Patent Issued for Incorporating risk-based decision in standard authentication and authorization systems (USPTO 11727104): Aetna Inc. - Insurance News | InsuranceNewsNet

InsuranceNewsNet — Your Industry. One Source.™

Sign in
  • Subscribe
  • About
  • Advertise
  • Contact
Home Now reading Newswires
Topics
    • Advisor News
    • Annuity Index
    • Annuity News
    • Companies
    • Earnings
    • Fiduciary
    • From the Field: Expert Insights
    • Health/Employee Benefits
    • Insurance & Financial Fraud
    • INN Magazine
    • Insiders Only
    • Life Insurance News
    • Newswires
    • Property and Casualty
    • Regulation News
    • Sponsored Articles
    • Washington Wire
    • Videos
    • ———
    • About
    • Meet our Editorial Staff
    • Advertise
    • Contact
    • Newsletters
  • Exclusives
  • NewsWires
  • Magazine
  • Newsletters
Sign in or register to be an INNsider.
  • AdvisorNews
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Exclusives
  • INN Magazine
  • Insurtech
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Video
  • Washington Wire
  • Life Insurance
  • Annuities
  • Advisor
  • Health/Benefits
  • Property & Casualty
  • Insurtech
  • About
  • Advertise
  • Contact
  • Editorial Staff

Get Social

  • Facebook
  • X
  • LinkedIn
Newswires
Newswires RSS Get our newsletter
Order Prints
September 1, 2023 Newswires
Share
Share
Post
Email

Patent Issued for Incorporating risk-based decision in standard authentication and authorization systems (USPTO 11727104): Aetna Inc.

Insurance Daily News

2023 AUG 01 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Alexandria, Virginia, NewsRx journalists report that a patent by the inventors Barbir, Abbie (Ogdensburg, NY, US), Jain, Salil Kumar (Jackson Heights, NY, US), Swift, Derek (Lake George, NY, US), filed on November 19, 2020, was published online on August 15, 2023.

The patent’s assignee for patent number 11727104 is Aetna Inc. (Hartford, Connecticut, United States).

News editors obtained the following quote from the background information supplied by the inventors: “Consumers access websites and internet/intranet-based applications to interact with numerous types of information and services. For example, a consumer may log into a health care organization website or application in order to view available products or utilize one of many services offered by the health care organization. Increasingly, consumers not only access these websites and applications with personal computers, but also with smartphones and other electronic devices. In order to provide data security for sensitive information, websites and applications must employ a secure authentication system that can accommodate the full range of devices. Further, increased data security is generally commensurate with inconvenience for consumers, and increased data security may not be necessary for all consumers.”

As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for users and user devices. A comparison between the stored information and live data can be performed within existing authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated.

“In one embodiment, a method for providing an enhanced authentication process with risk-based decision making is provided. The method includes: enrolling a user and user device; capturing attributes pertaining to the user and/or user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is an unacceptable risk, requiring additional authentication for access to protected services; and when the risk is an acceptable risk, granting access to the protected services without requiring additional authentication.

“In another embodiment, a system for authorizing a user device for access to protected services based on risk-based decisions is provided. The system includes a resource server hosting an application that accesses protected services. The system also includes a user device configured to communicate with the resource server to access the protected services, and an authentication server providing an authentication service for the application that accesses the protected services. The authentication server is configured for performing an authentication process. The authentication process includes: enrolling the user device with the application hosted by the application server; capturing attributes pertaining to a user of the user device and/or the user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is an unacceptable risk, requiring additional authentication for access to the protected services; and when the risk is an acceptable risk, granting access to the protected services without requiring additional authentication.

“In yet another embodiment, a non-transitory computer readable storage device for providing an enhanced authentication process with risk-based decision making for granting and maintaining access to an application that accesses protected services is provided. The non-transitory computer readable storage device includes computer executable instructions for performing the steps of: enrolling a user and user device; capturing attributes pertaining to the user and/or the user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is an unacceptable risk, requiring additional authentication for access to protected services; and when the risk is an acceptable risk, granting access to the protected services without requiring additional authentication.”

The claims supplied by the inventors are:

“1. A method for providing an enhanced authentication process with risk-based decision making for accessing protected services, the method comprising: capturing attributes pertaining to a user and/or a user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is unacceptable, requiring additional authentication for access to the protected services; and when the risk is acceptable, granting access to the protected services without requiring additional authentication; providing an access token to the user device upon the granting access to the protected services, wherein the access token expires after a predetermined period of time; and determining an updated risk of data security prior to a time expiration of the access token, wherein the capturing the attributes pertaining to the user and/or the user device comprises: performing an authorization call to an application requesting access to the protected services; gathering the attributes while accessing the application; and bundling the attributes and the request to access the protected services into an authentication request object that is created by an authentication software development kit (SDK) residing in the application.

“2. The method of claim 1, further comprising: when the risk of data security is acceptable, refreshing access to the protected services without requiring additional authentication.

“3. The method of claim 1, further comprising: when the risk of data security is unacceptable, requiring the user to provide one or more of a password and biometric data.

“4. The method of claim 1, further comprising determining an updated risk of data security after a time expiration of the access token.

“5. The method of claim 1, further comprising: storing the attributes pertaining to the user and/or user device at an authorization database configured to store unique attributes for a plurality of users and/or user devices.

“6. The method of claim 1, wherein the attributes pertaining to the user and/or user device comprise one or more of: a cryptographic key, geographic location, time of day, day of week, device hygiene, a user usage pattern, a swipe pattern for touch sensitive displays, malware detection, jailbreak/root detection, debugger mode detection, location reading, accelerometer readings, gyroscope readings, compass readings, user device navigation patterns, application tamper detection, a user device identifier, user device hardware details, user device certificate, user device software details, an International Mobile Station Equipment Identifier (IMEI), a Personal Identification Number (PIN), a password, user biometric data, a device token, a Service Set Identifier (SSID), network proxy detection, device power state, and Virtual Private Network (VPN) detection.

“7. A system for authorizing a user device for access to protected services based on risk-based decisions, the system comprising: a resource server hosting an application that accesses the protected services; a user device configured to communicate with the resource server to access the protected services; an authentication server providing an authentication service for the application that accesses the protected services, the authentication server is configured for performing an authentication process, the authentication process comprising: capturing attributes pertaining to a user of the user device and/or the user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is unacceptable, requiring additional authentication for access to the protected services; and when the risk is acceptable, granting access to the protected services without requiring additional authentication; providing an access token to the user device upon the granting access to the protected services, wherein the access token expires after a predetermined period of time; and determining an updated risk of data security prior to a time expiration of the access token, wherein the capturing the attributes pertaining to the user of the user device and/or the user device comprises: performing an authorization call to the application requesting access to the protected services; gathering the attributes while accessing the application; and bundling the attributes and the request to access the protected services into an authentication request object that is created by an authentication software development kit (SDK) residing in the application.

“8. The system of claim 7, further comprising: an authentication database configured to store the attributes captured by the authentication server.

“9. The system of claim 7, wherein the authentication process further comprises: when the risk of data security is acceptable, refreshing access to the protected services without requiring additional authentication.

“10. The system of claim 7, wherein the authentication process further comprises: when the risk of data security is unacceptable, requiring the user to provide one or more of a password and biometric data.

“11. The system of claim 7, wherein the authentication process further comprises: determining an updated risk of data security after a time expiration of the access token.

“12. A non-transitory computer readable storage device for providing an enhanced authentication process with risk-based decision making for granting and maintaining access to an application that accesses protected services, the non-transitory computer readable storage device having computer executable instructions for performing steps comprising: capturing attributes pertaining to a user and/or a user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is unacceptable, requiring additional authentication for granting access to the protected services; and when the risk is acceptable, granting access to the protected services without requiring additional authentication; providing an access token to the user device upon the granting access to the protected services, wherein the access token expires after a predetermined period of time; and determining an updated risk of data security prior to a time expiration of the access token, wherein the capturing the attributes pertaining to the user and/or the user device comprises: performing an authorization call to an application requesting access to the protected services; gathering the attributes while accessing the application; and bundling the attributes and the request to access the protected services into an authentication request object that is created by an authentication software development kit (SDK) residing in the application.

“13. The non-transitory computer readable storage device of claim 12, further comprising computer executable instructions for: when the risk of data security is acceptable, refreshing access to the protected services without requiring additional authentication.

“14. The non-transitory computer readable storage device of claim 12, further comprising computer executable instructions for: when the risk of data security is unacceptable, requiring the user to provide one or more of a password and biometric data.

“15. The non-transitory computer readable storage device of claim 12, further comprising computer executable instructions for: determining an updated risk of data security after a time expiration of the access token.”

For additional information on this patent, see: Barbir, Abbie. Incorporating risk-based decision in standard authentication and authorization systems. U.S. Patent Number 11727104, filed November 19, 2020, and published online on August 15, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11727104)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)

Older

Patent Issued for Vehicle control systems (USPTO 11726437): Allstate Insurance Company

Newer

Findings in Insurance Reported from Chongqing University of Science and Technology (Optimal Reinsurance-investment Game for Two Insurers With Sahara Utilities Under Correlated Markets): Insurance

Advisor News

  • The overlooked retirement security risk that must be addressed
  • What advisors should know about hedge funds in retirement planning
  • Retirement control is top success measure for middle class, ACLI says
  • Industry groups applaud House passage of Financial Exploitation Prevention Act
  • Younger workers more likely to be eligible for a retirement plan after changing jobs
More Advisor News

Annuity News

  • Malibu Life Holdings Completes Acquisition of TruSpire, Establishing Malibu USA and Accelerating Entry into the U.S. Retail Annuity Market
  • Why job boards are failing insurance agencies
  • MassMutual Ranks No. 100 on the 2026 Fortune 500® List
  • What’s fueling record annuity growth?
  • Jackson Named InvestmentNews 2026 Annuities Provider of the Year
More Annuity News

Health/Employee Benefits News

  • Millions of people drop ACA coverage amid jump in prices Millions drop ACA coverage amid price jump. Did fraud inflate signups? (copy)
  • Former city DPW director wants opportunity to 'defend my actions' in light of separation agreement
  • CDPHP, MVP Health Care among insurers seeking rate increases
  • How health insurers get a free pass to deny coverage from a 52‑year‑old law meant to protect worker pensions
  • Reports from Capital One AG Describe Recent Advances in Managed Care (Factors Affecting Medical Appointment Adherence among Adolescents and Young Adults with Kidney Disease: A Longitudinal Cohort Study): Managed Care
More Health/Employee Benefits News

Life Insurance News

  • NAIFA praises House committee approval of Clarity for Compensation Act
  • PHL Variable liquidation pushed out to 2027, Connecticut regulators say
  • ‘Recession-Proof’ Insurance Is Trending. Safety Net or Scam?
  • Winged Keel Group Expands National Presence and PPLI Leadership, Welcomes SBSI, Inc. (dba NFP Insurance Solutions)
  • MassMutual Ranks No. 100 on the 2026 Fortune 500® List
More Life Insurance News

NEWS INSIDE

  • Companies
  • Earnings
  • Economic News
  • INN Magazine
  • Insurtech News
  • Newswires Feed
  • Regulation News
  • Washington Wire
  • Videos

FEATURED OFFERS

Life moves fast. Your BGA should, too.
Stay ahead with Modern Life's AI-powered tech and expert support.

A MYGA for Clients Hesitant to Commit to One Long-Term Rate
First-year certainty. Annual rate updates. Get the CurrentRate® MYGA Sales Kit.

Elite Networking & Insights Await at the Event of the Year
The industry's premier conference for leaders driving what’s next in financial services.

Press Releases

  • Prosperity Life GroupSM Launches Prosperity PathWaySM Series, Bringing Greater Choice and Flexibility to Retirement Income Planning
  • Senior Market Sales® Fortifies Annuity Reach With Acquisition of Retirement Planning Firm Stratton & Company
  • RFP #T01625
  • Rockwood Programs Appoints Kerry Ladouceur as Vice President, Financial Lines
  • JP Insurance Group Launches Commercial Property & Casualty Division; Appoints Joe Webster as Managing Director
More Press Releases > Add Your Press Release >

How to Write For InsuranceNewsNet

Find out how you can submit content for publishing on our website.
View Guidelines

Topics

  • Advisor News
  • Annuity Index
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • From the Field: Expert Insights
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Magazine
  • Insiders Only
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Washington Wire
  • Videos
  • ———
  • About
  • Meet our Editorial Staff
  • Advertise
  • Contact
  • Newsletters

Top Sections

  • AdvisorNews
  • Annuity News
  • Health/Employee Benefits News
  • InsuranceNewsNet Magazine
  • Life Insurance News
  • Property and Casualty News
  • Washington Wire

Our Company

  • About
  • Advertise
  • Contact
  • Meet our Editorial Staff
  • Magazine Subscription
  • Write for INN

Sign up for our FREE e-Newsletter!

Get breaking news, exclusive stories, and money- making insights straight into your inbox.

select Newsletter Options
Facebook Linkedin Twitter
© 2026 InsuranceNewsNet.com, Inc. All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • InsuranceNewsNet Magazine

Sign in with your Insider Pro Account

Not registered? Become an Insider Pro.
Insurance News | InsuranceNewsNet