Risk-based authentication duration

US 9,015,485 B1
Filed: 02/10/2014
Issued: 04/21/2015
Est. Priority Date: 12/08/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

obtaining, via at least one of one or more computing devices, a plurality of whitelist operations to be performed on a network site and a plurality of blacklist operations to be performed on a network site from a user;

determining, via at least one of the one or more computing devices, an authentication duration for the user based at least in part on a risk of performing an operation in response to obtaining a request from the user for the operation, the authentication duration based at least in part on the operation being one of the plurality of blacklist operations or one of the plurality of whitelist operations; and

initiating, via at least one of the one or more computing devices, an authentication procedure to re-authenticate the user in response to determining that a current session for the operation has expired based at least in part on the authentication duration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments that perform confidence-based authentication of a user. A request from a user is obtained, where the request pertains to an operation on a network site. An authentication duration for the user is determined, based on a risk to the user of performing the operation. A determination is made whether a current session associated with the user has expired, based on the authentication duration. The operation requested by the user is performed in response to the determination that the current session associated with the user has expired.

15 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- obtaining, via at least one of one or more computing devices, a plurality of whitelist operations to be performed on a network site and a plurality of blacklist operations to be performed on a network site from a user;
  
  determining, via at least one of the one or more computing devices, an authentication duration for the user based at least in part on a risk of performing an operation in response to obtaining a request from the user for the operation, the authentication duration based at least in part on the operation being one of the plurality of blacklist operations or one of the plurality of whitelist operations; and
  
  initiating, via at least one of the one or more computing devices, an authentication procedure to re-authenticate the user in response to determining that a current session for the operation has expired based at least in part on the authentication duration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the authentication procedure comprises mapping the risk to the authentication duration.
  - 3. The method of claim 1, wherein the risk is determined based at least in part on a type of the operation.
  - 4. The method of claim 1, further comprising allowing, via at least one of the one or more computing devices, the user to perform the operation without initiating the authentication procedure to re-authenticate in response to determining that the operation is one of the plurality of whitelist operations.
  - 5. The method of claim 1, further comprising immediately initiating, by the computing device, the authentication procedure to re-authenticate the user in response to determining that the operation is the one of the plurality of blacklist operations.
  - 6. The method of claim 1, wherein the risk comprises a risk of economic harm to the user.
  - 7. The method of claim 1, wherein the risk comprises a risk of fraud on an account of the user.
  - 8. The method of claim 1, wherein the individual ones of the plurality of blacklist operations are associated with a respective blacklist location, and wherein the individual ones of the plurality of whitelist operations are associated with a respective whitelist location.
  - 9. The method of claim 1, wherein the authentication duration associated with the individual ones of the plurality of whitelist operations is longer relative to the authentication duration associated with the individual ones of the plurality of blacklist operations.
  - 10. The method of claim 1, wherein the authentication duration associated with the one of the plurality of whitelist operations does not expire.

11. A system, comprising:
- at least one computing device; and
  
  an authentication application executable in the at least one computing device, the authentication application comprising;
  
  logic that obtains a plurality of whitelist operations and a plurality of blacklist operations from a user;
  
  logic that computes a base risk for an operation in response to obtaining a request from the user for the operation, the base risk measuring a risk of performing the operation, the base risk based at least in part on whether the operation is one of the plurality of blacklist operations or one of the plurality of whitelist operations; and
  
  logic that determines an authentication duration for the user based at least in part on the base risk, the authentication duration based at least in part on whether the operation is one of the plurality of blacklist operations or one of the plurality of whitelist operations.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, further comprising logic that determines whether a current session associated with the user has expired based at least in part on the authentication duration.
  - 13. The system of claim 11, further comprising logic that allows the user to perform the operation without re-authentication in response to determining that the operation is the one of the plurality of whitelist operations.
  - 14. The system of claim 11, wherein the authentication application further comprises logic that adjusts the base risk by a secondary risk, the secondary risk measuring a risk to the user that originates from a client operated by the user.
  - 15. The system of claim 11, further comprising logic that immediately re-authenticates the user in response to determining that the operation is the one of the plurality of blacklist operations.
  - 16. The system of claim 11, wherein the authentication duration associated with the one of the plurality of whitelist operations does not expire.
  - 17. The system of claim 11, wherein the blacklist operation is associated with a respective blacklist location, and wherein the whitelist operation is associated with a respective whitelist location.

18. A non-transitory computer-readable medium embodying a program executable by a computing device, the program comprising:
- code that obtains a whitelist operation and a blacklist operation from a user;
  
  code that determines an authentication duration for the whitelist operation and an authentication duration for the blacklist operation, the authentication duration for the whitelist operation being longer relative to the authentication duration for the blacklist operation;
  
  code that obtains a request from the user for an operation;
  
  code that re-authenticates the user upon expiration of the authentication duration for the whitelist operation in response to determining that the operation is the whitelist operation; and
  
  code that re-authenticates the user upon expiration the authentication duration for the blacklist operation in response to determining that the operation is the blacklist operation.
- View Dependent Claims (19, 20)
- - 19. The computer-readable medium of claim 18, further comprising code that immediately re-authenticates the user in response to determining that the operation is the blacklist operation.
  - 20. The computer-readable medium of claim 18, further comprising code that allows the user to perform the operation without the re-authentication in response to determining that the operation is the whitelist operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Johansson, Jesper M., Canavor, Darren E., Hitchcock, Daniel W.
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US14/176,544
Time in Patent Office

435 Days
Field of Search

726 1- 5, 726 22- 26, 713/168, 709/229
US Class Current

713/168
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/51   at application loading time...

G06F 2221/2139   Recurrent verification

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

Risk-based authentication duration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Risk-based authentication duration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links