-
公开(公告)号:GB2529632A
公开(公告)日:2016-03-02
申请号:GB201415067
申请日:2014-08-26
Applicant: IBM
Abstract: A method of managing user authentication levels during a user session comprises the steps of: operating a user session for a specific user S2.1; maintaining a user authentication level for the user session S2.2; monitoring one or more factors relating to the user's activity S2.3; applying one or more rules to the monitored factors S2.4; detecting that a rule has indicated the user's current authentication level is too high S2.5; and lowering the user's authentication level, without ending the user's session S2.5 (i.e. keep the user logged in). Monitored factors may include the users current task or the users current location. The users authentication level will be automatically reduced when it is detected to be higher than it needs to be for the users current task, for example, or when the user leaves a safe territory such as his/her home. A visual indication may be output for the current authentication level. The arrangement avoids having to rely on manually stepping-down an authentication level by the user after (manually) stepping-up the authentication level to perform a particular task e.g. online bank transfer. The method acts as a transparent background process to monitor whether the current authentication level is too high.
-
公开(公告)号:GB2522864A
公开(公告)日:2015-08-12
申请号:GB201402000
申请日:2014-02-06
Applicant: IBM
Abstract: Authenticating a user by displaying a dynamic image, detecting a user interaction with the image, detecting the duration of the user interaction and comparing the detected user interaction and the detected duration with stored reference values and authenticating the user if they match. The dynamic images may be a sequence of images or a video. User input may be a touch or a click and may include movement, the interaction may be used to indicate recognition of an event which indicates the start of a time period and then to indicate the occurrence of second event known to the user and displayed. The user may interact by following an object, the time the object is followed and what object was followed may be used for authentication. Allows a user to indicate knowledge of the time period of a significant event which is provided to the authentication scheme in the form of a time period.
-
公开(公告)号:GB2510120A
公开(公告)日:2014-07-30
申请号:GB201301218
申请日:2013-01-24
Applicant: IBM
Inventor: PIPES STEPHEN DAVID , DUFFELL JOHN WILLIAM , PAVITT JOE , CHANG MATTHEW-LOUIS , GREEN SOPHIE , MARLAND SAM
Abstract: Disclosed is a method and system for providing a user access to a computer system (400) comprising a plurality of services (10) and a plurality of authentication levels (20), the method comprises dynamically monitoring (212, 214) a user authenticated on said computer system to calculate a risk profile of the user, and dynamically selecting (216) an authentication level for each of said services based on said monitored risk profile. If said authentication level for a service is higher than an actual authentication level for said user (i.e. initial authentication level), a further authentication request (224) is sent to the user requesting the user to provide authentication information corresponding to the dynamically selected authentication level upon said authenticated user requesting access to said service. The services may be financial services and the monitored user data may be biometric data, location data, environmental data or user device data.
-
公开(公告)号:GB2526614A
公开(公告)日:2015-12-02
申请号:GB201409610
申请日:2014-05-30
Applicant: IBM
Inventor: ARUNKUMAR SARITHA , SRIVATSA MUDHAKAR , PIPES STEPHEN DAVID
Abstract: Disclosed is a method for anonymizing location information of a mobile device 110 comprising: providing a trusted edge server 202 at a network edge; the mobile device intercepting a request for access to location information made by an application and redirecting the request 310 to the trusted server; the trusted server obfuscating the location information, based on the location other mobile devices proximal to the querying mobile device to generate an obfuscated location information, the other mobile devices being selected based on a similarity between user profiles associated with the mobile device and the other mobile devices; the trusted server returning 312 the obfuscated location information to the mobile device which then sends 314 the obfuscated location information to the application. The mobile device may submit a category from its user profile to the trusted server, which may identify the other mobile devices with a preference in the category the same as that of the mobile device. Categories other than those for which a preference has been specified may be used to determine which other mobile devices are selected. A desired level of anonymity may be provided by an end user, with the trusted server obfuscating the location information such that this level is achieved.
-
Patent Agency Ranking
公开(公告)号:DE112013006496T5
公开(公告)日:2015-11-05
申请号:DE112013006496
申请日:2013-11-21
Applicant: IBM
Inventor: PIPES STEPHEN DAVID , DUFFELL JOHN WILLIAM , CHANG MATTHEW-LOUIS , GREEN SOPHIE DANIELLE , MARLAND SAM , PAVITT JOE
IPC: G06F21/31
Abstract: Ein Verfahren wird offenbart zum Bereitstellen eines Benutzerzugriffs auf ein Computersystem (400), das eine Mehrzahl von Diensten (10) und eine Mehrzahl von Identitätsprüfungs-Ebenen (20) aufweist, wobei das Verfahren aufweist: dynamisches Überwachen (212, 214) eines Risikoprofils eines Benutzers, dessen Identität in dem Computersystem festgestellt wurde; dynamisches Auswählen einer Identitätsprüfungs-Ebene für jeden der Dienste auf der Grundlage des überwachten Risikoprofils; und wenn die Identitätsprüfungs-Ebene für einen Dienst höher ist als eine aktuelle Identitätsprüfungs-Ebene für den Benutzer, Senden einer Aufforderung (224) nach weiteren Identitätsprüfungen an den Benutzer, die den Benutzer auffordert, Identitätsprüfungs-Informationen bereitzustellen, die der dynamisch ausgewählten Identitätsprüfungs-Ebene entsprechen, wenn der Benutzer, dessen Identität festgestellt wurde, Zugang zu dem Dienst fordert.
-
公开(公告)号:GB2518386A
公开(公告)日:2015-03-25
申请号:GB201316649
申请日:2013-09-19
Applicant: IBM
Inventor: PIPES STEPHEN DAVID
Abstract: Verifying an access code in which the access code comprises one or more code elements having associated time periods. The system comprises of a code input for inputting an access code, a passcode retrieving means for retrieving a passcode and verification logic to compare an input access code to a retrieved passcode, where the passcode comprises a set of one or more code elements, such as numbers, the code elements being associated with a respective time period such as short or long. This results in a two dimensional passcode that has the same number of combinations as a single dimensional passcode making it easier to remember. If the input access code matches the passcode data in both dimensions i.e. numerals and time periods are identical then access may be authorised.
-
公开(公告)号:GB2525361A
公开(公告)日:2015-10-21
申请号:GB201514978
申请日:2013-11-21
Applicant: IBM
Inventor: PIPES STEPHEN DAVID , DUFFELL JOHN WILLIAM , PAVITT JOE , CHANG MATTHEW-LOUIS , GREEN SOPHIE DANIELLE , MARLAND SAM
Abstract: Disclosed is a method for providing a user access to a computer system (400) comprising a plurality of services (10) and a plurality of authentication levels (20), the method comprising dynamically monitoring (212, 214) a risk profile of a user authenticated on said computer system; dynamically selecting (216) an authentication level for each of said services based on said monitored risk profile; and if said authentication level for a service is higher than an actual authentication level for said user, sending a further authentication request (224) to the user requesting the user to provide authentication information corresponding to the dynamically selected authentication level upon said authenticated user requesting access to said service.
-
公开(公告)号:GB2520949A
公开(公告)日:2015-06-10
申请号:GB201321349
申请日:2013-12-04
Applicant: IBM
Inventor: PIPES STEPHEN DAVID , SRIVATSA MUDHAKAR , ARUNKUMAR SARITHA
Abstract: A method for indicating the trustworthiness of data processed in accordance with a processing rule whereby a first trust weight is assigned to a data item to be processed to provide a weighted data item, the first trust weight representing a level of trust in the data item, and second trust weight is assigned to the processing rule to provide a weighted processing rule, the second trust weight representing a level of trust in the processing rule. The weighted data item is processed in accordance with the weighted processing rule to generate a data output and an indication of a level of trust in the data output.
-
公开(公告)号:GB2519119A
公开(公告)日:2015-04-15
申请号:GB201317944
申请日:2013-10-10
Applicant: IBM
Inventor: PIPES STEPHEN DAVID , BERMAN TOM
IPC: H04L29/06 , G06F21/60 , H04L12/22 , H04L12/701
Abstract: An arrangement is described for securing response data to a database query wherein the response data is split into multiple portions with each portion being sent on a respective route/path which has different physical nodes compared to all the nodes in the other selected return paths/routes i.e. linear network coding is performed with exclusive/distinct physical nodes for each path/route for each response portion. In particular a method for use in a distributed federated database 200 arrangement for securing response data sent from a responder 106 to a querier 108, in response to query data sent from a querier through one or more nodes 102, 104 of a network of nodes, hosted on a physical machine, to a responder, the method comprising the steps of: collecting path information for the query data, the path information identifying a plurality of paths 112, 114, 116, 118 from the querier to the responder and including a physical machine identifier for each of the nodes; identifying one or more sets of return paths 120, 122, 202, 204, from said plurality of paths, for sending response data, each one of the return paths within an identified set of return paths utilizing only a subset of nodes not present in any other one of the return paths within the identified set of return paths; for each of said one or more set of return paths, discarding any of the return paths within the set of return paths which utilize any nodes sharing a physical machine identifier with any node present in another of the return paths in the set of return paths; and splitting the response data into a plurality of portions and sending each of the plurality of portions from the responder to the querier using a different return path selected from one of said set of return paths. The physical machine identifier may be an IP address. The arrangement provides protection from eavesdropping/sniffing/interception 110.
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.017 seconds)
