公开(公告)号：US09262609B2

公开(公告)日：2016-02-16

申请号：US14642028

申请日：2015-03-09

Applicant: AVAYA Inc.

Inventor： Jon Louis Bentley ,  George William Erhart ,  Lawrence O'Gorman ,  Michael J. Sammon ,  David Joseph Skiba

IPC: G06F21/00 ,  G06F21/31 ,  G06F21/32

CPC classification number: G06F21/31 ,  G06F21/32

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.).

公开(公告)号：US09590985B2

公开(公告)日：2017-03-07

申请号：US14703380

申请日：2015-05-04

Applicant: Avaya Inc.

Inventor： Jon Louis Bentley ,  George William Erhart ,  Lawrence O'Gorman ,  Michael J. Sammon ,  David Joseph Skiba

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04L63/0861 ,  H04L9/3271 ,  H04L63/083 ,  H04L63/0846 ,  H04W12/06

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.

Abstract translation: 公开了一种用于基于什么软件应用来确定认证频率（即，认证和重新认证用户之间的时间长度）和质询类型（例如，用户名/密码，指纹识别，语音识别等）的装置和方法 用户正在数据处理系统上运行，以及如何使用这些应用程序（例如，使用什么功能，应用程序输入或输出哪些数据，应用程序的使用频率和时间以及应用程序的使用时间）什么输入设备 并且使用输出设备等）。有利地，说明性实施例使得能够基于从当前和过去的应用使用推断的恶意活动的可能性和/或恶意活动的潜在成本来调整认证频率和质询类型。 此外，说明性实施例使得能够基于当前应用使用来选择对用户侵入较少的认证挑战类型。

公开(公告)号：US20150230086A1

公开(公告)日：2015-08-13

申请号：US14690840

申请日：2015-04-20

Applicant: Avaya Inc.

Inventor： Jon Louis BENTLEY ,  George William Erhart ,  Lawrence O'Gorman ,  Michael J. SAMMON ,  David Joseph SKIBA

IPC: H04W12/06 ,  H04L29/06 ,  H04L29/12 ,  H04W12/08

CPC classification number: H04W12/06 ,  G06F21/34 ,  H04L61/609 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/107 ,  H04W12/08 ,  H04W88/02

Abstract: Methods and apparatus are disclosed for authenticating a user based on the geo-location history of a geo-location-enabled wireless device (e.g., a GPS-enabled wireless telecommunications terminal, a smart card, an RFID tag, etc.). In a first illustrative embodiment, a user of a geo-location-enabled wireless telecommunications terminal (e.g., a GPS-enabled cell phone, a GPS-enabled notebook computer, etc.) who attempts to access a restricted resource is challenged with one or more questions that are generated from the terminal's geo-location history. In a second illustrative embodiment, a user of a data-processing system who attempts to access a restricted resource is asked to provide a username Z. The user is then challenged with one or more questions that are generated from the geo-location history of a wireless device that is associated with username Z (e.g., a cell phone that belongs to the user whose username is Z, etc.).

Abstract translation: 公开了基于启用地理位置的无线设备（例如，启用GPS的无线电信终端，智能卡，RFID标签等）的地理位置历史来验证用户的方法和装置。 在第一示例性实施例中，试图访问受限资源的地理位置使能的无线电信终端（例如，启用GPS的手机，支持GPS的笔记本电脑等）的用户受到一个或多个 从终端的地理位置历史生成的更多问题。 在第二说明性实施例中，要求尝试访问受限资源的数据处理系统的用户提供用户名Z.然后，向用户挑战一个或多个从地理位置历史生成的问题 与用户名Z相关联的无线设备（例如，属于用户名为Z的用户的手机等）。

公开(公告)号：US10212587B2

公开(公告)日：2019-02-19

申请号：US14690840

申请日：2015-04-20

Applicant: Avaya Inc.

Inventor： Jon Louis Bentley ,  George William Erhart ,  Lawrence O'Gorman ,  Michael J. Sammon ,  David Joseph Skiba

IPC: H04L29/06 ,  H04L29/12 ,  H04W12/06 ,  H04W12/08 ,  G06F21/34 ,  H04W48/04 ,  H04W88/02

Abstract: Methods and apparatus are disclosed for authenticating a user based on the geo-location history of a geo-location-enabled wireless device (e.g., a GPS-enabled wireless telecommunications terminal, a smart card, an RFID tag, etc.). In a first illustrative embodiment, a user of a geo-location-enabled wireless telecommunications terminal (e.g., a GPS-enabled cell phone, a GPS-enabled notebook computer, etc.) who attempts to access a restricted resource is challenged with one or more questions that are generated from the terminal's geo-location history. In a second illustrative embodiment, a user of a data-processing system who attempts to access a restricted resource is asked to provide a username Z. The user is then challenged with one or more questions that are generated from the geo-location history of a wireless device that is associated with username Z (e.g., a cell phone that belongs to the user whose username is Z, etc.).

公开(公告)号：US20150178486A1

公开(公告)日：2015-06-25

申请号：US14642028

申请日：2015-03-09

Applicant: AVAYA Inc.

Inventor： Jon Louis BENTLEY ,  George William ERHART ,  Lawrence O'Gorman ,  Michael J. Sammon ,  David Joseph SKIBA

IPC: G06F21/31 ,  G06F21/32

CPC classification number: G06F21/31 ,  G06F21/32

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.).

Abstract translation: 公开了一种用于确定基于一个或多个的认证频率（即，认证和重新认证用户之间的时间长度）和质询类型（例如，用户名/密码，指纹识别，语音识别等）的装置和方法 或环境特性（例如，环境噪声水平，环境亮度，温度等）或用户的一种或多种生理特性（例如，心率，血压等），或两者。 有利地，说明性实施例使得能够基于从这些属性推断的恶意活动的可能性来调整认证频率和质询类型。 此外，说明性实施例使得认证挑战类型能够针对特定环境条件（例如，噪声环境，黑暗环境等）而定制。