using a subset of the authentication techniques, and said authentication data comprising circumstantial data associated with the authentication operation and associated with enrollment data for a user being authenticated by said authentication operation;
  
  determining the acceptability of the authentication data generated by each of the subset of authentication techniques, the determining the acceptability of the authentication data based at least in part on evaluating past circumstantial data associated with one or more past successful authentications for the user; and
  
  defining the level of trust of the authentication operation based upon the acceptability of the authentication data and based upon the reliability of the authentication techniques used in generating the authentication data.
- View Dependent Claims (31, 32, 33)
- - 31. The method of claim 30 wherein the act of determining the acceptability involves comparing the authentication data with previously stored enrollment data.
  - 32. The method of claim 31 wherein the act of defining the reliability of a set of authentication techniques is based upon a set of circumstances associated with the previously stored enrollment data.
  - 33. The method of claim 30 wherein the act of defining the reliability of a set of authentication techniques is based upon the circumstances associated with the generation of the authentication data.

34. An apparatus for evaluating an authentication attempt comprising:
- reliability data associated with a set of authentication techniques that may be used in an authentication attempt, the reliability data comprising current circumstantial data associated with the authentication attempt and associated with enrollment data for a user associated with the authentication attempt, the reliability data based on a comparison of the current circumstantial data to past circumstantial data associated with one or more past authentication attempts for the user;
  
  a plurality of authentication instances generated using a subset of the authentication techniques; and
  
  a trust engine which determines a level of match associated with each authentication instance and assigns a level of trust for the authentication attempt based upon the level of match associated with each authentication instance and the reliability of the technique used in each authentication instance.
- View Dependent Claims (35, 36, 37)
- - 35. An apparatus as in claim 34 further comprising a required level of trust associated with the authentication attempt.
  - 36. An apparatus as in claim 35 wherein the trust engine further assigns a result for the authentication based upon a comparison of the level of trust associated with the authentication attempt and the required level of trust.
  - 37. An apparatus as in claim 35 wherein the required level of trust is determined by the trust engine based upon the risk associated with a successful authentication.

38. A method for grading an authentication attempt comprising:
- defining the reliability of a set of authentication techniques that may be used in an authentication attempt, the reliability based on current circumstantial data associated with the authentication attempt and associated with enrollment data for a user associated with the authentication attempt, the reliability based on a comparison of the current circumstantial data to past circumstantial data associated with one or more past authentication attempts for the user;
  
  receiving a plurality of authentication instances generated using a subset of the authentication techniques;
  
  determining a level of match associated with each authentication instance; and
  
  defining a level of trust of the authentication attempt based upon the level of match associated with each authentication instance and based upon the reliability of the technique used in each authentication instance.
- View Dependent Claims (39, 40, 41, 42)
- - 39. A method as in claim 38 further comprising defining a required level of trust for the authentication attempt.
  - 40. A method as in claim 39 further comprising assigning an authentication result to the authentication attempt based on a comparison of the level of trust for the authentication attempt and a required level of trust of the authentication attempt.
  - 41. A method as in claim 39 wherein the required level of trust for the authentication attempt is based upon the value associated with a successful authentication.
  - 42. A method as in claim 39 wherein the required level of trust for the authentication attempt is based upon the risk associated with a successful authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Berger, Brian, Dickinson, Alexander G, Dobson, Robert T
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/540,030
Publication Number

US 20130067234A1
Time in Patent Office

680 Days
Field of Search

713/182
US Class Current

713/182
CPC Class Codes

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 9/3226   using a predetermined code,...

H04L 9/3297   involving time stamps, e.g....

H04W 12/67   Risk-dependent, e.g. select...

Context sensitive dynamic authentication in a cryptographic system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Context sensitive dynamic authentication in a cryptographic system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links