Dynamic authentication of a user
First Claim
1. A system comprising:
- at least one processor and at least one memory comprising;
a policy module configured to;
receive data indicating risk factors associated with the system;
update risk levels and/or authentication levels for the system, independent of received requests, by applying the data to risk factor rules; and
provide the updated risk levels and/or authentication levels associated with the updated risk levels to an authentication module in response to receiving requests from the authentication module; and
the authentication module configured to;
receive a first logon request, the first logon request not including an identification of a user;
in response to receiving the first logon request, request a first updated risk level and/or authentication level for the system from the policy module;
require a first authentication technique to grant the first logon request without the identification of the user based on the first updated risk level and/or authentication level received from the policy module;
if the first authentication technique matches credentials stored by the authentication module, grant the logon request;
if the first authentication technique does not match the credentials stored by the authentication module, deny the logon request;
receive a second logon request, the second logon request not including an identification of the user;
in response to receiving the second logon request, request a second updated risk and/or authentication level for the system from the policy module; and
require at least a second authentication technique to grant the second logon request based on the second updated risk and/or authentication level, the first authentication technique and the second authentication technique each being independently sufficient for authentication for a determined risk level.
7 Assignments
0 Petitions
Accused Products
Abstract
According to an example embodiment, a system may include at least one processor and at least one memory comprising a policy module configured to receive data indicating risk factors associated with users of the system; update risk levels for the users by applying the data to risk factor rules; and provide the updated risk levels and/or authentication levels associated with the updated risk levels to an authentication module in response to receiving requests from the authentication module. The at least one processor and at least one memory may also comprise the authentication module configured to receive a first access request from a user; in response to receiving the first access request, request a first updated risk and/or authentication level for the user from the policy module; and require the user to provide a first authentication technique to grant the first access request based on the first updated risk and/or authentication level received from the policy module.
-
Citations
16 Claims
-
1. A system comprising:
at least one processor and at least one memory comprising; a policy module configured to; receive data indicating risk factors associated with the system; update risk levels and/or authentication levels for the system, independent of received requests, by applying the data to risk factor rules; and provide the updated risk levels and/or authentication levels associated with the updated risk levels to an authentication module in response to receiving requests from the authentication module; and the authentication module configured to; receive a first logon request, the first logon request not including an identification of a user; in response to receiving the first logon request, request a first updated risk level and/or authentication level for the system from the policy module; require a first authentication technique to grant the first logon request without the identification of the user based on the first updated risk level and/or authentication level received from the policy module; if the first authentication technique matches credentials stored by the authentication module, grant the logon request; if the first authentication technique does not match the credentials stored by the authentication module, deny the logon request; receive a second logon request, the second logon request not including an identification of the user; in response to receiving the second logon request, request a second updated risk and/or authentication level for the system from the policy module; and require at least a second authentication technique to grant the second logon request based on the second updated risk and/or authentication level, the first authentication technique and the second authentication technique each being independently sufficient for authentication for a determined risk level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A non-transitory, computer-readable storage medium comprising computer executable code stored thereon that, when executed, is configured to cause a computing system to:
-
receive data indicating risk factors associated with the computing system; update risk levels for the computing system at least partially independent of logon requests by applying the data to risk factor rules; receive a first logon request, the first logon request not including an identification of a user; require a first authentication technique to grant the first logon request without the identification of the user based on a first updated risk level for the computing system; if the first authentication technique matches stored credentials, grant the logon request; if the first authentication technique does not match the stored credentials, deny the logon request; receive a second logon request, the second logon request not including an identification of the user; and require at least a second authentication technique to grant the second logon request based on a second updated risk level, the first authentication technique and the second authentication technique each being independently sufficient to authenticate the first logon request for a determined risk level. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving, by a computing device, data indicating risk factors associated with a computing system; updating at least one risk level for the computing system by applying the data to risk factor rules; receiving a first logon request to the computing system, the first logon request not including an identification of a user; determining a first authentication technique of a plurality of authentication techniques based at least on a first updated risk level for the computing system, the plurality of authentication techniques comprising the first authentication technique and a second authentication technique that are each independently sufficient to authenticate the first logon request for the first updated risk level; requiring the first authentication technique to grant the first logon request without the identification of the user; if the first authentication technique matches stored credentials, granting the logon request; if the first authentication technique does not match the stored credentials, denying the logon request; receiving a second logon request, the second logon request not including an identification of the user; and requiring at least the second authentication technique to grant the second logon request based at least on a second updated risk level. - View Dependent Claims (16)
-
Specification