System for escalating security protocol requirements

US 9,912,700 B2
Filed: 01/04/2016
Issued: 03/06/2018
Est. Priority Date: 01/04/2016
Status: Active Grant

First Claim

Patent Images

1. A system for escalating security protocol requirements, comprising:

a computer apparatus including a processor and a memory; and

a security protocol module stored in the memory, executable by the processor and configured for;

monitoring first electronic activities being performed by a user, the first electronic activities being performed on a first local network;

monitoring a frequency and a success rate of the first electronic activities performed by the user on the first local network;

based on the frequency and the success rate of the first electronic activities performed by the user on the first local network, determining that the first local network is a preferred local network;

collecting device identification information for local network devices associated with the preferred local network;

receiving from the user a request to perform a subsequent electronic activity using a first computing device, the first computing device being in communication with a second local network;

based on receiving the request to perform the subsequent electronic activity, collecting device identification information for the first computing device;

based on receiving the request to perform the subsequent electronic activity, identifying one or more local network devices in communication with the second local network and collecting device identification information for the local network devices in communication with the second local network; and

based on determining that the device identification information for the first computing device matches the collected device identification information for one of the local network devices associated with the preferred local network, automatically decreasing a level of authentication required to complete the subsequent electronic activity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system for escalating security protocol requirements. The system typically includes a processor, a memory, and a security protocol module stored in the memory. The module is typically configured for: monitoring electronic activities associated with a user and collecting device identification information for local network devices associated with the electronic activities; receiving from the user a request to perform a subsequent electronic activity using a first computing device in communication with a first local network; collecting device identification information associated with the first computing device; identifying one or more local network devices in communication with the first local network and collecting device identification information associated with the local network devices in communication with the first local network; and denying the subsequent electronic activity or increasing or decreasing a level of authentication required to complete the subsequent electronic activity based on the collected device identification information.

Citations

20 Claims

1. A system for escalating security protocol requirements, comprising:
- a computer apparatus including a processor and a memory; and
  
  a security protocol module stored in the memory, executable by the processor and configured for;
  
  monitoring first electronic activities being performed by a user, the first electronic activities being performed on a first local network;
  
  monitoring a frequency and a success rate of the first electronic activities performed by the user on the first local network;
  
  based on the frequency and the success rate of the first electronic activities performed by the user on the first local network, determining that the first local network is a preferred local network;
  
  collecting device identification information for local network devices associated with the preferred local network;
  
  receiving from the user a request to perform a subsequent electronic activity using a first computing device, the first computing device being in communication with a second local network;
  
  based on receiving the request to perform the subsequent electronic activity, collecting device identification information for the first computing device;
  
  based on receiving the request to perform the subsequent electronic activity, identifying one or more local network devices in communication with the second local network and collecting device identification information for the local network devices in communication with the second local network; and
  
  based on determining that the device identification information for the first computing device matches the collected device identification information for one of the local network devices associated with the preferred local network, automatically decreasing a level of authentication required to complete the subsequent electronic activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system according to claim 1, wherein the security protocol module is configured for:
    - receiving from the user a request to perform a second subsequent electronic activity on a third local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the third local network and collecting device identification information for the local network devices in communication with the third local network;
      
      determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from a restricted device database; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from the restricted device database.
  - 3. The system according to claim 2, wherein the security protocol module is configured for:
    - automatically denying the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from the restricted device database.
  - 4. The system according to claim 2, wherein the security protocol module is configured for:
    - automatically increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from the restricted device database.
  - 5. The system according to claim 1, wherein the security protocol module is configured for:
    - receiving from the user a request to perform a second subsequent electronic activity on a third local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the third local network and collecting device identification information for the local network devices in communication with the third local network;
      
      determining that the device identification information associated with one of the local network devices in communication with the third local network does not match device identification information from a previous device database associated with the third local network; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network does not match device identification information from the previous device database associated with the preferred local network.
  - 6. The system according to claim 5, wherein the security protocol module is configured for:
    - automatically denying the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network does not match device identification information from the previous device database associated with the preferred local network.
  - 7. The system according to claim 5, wherein the security protocol module is configured for:
    - automatically increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network does not match device identification information from the previous device database associated with the preferred local network.
  - 8. The system according to claim 1, whereinthe security protocol module is configured for:
    - receiving from the user a request to perform a second subsequent electronic activity on the preferred local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the preferred local network and collecting device identification information for the local network devices in communication with the preferred local network;
      
      determining that the device identification information for one of the local network devices in communication with the preferred local network does not match the collected device identification information for the local network devices associated with the preferred local network; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on (i) determining that the first local network is the preferred local network and (ii) determining that the device identification information for one of the local network devices in communication with the preferred local network does not match the collected device identification information for the local network devices associated with the preferred local network.
  - 9. The system according to claim 8, wherein the security protocol module is configured for:
    - automatically denying the second subsequent electronic activity based on (i) determining that the preferred local network is the preferred local network and (ii) determining that the device identification information for one of the local network devices in communication with the preferred local network does not match the collected device identification information for the local network devices associated with the preferred local network.
  - 10. The system according to claim 8, wherein the security protocol module is configured for:
    - automatically increasing the level of authentication required to complete the second subsequent electronic activity based on (i) determining that the preferred local network is the preferred local network and (ii) determining that the device identification information for one of the local network devices in communication with the preferred local network does not match the collected device identification information for the local network devices associated with the preferred local network.

11. A computer program product embodied on a non-transitory computer-readable storage medium having computer-executable instructions for:
- monitoring first electronic activities being performed by a user, the first electronic activities being performed on a first local network;
  
  monitoring a frequency and a success rate of the first electronic activities by the user on the first local network;
  
  based on the frequency and the success rate of the first electronic activities performed by the user on the first local network, determining that the first local network is a preferred local network;
  
  collecting device identification information for local network devices associated with the preferred local network;
  
  receiving from the user a request to perform a subsequent electronic activity using a first computing device, the first computing device being in communication with a second local network;
  
  based on receiving the request to perform the subsequent electronic activity, collecting device identification information for the first computing device;
  
  based on receiving the request to perform the subsequent electronic activity, identifying one or more local network devices in communication with the second local network and collecting device identification information for the local network devices in communication with the second local network; and
  
  based on determining that the device identification information for the first computing device matches the collected device identification information for one of the local network devices associated with the preferred local network, automatically decreasing a level of authentication required to complete the subsequent electronic activity.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer program product according to claim 11, wherein the non-transitory computer-readable storage medium has computer-executable instructions for:
    - receiving from the user a request to perform a second subsequent electronic activity on a third local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the third local network and collecting device identification information for the local network devices in communication with the third local network;
      
      determining that the device identification information for one of the local network devices in communication with the third local network does not match device identification information from a previous device database associated with the third local network; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network does not match device identification information from the previous device database associated with the preferred local network.
  - 13. The computer program product according to claim 11, wherein the non-transitory computer-readable storage medium has computer-executable instructions for:
    - receiving from the user a request to perform a second subsequent electronic activity on the preferred local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the preferred local network and collecting device identification information for the local network devices in communication with the preferred local network;
      
      determining that the device identification information for one of the local network devices in communication with the preferred local network does not match the collected device identification information for the local network devices associated with the preferred local network; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on (i) determining that the first local network is the preferred local network and (ii) determining that the device identification information for one of the local network devices in communication with the preferred local network does not match the collected device identification information for the local network devices associated with the preferred local network.
  - 14. The computer program product according to claim 11, wherein the non-transitory computer-readable storage medium has computer-executable instructions for:
    - receiving from the user a request to perform a second subsequent electronic activity on a third local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the third local network and collecting device identification information for the local network devices in communication with the third local network;
      
      determining that the device identification information for one of the local network devices in communication with the first third local network matches device identification information from a restricted device database; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from the restricted device database.
  - 15. The computer program product according to claim 14, wherein the non-transitory computer-readable storage medium has computer-executable instructions for:
    - automatically denying the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from the restricted device database.
  - 16. The computer program product according to claim 14, wherein the non-transitory computer-readable storage medium has computer-executable instructions for:
    - automatically increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from the restricted device database.

17. A method for escalating security protocol requirements, comprising:
- monitoring, via a hardware computer processor, first electronic activities being performed by a user, the first electronic activities being performed on a first local network;
  
  monitoring, via a hardware computer processor, a frequency and a success rate of the first electronic activities by the user on the first local network;
  
  based on the frequency and the success rate of the first electronic activities performed by the user on the first local network, determining, via a hardware computer processor, that the first local network is a preferred local network;
  
  collecting, via a hardware computer processor, device identification information for local network devices associated with the preferred local network;
  
  receiving, via a hardware computer processor, from the user a request to perform a subsequent electronic activity using a first computing device, the first computing device being in communication with a second local network;
  
  based on receiving the request to perform the subsequent electronic activity, collecting, via a hardware computer processor, device identification information for the first computing device;
  
  based on receiving the request to perform the subsequent electronic activity, identifying, via a hardware computer processor, one or more local network devices in communication with the second local network and collecting, via a hardware computer processor, device identification information for the local network devices in communication with the second local network; and
  
  based on determining, via a hardware computer processor, that the device identification information associated with the first computing device matches the collected device identification information for one of the local network devices associated with the preferred local network, automatically decreasing a level of authentication required to complete the subsequent electronic activity.
- View Dependent Claims (18, 19, 20)
- - 18. The method according to claim 17, comprising:
    - receiving from the user a request to perform a second subsequent electronic activity on a third local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the third local network and collecting device identification information for the local network devices in communication with the third local network;
      
      determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from a restricted device database; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network matches device identification information from the restricted device database.
  - 19. The method according to claim 17, comprising:
    - receiving from the user a request to perform a second subsequent electronic activity on a third local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the third local network and collecting device identification information for the local network devices in communication with the third local network;
      
      determining that the device identification information for one of the local network devices in communication with the third local network does not match device identification information from a previous device database associated with the third local network; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on determining that the device identification information for one of the local network devices in communication with the third local network does not match device identification information from the previous device database associated with the preferred local network.
  - 20. The method according to claim 17, wherein:
    - monitoring the first electronic activities associated with the user comprises identifying a preferred local network associated with the user and collecting device identification information for local network devices associated with the preferred local network; and
      
      the method comprises;
      
      receiving from the user a request to perform a second subsequent electronic activity on the preferred local network using a second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, collecting device identification information for the second computing device;
      
      based on receiving the request to perform the second subsequent electronic activity, identifying one or more local network devices in communication with the preferred local network and collecting device identification information for the local network devices in communication with the preferred local network;
      
      determining that the device identification information for one of the local network devices in communication with the preferred local network does not match the collected device identification information for the local network devices associated with the preferred local network; and
      
      automatically denying the second subsequent electronic activity or increasing the level of authentication required to complete the second subsequent electronic activity based on (i) determining that the first local network is the preferred local network and (ii) determining that the device identification information for one of the local network devices in communication with the preferred local network does not match the collected device identification information for the local network devices associated with the preferred local network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Jones-McFadden, Alicia C., Johansen, Joseph Neil
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US14/987,553
Publication Number

US 20170195366A1
Time in Patent Office

792 Days
Field of Search

726 1
US Class Current
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

System for escalating security protocol requirements

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for escalating security protocol requirements

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links