Graduated authentication in an identity management system

US 8,959,652 B2
Filed: 08/30/2013
Issued: 02/17/2015
Est. Priority Date: 06/16/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, at a homesite, from a membersite, a request for user information, wherein responding to the request requires two or more transactions, wherein at least a first of the two or more transactions is associated with a first security level, and wherein at least a second of the two or more transactions is associated with a second security level different from the first security level;

selecting a first channel with a first channel security level to perform the first transaction the first channel selected based on a correspondence between the first security level and the first channel security level;

selecting a second channel with a second channel security level to perform the second transaction, the second channel selected based on, a correspondence between the second security level and the second channel security level;

transmitting, from the homesite, first data to perform the first transaction over the selected first channel; and

transmitting, from the homesite, second data to perform the second transaction over the selected second channel.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.

Citations

18 Claims

1. A computer-implemented method comprising:
- receiving, at a homesite, from a membersite, a request for user information, wherein responding to the request requires two or more transactions, wherein at least a first of the two or more transactions is associated with a first security level, and wherein at least a second of the two or more transactions is associated with a second security level different from the first security level;
  
  selecting a first channel with a first channel security level to perform the first transaction the first channel selected based on a correspondence between the first security level and the first channel security level;
  
  selecting a second channel with a second channel security level to perform the second transaction, the second channel selected based on, a correspondence between the second security level and the second channel security level;
  
  transmitting, from the homesite, first data to perform the first transaction over the selected first channel; and
  
  transmitting, from the homesite, second data to perform the second transaction over the selected second channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-implemented method of claim 1, wherein selectins the first channel or selecting the second channel is further based on a response security level determined in accordance with homesite policies.
  - 3. The computer-implemented method of claim 1, wherein the first transaction comprises authentication of a user identity.
  - 4. The computer-implemented method of claim 1, wherein the first security level is an authentication security level.
  - 5. The computer-implemented method of claim 1, wherein the first security level is a channel security level.
  - 6. The computer-implemented method of claim 1, wherein the first security level is a time sensitivity security level.
  - 7. The computer-implemented method of claim 1, wherein selecting the first channel is further based on selecting a response security level at least as secure as a security level employed in sending the received request.
  - 8. The computer-implemented method of claim 1, wherein selectins the first channel is further based on user preferences.
  - 9. The computer-implemented method of claim 8, wherein the user preferences are predefined.
  - 10. The computer-implemented method of claim 8, wherein the user preferences are associated with the information requested in the received request.
  - 11. The computer-implemented method of claim 1, wherein the first security level is selected from a list of pre-defined security levels.
  - 12. The computer-implemented method of claim 1, wherein the first channel is selected from a list of pre-defined channels.
  - 13. The computer-implemented method of claim 1 further comprising:
    - determining that the first security level is too low;
      
      indicating that a more secure channel is required or indicating a minimum security level; and
      
      redirecting to a membersite that requires higher security level.

14. A computer-readable storage device storing instructions configured to, by being executed by a computing device with one or more processors, cause the computing device to perform operations that:
- send, to a first homesite, a first request for user information, the first request including an associated first security level;
  
  receive, from the first homesite over a first channel selected from a first plurality of channels, a first response to the first request,wherein the first channel is selected in accordance with a response security level determined by the first homesite, and the response security level is based on the first security level associated with the first request, andwherein at least at least one channel of the first plurality of channels has a different level of security than another channel of the first plurality of channels;
  
  verify that the first response was sent using a first response security level based on the first security level;
  
  send, to a second homesite, a second request for user information, the second request including an associated second security level;
  
  receive a second response to the second request;
  
  determine that the second response does not meet minimum requirements associated with the second security level; and
  
  responsive to the determination that the response does not meet the minimum requirements, provide an indication that an attack may be in progress.
- View Dependent Claims (15, 16)
- - 15. The computer-readable storage device of claim 14, wherein the instructions are further configured to cause the computing device to perform operations that, responsive to the determination that the second response does not meet minimum requirements, provide an indication to a user that the homesite did not respond as expected.
  - 16. The computer-readable storage device of claim 14, wherein the instructions are further configured to cause the computing device to perform operations that, responsive to the determination that the second response does not meet minimum requirements, terminate a connection with the homesite or logging the IP address of the homesite.

17. A computer-implemented method comprising:
- sending, to a first homesite, a first request for user information, the first request including an associated first security level;
  
  receiving, from the first homesite over a first channel selected from a first plurality of channels, a first response to the first request,wherein the first channel is selected in accordance with a response security level determined by the first homesite, and the response security level is based on the first security level associated with the first request, andwherein at least one channel of the first plurality of channels has a different level of security than another channel of the first plurality of channels;
  
  verifying that the first response was sent using a first response security level based on the first security level;
  
  sending, to a second homesite, a second request for user information, the second request including an associated second security level;
  
  receiving a second response to the second request;
  
  determining that the second response does not meet minimum requirements associated with the second security level; and
  
  responsive to the determination that the response does not meet the minimum requirements, providing an indication that an attack may be in progress.
- View Dependent Claims (18)
- - 18. The computer-implemented method of claim 17 further comprising determining that the second response does not meet minimum requirements:
    - providing an indication to a user that the homesite did not respond as expected;
      
      terminating a connection with the homesite; and
      
      logging the IP address of the homesite.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Dormarke Assets LLC (Intellectual Ventures LLC)
Inventors
Hardt, Dick C.
Primary Examiner(s)
Reza, Mohammad W
Assistant Examiner(s)
RAHIM, MONJUR

Application Number

US14/015,813
Publication Number

US 20140007253A1
Time in Patent Office

536 Days
Field of Search

726/26
US Class Current

726/26
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

Graduated authentication in an identity management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Graduated authentication in an identity management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links