Graduated authentication in an identity management system
First Claim
Patent Images
1. A computer-readable storage device storing instructions that, when executed by a computing system, cause the computing system to perform acts for verifying response security, the acts comprising:
- sending to a first computing system, via a first data path, a first request for information, the first request including a first transaction security level for responding to the first request for information;
receiving from the first computing system, a first response to the first request, wherein the first response is transmitted by the first computing system in accordance with a response security level determined by the first computing system based on the first transaction security level included in the first request, and wherein the first response is transmitted over a channel selected by the first computing system from a list of channels based at least in part on the first transaction security level;
verifying that the first response was sent using a first response security level at or above on the first transaction security level;
verifying that the first response was sent over a channel with a channel security level in accordance with the first transaction security level;
sending to a second computing system, via a second data path different from the first data path, a second request for information, the second request including a second transaction security level for responding to the second request for information;
receiving from the second computing system, a second response corresponding to the second request;
determining by at least one hardware processor that the second response does not meet minimum requirements associated with the second transaction security level; and
responsive to the determining that the second response does not meet the minimum requirements, providing an indication that an attack may be in progress.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.
215 Citations
20 Claims
-
1. A computer-readable storage device storing instructions that, when executed by a computing system, cause the computing system to perform acts for verifying response security, the acts comprising:
-
sending to a first computing system, via a first data path, a first request for information, the first request including a first transaction security level for responding to the first request for information; receiving from the first computing system, a first response to the first request, wherein the first response is transmitted by the first computing system in accordance with a response security level determined by the first computing system based on the first transaction security level included in the first request, and wherein the first response is transmitted over a channel selected by the first computing system from a list of channels based at least in part on the first transaction security level; verifying that the first response was sent using a first response security level at or above on the first transaction security level; verifying that the first response was sent over a channel with a channel security level in accordance with the first transaction security level; sending to a second computing system, via a second data path different from the first data path, a second request for information, the second request including a second transaction security level for responding to the second request for information; receiving from the second computing system, a second response corresponding to the second request; determining by at least one hardware processor that the second response does not meet minimum requirements associated with the second transaction security level; and responsive to the determining that the second response does not meet the minimum requirements, providing an indication that an attack may be in progress. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14)
-
-
12. A system for analyzing security characteristics of responses, the system comprising:
-
a memory; one or more processors; an interface configured to; receive, from a first computing system, a first response to a first request for user information, wherein the first request includes a request for user authentication at a first transaction security level, the first request sent via a first data path, wherein the first transaction security level is based on a type of the user information requested in the first request, wherein the first response is transmitted by the first computing system in accordance with a response security level determined by the first computing system based on the first transaction security level indicated by the first request and the user information requested in the first request; and receive, from a second computing system, a second response to a second request for information, wherein the second request includes a request for user authentication at a second transaction security level, the second request sent via a second data path different from the first data path, wherein the second transaction security level is based on a type of the information requested in the second request; and a security analysis module configured to; verify that the first response was sent using a first response security level at or above the first transaction security level included in the first request; determine that the second response was sent using a second response security level that does not meet minimum requirements associated with the second transaction security level; and provide an indication that an attack may be in progress from the second computing system, responsive to the determination that the second response security level does not meet the minimum requirements.
-
-
15. A method for verifying response security, comprising:
-
sending to a computing system, a request for information, the request including a request for user authentication at a transaction security level and a request for user information; receiving from the computing system, via a selected data path, a response corresponding to the request, wherein the response is transmitted over a channel selected by the computing system from a list of channels based at least on the transaction security level, a type of information requested in the user request, or both; determining by at least one hardware processor that an attack may be in progress when either the response was sent using a response security level that does not meet minimum requirements associated with the transaction security level, or the response was transmitted over a channel with a channel security level that does not meet minimum requirements associated with the transaction security level; and responsive to the determining that the response does not meet the minimum requirements, providing an indication that an attack may be in progress. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification