Patent Issued for Incorporating risk-based decision in standard authentication and authorization systems (USPTO 11727104): Aetna Inc.
2023 AUG 01 (NewsRx) -- By a
The patent’s assignee for patent number 11727104 is
News editors obtained the following quote from the background information supplied by the inventors: “Consumers access websites and internet/intranet-based applications to interact with numerous types of information and services. For example, a consumer may log into a health care organization website or application in order to view available products or utilize one of many services offered by the health care organization. Increasingly, consumers not only access these websites and applications with personal computers, but also with smartphones and other electronic devices. In order to provide data security for sensitive information, websites and applications must employ a secure authentication system that can accommodate the full range of devices. Further, increased data security is generally commensurate with inconvenience for consumers, and increased data security may not be necessary for all consumers.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for users and user devices. A comparison between the stored information and live data can be performed within existing authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated.
“In one embodiment, a method for providing an enhanced authentication process with risk-based decision making is provided. The method includes: enrolling a user and user device; capturing attributes pertaining to the user and/or user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is an unacceptable risk, requiring additional authentication for access to protected services; and when the risk is an acceptable risk, granting access to the protected services without requiring additional authentication.
“In another embodiment, a system for authorizing a user device for access to protected services based on risk-based decisions is provided. The system includes a resource server hosting an application that accesses protected services. The system also includes a user device configured to communicate with the resource server to access the protected services, and an authentication server providing an authentication service for the application that accesses the protected services. The authentication server is configured for performing an authentication process. The authentication process includes: enrolling the user device with the application hosted by the application server; capturing attributes pertaining to a user of the user device and/or the user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is an unacceptable risk, requiring additional authentication for access to the protected services; and when the risk is an acceptable risk, granting access to the protected services without requiring additional authentication.
“In yet another embodiment, a non-transitory computer readable storage device for providing an enhanced authentication process with risk-based decision making for granting and maintaining access to an application that accesses protected services is provided. The non-transitory computer readable storage device includes computer executable instructions for performing the steps of: enrolling a user and user device; capturing attributes pertaining to the user and/or the user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is an unacceptable risk, requiring additional authentication for access to protected services; and when the risk is an acceptable risk, granting access to the protected services without requiring additional authentication.”
The claims supplied by the inventors are:
“1. A method for providing an enhanced authentication process with risk-based decision making for accessing protected services, the method comprising: capturing attributes pertaining to a user and/or a user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is unacceptable, requiring additional authentication for access to the protected services; and when the risk is acceptable, granting access to the protected services without requiring additional authentication; providing an access token to the user device upon the granting access to the protected services, wherein the access token expires after a predetermined period of time; and determining an updated risk of data security prior to a time expiration of the access token, wherein the capturing the attributes pertaining to the user and/or the user device comprises: performing an authorization call to an application requesting access to the protected services; gathering the attributes while accessing the application; and bundling the attributes and the request to access the protected services into an authentication request object that is created by an authentication software development kit (SDK) residing in the application.
“2. The method of claim 1, further comprising: when the risk of data security is acceptable, refreshing access to the protected services without requiring additional authentication.
“3. The method of claim 1, further comprising: when the risk of data security is unacceptable, requiring the user to provide one or more of a password and biometric data.
“4. The method of claim 1, further comprising determining an updated risk of data security after a time expiration of the access token.
“5. The method of claim 1, further comprising: storing the attributes pertaining to the user and/or user device at an authorization database configured to store unique attributes for a plurality of users and/or user devices.
“6. The method of claim 1, wherein the attributes pertaining to the user and/or user device comprise one or more of: a cryptographic key, geographic location, time of day, day of week, device hygiene, a user usage pattern, a swipe pattern for touch sensitive displays, malware detection, jailbreak/root detection, debugger mode detection, location reading, accelerometer readings, gyroscope readings, compass readings, user device navigation patterns, application tamper detection, a user device identifier, user device hardware details, user device certificate, user device software details, an International Mobile Station Equipment Identifier (IMEI), a Personal Identification Number (PIN), a password, user biometric data, a device token, a Service Set Identifier (SSID), network proxy detection, device power state, and Virtual Private Network (VPN) detection.
“7. A system for authorizing a user device for access to protected services based on risk-based decisions, the system comprising: a resource server hosting an application that accesses the protected services; a user device configured to communicate with the resource server to access the protected services; an authentication server providing an authentication service for the application that accesses the protected services, the authentication server is configured for performing an authentication process, the authentication process comprising: capturing attributes pertaining to a user of the user device and/or the user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is unacceptable, requiring additional authentication for access to the protected services; and when the risk is acceptable, granting access to the protected services without requiring additional authentication; providing an access token to the user device upon the granting access to the protected services, wherein the access token expires after a predetermined period of time; and determining an updated risk of data security prior to a time expiration of the access token, wherein the capturing the attributes pertaining to the user of the user device and/or the user device comprises: performing an authorization call to the application requesting access to the protected services; gathering the attributes while accessing the application; and bundling the attributes and the request to access the protected services into an authentication request object that is created by an authentication software development kit (SDK) residing in the application.
“8. The system of claim 7, further comprising: an authentication database configured to store the attributes captured by the authentication server.
“9. The system of claim 7, wherein the authentication process further comprises: when the risk of data security is acceptable, refreshing access to the protected services without requiring additional authentication.
“10. The system of claim 7, wherein the authentication process further comprises: when the risk of data security is unacceptable, requiring the user to provide one or more of a password and biometric data.
“11. The system of claim 7, wherein the authentication process further comprises: determining an updated risk of data security after a time expiration of the access token.
“12. A non-transitory computer readable storage device for providing an enhanced authentication process with risk-based decision making for granting and maintaining access to an application that accesses protected services, the non-transitory computer readable storage device having computer executable instructions for performing steps comprising: capturing attributes pertaining to a user and/or a user device; determining a risk of data security based on the attributes pertaining to the user and/or the user device; when the risk is unacceptable, requiring additional authentication for granting access to the protected services; and when the risk is acceptable, granting access to the protected services without requiring additional authentication; providing an access token to the user device upon the granting access to the protected services, wherein the access token expires after a predetermined period of time; and determining an updated risk of data security prior to a time expiration of the access token, wherein the capturing the attributes pertaining to the user and/or the user device comprises: performing an authorization call to an application requesting access to the protected services; gathering the attributes while accessing the application; and bundling the attributes and the request to access the protected services into an authentication request object that is created by an authentication software development kit (SDK) residing in the application.
“13. The non-transitory computer readable storage device of claim 12, further comprising computer executable instructions for: when the risk of data security is acceptable, refreshing access to the protected services without requiring additional authentication.
“14. The non-transitory computer readable storage device of claim 12, further comprising computer executable instructions for: when the risk of data security is unacceptable, requiring the user to provide one or more of a password and biometric data.
“15. The non-transitory computer readable storage device of claim 12, further comprising computer executable instructions for: determining an updated risk of data security after a time expiration of the access token.”
For additional information on this patent, see: Barbir, Abbie. Incorporating risk-based decision in standard authentication and authorization systems.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Vehicle control systems (USPTO 11726437): Allstate Insurance Company
Findings in Insurance Reported from Chongqing University of Science and Technology (Optimal Reinsurance-investment Game for Two Insurers With Sahara Utilities Under Correlated Markets): Insurance
Advisor News
- Prudential study: Babies born today will likely need nearly $2M to retire
- Economy performing better than expected, Morningstar says
- Advisors have more optimism post-election
- How to get people to share personal information
- Trump pick for Treasury: extending tax cuts the ‘most important’ issue
More Advisor NewsAnnuity News
- Midland Advisory Focused on Growing Registered Investment Advisor Channel Presence
- Delaware Life Announces Suite of Innovative Fixed Index Annuities
- Allianz Life moves to strengthen annuity operations with own reinsurer
- Global Atlantic Announces New Registered Index-Linked Annuity
- AM Best Affirms Credit Ratings of Reinsurance Group of America, Incorporated and Subsidiaries
More Annuity NewsHealth/Employee Benefits News
- Insurers question need for prosthetics, limit coverage
- Weight loss drugs top the list for price negotiations
- NC leaders worry about future of Medicaid expansion
NC leaders worry about future of Medicaid expansion after Trump takes office
- How Trump’s promises will become betrayals
- Study Data from Women’s Center Update Understanding of Managed Care (Defining Midwifery-led Care In the United States Using Concept Analysis): Managed Care
More Health/Employee Benefits NewsLife Insurance News
- Lincoln Financial Expands Life Insurance Portfolio With Launch of Two New Variable Universal Life Products
- AM Best Affirms Credit Ratings of Prudential Financial, Inc. and Its Life/Health Subsidiaries
- Symetra reaches $32.5 million settlement over cost-of-insurance charges
- Registration Statement – Specified Transactions (Form S-3)
- Symetra Names Christine Carlson Vice President, Stop Loss Claims
More Life Insurance News