Dynamic adjustment of authentication policy

US 9,286,453 B2
Filed: 05/06/2014
Issued: 03/15/2016
Est. Priority Date: 05/06/2014
Status: Active Grant

First Claim

Patent Images

1. A computer program product for managing an authentication policy for a user on a network of an organization, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions readable by a hardware processor to cause the processing circuit to perform a method comprising:

determining an organizational role of a user within an organization;

assigning an organizational risk value for the user based on the organizational role of the user, wherein a first organizational role within the organization results in a higher organizational risk value than a second organizational role within the organization;

determining a history of historical violations committed by the user;

assigning a historical risk value based on the history of historical violations committed by the user;

determining at least one social media attribute of the user, the at least one social media attribute comprising at least one of;

how many social media accounts the user has, how many social media postings the user has made, how many social media friends the user has, and one or more associations of social media friends of the user;

assigning a social media risk value based on the at least one social media attribute of the user;

calculating a current risk assessment score of the user based on a weighted combination of the organizational risk value and the historical risk value, and is further based on the social media risk value;

wherein the calculating the current risk assessment score is further based on at least one of;

a number of devices that the user uses to access the network, a type of device that the user uses to access the network, and an operating system running on a device that the user uses to access the network; and

determining the authentication policy for the user based on the current risk assessment score.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments relate to managing authentication policies for users on a network of an organization. A computer-implemented method for managing an authentication policy for a user on a network of an organization is provided. The method maintains a current risk assessment score of the user based on an organizational role of the user within the organization and a history of security violations on the network. The method determines the authentication policy for the user based on the current risk assessment score.

16 Citations

View as Search Results

16 Claims

1. A computer program product for managing an authentication policy for a user on a network of an organization, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions readable by a hardware processor to cause the processing circuit to perform a method comprising:
- determining an organizational role of a user within an organization;
  
  assigning an organizational risk value for the user based on the organizational role of the user, wherein a first organizational role within the organization results in a higher organizational risk value than a second organizational role within the organization;
  
  determining a history of historical violations committed by the user;
  
  assigning a historical risk value based on the history of historical violations committed by the user;
  
  determining at least one social media attribute of the user, the at least one social media attribute comprising at least one of;
  
  how many social media accounts the user has, how many social media postings the user has made, how many social media friends the user has, and one or more associations of social media friends of the user;
  
  assigning a social media risk value based on the at least one social media attribute of the user;
  
  calculating a current risk assessment score of the user based on a weighted combination of the organizational risk value and the historical risk value, and is further based on the social media risk value;
  
  wherein the calculating the current risk assessment score is further based on at least one of;
  
  a number of devices that the user uses to access the network, a type of device that the user uses to access the network, and an operating system running on a device that the user uses to access the network; and
  
  determining the authentication policy for the user based on the current risk assessment score.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer program product of claim 1, wherein the security violations include at least one of a failed authentication attempt, a loss of a device used to access the network, a remote wipeout of a device used to access the network, a password reset, and a user account lockout.
  - 3. The computer program product of claim 1, wherein assigning the organizational risk value for the user based on the organizational role of the user comprises assigning the organizational risk value based on at least one of a level in an organizational hierarchy at which the user is positioned, a number of persons reporting to the user, a department to which the user belongs, a job title of the user.
  - 4. The computer program product of claim 1, wherein the authentication policy specifies at least one of a length of a password, a number of numeric characters in a password, a number of capital letters in a password, a frequency of required re-authentication during a communication session, a frequency of password changes required, a number of security questions to be asked, and an environment in which an authentication mechanism can be changed.
  - 5. The computer program product of claim 1, wherein the authentication policy specifies a type of authentication mechanism that user is required to use.
  - 6. The computer program product of claim 5, wherein types of authentication mechanisms include one or more of a password, an identification tag, a passcode, a touch pattern, and biometric information of the user.

7. A computer system for managing an authentication policy for a user on a network of an organization:
- a memory having computer readable instructions; and
  
  a hardware processor configured to execute the computer readable instructions, the instructions comprising;
  
  determining an organizational role of a user within an organization;
  
  assigning an organizational risk value for the user based on the organizational role of the user, wherein a first organizational role within the organization results in a higher organizational risk value than a second organizational role within the organization;
  
  determining a history of historical violations committed by the user;
  
  assigning a historical risk value based on the history of historical violations committed by the user;
  
  determining at least one social media attribute of the user, the at least one social media attribute comprising at least one of;
  
  how many social media accounts the user has, how many social media postings the user has made, how many social media friends the user has, and one or more associations of social media friends of the user;
  
  assigning a social media risk value based on the at least one social media attribute of the user;
  
  calculating a current risk assessment score of the user based on a weighted combination of the organizational risk value and the historical risk value, and is further based on the social media risk value;
  
  wherein the calculating the current risk assessment score is further based on at least one of;
  
  a number of devices that the user uses to access the network, a type of device that the user uses to access the network, and an operating system running on a device that the user uses to access the network; and
  
  determining the authentication policy for the user based on the current risk assessment score.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer system of claim 7, wherein assigning the organizational risk value for the user based on the organizational role of the user comprises assigning the organizational risk value based on at least one of a level in an organizational hierarchy at which the user is positioned, a number of persons reporting to the user, a department to which the user belongs, a job title of the user.
  - 9. The computer system of claim 7, wherein the authentication policy specifies at least one of a length of a password, a number of numeric characters in a password, a number of capital letters in a password, a frequency of required re-authentication during a communication session, a frequency of password changes required, a number of security questions to be asked, and an environment in which an authentication mechanism can be changed.
  - 10. The computer system of claim 7, wherein the authentication policy specifies a type of authentication mechanism that user is required to use.
  - 11. The computer system of claim 7, wherein the calculating the current risk assessment score is further based on an organizational role of another user with whom the user communicates.
  - 12. The computer system of claim 7, wherein the calculating the current risk assessment score is further based on a frequency of travels that the user makes.

13. A computer-implemented method for managing an authentication policy for a user on a network of an organization, the method comprising:
- determining an organizational role of a user within an organization;
  
  assigning an organizational risk value for the user based on the organizational role of the user, wherein a first organizational role within the organization results in a higher organizational risk value than a second organizational role within the organization;
  
  determining a history of historical violations committed by the user;
  
  assigning a historical risk value based on the history of historical violations committed by the user;
  
  determining at least one social media attribute of the user, the at least one social media attribute comprising at least one of;
  
  how many social media accounts the user has, how many social media postings the user has made, how many social media friends the user has, and one or more associations of social media friends of the user;
  
  assigning a social media risk value based on the at least one social media attribute of the user;
  
  calculating, by a hardware processor, a current risk assessment score of the user based on a weighted combination of the organizational risk value and the historical risk value, and is further based on the social media risk value;
  
  wherein the calculating the current risk assessment score is further based on at least one of;
  
  a number of devices that the user uses to access the network, a type of device that the user uses to access the network, and an operating system running on a device that the user uses to access the network; and
  
  determining the authentication policy for the user based on the current risk assessment score.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein assigning the organizational risk value for the user based on the organizational role of the user comprises assigning the organizational risk value based on at least one of a level in an organizational hierarchy at which the user is positioned, a number of persons reporting to the user, a department to which the user belongs, a job title of the user.
  - 15. The method of claim 13, wherein the authentication policy specifies a type of authentication mechanism that user is required to use.
  - 16. The method of claim 13, wherein the calculating the current risk assessment score is further based on whether the user has signed a non-disclosure agreement with the organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Crowdstrike, Inc. (CrowdStrike Holdings Incorporated)
Original Assignee
International Business Machines Corporation
Inventors
Boss, Gregory J., Jones, Andrew R., Lingafelt, C. Steven, McConnell, Kevin C., Moore, John E. Jr.
Primary Examiner(s)
RAHIM, MONJUR

Application Number

US14/270,957
Publication Number

US 20150324559A1
Time in Patent Office

679 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06Q 50/01   Social networking

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Dynamic adjustment of authentication policy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic adjustment of authentication policy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links