Risk adjusted, multifactor authentication

US 9,069,976 B2
Filed: 07/21/2014
Issued: 06/30/2015
Est. Priority Date: 11/07/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a computer system from a device, a request to access a resource hosted by the computer system;

identifying, by the computer system, a level of risk associated with the request to access the resource, by the computer system;

accessing a data repository that includes a mapping of levels of risk to values for an authentication standard, with the values for the authentication standard increasing as the levels of risk increase; and

determining from the mapping a value for the authentication standard that corresponds to the level of risk identified;

adjusting, by the computer system based on the identified level of risk, an original value of the authentication standard to the determined value, with the authentication standard having an upper value and a lower value;

determining values of authentication factors used in authenticating access of a user to the resource; and

determining based on the determined values of the authentication factors and the adjusted authentication standard, whether the user is authorized to access the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method comprising: receiving, from a device used by a user, a request to access a resource hosted by a computer system; identifying, by the computer system, a level of risk associated with the user requesting access to the resource; adjusting, by the computer system an authentication standard for access to the resource, adjusting based on the identified level of risk; determining values for authentication factors used in authenticating the user'"'"'s access to the resource; applying weights to the values for the authentication factors; and determining, based on a comparison of the weighted values to the adjusted authentication standard, whether the user is authorized to access the resource.

152 Citations

21 Claims

1. A computer-implemented method comprising:
- receiving, by a computer system from a device, a request to access a resource hosted by the computer system;
  
  identifying, by the computer system, a level of risk associated with the request to access the resource, by the computer system;
  
  accessing a data repository that includes a mapping of levels of risk to values for an authentication standard, with the values for the authentication standard increasing as the levels of risk increase; and
  
  determining from the mapping a value for the authentication standard that corresponds to the level of risk identified;
  
  adjusting, by the computer system based on the identified level of risk, an original value of the authentication standard to the determined value, with the authentication standard having an upper value and a lower value;
  
  determining values of authentication factors used in authenticating access of a user to the resource; and
  
  determining based on the determined values of the authentication factors and the adjusted authentication standard, whether the user is authorized to access the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - determining an authentication score based on two or more of the values of the authentication factors;
      
      comparing the authentication score to the adjusted authentication standard;
      
      when the authentication score is less than the adjusted authentication standard, determining that the user is not authenticated to access the resource; and
      
      when the authentication score is greater than or equal to the adjusted authentication standard, determining that the user is authenticated to access the resource.
  - 3. The method of claim 1, wherein the resource has gradient levels of access in which the user is granted increased levels of access to the resource as an amount of authentication of the user increases, with the gradient levels of access associated with authentication standards, with higher gradient levels requiring higher authentication standards relative to authentication standards for lower gradient levels of access, and wherein the method further comprises:
    - determining an authentication score based on two or more the values of the authentication factors;
      
      identifying an authentication standard for a gradient level of access that is less than the authentication score; and
      
      granting the user the gradient level of access to the resource.
  - 4. The method of claim 3, wherein the identified authentication standard is the adjusted authentication standard.
  - 5. The method of claim 1, further comprising:
    - receiving, from the device used by the user, information specifying a selection of the authentication factors.
  - 6. The method of claim 1, wherein an authentication factor comprises one or more of a collected factor, a real-time factor, and an observed factor.
  - 7. The method of claim 1, wherein one of the authentication factors is an observed factor, and wherein the method further comprises:
    - transmitting, to the device, a request for information specifying a current value of the observed factor; and
      
      receiving, from the device, the information specifying a current value of the observed factor.
  - 8. The method of claim 7, further comprising:
    - retrieving, from a data repository, information collected based on the user'"'"'s prior accessing of the resource;
      
      identifying, in the retrieved information, a value for the observed factor; and
      
      comparing the identified value of the observed factor to the current value of the observed factor;
      
      wherein identifying the level of risk associated with the user requesting access to the resource comprises;
      
      identifying, based on comparing the identified value of the observed factor to the current value of the observed factor, the level of risk associated with the user requesting access to the resource.

9. One or more machine-readable hardware storage devices storing instructions that are executable by one or more processors to perform operations comprising:
- receiving, from a device, a request to access a resource hosted by a computer system;
  
  identifying a level of risk associated with the request to access the resources;
  
  accessing a data repository that includes a mapping of levels of risk to values for an authentication standard, with the values for the authentication standard increasing as the levels of risk increase; and
  
  determining from the mapping a value for the authentication standard that corresponds to the level of risk identified;
  
  adjusting, based on the identified level of risk, an original value of the authentication standard to the determined value, with the authentication standard having an upper value and a lower value;
  
  determining values of authentication factors used in authenticating access of a user to the resource; and
  
  determining based on the determined values of the authentication factors and the adjusted authentication standard, whether the user is authorized to access the resource.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The one or more machine-readable hardware storage devices of claim 9, wherein the operations further comprise:
    - determining an authentication score based on two or more of the values of the authentication factors;
      
      comparing the authentication score to the adjusted authentication standard;
      
      when the authentication score is less than the adjusted authentication standard, determining that the user is not authenticated to access the resource; and
      
      when the authentication score is greater than or equal to the adjusted authentication standard, determining that the user is authenticated to access the resource.
  - 11. The one or more machine-readable hardware storage devices of claim 9, wherein the resource has gradient levels of access in which the user is granted increased levels of access to the resource as an amount of authentication of the user increases, with the gradient levels of access associated with authentication standards, with higher gradient levels requiring higher authentication standards relative to authentication standards for lower gradient levels of access, and wherein the method further comprises:
    - determining an authentication score based on two or more the values of the authentication factors;
      
      identifying an authentication standard for a gradient level of access that is less than the authentication score; and
      
      granting the user the gradient level of access to the resource.
  - 12. The one or more machine-readable hardware storage devices of claim 11, wherein the identified authentication standard is the adjusted authentication standard.
  - 13. The one or more machine-readable hardware storage devices of claim 9, wherein the operations further comprise:
    - receiving, from the device used by the user, information specifying a selection of the authentication factors.
  - 14. The one or more machine-readable hardware storage devices of claim 9, wherein the authentication factor comprises one or more of a collected factor, a real-time factor, and an observed factor.
  - 15. The one or more machine-readable hardware storage devices of claim 9, wherein one of the authentication factors is an observed factor, and wherein the operations further comprise:
    - transmitting, to the device, a request for information specifying a current value of the observed factor; and
      
      receiving, from the device, the information specifying a current value of the observed factor.

16. An electronic system comprising:
- one or more processors; and
  
  one or more machine-readable hardware storage devices storing instructions that are executable by the one or more processors to perform operations comprising;
  
  receiving, from a device, a request to access a resource hosted by a computer system;
  
  identifying a level of risk associated with the request to access the resource;
  
  accessing a data repository that includes a mapping of levels of risk to values for an authentication standard, with the values for the authentication standard increasing as the levels of risk increase; and
  
  determining from the mapping a value for the authentication standard that corresponds to the level of risk identified;
  
  adjusting, based on the identified level of risk, an original value of the authentication standard to the determined value, with the authentication standard having an upper value and a lower value;
  
  determining values of authentication factors used in authenticating access of a user to the resource; and
  
  determining based on the determined values of the authentication factors and the adjusted authentication standard, whether the user is authorized to access the resource.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The electronic system of claim 16, wherein the operations further comprise:
    - determining an authentication score based on two or more of the values of the authentication factors;
      
      comparing the authentication score to the adjusted authentication standard;
      
      when the authentication score is less than the adjusted authentication standard, determining that the user is not authenticated to access the resource; and
      
      when the authentication score is greater than or equal to the adjusted authentication standard, determining that the user is authenticated to access the resource.
  - 18. The electronic system of claim 16, wherein the resource has gradient levels of access in which the user is granted increased levels of access to the resource as an amount of authentication of the user increases, with the gradient levels of access associated with authentication standards, with higher gradient levels requiring higher authentication standards relative to authentication standards for lower gradient levels of access, and wherein the method further comprises:
    - determining an authentication score based on two or more the values of the authentication factors;
      
      identifying an authentication standard for a gradient level of access that is less than the authentication score; and
      
      granting the user the gradient level of access to the resource.
  - 19. The electronic system of claim 18, wherein the identified authentication standard is the adjusted authentication standard.
  - 20. The electronic system of claim 16, wherein the operations further comprise:
    - receiving, from the device used by the user, information specifying a selection of the authentication factors.
  - 21. The electronic system of claim 16, wherein the authentication factor comprises one or more of a collected factor, a real-time factor, and an observed factor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FMR LLC
Original Assignee
FMR LLC
Inventors
Toole, Robert C., Hromi, Jonathan, McDonough, John, Stern, Hadley Rupert, Brooks, Seth Warren
Primary Examiner(s)
Smithers, Matthew

Application Number

US14/336,620
Publication Number

US 20140331293A1
Time in Patent Office

344 Days
Field of Search

726/2, 726/25, 726/7, 726/5
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/60   Protecting data

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 69/24   Negotiation of communicatio...

Risk adjusted, multifactor authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

152 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Risk adjusted, multifactor authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

152 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links