Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third p
Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.
대표청구항▼
1. A server associated with a service provider for establishing trust across a network, the server comprising: at least one processor; andone or more computer-readable storage memory devices embodying processor-executable instructions which, responsive to execution by the at least one processor, are
1. A server associated with a service provider for establishing trust across a network, the server comprising: at least one processor; andone or more computer-readable storage memory devices embodying processor-executable instructions which, responsive to execution by the at least one processor, are configured to enable the server to: track, using the server, information unique to each log-in for a selected user from one or more devices associated with the selected user; andextend, using the server, an increase in trust to the selected user at a trust level based, at least in part, on any of frequency of said log-ins and number or number of the tracked log-ins from the one or more devices associated with the selected user. 2. The server of claim 1, wherein the server is further configured to: receive a specific log-in request from the selected user;obtain information associated with the specific log-in request; andcompare the information associated with the specific log-in request with a profile associated with the selected user effective to determine the trust level to extend to the selected user for the specific log-in request, the profile based, at least in part, on the tracked information unique to each log-in. 3. The server of claim 2, wherein the server is further configured to receive usage history information from the selected user as part of the specific log-in request. 4. The server of claim 1, wherein the tracked information comprises at least one signed statement associated with the selected user's usage history. 5. The server of claim 4, wherein the usage history comprises password change history associated with the selected user. 6. The server of claim 4, wherein the server is further configured to: receive a public key from the selected user as part of the specific log-in request; anduse the public key to access the selected user's usage history. 7. The server of claim 1, wherein the server is further configured to: receive an incorrect password, from the selected user, for access to an associated service;determine the selected user has an extended increase in trust; andresponsive to determining the selected user has an extended increase in trust, enable the selected user to change passwords for the associated service. 8. The server of claim 7, wherein the extended increase in trust is based, at least in part, on one or more communications from the selected user originating from a trusted client device. 9. server associated with a service provider and configured to establish trust across a network, the server comprising: at least one processor; andone or more computer-readable storage memory devices comprising processor executable instructions which, responsive to execution by the at least one processor, are configured to enable the server to: write a token into any of a memory or a disk that is associated with a selected client device of one or more client devices associated with a selected user;confirm that the token exists on the selected client device during each log-in of the selected user at the selected client device; andextend an increase in trust to the selected client device at a level at least partially based on any of frequency of the log-ins and number of the log-ins by the selected user at the selected client device. 10. The server of claim 9, wherein the increase in trust comprises immediate log-in for an associated service without asking for any additional information from the selected user. 11. The server of claim 9, wherein the server is further configured to: responsive to receiving a log-in request for a particular service associated with the selected user, request additional information from a client device of the one or more client devices requesting the log-in if information the token does not match with usage history associated with the selected user; andgrant or deny access to the particular service based, at least in part on a response to the request for additional information. 12. The server of claim 9, wherein the server is further configured to: issue a new usage history statement for each log-in from the selected client device. 13. The server of claim 12, wherein the new usage history statement comprises a signed statement. 14. The server of claim 12, wherein the server is further configured to send the new usage history statement to the selected client device. 15. The server of claim 9, wherein the server is further configured to: receive an incorrect password, from the selected client device, for access to an associated service;determine the selected client device has an extended increase in trust; andresponsive to determining the selected client device has an extended increase in trust, enable the selected client device to change passwords for the associated service. 16. A method for establishing trust in relation to a service provider, comprising: tracking information unique to each log-in for a selected user from one or more devices associated with the selected user;extending an increase in trust to the selected user at a level based, at least in part, on a frequency of said tracked log-ins or a number of said tracked log-ins from the one or more devices associated with the selected user;identifying a new access point that the selected user logs-in from; andrequesting authentication information from the selected user instead of extending an increase in trust, to the selected user, for the log-in associated with the new access point. 17. The method of claim 16 further comprising: receiving the requested authentication information;verifying the requested authentication information; andresponsive to verifying the requested information, extending an increase in trust to the selected user for future log-ins associated with the new access point. 18. The method of claim 16, wherein the tracked information comprises at least one of: a device type;a device operating system;an IP address or subnet;a cookie stored on an associated access point;a tag stored on an associated access point; ora location associated with where the selected user connects in from. 19. The method of claim 16 further comprising: receiving an incorrect password, from the selected user, for access to an associated service;determining the selected user has an extended increase in trust; andresponsive to determining the selected user has an extended increase in trust, enabling the selected user to change passwords for the associated service. 20. The method of claim 16 further comprising: receiving a public key from the selected user as part of the specific log-in request;using the public key to access the selected user's usage history, andextending the increase in trust to the selected user based, at least in part, on the accessed usage history.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (44)
Wood, David L.; Norton, Derk, Access management system and method employing secure credentials.
Rosenberg Jonathan ; Gandhi Munish ; Werth Andrew, Apparatus and method for tracking world wide web browser requests across distinct domains using persistent client-side state.
Howard, John Hal; Kunins, Jeffrey C.; Anderson, Darren L.; Battle, Ryan W.; Metral, Max E., Controlling access to a network server using an authentication ticket.
See Michael E. ; Bailey John W. ; Panza Charles L. ; Pikover Yuri ; Stone Geoffrey C., Deterministic user authentication service for communication network.
Shi Shaw-Ben ; Ault Michael Bradford ; Plassmann Ernst Robert ; Rich Bruce Arland ; Rosiles Mickella Ann ; Shrader Theodore Jack London, Distributed file system web server user authentication with cookies.
Hrabik,Michael; Guilfoyle,Jeffrey; Mac Beaver,Edward, Method and apparatus for verifying the integrity and security of computer networks and implementing counter measures.
Stephen J. Purpura, Method and system for authentication and single sign on using cryptographically assured cookies in a distributed computer environment.
Hershey Paul C. (Manassas VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Waclawsky John G. (Frederick MD) Wilkins John D. (Somerville VA), Network security system and method using a parallel finite state machine adaptive active monitor and responder.
Grawrock David ; Lohstroh Shawn R., System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Kent Eldon Seamons ; William Hale Winsborough, Trust negotiation in a client/server data processing network using automatic incremental credential disclosure.
Dulai Dharmender S. ; Marur Vinod R. ; Vitale Benjamin F. ; Zenel Bruce A., Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access.
Ensor Myra L. ; Kowalski Thaddeus Julius ; Primatic Agesino, User-transparent security method and apparatus for authenticating user terminal access to a network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.