What technology area does this patent fall under?

Primary CPC classification G06F21/316. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu May 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Verifying a user's identity based on adaptive identity assurance levels

US2016125199A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016125199-A1
Application number	US-201414528973-A
Country	US
Kind code	A1
Filing date	Oct 30, 2014
Priority date	Oct 30, 2014
Publication date	May 5, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The disclosed embodiments provide a system that manages access to a computer-based resource. During operation, the system obtains a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource. Next, the system obtains a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on a first set of success rates of the identity-proofing techniques in preventing fraudulent access to computer-based resources. The system then calculates an identity assurance level for the user based on the set of security levels and a second set of success rates of the user in completing one or more of the identity-proofing techniques. Upon determining that the identity assurance level of the user meets a minimum identity assurance level for accessing the computer-based resource, the system enables access to the computer-based resource in a response to the request.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method for managing access to a computer-based resource, comprising: obtaining a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource; and processing the request by performing the following operations on a computer system: obtaining a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on a first set of success rates of the identity-proofing techniques in preventing fraudulent access to computer-based resources; calculating an identity assurance level for the user based on the set of security levels and a second set of success rates of the user in completing one or more of the identity-proofing techniques; and upon determining that the identity assurance level of the user meets a minimum identity assurance level for accessing the computer-based resource, enabling access to the computer-based resource in a response to the request. 2 . The method of claim 1 , further comprising: upon determining that the identity assurance level of the user does not meet the minimum identity assurance level, providing, in the response, one or more options for increasing the identity assurance level of the user to the minimum identity assurance level. 3 . The method of claim 2 , wherein providing the one or more options for increasing the identity assurance level of the user to the minimum identity assurance level comprises: initiating one or more of the identity-proofing techniques for increasing the identity assurance level of the user to the minimum identity assurance level. 4 . The method of claim 1 , wherein obtaining the set of security levels comprises: determining the first set of success rates from usage data for the identity-proofing techniques; and determining the set of security levels from the first set of success rates, wherein the set of security levels is determined based on a ranking of the first set of success rates of the identity-proofing techniques in preventing fraudulent access to the computer-based resources. 5 . The method of claim 4 , wherein the set of security levels is determined from the first set of success rates immediately before the identity assurance level is calculated for the user. 6 . The method of claim 4 , wherein the set of security levels is further determined based on a security policy for an external provider of the computer-based resource. 7 . The method of claim 4 , wherein the usage data comprises at least one of: a security incident; and a fraud rate. 8 . The method of claim 1 , wherein calculating the identity assurance level for the user comprises: determining the second set of success rates from usage data comprising successful and failed attempts at completing the one or more of the identity-proofing techniques by the user; and calculating the identity assurance level for the user from the second set of success rates and the security levels. 9 . The method of claim 1 , wherein enabling access to the computer-based resource in the response comprises: obtaining the computer-based resource from an external provider; and providing the computer-based resource in the response. 10 . The method of claim 1 , wherein the set of identity-proofing techniques comprises at least one of: verification of contact information; remote verification of an identification document; verification of a relationship; verification of a biometric identifier; and verification of an authentication factor. 11 . An apparatus, comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to: obtain a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource; obtain a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on a first set of success rates of the identity-proofing techniques in preventing fraudulent access to computer-based resources; calculate an identity assurance level for the user based on the set of security levels and a second set of success rates of the user in completing one or more of the identity-proofing techniques; and upon determining that the identity assurance level of the user meets a minimum identity assurance level for accessing the computer-based resource, enable access to the computer-based resource in a response to the request. 12 . The apparatus of claim 11 , wherein the memory further stores instructions that, when executed by the one or more processors, cause the apparatus to: upon determining that the identity assurance level of the user does not meet the minimum identity assurance level, provide, in the response, one or more options for increasing the identity assurance level of the user to the minimum identity assurance level. 13 . The apparatus of claim 11 , wherein obtaining the set of security levels comprises: determining the first set of success rates from usage data for the identity-proofing techniques; and determining the set of security levels from the first set of success rates. 14 . The apparatus of claim 13 , wherein the set of security levels is determined based on: a ranking of the performances of the identity-proofing techniques; and a security policy for an external provider of the computer-based resource. 15 . The apparatus of claim 13 , wherein the usage data comprises at least one of: a security incident; and a fraud rate. 16 . The apparatus of claim 11 , wherein calculating the identity assurance level for the user comprises: determining the second set of success rates from usage data comprising successful and failed attempts at completing the one or more of the identity-proofing techniques by the user; and calculating the identity assurance level for the user from the second set of success rates and the security levels. 17 . The apparatus of claim 11 , wherein the set of identity-proofing techniques comprises at least one of: verification of contact information; remote verification of an identification document; verification of a relationship; verification of a biometric identifier; and verification of an authentication factor. 18 . A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing access to a computer-based resource, the method comprising: obtaining a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource; and obtaining a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on a first set of success rates of the identity-proofing techniques in preventing fraudulent access to computer-based resources; calculating an identity assurance level for the user based on the set of security levels and a second set of success rates of the user in completing one or more of the identity-proofing techniques; and upon determining that the identity assurance level of the user meets a minimum identity assurance level for accessing the computer-based resource, enabling access to the computer-based resource in a response to the request. 19 . The non-transitory computer-readable storage medium of claim 18 , the method further comprising: upon determining that the identity assurance level of the user does not

Assignees

Intuit Inc

Inventors

Classifications

G06F21/316Primary
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title
G06F2221/2105
Dual mode as a secondary aspect · CPC title
H04L63/10
for controlling access to devices or network resources · CPC title
H04L9/32Primary
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
G06F21/31
User authentication · CPC title

Patent family

Related publications grouped by family.

View patent family 53506288

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016125199A1 cover?: The disclosed embodiments provide a system that manages access to a computer-based resource. During operation, the system obtains a request for the computer-based resource, wherein the request identifies a user seeking access to the computer-based resource. Next, the system obtains a set of security levels for a set of identity-proofing techniques, wherein the set of security levels is based on…
Who is the assignee on this patent?: Intuit Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/316. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu May 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).