System and method for establishing historical usage-based hardware trust
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/00
H04L-009/32
출원번호
UP-0615858
(2006-12-22)
등록번호
US-7849307
(2011-01-31)
발명자
/ 주소
Roskind, James A.
출원인 / 주소
AOL Inc.
대리인 / 주소
Glenn, Michael A.
인용정보
피인용 횟수 :
25인용 특허 :
32
초록▼
Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third p
Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.
대표청구항▼
The invention claimed is: 1. A method for establishing trust in relation to a service across a network, comprising the steps of: tracking information unique to each log in for at least a selected user and a selected device of one or more devices connectable to said network; extending an increase in
The invention claimed is: 1. A method for establishing trust in relation to a service across a network, comprising the steps of: tracking information unique to each log in for at least a selected user and a selected device of one or more devices connectable to said network; extending an increase in trust to any of said selected device and said selected user of said selected device in relation to said service at a level at least partially based on any of frequency of said tracked log ins and number of said tracked log ins associated with said selected device for said selected user. 2. The method of claim 1, further comprising the step of: performing an authentication of any of said selected device and said selected user, wherein said authentication is based on a combination of said extended trust and at least one other form of authentication. 3. The method of claim 1, further comprising the step of: storing said tracked information at any of said selected device and a remote location. 4. The method of claim 3, wherein said stored tracked information comprises at least one of any of a statement, a cookie and a tag. 5. The method of claim 4, wherein said statement is signed by an issuer, wherein said issuer comprises any of an authenticating server and a third party. 6. The method of claim 1, wherein said tracked information is stored at a remote location, the method further comprising the steps of: providing a key pair for said selected device, said key pair comprising a private key and a public key, wherein said private key establishes identity of said selected device; transmitting said public key from said selected device to an authenticating server; and accessing said stored tracked information by said authenticating server based on said public key. 7. The method of claim 1, wherein said step of tracking information further comprises creating a statement by an issuer, downloading said statement from said issuer, and storing said downloaded statement on said selected device. 8. The method of claim 7, further comprising the step of: providing said stored tracked information by said selected device with a request for any of service and access. 9. The method of claim 1, wherein said step of extending an increase in trust further comprises at least one user authentication. 10. The method of claim 9, wherein said user authentication comprises any of a password and an appropriate response by said selected user to an authentication question. 11. The method of claim 9, wherein said user authentication is used when said selected user attempts a connection from a device other than said selected device. 12. The method of claim 1, wherein said step of extending an increase in trust comprises: determining a level of trust according to said selected user's frequency of use of said client device, wherein a frequent user is granted enhanced trust over an infrequent user. 13. The method of claim 1, further comprising the step of: conditionally allowing said selected user to perform any of accessing service, changing preferences, changing a password and creating a sub-account, wherein said conditional allowance is based on said extended increase in trust. 14. The method of claim 1, further comprising the step of: establishing a pattern of use based at least on said tracked information for any of said selected device and said selected user; wherein said step of extending trust is at least partially based on a level of conformance to said established pattern of use. 15. The method of claim 14, wherein said tracked information comprises any of where said selected user dials in from, device type, device operating system, any of IP address and subnet, and any of cookies and tags on said selected device. 16. A system for establishing trust in relation to a service across a network, comprising: means for tracking information unique to each log in for at least a selected user and a selected device of one or more devices connectable to said network; and means for extending an increase in trust to any of said selected device and said selected user of said selected device in relation to said service at a level at least partially based on any of frequency of said log ins and number of said tracked log ins associated with said selected device for said selected user. 17. The system of claim 16, further comprising: means for authenticating of any of said selected device for said selected user, wherein said authentication is based on a combination of said extended trust and at least one other form of authentication. 18. The system of claim 16, further comprising: means for storing said tracked information at any of said selected device and a remote location. 19. The system of claim 18, wherein said stored tracked information comprises at least one of any of a statement, a cookie and a tag. 20. The system of claim 19, wherein said statement is signed by an issuer, wherein said issuer comprises any of an authenticating server and a third party. 21. The system of claim 16, wherein said tracked information is stored at a remote location, the system further comprising: a key pair associated with said selected device, said key pair comprising a private key and a public key, wherein said private key establishes identity of said selected device; means for transmitting said public key from said selected device to an authenticating server; and means for accessing said stored tracked information by said authenticating server based on said public key. 22. The system of claim 16, wherein said tracking means further comprises means for creating a statement by an issuer corresponding to said tracked information, means for downloading said statement from said issuer, and means for storing said downloaded statement on said selected device. 23. The system of claim 22, further comprising: means for providing said stored tracked information by said selected device with a request for any of service and access. 24. The system of claim 16, wherein said means for extending an increase in trust further comprises at least one user authentication. 25. The system of claim 24, wherein said user authentication comprises any of a password and an appropriate response by said selected user to an authentication question. 26. The system of claim 24, wherein said user authentication is required if said selected user attempts a connection from a device other than said selected device. 27. The system of claim 16, wherein said means for extending an increase in trust comprises means for determining a level of trust according to said selected user's frequency of use of said client device, wherein a frequent user is granted enhanced trust over an infrequent user. 28. The system of claim 16, further comprising: means for conditionally allowing said selected user to perform any of accessing service, changing preferences, changing a password and creating a sub-account, wherein said conditional allowance is based on said extended increase in trust. 29. The system of claim 16, further comprising: means for any of establishing and updating a pattern of use based at least on said tracked information for any of said selected device and said selected user; wherein said extended trust is at least partially based on a level of conformance to said pattern of use. 30. The system of claim 29, wherein said tracked information comprises any of where said selected user dials in from, device type, device operating system, any of IP address and subnet, and any of cookies and tags on said selected device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (32)
Wood, David L.; Norton, Derk, Access management system and method employing secure credentials.
Howard, John Hal; Kunins, Jeffrey C.; Anderson, Darren L.; Battle, Ryan W.; Metral, Max E., Controlling access to a network server using an authentication ticket.
See Michael E. ; Bailey John W. ; Panza Charles L. ; Pikover Yuri ; Stone Geoffrey C., Deterministic user authentication service for communication network.
Shi Shaw-Ben ; Ault Michael Bradford ; Plassmann Ernst Robert ; Rich Bruce Arland ; Rosiles Mickella Ann ; Shrader Theodore Jack London, Distributed file system web server user authentication with cookies.
Hrabik,Michael; Guilfoyle,Jeffrey; Mac Beaver,Edward, Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures.
Stephen J. Purpura, Method and system for authentication and single sign on using cryptographically assured cookies in a distributed computer environment.
Hershey Paul C. (Manassas VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Waclawsky John G. (Frederick MD) Wilkins John D. (Somerville VA), Network security system and method using a parallel finite state machine adaptive active monitor and responder.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Kent Eldon Seamons ; William Hale Winsborough, Trust negotiation in a client/server data processing network using automatic incremental credential disclosure.
Dulai Dharmender S. ; Marur Vinod R. ; Vitale Benjamin F. ; Zenel Bruce A., Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access.
Ensor Myra L. ; Kowalski Thaddeus Julius ; Primatic Agesino, User-transparent security method and apparatus for authenticating user terminal access to a network.
Khanwalkar, Manoj; Camacho, Adler; Van Lare, Stephen; Winkler, Omer; Tuttle, Luke David; Patel, Surag I., Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.