Graduated authentication in an identity management system

US 9,398,020 B2
Filed: 02/13/2015
Issued: 07/19/2016
Est. Priority Date: 06/16/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for implementing variable transaction security levels, the method comprising:

receiving, using one or more hardware processors, at a first computing system, from a second computing system, a request for information, wherein responding to the request requires two or more transactions and wherein;

at least a first of the two or more transactions is associated with a first transaction security level;

at least a second of the two or more transactions is associated with a second transaction security level different from the first transaction security level; and

each of the first transaction security level and the second transaction security level comprise at least one of;

a transaction authentication security level, a transaction channel security level, or a transaction time sensitivity security level; and

performing, using the one or more hardware processors, the first transaction at the first transaction security level and performing the second transaction at the second transaction security level, each performing accomplished by;

selecting, using the one or more hardware processors, a channel with a channel security level to perform the transaction, the channel selected based on a correspondence between the transaction channel security level for the transaction and the channel security level of the selected channel;

selecting, using the one or more hardware processors, an authentication mechanism with an authentication security level to perform the transaction, the authentication mechanism selected based on a correspondence between the transaction authentication security level for the transaction and the authentication security level;

orperforming, using the one or more hardware processors, at least part of the transaction within a specified time limit corresponding to the transaction time sensitivity security level for the transaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.

202 Citations

20 Claims

1. A computer-implemented method for implementing variable transaction security levels, the method comprising:
- receiving, using one or more hardware processors, at a first computing system, from a second computing system, a request for information, wherein responding to the request requires two or more transactions and wherein;
  
  at least a first of the two or more transactions is associated with a first transaction security level;
  
  at least a second of the two or more transactions is associated with a second transaction security level different from the first transaction security level; and
  
  each of the first transaction security level and the second transaction security level comprise at least one of;
  
  a transaction authentication security level, a transaction channel security level, or a transaction time sensitivity security level; and
  
  performing, using the one or more hardware processors, the first transaction at the first transaction security level and performing the second transaction at the second transaction security level, each performing accomplished by;
  
  selecting, using the one or more hardware processors, a channel with a channel security level to perform the transaction, the channel selected based on a correspondence between the transaction channel security level for the transaction and the channel security level of the selected channel;
  
  selecting, using the one or more hardware processors, an authentication mechanism with an authentication security level to perform the transaction, the authentication mechanism selected based on a correspondence between the transaction authentication security level for the transaction and the authentication security level;
  
  orperforming, using the one or more hardware processors, at least part of the transaction within a specified time limit corresponding to the transaction time sensitivity security level for the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-implemented method of claim 1, wherein the selecting the channel, the selecting the authentication mechanism, or the length of the specified time limit used for performing the first transaction is further based on one or more policies of the first computing system specifying a minimum security level required for a response.
  - 3. The computer-implemented method of claim 1, wherein the first transaction comprises authentication of a user identity.
  - 4. The computer-implemented method of claim 1, wherein the first transaction security level comprises the transaction authentication security level and the first transaction is performed at the first transaction security level by selecting the authentication mechanism.
  - 5. The computer-implemented method of claim 1, wherein the first transaction security level comprises the transaction channel security level and the first transaction is performed at the first transaction security level by selecting the channel as a first channel.
  - 6. The computer-implemented method of claim 1, wherein the first transaction security level comprises the transaction time sensitivity security level and the first transaction is at least begun within the specified time limit.
  - 7. The computer-implemented method of claim 1, wherein the first transaction security level is selected based on a security level employed in sending the received request.
  - 8. The computer-implemented method of claim 1, wherein the first transaction security level is selected based on user preferences.
  - 9. The computer-implemented method of claim 8, wherein the user preferences are pre-defined.
  - 10. The computer-implemented method of claim 8, wherein the user preferences are associated with the information requested in the received request.
  - 11. The computer-implemented method of claim 1, wherein the first transaction security level is selected from a list of pre-defined security levels.
  - 12. The computer-implemented method of claim 5, wherein the first channel is selected from a list of pre-defined channels.
  - 13. The computer-implemented method of claim 1 further comprising:
    - determining that the first transaction security level is below a minimum threshold;
      
      providing an indication that a more secure transaction security procedure is required or an indication of a minimum security level; and
      
      redirecting to a third computing system that requires a higher security level.

14. A non-transitory computer-readable storage medium storing instructions that, when executed by a computing system, cause the computing system to perform operations for implementing variable transaction security levels, the operations comprising:
- receiving, using one or more hardware processors, a request for information,wherein responding to the request requires a transaction;
  
  wherein the transaction is associated with a transaction security level; and
  
  wherein the transaction security level comprises at least one of;
  
  a transaction authentication security level, a transaction channel security level, or a transaction time sensitivity security level; and
  
  performing, using the one or more hardware processors, the transaction at the transaction security level by;
  
  selecting a channel with a channel security level to perform the transaction, the channel selected based on a correspondence between the transaction channel security level for the transaction and the channel security level of the selected channel;
  
  selecting an authentication mechanism with an authentication security level to perform the transaction, the authentication mechanism selected based on a correspondence between the transaction authentication security level for the transaction and the authentication security level;
  
  orperforming at least part of the transaction within a specified time limit corresponding to the transaction time sensitivity security level for the transaction.
- View Dependent Claims (15, 16, 17)
- - 15. The computer-readable storage medium of claim 14, wherein the selecting the channel, the selecting the authentication mechanism, or the length of the specified time limit used for performing the first transaction is further based on one or more policies of a computing system that sent the received request, wherein the one or more policies specify a minimum security level required for a response.
  - 16. The computer-readable storage medium of claim 14, wherein the transaction security level is selected based on a security level employed in sending the received request.
  - 17. The computer-readable storage medium of claim 14, wherein the transaction security level is selected based on pre-defined user preferences.

18. A system comprising:
- a memory;
  
  one or more hardware processors;
  
  an interface configured to receive, using the one or more hardware processors, a request for information,wherein responding to the request requires a transaction;
  
  wherein the transaction is associated with a transaction security level; and
  
  wherein the transaction security level comprises at least one of;
  
  a transaction authentication security level, a transaction channel security level, or a transaction time sensitivity security level; and
  
  a security module configured to perform, using the one or more hardware processors, the transaction at the transaction security level by;
  
  selecting, using the one or more hardware processors, a channel with a channel security level to perform the transaction, the channel selected based on a correspondence between the transaction channel security level for the transaction and the channel security level of the selected channel;
  
  selecting, using the one or more hardware processors, an authentication mechanism with an authentication security level to perform the transaction, the authentication mechanism selected based on a correspondence between the transaction authentication security level for the transaction and the authentication security level;
  
  orperforming, using the one or more hardware processors, at least part of the transaction within a specified time limit corresponding to the transaction time sensitivity security level for the transaction.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the transaction security level comprises the transaction authentication security level and the transaction is performed at the first transaction security level by selecting the authentication mechanism.
  - 20. The system of claim 18, wherein the transaction security level comprises the transaction time sensitivity security level and the transaction is at least begun within the specified time limit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Inventors
Hardt, Dick C.
Primary Examiner(s)
Rahim, Monjour

Application Number

US14/622,722
Publication Number

US 20150180879A1
Time in Patent Office

522 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1466   Active attacks involving in...

Graduated authentication in an identity management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

202 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Graduated authentication in an identity management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

202 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others