Transaction authentication management including authentication confidence testing

US 8,832,798 B2
Filed: 09/08/2011
Issued: 09/09/2014
Est. Priority Date: 09/08/2011
Status: Expired due to Fees

First Claim

Patent Images

1. An authentication method, the method comprising:

receiving from an initiating user, by a security tool, a request for a transaction;

accessing, by the security tool, a personal profile information store, an application profile information store, an authentication layer information store, a verification layer information store and an analysis layer information store to perform a first authentication and subsequent authentications;

determining, by the security tool, if the user is in a public location by utilizing environmental factors as input information, wherein the environmental factors include a number of faces in a digital image and a number of voices;

performing, by the security tool, the first authentication of the initiating user for the transaction, the first authentication employing a first authentication level, wherein the first authentication level corresponds to a passive mode user authentication test, and wherein the security tool switches from the passive mode user authentication test of the first authentication to an active mode user authentication test in a user authentication subsequent to the first authentication of the user in response to the determining that the user is in a public location;

determining, by the security tool, an observed confidence level that indicates a degree of certainty with respect to accuracy of the first authentication;

comparing, by the security tool, the observed confidence level of the first authentication with a predetermined confidence threshold to determine if the observed confidence level exceeds the predetermined confidence level, wherein the security tool performs a plurality of subsequent authentications of the initiating user after the first authentication of the initiating user, and wherein the security tool determines and stores a learned user attribute history from the plurality of subsequent authentications, the security tool accessing the learned user attribute history to ascertain the correctness of at least one of the plurality of subsequent authentications, wherein the plurality of subsequent authentications includes a second authentication of the initiating user for the transaction;

performing, by the security tool, the second authentication of the initiating user for the transaction in response to the security tool determining that the observed confidence level fails to exceed the predetermined confidence threshold, wherein the second authentication of the user employs a second authentication level that is different from the first authentication level;

authorizing the transaction to proceed, by the security tool, if the observed confidence level exceeds the predetermined confidence threshold;

halting the transaction, by the security tool, if the observed confidence level fails to exceed the predetermined confidence threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine a relationship between the users and, in response, invoke a user personal profile and application profile information that pertains to the users and the transaction. The security tool determines an initial observed confidence level that indicates a degree of certainty with respect to the accuracy of user authentication. The security tool may continuously determine observed confidence levels from current user actions, learned behavior, and other information within a security information store. The security tool may compare a currently observed confidence level to a predetermined confidence threshold. The tool may halt the transaction if the observed confidence level does not exceed the predetermined confidence threshold thus indicating a breach in security confidence.

Citations

8 Claims

1. An authentication method, the method comprising:
- receiving from an initiating user, by a security tool, a request for a transaction;
  
  accessing, by the security tool, a personal profile information store, an application profile information store, an authentication layer information store, a verification layer information store and an analysis layer information store to perform a first authentication and subsequent authentications;
  
  determining, by the security tool, if the user is in a public location by utilizing environmental factors as input information, wherein the environmental factors include a number of faces in a digital image and a number of voices;
  
  performing, by the security tool, the first authentication of the initiating user for the transaction, the first authentication employing a first authentication level, wherein the first authentication level corresponds to a passive mode user authentication test, and wherein the security tool switches from the passive mode user authentication test of the first authentication to an active mode user authentication test in a user authentication subsequent to the first authentication of the user in response to the determining that the user is in a public location;
  
  determining, by the security tool, an observed confidence level that indicates a degree of certainty with respect to accuracy of the first authentication;
  
  comparing, by the security tool, the observed confidence level of the first authentication with a predetermined confidence threshold to determine if the observed confidence level exceeds the predetermined confidence level, wherein the security tool performs a plurality of subsequent authentications of the initiating user after the first authentication of the initiating user, and wherein the security tool determines and stores a learned user attribute history from the plurality of subsequent authentications, the security tool accessing the learned user attribute history to ascertain the correctness of at least one of the plurality of subsequent authentications, wherein the plurality of subsequent authentications includes a second authentication of the initiating user for the transaction;
  
  performing, by the security tool, the second authentication of the initiating user for the transaction in response to the security tool determining that the observed confidence level fails to exceed the predetermined confidence threshold, wherein the second authentication of the user employs a second authentication level that is different from the first authentication level;
  
  authorizing the transaction to proceed, by the security tool, if the observed confidence level exceeds the predetermined confidence threshold;
  
  halting the transaction, by the security tool, if the observed confidence level fails to exceed the predetermined confidence threshold.
- View Dependent Claims (2, 3)
- - 2. The authentication method of claim 1, wherein the first authentication level corresponds to the passive mode user authentication test and the second authentication level corresponds to the active mode user authentication test, wherein the security tool switches from the passive mode user authentication test to the active mode user authentication test in response to the security tool determining that the observed confidence level of the first authentication is less than the predetermined confidence threshold.
  - 3. The authentication method of claim 1, wherein the security tool performs the plurality of subsequent authentications substantially continuously after the first authentication.

4. An information handling system (IHS), comprising:
- a processor;
  
  a memory, coupled to the processor, the memory being configured with a security tool that;
  
  receives from an initiating user a request for a transaction;
  
  accesses a personal profile information store, an application profile information store, an authentication layer information store, a verification layer information store and an analysis layer information store to perform a first authentication and subsequent authentications;
  
  determines if the user is in a public location by utilizing environmental factors as input information, wherein the environmental factors include a number of faces in a digital image and a number of voices;
  
  performs the first authentication of the initiating user for the transaction, the first authentication employing a first authentication level, wherein the first authentication level corresponds to a passive mode user authentication test, and wherein the security tool switches from the passive mode user authentication test of the first authentication to an active mode user authentication test in a user authentication subsequent to the first authentication of the user in response to the determining that the user is in a public location;
  
  determines an observed confidence level that indicates a degree of certainty with respect to accuracy of the first authentication;
  
  compares the observed confidence level of the first authentication with a predetermined confidence threshold to determine if the observed confidence level exceeds the predetermined confidence level, wherein the security tool performs a plurality of subsequent authentications of the initiating user after the first authentication of the initiating user, and wherein the security tool determines and stores a learned user attribute history from the plurality of subsequent authentications, the security tool accessing the learned user attribute history to ascertain the correctness of at least one of the plurality of subsequent authentications, wherein the plurality of subsequent authentications includes a second authentication of the initiating user for the transaction;
  
  performs the second authentication of the initiating user for the transaction in response to the security tool determining that the observed confidence level fails to exceed the predetermined confidence threshold, wherein the second authentication of the user employs a second authentication level that is different from the first authentication level;
  
  authorizes the transaction to proceed if the observed confidence level exceeds the predetermined confidence threshold; and
  
  halts the transaction if the observed confidence level fails to exceed the predetermined confidence threshold.
- View Dependent Claims (5, 6)
- - 5. The IHS of claim 4, wherein the first authentication level corresponds to the passive mode user authentication test and the second authentication level corresponds to the active mode user authentication test, wherein the security tool switches from the passive mode user authentication test to the active mode user authentication test in response to the security tool determining that the observed confidence level of the first authentication is less than the predetermined confidence threshold.
  - 6. The IHS of claim 4, wherein the security tool is configured to perform the plurality of subsequent authentications substantially continuously after the first authentication.

7. A security tool computer program product, comprising:
- a non-transitory computer readable storage medium;
  
  first instructions that receive from an initiating user a request for a transaction;
  
  second instructions that access a personal profile information store, an application profile information store, an authentication layer information store, a verification layer information store and an analysis layer information store to perform a first authentication and subsequent authentications;
  
  third instructions that determine if the user is in a public location by utilizing environmental factors as input information, wherein the environmental factors include a number of faces in a digital image and a number of voices;
  
  fourth instructions that perform the first authentication of the initiating user for the transaction, the first authentication employing a first authentication level, wherein the first authentication level corresponds to a passive mode user authentication test, and wherein the security tool switches from the passive mode user authentication test of the first authentication to an active mode user authentication test in a user authentication subsequent to the first authentication of the user in response to the determining that the user is in a public location;
  
  fifth instructions that determine an observed confidence level that indicates a degree of certainty with respect to accuracy of the first authentication;
  
  sixth instructions that compare the observed confidence level of the first authentication with a predetermined confidence threshold to determine if the observed confidence level exceeds the predetermined confidence level, wherein the fourth instructions perform a plurality of subsequent authentications of the initiating user after the first authentication of the initiating user, and wherein the fourth instructions determine and store a learned user attribute history from the plurality of subsequent authentications, the fourth instructions accessing the learned user attribute history to ascertain the correctness of at least one of the plurality of subsequent authentications, wherein the plurality of subsequent authentications includes a second authentication of the initiating user for the transaction;
  
  seventh instructions that perform the second authentication of the initiating user for the transaction in response to the fifth instructions determining that the observed confidence level fails to exceed the predetermined confidence threshold, wherein the second authentication of the user employs a second authentication level that is different from the first authentication level;
  
  eighth instructions that authorize the transaction to proceed if the observed confidence level exceeds the predetermined confidence threshold; and
  
  ninth instructions that halt the transaction if the observed confidence level fails to exceed the predetermined confidence threshold;
  
  wherein the first, second, third, fourth, fifth, sixth, seventh, eighth and ninth instructions are stored on the non-transitory computer readable storage medium.
- View Dependent Claims (8)
- - 8. The security tool computer program product of claim 7, wherein the first authentication level corresponds to the passive mode user authentication test and the second authentication level corresponds to the active mode user authentication test, wherein the security tool switches from the passive mode user authentication test to the active mode user authentication test in response to the security tool determining that the observed confidence level of the first authentication is less than the predetermined confidence threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Thavasi, Manivannan, Togwe, Thembani
Primary Examiner(s)
Kosowski, Carolyn B
Assistant Examiner(s)
CHIANG, JASON

Application Number

US13/228,437
Publication Number

US 20130067547A1
Time in Patent Office

1,097 Days
Field of Search

726/4, 726/5, 726/17, 726/21
US Class Current

726/4
CPC Class Codes

G06F 21/31 User authentication

G06F 21/32 using biometric data, e.g. ...

Transaction authentication management including authentication confidence testing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Transaction authentication management including authentication confidence testing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links