公开(公告)号：US20150178486A1

公开(公告)日：2015-06-25

申请号：US14642028

申请日：2015-03-09

Applicant: AVAYA Inc.

Inventor： Jon Louis BENTLEY ,  George William ERHART ,  Lawrence O'Gorman ,  Michael J. Sammon ,  David Joseph SKIBA

IPC: G06F21/31 ,  G06F21/32

CPC classification number: G06F21/31 ,  G06F21/32

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.).

Abstract translation: 公开了一种用于确定基于一个或多个的认证频率（即，认证和重新认证用户之间的时间长度）和质询类型（例如，用户名/密码，指纹识别，语音识别等）的装置和方法 或环境特性（例如，环境噪声水平，环境亮度，温度等）或用户的一种或多种生理特性（例如，心率，血压等），或两者。 有利地，说明性实施例使得能够基于从这些属性推断的恶意活动的可能性来调整认证频率和质询类型。 此外，说明性实施例使得认证挑战类型能够针对特定环境条件（例如，噪声环境，黑暗环境等）而定制。

公开(公告)号：US20150237047A1

公开(公告)日：2015-08-20

申请号：US14703380

申请日：2015-05-04

Applicant: Avaya Inc.

Inventor： Jon Louis BENTLEY ,  George William ERHART ,  Lawrence O'GORMAN ,  Michael J. SAMMON ,  David Joseph SKIBA

IPC: H04L29/06

CPC classification number: H04L63/0861 ,  H04L9/3271 ,  H04L63/083 ,  H04L63/0846 ,  H04W12/06

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.

Abstract translation: 公开了一种用于基于什么软件应用来确定认证频率（即，认证和重新认证用户之间的时间长度）和质询类型（例如，用户名/密码，指纹识别，语音识别等）的装置和方法 用户正在数据处理系统上运行，以及如何使用这些应用程序（例如，使用什么功能，应用程序输入或输出哪些数据，应用程序的使用频率和时间以及应用程序的使用时间）什么输入设备 并且使用输出设备等）。有利地，说明性实施例使得能够基于从当前和过去的应用使用推断的恶意活动的可能性和/或恶意活动的潜在成本来调整认证频率和质询类型。 此外，说明性实施例使得能够基于当前应用使用来选择对用户侵入较少的认证挑战类型。