Methods and systems for authentication assistant
US-10972458-B1 · Apr 6, 2021 · US
Data security hub
US11429745B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11429745-B2 |
| Application number | US-201716759453-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 30, 2017 |
| Priority date | Oct 30, 2017 |
| Publication date | Aug 30, 2022 |
| Grant date | Aug 30, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Client devices can send access request messages to resource management computers to request access to a resource. A data security hub can provide centralized routing between different client devices, resource management computers, and authentication data processing servers. The data security hub can reduce the risk of sensitive authentication information from leaking (e.g., due to a breach) by limiting the amount or types of authentication information distributed to the data processing servers. The data security hub can limited the authentication information being distributed based on its sensitivity, the trust level of the client device, and the security level of the requested resource. The data security hub can also evaluate the client devices and data processing servers to identify security breaches and can cancel or reroute access requests accordingly Thus, the data security hub can maintain resource security while better preserving the privacy of the client device's authentication information.
First claim
Opening claim text (preview).
What is claimed is: 1. A data security hub for processing and routing access request messages, the data security hub comprising: a computer readable storage medium storing a plurality of instructions; and one or more processors for executing the instructions stored on the computer readable storage medium to: receive an access request message from a client device, the access request message requesting access to a resource; analyze the access request message to determine one or more types of authentication information included in the access request message; determine sensitivity levels corresponding to the one or more types of authentication information; restrict the one or more types of authentication information based on the sensitivity levels and a risk level of the resource to obtain a restricted set of authentication information; identify set of data processing servers capable of processing the restricted set of authentication information; select a first data processing server from the set of data processing servers based on an evaluated trust level and a network condition of the first data processing server, and send an authentication request including the restricted set of authentication information to the first data processing server, wherein the restricting of the one or more types of authentication information comprises removing a certain type of authentication information or a portion of the certain type of authentication information. 2. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to determine encryption parameters for secure multi-party computation based on the sensitivity levels and apply secure multi-party computation encryption to a certain type of authentication information using the encryption parameters. 3. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to determine a trust level for the client device based on historical access request information associated with the client device, wherein the restricting of the one or more types of authentication information is further based on the trust level of the client device. 4. The data security hub of claim 3 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to compare interaction information of the client device to an expected set of interactions, wherein the determining of the trust level for the client device is further based on the comparison of the interaction information of the client device to the expected set of interactions. 5. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to generate a first data structure corresponding to a first format of the access request message using a linguistic parser, where the analyzing of the access request message is based on the first data structure. 6. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to: generate a second data structure corresponding to a second format used by the first data processing server for responding to authentication request messages using a linguistic parser; and generate the authentication request message based on the second data structure. 7. The data security hub of claim 6 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to add stored authentication information associated with the client device to the authentication request based on the second data structure corresponding to the second format used by the first data processing server. 8. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to: receive an authentication response message from the first data processing server, the authentication response message indicating whether the restricted set of authentication information is valid; and send the access request message to a resource management computer that manages access to the resource based on the authentication information being valid. 9. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to: receive an authentication response message from the first data processing server, generate a third data structure, using a linguistic parser, corresponding to a third format used by the first data processing server for the authentication response message; compare the third data structure to stored data structures used by the first data processing server for previously received authentication response messages, the comparison of the third data structure and the stored data structures indicating that the first data processing server may have been breached; and sending later authentication request messages to a second data processing server instead of the first data processing server based on the comparison of the third data structure to the stored data structures used by the first data processing server. 10. A method for processing and routing access request messages through a data security hub, the method comprising: receiving an access request message from a client device, the access request message requesting access to a resource; analyzing the access request message to determine one or more types of authentication information included in the access request message; determining sensitivity levels corresponding to the one or more types of authentication information; restricting the one or more types of authentication information based on the sensitivity levels and a risk level of the resource to obtain a restricted set of authentication information; identifying a set of data processing servers capable of processing the restricted set of authentication information; selecting a first data processing server from the set of data processing servers based on an evaluated trust level and a network condition of the first data processing server; and sending an authentication request including the restricted set of authentication information to the first data processing server, wherein the restricting of the one or more types of authentication information comprises removing a certain type of authentication information or a portion of the certain type of authentication information. 11. The method of claim 10 , further comprising determining encryption parameters for secure multi-party computation based on the sensitivity levels and applying secure multi-party computation encryption to a certain type of authentication information using the encryption parameters. 12. The method of claim 10 , further comprising determining a trust level for the client device based on historical access request information associated with the client device, wherein the restricting of the one or more types of authentication information is further based on the trust level of the client device. 13. The method of claim 12 , further comprising comparing interaction information of the client device to an expected set of interactions, wherein the determining of the trust level for the client device is further based on the comparison of the interaction information of the client device to the expected set of interactions. 14. The method of claim 10 , further comprising generating a first data structure corresponding to a first forma
Assignees
Inventors
Classifications
Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII] · CPC title
Authentication · CPC title
Structures or tools for the administration of authentication · CPC title
for controlling access to devices or network resources · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11429745B2 cover?
- Client devices can send access request messages to resource management computers to request access to a resource. A data security hub can provide centralized routing between different client devices, resource management computers, and authentication data processing servers. The data security hub can reduce the risk of sensitive authentication information from leaking (e.g., due to a breach) by …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 30 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).