Risk adjusted, multifactor authentication
First Claim
1. A computer-implemented method comprising:
- receiving, by a computer system from a device, a request to access a resource hosted by the computer system;
identifying, by the computer system, a level of risk associated with the request to access the resource, by the computer system;
accessing a data repository that includes a mapping of levels of risk to values for an authentication standard, with the values for the authentication standard increasing as the levels of risk increase; and
determining from the mapping a value for the authentication standard that corresponds to the level of risk identified;
adjusting, by the computer system based on the identified level of risk, an original value of the authentication standard to the determined value, with the authentication standard having an upper value and a lower value;
determining values of authentication factors used in authenticating access of a user to the resource; and
determining based on the determined values of the authentication factors and the adjusted authentication standard, whether the user is authorized to access the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method comprising: receiving, from a device used by a user, a request to access a resource hosted by a computer system; identifying, by the computer system, a level of risk associated with the user requesting access to the resource; adjusting, by the computer system an authentication standard for access to the resource, adjusting based on the identified level of risk; determining values for authentication factors used in authenticating the user'"'"'s access to the resource; applying weights to the values for the authentication factors; and determining, based on a comparison of the weighted values to the adjusted authentication standard, whether the user is authorized to access the resource.
152 Citations
21 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a computer system from a device, a request to access a resource hosted by the computer system; identifying, by the computer system, a level of risk associated with the request to access the resource, by the computer system; accessing a data repository that includes a mapping of levels of risk to values for an authentication standard, with the values for the authentication standard increasing as the levels of risk increase; and determining from the mapping a value for the authentication standard that corresponds to the level of risk identified; adjusting, by the computer system based on the identified level of risk, an original value of the authentication standard to the determined value, with the authentication standard having an upper value and a lower value; determining values of authentication factors used in authenticating access of a user to the resource; and determining based on the determined values of the authentication factors and the adjusted authentication standard, whether the user is authorized to access the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more machine-readable hardware storage devices storing instructions that are executable by one or more processors to perform operations comprising:
-
receiving, from a device, a request to access a resource hosted by a computer system; identifying a level of risk associated with the request to access the resources; accessing a data repository that includes a mapping of levels of risk to values for an authentication standard, with the values for the authentication standard increasing as the levels of risk increase; and determining from the mapping a value for the authentication standard that corresponds to the level of risk identified; adjusting, based on the identified level of risk, an original value of the authentication standard to the determined value, with the authentication standard having an upper value and a lower value; determining values of authentication factors used in authenticating access of a user to the resource; and determining based on the determined values of the authentication factors and the adjusted authentication standard, whether the user is authorized to access the resource. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An electronic system comprising:
-
one or more processors; and one or more machine-readable hardware storage devices storing instructions that are executable by the one or more processors to perform operations comprising; receiving, from a device, a request to access a resource hosted by a computer system; identifying a level of risk associated with the request to access the resource; accessing a data repository that includes a mapping of levels of risk to values for an authentication standard, with the values for the authentication standard increasing as the levels of risk increase; and determining from the mapping a value for the authentication standard that corresponds to the level of risk identified; adjusting, based on the identified level of risk, an original value of the authentication standard to the determined value, with the authentication standard having an upper value and a lower value; determining values of authentication factors used in authenticating access of a user to the resource; and determining based on the determined values of the authentication factors and the adjusted authentication standard, whether the user is authorized to access the resource. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification