Dynamic trust model for authenticating a user

US 8,635,662 B2
Filed: 01/31/2008
Issued: 01/21/2014
Est. Priority Date: 01/31/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user, comprising:

determining, by computer, a trust level for the user after a first elapsed time, wherein the trust level is a function of the first elapsed time since the user previously provided authentication information, wherein the trust level decays as a function of the first elapsed time, and wherein a higher trust level is associated with a slower rate of decay of the trust level;

receiving notice of an identified security threat that affects multiple users;

determining a new rate of decay of the trust level based on the identified security threat;

determining a new trust level after a second elapsed time since receiving notice of the identified security threat, wherein the new trust level is obtained by multiplying the second elapsed time with the new rate of decay of the trust level;

calculating a transaction risk level based on a type of user transaction performed by the user; and

requesting additional authentication information from the user when the transaction risk level exceeds the new trust level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that that dynamically authenticates one or more users is described. During operation, the computer system determines a trust level for a user, where the trust level is a function of elapsed time since the user previously provided authentication information. Next, the computer system calculates a transaction risk level based on a type of user transaction performed by the user. Then, the computer system requests additional authentication information from the user based on the trust level and the transaction risk level.

28 Citations

View as Search Results

19 Claims

1. A method for authenticating a user, comprising:
- determining, by computer, a trust level for the user after a first elapsed time, wherein the trust level is a function of the first elapsed time since the user previously provided authentication information, wherein the trust level decays as a function of the first elapsed time, and wherein a higher trust level is associated with a slower rate of decay of the trust level;
  
  receiving notice of an identified security threat that affects multiple users;
  
  determining a new rate of decay of the trust level based on the identified security threat;
  
  determining a new trust level after a second elapsed time since receiving notice of the identified security threat, wherein the new trust level is obtained by multiplying the second elapsed time with the new rate of decay of the trust level;
  
  calculating a transaction risk level based on a type of user transaction performed by the user; and
  
  requesting additional authentication information from the user when the transaction risk level exceeds the new trust level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein, prior to receiving notice regarding the security threat, a rate of decay of the trust level is based on characteristics of the authentication information the user previously provided.
  - 3. The method of claim 2, wherein a magnitude of the rate of decay is greater than a pre-determined value if the authentication information includes a user identifier.
  - 4. The method of claim 3, wherein the user identifier includes a password and/or a username.
  - 5. The method of claim 2, wherein a magnitude of the rate of decay is smaller than a pre-determined value if the authentication information includes a physical token.
  - 6. The method of claim 1, wherein, prior to receiving notice regarding the security threat, a rate of decay of the trust level is based on a user location.
  - 7. The method of claim 6, wherein the user location is determined based on a network address.
  - 8. The method of claim 6, wherein a magnitude of the rate of decay is increased if the user location is different than during a previous user transaction.
  - 9. The method of claim 1, wherein the security threat includes an attempted ‘
    - phishing’
      
      attack on account information associated with at least one of the multiple users.
  - 10. The method of claim 1, wherein the trust level is increased when the user provides the additional authentication information.
  - 11. The method of claim 10, wherein the increase in the trust level is less than a pre-determined value if the authentication information includes a user identifier.
  - 12. The method of claim 11, wherein the user identifier includes a password and/or a username.
  - 13. The method of claim 10, wherein the increase in the trust level is greater than a pre-determined value if the authentication information includes a physical token.
  - 14. The method of claim 1, further comprising terminating a user session if the trust level is less than a pre-determined threshold.
  - 15. The method of claim 1, wherein the transaction risk level is based on a user-account history.

16. A non-transitory computer-readable storage medium storing instructions that, when executed by a computer, cause the computer to perform a method for authenticating and authorizing a user, the method comprising:
- determining a trust level for a user after a first elapsed time, wherein the trust level is a function of the first elapsed time since the user previously provided authentication information, wherein the trust level decays as a function of the first elapsed time, and wherein a higher trust level is associated with a slower rate of decay of the trust level;
  
  receiving notice of an identified security threat that affects multiple users;
  
  determining a new rate of decay of the trust level based on the identified security threat;
  
  determining a new trust level after a second elapsed time since receiving notice of the identified security threat, wherein the new trust level is obtained by multiplying the second elapsed time with the new rate of decay of the trust level;
  
  calculating a transaction risk level based on a type of user transaction performed by the user; and
  
  requesting additional authentication information from the user when the transactional risk level exceeds the new trust level.
- View Dependent Claims (17)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein the trust level is increased when the user provides the additional authentication information.

18. A computer system, comprising:
- a processor;
  
  memory; and
  
  a program module, wherein the program module is stored in the memory and configured to be executed by the processor, the program module including;
  
  instructions for determining a trust level for a user after a first elapsed time, wherein the trust level is a function of the first elapsed time since the user previously provided authentication information, wherein the trust level decays as a function of the first elapsed time, and wherein a higher trust level is associated with a slower rate of decay of the trust level;
  
  instructions for receiving notice of an identified security threat that affects multiple users;
  
  instructions for determining a new rate of decay of the trust level based on the identified security threat;
  
  instructions for determining a new trust level after a second elapsed time since receiving notice of the identified security threat, wherein the new trust level is obtained by multiplying the second elapsed time with the new rate of decay of the trust level;
  
  instructions for calculating a transaction risk level based on a type of user transaction performed by the user; and
  
  instructions for requesting additional authentication information from the user when the transactional risk level exceeds the new trust level.
- View Dependent Claims (19)
- - 19. The computer system of claim 18, wherein the trust level is increased when the user provides the additional authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Lang, David E.
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US12/023,848
Publication Number

US 20090199264A1
Time in Patent Office

2,182 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

Dynamic trust model for authenticating a user

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Dynamic trust model for authenticating a user

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others