Nodal random authentication

US 9,560,030 B2
Filed: 11/07/2014
Issued: 01/31/2017
Est. Priority Date: 11/07/2014
Status: Active Grant

First Claim

Patent Images

1. A method of selectively enabling access to functions of a transaction application requested by a user of a client electronic device, the transaction applications respectively corresponding to application nodes, the method comprising:

authenticating, using one or more server computers, the user for access to an entry point of the transaction application;

making a determination, using one or more server computers, whether to require re-authentication of the user for access to an application node other than the entry point, wherein;

(1) making the determination comprises executing a random weight determination module to assign a randomly generated respective weight value to each of a plurality of application nodes that would not otherwise require authentication; and

(2) as the user traverses one or more of the plurality of application nodes, comparing a sum of at least one respective weight value of the traversed application nodes, wherein the traversed application nodes include the application node currently being traversed, to a threshold value to determine whether re-authentication of the user is required prior to granting access to the function of the transaction application corresponding to the currently traversed application node; and

if the determination indicates that re-authentication of the user is required prior to granting access to a function of the transaction application corresponding to the application node, requiring re-authentication of the user if the user attempts to traverse the application node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer program products related to transaction application security are disclosed. In a particular embodiment, application nodes are randomly selected for requiring re-authentication of a user traversing nodes of the application. These and other embodiments are more fully disclosed herein.

Citations

16 Claims

1. A method of selectively enabling access to functions of a transaction application requested by a user of a client electronic device, the transaction applications respectively corresponding to application nodes, the method comprising:
- authenticating, using one or more server computers, the user for access to an entry point of the transaction application;
  
  making a determination, using one or more server computers, whether to require re-authentication of the user for access to an application node other than the entry point, wherein;
  
  (1) making the determination comprises executing a random weight determination module to assign a randomly generated respective weight value to each of a plurality of application nodes that would not otherwise require authentication; and
  
  (2) as the user traverses one or more of the plurality of application nodes, comparing a sum of at least one respective weight value of the traversed application nodes, wherein the traversed application nodes include the application node currently being traversed, to a threshold value to determine whether re-authentication of the user is required prior to granting access to the function of the transaction application corresponding to the currently traversed application node; and
  
  if the determination indicates that re-authentication of the user is required prior to granting access to a function of the transaction application corresponding to the application node, requiring re-authentication of the user if the user attempts to traverse the application node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the assigned respective weight value is either a value corresponding to a threshold value or a value corresponding to a non-threshold value wherein comparing the sum further comprises:
    - if the assigned weight value of the currently traversed application node corresponds to the threshold value, then the determination indicates that re-authentication is required for the currently traversed application node prior to granting access to the function of the transaction application corresponding to the currently traversed application node.
  - 3. The method of claim 1 wherein the assigned respective weight value is a value equal to or between a value corresponding to a threshold value and a value corresponding to a non-threshold value, wherein comparing the sum further comprises:
    - incrementing the sum by the assigned respective weight value of a traversed application node upon traversal and, if the sum after being incremented is equal to or greater than the threshold value, then the determination indicates that re-authentication is required for the traversed application node prior to granting access to the function of a transaction application corresponding to the currently traversed application node.
  - 4. The method of claim 1 wherein requiring re-authentication of the user comprises:
    - requesting one or more device-generated credentials to be checked prior to granting the user access to the function of a transaction application.
  - 5. The method of claim 4 wherein the one or more device-generated credentials are generated by the client electronic device without requiring additional input from the user other than a user-interface action corresponding an attempt to traverse the application node.
  - 6. The method of claim 1 wherein the transaction application is stored and executed on the client electronic device.
  - 7. The method of claim 1 wherein the transaction application is stored and executed on one or more server computers.
  - 8. The method of claim 1 wherein a first portion of the transaction application is stored and executed on the client electronic device and a second portion of the transaction application is stored and executed on one or more server computers.

9. A computer program product embedded in a non-transitory computer readable medium including instructions executable by a computer processor to selectively require authentication of a user of a client electronic device for access to functions corresponding to application nodes of a transaction application by:
- authenticating the user for access to an entry point of the transaction application;
  
  making a determination whether to require re-authentication of the user for access to an application node other than the entry point wherein making the determination comprises;
  
  (1) executing a random weight determination module to assign a randomly generated respective weight value to each of a plurality of application nodes that would not otherwise require authentication; and
  
  (2) as the user traverses one or more of the plurality of application nodes, comparing a sum of at least one respective weight value of the traversed application nodes, wherein the traversed application nodes include the application node currently being traversed, to a threshold value to determine whether re-authentication of the user is required prior to granting access to the function of the transaction application corresponding to the currently traversed application node; and
  
  if the determination indicates that re-authentication of the user is required prior to granting access to the function of the transaction application corresponding to the application node, requiring re-authentication of the user if the user attempts to traverse the application node.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9 wherein the assigned weight value is either a value corresponding to a threshold value or a value corresponding to a non-threshold value wherein, comparing the sum further comprises:
    - if the assigned weight value of the currently traversed application node corresponds to the threshold value, then the determination indicates that re-authentication is required for the currently traversed application node prior to granting access to the function of the transaction application corresponding to the currently traversed application node.
  - 11. The computer program product of claim 9 wherein the assigned respective weight value is a value equal to or between a value corresponding to a threshold value and a value corresponding to a non-threshold value, wherein comparing the sum further comprises:
    - incrementing the sum by the assigned respective weight value of a traversed application node upon traversal and, if the sum after being incremented is equal to or greater than the threshold value, then the determination indicates that re-authentication is required for the traversed application node prior to granting access to the function of a transaction application corresponding to the currently traversed application node.
  - 12. The computer program product of claim 9 wherein requiring re-authentication of the user comprises:
    - requesting one or more device-generated credentials to be checked prior to granting the user access to the function of a transaction application.
  - 13. The computer program product of claim 12 wherein the one or more device-generated credentials are generated by the client electronic device without requiring additional input from the user other than a user-interface action corresponding to an attempt to traverse the application node.
  - 14. The computer program product of claim 9 wherein the transaction application is stored and executed on the client electronic device.
  - 15. The computer program product of claim 9 wherein the transaction application is stored and executed on one or more server computers.
  - 16. The computer program product of claim 9 wherein a first portion of the transaction application is stored and executed on the client electronic device and a second portion of the transaction application is stored and executed on one or more server computers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaiser Foundation Hospitals (Kaiser Permanente Inc.)
Original Assignee
Kaiser Foundation Hospitals (Kaiser Permanente Inc.)
Inventors
Hughes, Alexander Z.
Primary Examiner(s)
LEE, JASON T

Application Number

US14/536,334
Publication Number

US 20160134608A1
Time in Patent Office

816 Days
Field of Search

726/5
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2139   Recurrent verification

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

Nodal random authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Nodal random authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links