Methods and systems for authentication assistant
US-10972458-B1 · Apr 6, 2021 · US
Data security hub
US12339992B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12339992-B2 |
| Application number | US-202217864287-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 29, 2022 |
| Priority date | Oct 30, 2017 |
| Publication date | Jun 24, 2025 |
| Grant date | Jun 24, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Client devices can send access request messages to resource management computers to request access to a resource. A data security hub can provide centralized routing between different client devices, resource management computers, and authentication data processing servers. The data security hub can reduce the risk of sensitive authentication information from leaking (e.g., due to a breach) by limiting the amount or types of authentication information distributed to the data processing servers. The data security hub can limited the authentication information being distributed based on its sensitivity, the trust level of the client device, and the security level of the requested resource. The data security hub can also evaluate the client devices and data processing servers to identify security breaches and can cancel or reroute access requests accordingly. Thus, the data security hub can maintain resource security while better preserving the privacy of the client device's authentication information.
First claim
Opening claim text (preview).
What is claimed is: 1. A data security hub for processing and routing access request messages, the data security hub comprising: a computer readable storage medium storing a plurality of instructions; and one or more processors for executing the instructions stored on the computer readable storage medium to: receive an access request message from a client device, the access request message comprising a plurality of items of authentication information and requesting an access to a resource, the plurality of items of authentication information corresponding to one or more types of authentication information; analyze the access request message to determine the one or more types of the plurality of items of authentication information included in the access request message; determine sensitivity levels corresponding to the one or more types of authentication information; restrict the one or more types of authentication information based on the sensitivity levels and a risk level of the resource to obtain a restricted set of authentication information, wherein the restricted set of authentication information comprises fewer items of authentication information than the plurality of items of authentication information or at least one item of authentication information that is at least partially obfuscated among the plurality of items; identify a set of data processing servers capable of processing the restricted set of authentication information; select a first data processing server from the set of data processing servers based on an evaluated trust level and a network condition of the first data processing server; and send an authentication request including the restricted set of authentication information to the first data processing server. 2. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to determine encryption parameters for secure multi-party computation based on the sensitivity levels and apply secure multi-party computation encryption to a certain type of authentication information using the encryption parameters. 3. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to determine a trust level for the client device based on historical access request information associated with the client device, wherein the restricting of the one or more types of authentication information is further based on the trust level of the client device. 4. The data security hub of claim 3 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to compare interaction information of the client device to an expected set of interactions, wherein the determining of the trust level for the client device is further based on the comparison of the interaction information of the client device to the expected set of interactions. 5. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to generate a first data structure corresponding to a first format of the access request message using a linguistic parser, where the analyzing of the access request message is based on the first data structure. 6. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to: generate a second data structure corresponding to a second format used by the first data processing server for responding to authentication request messages using a linguistic parser; and generate the authentication request message based on the second data structure. 7. The data security hub of claim 6 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to add stored authentication information associated with the client device to the authentication request based on the second data structure corresponding to the second format used by the first data processing server. 8. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to: receive an authentication response message from the first data processing server, the authentication response message indicating whether the restricted set of authentication information is valid; and send the access request message to a resource management computer that manages access to the resource based on the authentication information being valid. 9. The data security hub of claim 1 , wherein the computer readable storage medium further stores instructions that cause the one or more processors to: receive an authentication response message from the first data processing server; generate a third data structure, using a linguistic parser, corresponding to a third format used by the first data processing server for the authentication response message; compare the third data structure to stored data structures used by the first data processing server for previously received authentication response messages, the comparison of the third data structure and the stored data structures indicating that the first data processing server may have been breached; and sending later authentication request messages to a second data processing server instead of the first data processing server based on the comparison of the third data structure to the stored data structures used by the first data processing server. 10. The data security hub of claim 1 , wherein the one or more types of authentication information comprise a user information and a device information. 11. The data security hub of claim 1 , wherein the one or more processors, by executing the instructions, are configured to generate the authentication request to include the restricted set of authentication information. 12. A method for processing and routing access request messages through a data security hub, the method comprising: receiving an access request message from a client device, the access request message comprising a plurality of items of authentication information and requesting an access to a resource, the plurality of items of authentication information corresponding to one or more types of authentication information; analyzing the access request message to determine the one or more types of the plurality of items of authentication information included in the access request message; determining sensitivity levels corresponding to the one or more types of authentication information; restricting the one or more types of authentication information based on the sensitivity levels and a risk level of the resource to obtain a restricted set of authentication information, wherein the restricted set of authentication information comprises fewer items of authentication information than the plurality of items of authentication information or at least one item of authentication information that is at least partially obfuscated among the plurality of items; identifying a set of data processing servers capable of processing the restricted set of authentication information; selecting a first data processing server from the set of data processing servers based on an evaluated trust level and a network condition of the first data processing server; and sending an authentication request including the restricted set of authentication information to the first data processing server. 13. The method of claim 12 , further comprising determining encryption parameters for secure mu
Assignees
Inventors
Classifications
Querying · CPC title
Risk-dependent, e.g. selecting a security level depending on risk profiles · CPC title
Authentication · CPC title
Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII] · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12339992B2 cover?
- Client devices can send access request messages to resource management computers to request access to a resource. A data security hub can provide centralized routing between different client devices, resource management computers, and authentication data processing servers. The data security hub can reduce the risk of sensitive authentication information from leaking (e.g., due to a breach) by …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 24 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).