Dynamic authentication of a user

US 8,756,650 B2
Filed: 07/01/2010
Issued: 06/17/2014
Est. Priority Date: 03/15/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least one processor and at least one memory comprising;

a policy module configured to;

receive data indicating risk factors associated with the system;

update risk levels and/or authentication levels for the system, independent of received requests, by applying the data to risk factor rules; and

provide the updated risk levels and/or authentication levels associated with the updated risk levels to an authentication module in response to receiving requests from the authentication module; and

the authentication module configured to;

receive a first logon request, the first logon request not including an identification of a user;

in response to receiving the first logon request, request a first updated risk level and/or authentication level for the system from the policy module;

require a first authentication technique to grant the first logon request without the identification of the user based on the first updated risk level and/or authentication level received from the policy module;

if the first authentication technique matches credentials stored by the authentication module, grant the logon request;

if the first authentication technique does not match the credentials stored by the authentication module, deny the logon request;

receive a second logon request, the second logon request not including an identification of the user;

in response to receiving the second logon request, request a second updated risk and/or authentication level for the system from the policy module; and

require at least a second authentication technique to grant the second logon request based on the second updated risk and/or authentication level, the first authentication technique and the second authentication technique each being independently sufficient for authentication for a determined risk level.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an example embodiment, a system may include at least one processor and at least one memory comprising a policy module configured to receive data indicating risk factors associated with users of the system; update risk levels for the users by applying the data to risk factor rules; and provide the updated risk levels and/or authentication levels associated with the updated risk levels to an authentication module in response to receiving requests from the authentication module. The at least one processor and at least one memory may also comprise the authentication module configured to receive a first access request from a user; in response to receiving the first access request, request a first updated risk and/or authentication level for the user from the policy module; and require the user to provide a first authentication technique to grant the first access request based on the first updated risk and/or authentication level received from the policy module.

Citations

16 Claims

1. A system comprising:
- at least one processor and at least one memory comprising;
  
  a policy module configured to;
  
  receive data indicating risk factors associated with the system;
  
  update risk levels and/or authentication levels for the system, independent of received requests, by applying the data to risk factor rules; and
  
  provide the updated risk levels and/or authentication levels associated with the updated risk levels to an authentication module in response to receiving requests from the authentication module; and
  
  the authentication module configured to;
  
  receive a first logon request, the first logon request not including an identification of a user;
  
  in response to receiving the first logon request, request a first updated risk level and/or authentication level for the system from the policy module;
  
  require a first authentication technique to grant the first logon request without the identification of the user based on the first updated risk level and/or authentication level received from the policy module;
  
  if the first authentication technique matches credentials stored by the authentication module, grant the logon request;
  
  if the first authentication technique does not match the credentials stored by the authentication module, deny the logon request;
  
  receive a second logon request, the second logon request not including an identification of the user;
  
  in response to receiving the second logon request, request a second updated risk and/or authentication level for the system from the policy module; and
  
  require at least a second authentication technique to grant the second logon request based on the second updated risk and/or authentication level, the first authentication technique and the second authentication technique each being independently sufficient for authentication for a determined risk level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the data indicating risk factors include previous failed logon attempts to the system.
  - 3. The system of claim 1, wherein the first authentication technique includes requiring an answer to a question and the second authentication technique includes requiring information stored on an electronic security device.
  - 4. The system of claim 1, wherein the first authentication technique includes requiring an answer to a question and the second authentication technique includes receiving biometric information.
  - 5. The system of claim 1, wherein the first authentication technique includes requiring an answer to a question and the second authentication technique includes confirming an address of a computing device from which the logon request is received.
  - 6. The system of claim 1, wherein the authentication module is further configured to:
    - receive a second logon request, the second logon request not including an identification of a user;
      
      in response to receiving the second logon request, request a second updated risk and/or authentication level for the system from the policy module; and
      
      require at least the first authentication technique and a second authentication technique to grant the second logon request based on the second updated risk and/or authentication level, the first authentication technique and the second authentication technique each being independently sufficient to authenticate the system for a lower risk level.
  - 7. The system of claim 6, wherein the second updated risk and/or authentication level is higher than the first updated risk and/or authentication level.
  - 8. The system of claim 1, wherein the policy module comprises:
    - a risk assessment manager comprising;
      
      a user table configured to;
      
      receive the data;
      
      store identities of users and the data associated with the users;
      
      provide the data to a risk factor module;
      
      receive the updated risk levels for the users from the risk factor module; and
      
      provide the updated risk levels upon request from a policy agent; and
      
      the risk factor module configured to;
      
      receive the data from the user table;
      
      determine the updated risk levels by applying the data to risk factor rules; and
      
      provide the updated risk levels to the user table;
      
      a policy agent configured to;
      
      receive an authentication level request from the authentication module;
      
      in response to receiving the authentication level request, request the updated risk level for the system from the risk assessment manager;
      
      receive the updated risk level for the system from the risk assessment manager;
      
      provide the updated risk level to a policy database;
      
      receive the first authentication technique from the policy database; and
      
      provide the first authentication technique to the authentication module; and
      
      the policy database configured to;
      
      receive the updated risk level from the policy agent;
      
      determine that the first authentication technique should be required based on the updated risk level; and
      
      provide the first authentication technique to the policy agent.
  - 9. The system of claim 1, wherein the logon request indicates that an unknown user desires to logon.

10. A non-transitory, computer-readable storage medium comprising computer executable code stored thereon that, when executed, is configured to cause a computing system to:
- receive data indicating risk factors associated with the computing system;
  
  update risk levels for the computing system at least partially independent of logon requests by applying the data to risk factor rules;
  
  receive a first logon request, the first logon request not including an identification of a user;
  
  require a first authentication technique to grant the first logon request without the identification of the user based on a first updated risk level for the computing system;
  
  if the first authentication technique matches stored credentials, grant the logon request;
  
  if the first authentication technique does not match the stored credentials, deny the logon request;
  
  receive a second logon request, the second logon request not including an identification of the user; and
  
  require at least a second authentication technique to grant the second logon request based on a second updated risk level, the first authentication technique and the second authentication technique each being independently sufficient to authenticate the first logon request for a determined risk level.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The storage medium of claim 10, wherein the data indicating risk factors include previous failed logon attempts.
  - 12. The storage medium of claim 10, wherein the first authentication technique includes requiring an answer to a question and the second authentication technique includes requiring information stored on an electronic security device.
  - 13. The storage medium of claim 10, further configured to cause the computing system to:
    - receive a second logon request, the second logon request not including an identification of a user; and
      
      require at least the first authentication technique and a second authentication technique to grant the second logon request based on a second updated risk level, the first authentication technique and the second authentication technique each being independently sufficient to authenticate the first logon request for a lower risk level.
  - 14. The storage medium of claim 13, wherein the second updated risk level is higher than the first updated risk level.

15. A method comprising:
- receiving, by a computing device, data indicating risk factors associated with a computing system;
  
  updating at least one risk level for the computing system by applying the data to risk factor rules;
  
  receiving a first logon request to the computing system, the first logon request not including an identification of a user;
  
  determining a first authentication technique of a plurality of authentication techniques based at least on a first updated risk level for the computing system, the plurality of authentication techniques comprising the first authentication technique and a second authentication technique that are each independently sufficient to authenticate the first logon request for the first updated risk level;
  
  requiring the first authentication technique to grant the first logon request without the identification of the user;
  
  if the first authentication technique matches stored credentials, granting the logon request;
  
  if the first authentication technique does not match the stored credentials, denying the logon request;
  
  receiving a second logon request, the second logon request not including an identification of the user; and
  
  requiring at least the second authentication technique to grant the second logon request based at least on a second updated risk level.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the first updated risk level is lower than the at least one risk level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Wolfson, Bruce, Hurwitz, Walter, Ji, Michael (Hongbin)
Primary Examiner(s)
McNally, Michael S

Application Number

US12/829,317
Publication Number

US 20110225625A1
Time in Patent Office

1,447 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/205   involving negotiation or de...

H04W 12/67   Risk-dependent, e.g. select...

Dynamic authentication of a user

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic authentication of a user

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links