System and method for adaptive application of authentication policies
First Claim
Patent Images
1. A method for user authentication comprising:
- initially defining a plurality of authentication device classes based on characteristics of client authentication devices, the characteristics comprising a type of authentication device and a level of security assurance of the client device'"'"'s hardware and/or software;
initially defining a plurality of interaction classes for a relying party, the interaction classes defined based on variables associated with interactions between a client and the relying party, the variables including an amount of money or a level of sensitivity of information involved in the interactions;
initially defining one or more authentication rule sets specifying authentication devices or classes of authentication devices to be used for different interaction classes, the one or more authentication rule sets comprising a first rule set;
detecting, by a secure transaction services engine, a user of a client attempting to perform a current interaction with a relying party over a network; and
responsively identifying a first interaction class for the current interaction, by an adaptive authentication policy hardware engine, based on variables associated with the current interaction andimplementing a first rule set of one or more authentication rules associated with the first interaction class to authenticate the user of the client, wherein implementing the first rule set of one or more authentication rules comprises the adaptive authentication policy hardware engine implementing a first rule specifying a particular authentication device class required to authenticate the user for the current interaction, wherein the first rule comprises a prioritized list of acceptable authentication device classes for the current interaction.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for adaptively implementing an authentication policy. For example, one embodiment of a method comprises: detecting a user of a client attempting to perform a current interaction with a relying party; and responsively identifying a first interaction class for the current interaction based on variables associated with the current interaction and implementing a set of one or more authentication rules associated with the first interaction class.
447 Citations
28 Claims
-
1. A method for user authentication comprising:
-
initially defining a plurality of authentication device classes based on characteristics of client authentication devices, the characteristics comprising a type of authentication device and a level of security assurance of the client device'"'"'s hardware and/or software; initially defining a plurality of interaction classes for a relying party, the interaction classes defined based on variables associated with interactions between a client and the relying party, the variables including an amount of money or a level of sensitivity of information involved in the interactions; initially defining one or more authentication rule sets specifying authentication devices or classes of authentication devices to be used for different interaction classes, the one or more authentication rule sets comprising a first rule set; detecting, by a secure transaction services engine, a user of a client attempting to perform a current interaction with a relying party over a network; and responsively identifying a first interaction class for the current interaction, by an adaptive authentication policy hardware engine, based on variables associated with the current interaction and implementing a first rule set of one or more authentication rules associated with the first interaction class to authenticate the user of the client, wherein implementing the first rule set of one or more authentication rules comprises the adaptive authentication policy hardware engine implementing a first rule specifying a particular authentication device class required to authenticate the user for the current interaction, wherein the first rule comprises a prioritized list of acceptable authentication device classes for the current interaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 25, 26)
-
-
13. An authentication system comprising:
-
an authentication policy database to store authentication policies for a relying party; a secure transaction services engine of the relying party to detect a user of a client attempting to perform a current interaction with the relying party over a network; an adaptive authentication policy hardware engine of the relying party to perform operations of; initially define a plurality of interaction classes in the authentication policy database, the interaction classes defined based on variables associated with interactions between the client and the relying party, the variables including an amount of money or a level of sensitivity of information involved in the interactions; initially define one or more authentication rule sets in the authentication policy database specifying authentication devices or classes of authentication devices to be used for different interaction classes, the one or more authentication rule sets comprising a first rule set; and query the authentication policy database to identify a first interaction class for the current interaction based on variables associated with the current interaction and to implement the first rule set of one or more authentication rules associated with the first interaction class to authenticate the user of the client, wherein implementing a first rule set of one or more authentication rules comprises the adaptive authentication policy hardware engine implementing a first rule specifying a particular authentication device class required to authenticate the user for the current interaction, the first rule comprising a prioritized list of acceptable authentication device classes for the current interaction, and wherein the adaptive authentication policy hardware engine is to perform additional operations of initially defining a plurality of authentication device classes in the authentication policy database based on characteristics of client authentication devices, the characteristics comprising a type of authentication device and a level of security assurance of the client device'"'"'s hardware and/or software. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 28)
-
Specification