Monitoring mobile application activities for malicious traffic on a mobile device
US-8984581-B2 · Mar 17, 2015 · US
Data sensitivity based authentication and authorization
US10038726B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10038726-B2 |
| Application number | US-201414303461-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 12, 2014 |
| Priority date | Jun 12, 2013 |
| Publication date | Jul 31, 2018 |
| Grant date | Jul 31, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by a mobile device including one or more processors, a request by a user to access data required to be used by an application executing on the mobile device; determining, by the mobile device, a data sensitivity level associated with the data, wherein data having a higher data sensitivity level requires a greater authentication level to access the data and data having a lower data sensitivity level requires a lower authentication level to access the data, wherein the data sensitivity level associated with the data is dependent on a plurality of security inputs, wherein the data sensitivity level varies between a first user having a first set of security inputs and a second user having a second set of security inputs different from the first user, and wherein the data sensitivity level varies according to a type of the data required to be used by the application requested by the user; determining, by the mobile device, an authentication level associated with the user making the request in order to access the data requested by the user; comparing, by the mobile device, the data sensitivity level of the data requested by the user to the authentication level associated with the user; determining, by the mobile device, whether the authentication level of the user satisfies the data sensitivity level required to be used by the application; in response to determining that the authentication level of the user is lower than the data sensitivity level for the data, sending a request to the user for authentication information; in response to sending the request for authentication information, receiving authentication information from the user; and in response to determining whether the authentication level of the user and the authentication information received from the user satisfies the data sensitivity level required for the data required to be used by the application, providing or denying access to the data required to be used by the application. 2. The method of claim 1 wherein determining a data sensitivity level associated with the data further comprises: querying a data sensitivity level cache for the data; and returning the data sensitivity level associated with the data from the data sensitivity level cache. 3. The method of claim 1 wherein the plurality of security inputs include one or more of: initial permissions associated with a requesting application; customizations; and mobile device state. 4. The method of claim 2 , further comprising analyzing the plurality of security inputs by a decision model, wherein the analyzing further comprises: assigning a weight to each of the plurality of security inputs; identifying one or more of the plurality of inputs having a highest weight; and determining the data sensitivity level associated with the one or more of the plurality of inputs having the highest weight. 5. The method of claim 1 , further comprising updating the data sensitivity level based on aggregate permission data from a plurality of users. 6. The method of claim 1 , further comprising: determining that the authentication level is lower than the data sensitivity level; and sending an authentication request for a security credential having a second authentication level equal to or greater than the data sensitivity level. 7. The method of claim 6 , wherein the security credential is associated with temporal limitation and a security event limitation. 8. The method of claim 2 , further comprising: periodically requesting updates to the data sensitivity level stored in the data sensitivity level cache from a cloud security provider server. 9. The method according to claim 1 , wherein the request to access the data required to be used by the application is received via the application. 10. A mobile device, comprising: one or more processors; and a memory communicatively coupled to the one or more processors, wherein the one or more processors are configured to execute instructions included in the memory to perform operations for a data sensitivity module, the operations comprising: a request by a user to access data required to be used by an application executing on the mobile device; determining a data sensitivity level associated with the data, wherein data having a higher data sensitivity level requires a greater authentication level to access the data and data having a lower data sensitivity level requires a lower authentication level to access the data, wherein the data sensitivity level associated with the data is dependent on a plurality of security inputs, wherein the data sensitivity level varies between a first user having a first set of security inputs and a second user having a second set of security inputs different from the first user, and wherein the data sensitivity level varies according to a type of the data required to be used by the application requested by the user; determining an authentication level associated with the user making the request in order to access the data requested by the user; comparing the data sensitivity level of the data requested by the user to the authentication level associated with the user; determining, by the mobile device, whether the authentication level of the user satisfies the data sensitivity level for the data required to be used by the application; in response to determining that the authentication level of the user is lower than the data sensitivity level for the data, sending a request to the user for authentication information; in response to sending the request for authentication information, receiving authentication information from the user; and in response to determining whether the authentication level of the user and the authentication information from the user satisfies the data sensitivity level required for the data required to be used by the application, providing or denying access to the data required to be used by the application. 11. The mobile device of claim 10 wherein determining a data sensitivity level associated with the data further comprises: querying a data sensitivity level cache for the data; and returning the data sensitivity level associated with the data from the data sensitivity level cache. 12. The mobile device of claim 10 wherein the plurality of inputs include one or more of: initial permissions associated with a requesting application; customizations; and mobile device state. 13. The mobile device of claim 11 , wherein the one or more processors are configured to execute instructions included in the memory to perform operations comprising analyzing the plurality of security inputs by a decision model, wherein the analyzing comprises: assigning a weight to each of the plurality of security inputs; identifying one or more of the plurality of inputs having a highest weight; and determining the data sensitivity level associated with the one or more of the plurality of inputs having the highest weight. 14. The mobile device of claim 10 , wherein the data sensitivity module is further configured to update the data sensitivity level based on aggregate permission data from a plurality of users. 15. The mobile device of claim 10 , wherein the data sensitivity module is further configured to: determine that the authentication level is lower than the data sensitivity level; and send an authentication request for a security credential having a second authentication level equal to or greater than the data sensitivity level. 16. The mobile device of claim 15 , wherein the security credential is a
Assignees
Inventors
Classifications
- H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Multiple levels of security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10038726B2 cover?
- Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If t…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 31 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).