< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Method And System For Providing A Dynamic Authentication System For A Computing System

Abstract: The present invention relates to methods and systems for providing a dynamic authentication system for a computing device to authenticate a user to access an application on the computing device. Accordingly, a request to access the application from a user is received. A plurality of authentication techniques available on the computing device is then retrieved from a memory. Based on one or more risk factors associated with the application, a security rating corresponding to the plurality of authentication techniques are dynamically determined. Based on the security rating, an authentication technique is selected from amongst the plurality of authentication techniques and is associated with the application to authenticate the user.

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
29 June 2015
Publication Number
54/2016
Publication Type
INA
Invention Field
COMMUNICATION
Status
Email
mail@lexorbis.com
Parent Application
Patent Number
Legal Status
Grant Date
2022-04-26
Renewal Date

Applicants

Samsung India Electronics Pvt. Ltd.
Logix Cyber Park, Plot No. C 28-29, Tower D - Ground to 10th Floor, Tower C - 7th to 10th Floor, Sector-62, Noida – 201301, Uttar Pradesh, India

Inventors

1. KUMAR, Amioy
C/o Ashok kumar srivastava, Azad colony, Maripur, Muzaffarpur, Bihar-842001, India
2. MEDIRATTA, Sumit
No. 1, 2nd Cross St, Nagarajappa Layout, Bengaluru-560016, Karnataka, India
3. KADIYAN, Niraj
House No 815, VPO Beholi, Tehsil Samalkha, District panipat, Haryana – 132101, India

Specification

TECHNICAL FIELD
[0001] The present invention relates to methods and system for authenticating users and in particular relates to methods and systems for providing a dynamic authentication system for a computing system to authenticate the users.
BACKGROUND
[0002] With increased availability of smart phones, users desire greater mobility in terms of accessing various services provided by various service providers. To cater to users’ demands, each service provider now provides a specific application for their services that can be easily downloaded on the smart phones. Examples of such applications include, chat applications, shopping applications, social networking applications, image sharing applications, email application, and finance related applications such as banking applications. In addition to these downloadable applications, various applications are inherently provided in the smart phones by manufactures of the smart phones. Examples of such applications include, but not limited to, image/video capturing application such as camera, image/video viewing application such as gallery, messaging application for sending and receiving messages such as short messaging service (SMS) and multimedia messaging service (MMS).. To protect privacy of a user and prevent unauthorized access to these applications on a smartphone of the user, various authentication techniques are available. Examples of the authentication techniques include, but not limited to, password authentication, pattern authentication, PIN authentication, and biometric authentication based on biometric information such as face, fingerprint, and eye. These authentication techniques require the user to specify a response to a challenge presented by the authentication techniques while accessing the application. For example, a password is required for password authentication technique, a pattern is required for pattern authentication technique, biometric information is required for biometric authentication technique, and PIN is required for PIN authentication technique.
[0003] Various solutions are available for providing these authentication techniques on the smart phone to the user. In one solution, the user selects one or more of the applications and associates the selected application(s) with an authentication technique available on the smart phone. However, this requires the user to change the response frequently as the same response is being used for authenticating the user while accessing the selected application(s). Thus, increasing inconvenience to the user.
[0004] In another solution, two or more authentication techniques are provided on the smart phone through a locking application. The locking application enables the user to select different authentication techniques for different applications on the smart phone. Such selection can be called as defining administration policies. For example, PIN authentication technique can be selected for camera application and pattern authentication technique can be selected for mail application. In addition, each of the authentication techniques is associated with predefined security level. For example, low security level is predefined for biometrics authentication technique, high security level is predefined for password authentication technique, and medium security level is predefined for pattern authentication technique. However, such predefined security levels of the authentication techniques are static and limits the use of the authentication techniques to provide desired security to the applications.
[0005] Some other solutions overcome these deficiencies. In one solution, a locking application enables the user to define security levels of the applications along with risk factors such as time of accessing the application and location of accessing the application, and administration policies. Based on the user-defined risk factors, security levels, and administration policies, different authentication techniques are selected and associated with the applications. In continuation with the above example, the user sets high security level at location L1 and low security level at location L2 for an application. Accordingly, password authentication technique is selected and associated with application at location L1 and biometrics authentication technique is selected and associated with application at location L2. However, such selection is still based on the static predefined security level of each of the authentication technique that fails to provide desired security level. In addition, risk factors may change over time and selecting authentication technique based on static predefined security levels is insufficient to maintain a desired level of security under changing conditions.
[0006] In another solution, user activity such as failed login attempts, and network security attacks on the smart phone or other computing device is tracked for determining a risk level. Based on the risk level, an authentication technique is decided. For example, if risk level is high, an authentication technique with high security level is associated with the smart phone. Similarly, in another solution, financial transaction activity is tracked when the user has logged into a financial application on the smart phone. Based on the financial transaction activity, a risk level is determined and consequently an authentication technique is again associated with the application. In one another solution, user specifies security rules indicating risk levels according to various locations. When access to an application is detected, a location of access is determined and accordingly a risk level is determined based on the specified rules. Consequently, an authentication technique is associated with the application based on the determined risk level. Similarly, in yet another solution, based on the risk level, two or more authentication techniques are provided in succession to access the smart phone. As would be understood, second authentication technique is provided only when the user has successfully provided a response to a challenge provided by first authentication technique. Such solutions enable dynamic selection of authentication technique in accordance with a risk level. However, such dynamic selection is still based on the static predefined security level of each of the authentication techniques that fail to provide desired security level. In an example, biometric authentication technique has a predefined security level as low and password authentication technique has a predefined security level as high. However, based on the risk level, whenever risk level is high, password authentication technique will always be selected. Thus making such dynamic selection of authentication technique very predictable and easy to overcome.
[0007] Thus, there exists a need for a solution to provide a dynamic authentication system that overcomes the above deficiencies.

SUMMARY OF THE INVENTION
[0008] In accordance with the purposes of the invention, the present invention as embodied and broadly described herein, provides a dynamic authentication system for a computing device. Accordingly, a request to access an application on a computing device is received from a user. Based on the received request, a plurality of authentication techniques available on the computing device are retrieved from a memory of the computing device. Thereafter, a security rating corresponding to the plurality of authentication techniques is dynamically determined based on one or more risk factors associated with the application. The one or more risk factors are defined by the user and stored in the memory. The one or more risk factors include one or more of security level of the application, usage category of the application, location of accessing the application, time of accessing the application, and combinations thereof. Based on the determined security rating, an authentication technique is selected from amongst the plurality of authentication techniques. The selected authentication technique is then associated with the application and presented to the user for authenticating the user.
[0009] In a similar manner, the authentication technique currently associated with the application is dynamically switched based the one or more risk factors. Accordingly, parameters are retrieved from the computing device based on the one or more risk factors. Examples of the parameter include location of accessing the application and time of accessing the application. Upon retrieving the parameters, a current security level of the application is determined. Based on the current security level, a security rating corresponding to the plurality of authentication techniques is dynamically determined. Based on the determined security rating, an authentication technique is selected from amongst the plurality of authentication techniques. The currently associated authentication technique is dissociated from the application and the selected authentication technique is associated with the application.
[0010] The advantages of the invention include, but are not limited to, dynamically determining a security rating of plurality of authentication techniques based on risk factors associated with application and selecting an authentication technique based on the determination at the time of accessing the application. The risk factors include multiple factors defined by users that determine a desired security requirement of the application. Examples of the risk factors include location, security level of the application, and time. Thus, the authentication technique is not selected based only on static predefined ratings. Rather, a security rating for the authentication technique is first determined dynamically and thereafter the authentication technique having security rating which is able to meet the desired security requirement of the application is selected. This enables dynamic selection of authentication technique according to risk levels associated with an application and security level of the authentication technique while accessing the application.
[0011] Further, the authentication technique currently associated with the application is dynamically switched based on the risk factors associated with the application at the time of accessing the application. This reduces predictability and improves security. In addition, the user history, device history, user-habits, and user activity like false/fraud attempt are tracked and such data is further used in determining a security rating of the authentication technique. Thus, probability of fraudulent access is detected at the time of accessing the application and accordingly an authentication technique is selected. As such, the security of the application is greatly enhanced and protection of privacy of the user is greatly improved.
[0012] These aspects and advantages will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings and claims.

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS:
[0013] To further clarify advantages and aspects of the invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings, which are listed below for quick reference.
[0014] Figures 1a to 1c & 2 illustrate exemplary methods for providing dynamic authentication system for a computing device, in accordance with an embodiment of present invention.
[0015] Figure 3 illustrates exemplary computing device for providing dynamic authentication system, in accordance with various embodiments of present invention.
[0016] Figure 4 illustrates exemplary computing device having various components providing dynamic authentication system, in accordance with various embodiments of present invention.
[0017] Figures 5a to 5c, 6, 7, and 8 illustrate an exemplary process of providing dynamic authentication on the computing device, in accordance with various embodiments of present invention.
[0018] Figure 9 illustrates an exemplary network environment providing dynamic authentication system, in accordance with various embodiments of present invention.
[0019] Figure 10 illustrates a typical hardware configuration of a computing device, which is representative of a hardware environment for practicing the present invention.
[0020] It may be noted that to the extent possible, like reference numerals have been used to represent like elements in the drawings. Further, those of ordinary skill in the art will appreciate that elements in the drawings are illustrated for simplicity and may not have been necessarily drawn to scale. For example, the dimensions of some of the elements in the drawings may be exaggerated relative to other elements to help to improve understanding of aspects of the invention. Furthermore, the one or more elements may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the invention so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein.

DETAILED DESCRIPTION
[0021] It should be understood at the outset that although illustrative implementations of the embodiments of the present disclosure are illustrated below, the present invention may be implemented using any number of techniques, whether currently known or in existence. The present disclosure should in no way be limited to the illustrative implementations, drawings, and techniques illustrated below, including the exemplary design and implementation illustrated and described herein, but may be modified within the scope of the appended claims along with their full scope of equivalents.
[0022] The term “some” as used herein is defined as “none, or one, or more than one, or all.” Accordingly, the terms “none,” “one,” “more than one,” “more than one, but not all” or “all” would all fall under the definition of “some.” The term “some embodiments” may refer to no embodiments or to one embodiment or to several embodiments or to all embodiments. Accordingly, the term “some embodiments” is defined as meaning “no embodiment, or one embodiment, or more than one embodiment, or all embodiments.”
[0023] The terminology and structure employed herein is for describing, teaching and illuminating some embodiments and their specific features and elements and does not limit, restrict or reduce the spirit and scope of the claims or their equivalents.
[0024] More specifically, any terms used herein such as but not limited to “includes,” “comprises,” “has,” “consists,” and grammatical variants thereof do NOT specify an exact limitation or restriction and certainly do NOT exclude the possible addition of one or more features or elements, unless otherwise stated, and furthermore must NOT be taken to exclude the possible removal of one or more of the listed features and elements, unless otherwise stated with the limiting language “MUST comprise” or “NEEDS TO include.”
[0025] Whether or not a certain feature or element was limited to being used only once, either way it may still be referred to as “one or more features” or “one or more elements” or “at least one feature” or “at least one element.” Furthermore, the use of the terms “one or more” or “at least one” feature or element do NOT preclude there being none of that feature or element, unless otherwise specified by limiting language such as “there NEEDS to be one or more . . . ” or “one or more element is REQUIRED.”
[0026] Unless otherwise defined, all terms, and especially any technical and/or scientific terms, used herein may be taken to have the same meaning as commonly understood by one having an ordinary skill in the art.
[0027] Reference is made herein to some “embodiments.” It should be understood that an embodiment is an example of a possible implementation of any features and/or elements presented in the attached claims. Some embodiments have been described for the purpose of illuminating one or more of the potential ways in which the specific features and/or elements of the attached claims fulfil the requirements of uniqueness, utility and non-obviousness.
[0028] Use of the phrases and/or terms such as but not limited to “a first embodiment,” “a further embodiment,” “an alternate embodiment,” “one embodiment,” “an embodiment,” “multiple embodiments,” “some embodiments,” “other embodiments,” “further embodiment”, “furthermore embodiment”, “additional embodiment” or variants thereof do NOT necessarily refer to the same embodiments. Unless otherwise specified, one or more particular features and/or elements described in connection with one or more embodiments may be found in one embodiment, or may be found in more than one embodiment, or may be found in all embodiments, or may be found in no embodiments. Although one or more features and/or elements may be described herein in the context of only a single embodiment, or alternatively in the context of more than one embodiment, or further alternatively in the context of all embodiments, the features and/or elements may instead be provided separately or in any appropriate combination or not at all. Conversely, any features and/or elements described in the context of separate embodiments may alternatively be realized as existing together in the context of a single embodiment.
[0029] Any particular and all details set forth herein are used in the context of some embodiments and therefore should NOT be necessarily taken as limiting factors to the attached claims. The attached claims and their legal equivalents can be realized in the context of embodiments other than the ones used as illustrative examples in the description below.
[0030] Figures 1a to 1c illustrate exemplary method 100 for providing dynamic authentication system for a computing device, according to one embodiment. In such embodiment, an authentication technique is dynamically selected and is associated with an application, when a user accesses the application on the computing device. In said embodiment, the method 100 comprises: receiving 101 a request to access the application from a user; retrieving 102 a plurality of authentication techniques available on the computing device from a memory; dynamically determining 103 a security rating corresponding to the plurality of authentication techniques based on one or more risk factors associated with the application; selecting 104 an authentication technique from amongst the plurality of authentication techniques based on the security rating determined thereof; and associating 105 the authentication technique with the application to authenticate the user.
[0031] In a further embodiment, the one or more risk factors are received from the user through an authentication application and stored in the memory. The authentication application being different from the application.
[0032] In a further embodiment, the plurality of authentication techniques and the application are associated with the authentication application by the user.
[0033] In a further embodiment, the one or more risk factors include one or more of security level of the application, usage category of the application, location of accessing the application, time of accessing the application, and combinations thereof.
[0034] In a further embodiment, the method 100 further comprises providing a user-interface corresponding to the associated authentication technique such that the user-interface presents a challenge to the user.
[0035] In a further embodiment, the providing the user-interface further comprises: receiving a response from the user on the user-interface in response to the challenge; comparing the received response with a stored response associated with the authentication technique; and enabling access to the application when the received response matches with the stored response.
[0036] In a further embodiment, the stored response associated with the authentication technique is predefined by the user and stored in the memory.
[0037] In a further embodiment, the plurality of authentication techniques is one of: a one-step authentication technique and a two-step authentication technique.
[0038] In a further embodiment, one or metrics associated with one or more authentication techniques from amongst plurality of authentication techniques is defined by the user and stored in the memory.
[0039] In a further embodiment, the dynamic determination (103) the security rating further comprises: selecting (106) a security policy for determining the security rating based on the one or more risk factors and one or more policy rules, the security policy being selected from a group comprising of: dynamic security policy, user-defined security policy, and pre-stored security policy; and determining (107) the security rating based on the selected security policy.
[0040] In a further embodiment, the one or more policy rules are defined by the user through an authentication application and stored in the memory, the authentication application being different from the application.
[0041] In a further embodiment, the one or more policy rules are indicative of preferences defined by the user for selecting the security policy.
[0042] In a further embodiment, the determination (107) of the security rating based on the dynamic security policy further comprises: determining (108) a local security rating based on a frequency of associating one or more of the plurality of authentication techniques with the application on the computing device; determining a global security rating (109) based on a frequency of associating one or more of the plurality of authentication techniques with the application on a plurality of computing devices, the plurality of computing devices excluding the computing device; and determining (109) the security rating for the plurality of authentication techniques based on the local security rating determined thereof, the global security rating determined thereof, and a plurality of security rules.
[0043] In a further embodiment, the determination of the security rating based on the user-defined security policy further comprises determining the security rating based on a preference of one or more authentication techniques defined by the user for the application.
[0044] In a further embodiment, the determination of the security rating based on the pre-stored security policy further comprises determining the security rating based on a pre-stored security rating corresponding to the plurality of authentication techniques in the computing device.
[0045] Figure 2 illustrates exemplary method 200 for providing dynamic authentication system for a computing device, according to another embodiment. In such embodiment, an authentication technique currently associated with an application running on a computing device is dynamically switched with another authentication technique, when a user accesses the application on the computing device. In said embodiment, the method 200 comprises: receiving 201 a request to access the application from a user; retrieving 202 parameters currently associated with the application from the computing device; determining 203 a security level defined for the application based on the parameters thus retrieved; retrieving 204 a plurality of authentication techniques available on the computing device from a memory; dynamically determining 205 a security rating corresponding to the plurality of authentication techniques based the security level of the application; selecting 206 an authentication technique from amongst the plurality of authentication techniques based on the security rating determined thereof; disassociating 207 the authentication technique currently associated with the application; and associating 208 the selected authentication technique with the application to authenticate the user.
[0046] In a further embodiment, the parameters are based on one or more risk factors associated with the application.
[0047] In a further embodiment, the one or more risk factors include one or more of security level of the application, usage category of the application, location of accessing the application, time of accessing the application, and combinations thereof.
[0048] In a further embodiment, the one or more risk factors are received from the user through an authentication application and stored in the memory, the authentication application being different from the application.
[0049] Figure 3 illustrates exemplary computing device 300 for providing dynamic authentication system.
[0050] In one embodiment, the computing device 300 authenticates a user to access an application. In said embodiment, the computing device 300 comprises: request receiving unit 301 to receive a request to access the application from a user; a processor 302 coupled to the request receiving unit 301 to retrieve a plurality of authentication techniques from a memory 303 coupled to the computing device 300; and a rating determination unit 304 coupled to the processor 302 to: dynamically determine a security rating corresponding to the plurality of authentication techniques based on one or more risk factors associated with the application; select an authentication technique from amongst the plurality of authentication techniques based on said one or more risk factors and the security rank determined thereof; and associate the selected authentication technique with the application to authenticate the user.
[0051] In another embodiment, the computing device 300 dynamically switches an authentication technique currently associated with an application. In said embodiment, the computing device 300 comprises: request receiving unit 301 to receive a request to access the application on the computing device from a user; a processor 302 coupled to the request receiving unit 301 to: obtain parameters currently associated with the application; determine a security level defined for the application based on the parameters thus retrieved; and retrieve a plurality of authentication techniques from a memory 303 coupled to the computing device 300; and a rating determination unit 304 coupled to the processor 302 to: dynamically determine a security rating corresponding to the plurality of authentication techniques based the security level of the application; select an authentication technique from amongst the plurality of authentication techniques based on the security rating determined thereof; disassociate the authentication technique currently associated with the application; and associate the selected authentication technique with the application to authenticate the user.
[0052] It would be understood that the computing device 300, the request receiving unit 301, the processor 302, and the rate determination unit 304 may include various software components or modules as necessary for implementing the invention.
[0053] Figure 4 further illustrates exemplary computing device 400 having various components providing dynamic authentication system, in accordance with various embodiments of present invention. Examples of the computing device 400 include desktop, notebook, tablet, smart phone, and laptop.
[0054] In accordance with the present invention, the computing device 400 includes one or more applications 401-1, 401-2, 401-3, 404-4,…401-N (hereinafter referred to as application 401 indicating one application and applications 401 indicating two or more applications) which enable a user to access various services provided by various service providers. Examples of such applications include, but not limited to, chat applications, image-sharing applications, email applications, social networking applications, shopping applications, and financial applications like banking applications. In addition to these applications, various other applications are inherently provided in the computing device 400 by a manufacturer of the computing device 400. Examples of such applications include, but not limited to, image/video capturing application such as camera, image/video viewing application such as gallery, messaging application for sending and receiving messages such as short messaging service (SMS) and multimedia messaging service (MMS).
[0055] The computing device 400 further includes one or more authentication techniques 402-1, 402-2, 402-3,…402-N (hereinafter referred to as authentication technique 402 indicating one authentication technique and authentication techniques 402 indicating two or more authentication techniques) which authenticate the user prior to enabling an access to the applications. Examples of the authentication techniques 402 include PIN authentication technique, password authentication technique, and biometric authentication techniques using biometric information such as fingerprint, face, and eye. In one example, the authentication techniques 402 are integrated with the computing device 400 at the time of manufacturing. In another example, the authentication techniques 402 are downloaded onto the computing device 400 and integrated with the computing device 400 by the user. As would be understood, the computing device 400 includes various hardware and software components to support the authentication techniques 402. In an example, the computing device 400 includes a fingerprint scanner (not shown in the figure) to support fingerprint authentication technique.
[0056] Further, the authentication techniques 402 require the user to specify a response to a challenge presented by the authentication techniques 402. For example, a password is required for password authentication technique, a pattern is required for pattern authentication technique, biometric information is required for biometric authentication technique, and PIN is required for PIN authentication technique. As would be understood, for providing the response to the authentication techniques 402, the user selects a menu on the computing device. The selection of the menu can be performed by various methods. In one embodiment, the selection can be provided as a touch based gesture input. In another embodiment, the selection can be provided as a non-touch based gesture input. In yet another embodiment, the selection can be provided as an input from an input device communicatively coupled to the computing device 400. Upon selecting a menu, a user-interface corresponding to the authentication technique is provided on a display unit (not shown in the figure) of the computing device 400. The response provided by the user on the user-interface is stored in a memory (not shown in the figure) of the computing device 400. For the present invention, the user specifies one response for each authentication technique 402. In addition, the user specifies one or metrics for one or more of the authentication techniques 402. In an example, for biometric authentication technique based on facial information, the user also specifies eye-to-eye distance for additional verification. In another example, for biometric authentication technique based on facial information, the user also specifies lips-to-mouth distance for additional verification.
[0057] In addition to storing the response, a set of attributes are also stored in the memory. The set of attributes are based on the response specified by the user. Examples of the attributes include types of characters used as a response to password authentication technique, type of pattern used as a response to pattern authentication technique, positions of scars/ cut marks in fingerprint used as a response to fingerprint authentication technique.
[0058] Additionally, in one embodiment, one or more of the authentication techniques 402 are based on one-step authentication. In an example, the pattern authentication technique only requires the user to specify response pattern during authentication. In another embodiment, one or more of the authentication techniques 402 are based on two-step authentication. In an example, the pattern authentication technique requires the user to first specify a response pattern and then specify known information such as date of birth during authentication.
[0059] Further, the computing device 400 includes an authentication application 403 for providing a dynamic authentication system for the computing device 400. The authentication application 403 further includes a user customization module 404, a lock management module 405, a dynamic authentication module 406, and an adaptive authentication module 407, that are further described in following paragraphs. In an example, the applications 401, the authentication techniques 402, and the authentication application 403 are stored in the memory of the computing device 400. Further, the applications 401 and the authentication techniques 402 are associated with the authentication application 403 by the user. In an example, the user selects the applications 401 and the authentication techniques 402 through the authentication application 403. In such example, the user selects the authentication application 403 on the computing device. The selection of the authentication application 403 can be performed by various methods. In one embodiment, the selection can be provided as a touch based gesture input. In another embodiment, the selection can be provided as a non-touch based gesture input. In yet another embodiment, the selection can be provided as an input from an input device communicatively coupled to the computing device 400. Upon receiving the selection of the authentication application 403, a user-interface is provided on the display unit enabling the user to select one or more applications 401 and one or more authentication techniques. Upon receiving such selection, the authentication application saves data in the memory.
[0060] In an embodiment, the user downloads the authentication application 403 from a server (not shown in the figure) and stores in the memory of the computing device 400. In another embodiment, the authentication application 403 is pre-stored on the computing device 400. In one another embodiment, the authentication application 403 is coupled with a rating determination unit (not shown in the figure and described in Figure 3). In yet another embodiment, the authentication application 404 is coupled with a processor (not shown in the figure and described in Figure 3). In yet another embodiment, the modules of the authentication application 403 are coupled with both the rating determination unit and the processor.
[0061] Figures 5a to 5c, 6, and 7 illustrate an exemplary process of providing dynamic authentication on a computing device, in accordance with various embodiments of present invention.
[0062] Referring to Figures 3 and 4, in accordance with the present invention, the user provides one or more risk factors to customize a security level of one or more applications 402. The risk factors include, but not limited to, security level, usage category, location of accessing, and time of accessing. For each application 402, the user can specify the usage category as personal, official, general, and default; and security level as high, medium, and low. In addition, for one or more of the applications 402, the user can specify location specific security level for each of the usage category and time specific security level for each of the usage category. As would be understood, the location and time indicate the location of accessing the application and time of accessing the application. Accordingly, the user customization module 404 receives the one or more risk factors from the user through the request receiving unit 301. Upon receiving the one or more risk factors, the user customization module 404 associates the one or more risk factors with the application 401 and saves the data in the memory. In an example, the user customization module 404 saves the data in the form of a table.
[0063] Figures 5a-5c illustrates defining one or more risk factors for two applications 501-1 and 501-2. Figure 5a illustrates defining usage category as personal, general, official, and default, and corresponding security level as low (L), high (H), and medium (M) for the application 501-1 and 501-2. Thus, the user defines H for Personal, M for Official, L for General, and L for Default usage categories for the application 501-1. Similarly, the user defines the risk factors for the application 501-2.
[0064] Figure 5b illustrates defining security level as low (L), high (H), and medium (M) corresponding to each of the usage category, based on different access locations Location 1, Location 2, and Location 3. Thus, the user defines H for Location 1, M for Location 2, L for Location 3, and H for Any location other than Location 1, Location 2, and Location 3 for application 501-1 in Personal usage category. Similarly, the user defines the risk factors for Official and General usage categories for the application 501-1. In a similar manner, the user defines the risk factors for the application 501-2 (not shown in the figure).
[0065] Figure 5c illustrates defining security level as low (L), high (H), and medium (M) corresponding to each of the usage category based on different access timings Time 1, time 2, and Time 3. Thus, the user defines H for Time 1, M for Time 2, L for Time 3, and H for Any time of access other than Time 1, Time 2, and Time 3 for application 501-1 for Personal usage category. Similarly, the user defines the risk factors for Official and General usage categories for the application 501-1. In a similar manner, the user defines the risk factors for the application 501-2 (not shown in the figure).
[0066] Figure 6 illustrates an exemplary association 600 of risk factors 601 with applications 602. Accordingly, user selects the authentication application 403 on a computing device 603. Upon receiving the selection, the user customization module 405 provides a user-interface to enable the user to select one or more applications 602 and provides the risk factors 601 for each of the selected applications 602. As illustrated in the figure, the user specifies usage category as Personal and security level as High for application 602-1, usage category as Personal and security level as Medium for application 602-2, usage category as Official and security level as Medium for application 602-3, usage category as General and security level as Low for application 602-4, and usage category as Personal and security level as Medium for application 602-5. The user customization module 405 receives the risk factors 601 for the selected application 602 and saves a mapping of the risk factors 601 with each of the application 602 in the memory. In an example, the mapping is stored in the form of a table
[0067] In operation, the request receiving unit 301 receives a request to access the application 401 on the computing device 400 from the user. The request to access the application can be provided by various methods. In one embodiment, the request can be provided as a touch based gesture input. In another embodiment, the request can be provided as a non-touch based gesture input. In yet another embodiment, the request can be provided as an input from an input device communicatively coupled to the computing device 400.. Upon receiving the request, the authentication application 403 retrieves the list of authentication techniques 402 from the memory and dynamically determines a security rating corresponding to the authentication techniques 402 based on the risk factors associated with the application 401. Accordingly, the lock management module 405 selects a security policy for determining the security rating of each of the authentication techniques 402. The security policy defines a mechanism for determining the security rating of the authentication techniques 402. The different security policies managed by the lock management module 405 include user-defined security policy, pre-stored security policy, and dynamic security policy.
[0068] The user-defined security policy indicates determining the security rating based on a preference of authentication technique 402 for an application 401 defined by the user. In an example, user specifies a preference of password authentication technique for invoking image viewing application, pattern authentication technique for invoking messaging application, and biometric authentication technique based on fingerprint information for invoking financial application. Accordingly, the lock management module 405 receives the preferences of authentication techniques 402 for one or more applications 401 from the user through the request receiving unit 301. Upon receiving the preferences, the lock management module 405 associates preferences with the one or more applications 401 and saves the data in the memory. In an example, the lock management module 405 saves the data in the form of a table.
[0069] In a similar manner, the pre-stored security policy indicates determining the security rating based on a predefined security rating for each of the authentication techniques 402. The predefined security rating is stored in the memory in the form of a table during the manufacturing of the computing device 400. In an example, predefined security rating specifies a high security rating for password authentication technique, medium security rating for pattern authentication technique, and low security rating for biometric authentication technique based on facial information.
[0070] Further, the dynamic security policy indicates dynamically determining the security rating based on a frequency of association of each of the authentication techniques 402 with the application 401 being accessed on the computing device 400 and other computing devices having the authentication application 403.
[0071] Thus, the lock management module 405 manages the authentication techniques 402 in order of their security rating based on the aforementioned security policies. In order to select the security policy, the lock management module 405 retrieves the authentication techniques 402, the risk factors associated with the application 401 being accessed, and one or more policy rules from the memory. The policy rules are indicative of preferences defined by the user for selecting the security policy. For example, the user sets a preference of selecting the dynamic security policy at time T1 and location L1, and selecting the pre-stored security policy at time T2 irrespective of location, and selecting the user-defined security policy at all other times and locations. Accordingly, the lock management module 405 receives the policy rules from the user through the request receiving unit 301. Upon receiving the policy rules, the lock management module 405 saves the data in the memory. In an example, the lock management module 405 saves the data in the form of a table.
[0072] Upon retrieving the authentication techniques 402, the risk factors associated with the application 401 being accessed, and the policy rules, the lock management module 405 selects the security policy and provides the selection to the dynamic authentication module 406. Based on the selected security policy, the dynamic authentication module 406 determines the security rating of each of the authentication techniques 402.
[0073] Consequently, upon receiving the selection of dynamic security policy, the dynamic authentication module 406 determines a local security rating based on frequency of association of each of the authentication techniques 402 with the application 401 being accessed on the computing device 400. To this end, the dynamic authentication module 406 tracks each of the associated authentication techniques 402 with an application whenever the application is accessed. Accordingly, the dynamic authentication module 406 categorizes each of the authentication techniques 402 into plurality of groups based on the frequency of association. In an example, the plurality of groups include frequent, less-frequent, seldom, never used. Based on the categorization, the dynamic authentication module 406 determines the local security rating in accordance with predefined rules. In an example, local security rating is determined as low if the authentication technique is in the category of frequent and local security rating is determined as high if the authentication technique is in the category of seldom. Table 1 below illustrates an example of determining local security rating.
Table 1
Authentication Techniques Frequency of Association Local Security Rating
Password Frequent Low
Pattern Less-frequent Medium
PIN Less-frequent Medium
Fingerprint (Biometric) Seldom High
Face (Biometric) Never used High
[0074] Further, the dynamic authentication module 406 provides the data regarding the frequency of association of each of the authentication techniques 402 with the application 401 on the computing device 400 to a server. This enables the authentication module 403 stored on other computing devices to retrieve the data and determine a global security rating, as described below.
[0075] In a similar manner, the dynamic authentication module 406 determines a global security rating based on frequency of association of each of the authentication techniques 402 with the application 401 on other computing devices having the authentication application 403. As described above, the dynamic authentication module 406 access the server and obtains the frequency of association of each of the authentication techniques 402 with the application 401 on other computing devices. Based on such data, the dynamic authentication module 406 categorizes each of the authentication techniques 402 into plurality of groups based on number computing devices/users using a particular authentication technique for a particular application. In an example, the plurality of groups include most-number of users, less-number of users, seldom, and never used. Based on the categorization, the dynamic authentication module 406 determines the global security rating in accordance with predefined rules. In an example, global security rating is determined as low if the authentication technique is in the category of never used and global security rating is determined as high if the authentication technique is in the category of most number of users. Table 2 below illustrates an example of determining local security rating.
Table 2
Authentication Techniques Frequency of Association Global Security Rating
Password Most number of users High
Pattern Less number of users High
PIN Less number of users Medium
Fingerprint (Biometric) Seldom Medium
Face (Biometric) Never used Low
[0076] Upon determining the local security rating and the global security rating for each of the authentication techniques 402, the dynamic authentication module 406 provides the rating to the adaptive authentication module 407. The adaptive authentication module 407 then determines the security rating of the each of the authentication techniques 402 and selects an authentication technique having desired security rating according to the risk factors associated with the application 401.
[0077] Accordingly, the adaptive authentication module 407 analyses the local security rating and the global security rating for each of the authentication techniques 402 and selects one authentication technique based on predefined rules. In an example, the predefined rules include same security rating, better security rating, and user preference. According to same security rating, if both the local security rating and the global security rating of an authentication technique are same as desired for the application, then the authentication technique is selected for the application. In an example, a financial application has security level defined as High and both local security rating and global security rating of pattern authentication technique is determined as High, then the pattern authentication technique is selected for the financial application when the financial application is accessed.
[0078] Further, according to ‘better security rating’, an authentication technique having better security rating but not same as desired for the application is selected. In an example, a messaging application has security level defined as Medium. Further, the determined local security rating for PIN authentication technique is Medium and for password authentication technique is Medium. Similarly, the determined global security rating for PIN authentication technique is Low and for password authentication technique is Low. In such example, the authentication technique with at least High in local security rating and Medium in global security rating is selected.
[0079] Furthermore, according to user preference, if the authentication techniques are determined to have conflicting security ratings, the adaptive authentication module 407 provides a message to the user on the display unit of the computing device 400 requesting a preference of authentication techniques based on either local security rating or global security rating. In an example, the adaptive authentication module 407 provides a pop-up window requesting the selection. In another example, the authentication module 407 provides a push message requesting the selection. Based on the received selection, the adaptive authentication module 407 selects the authentication technique.
[0080] In a similar manner, as described with reference to dynamic security policy, upon receiving the selection of user-defined security policy, the dynamic authentication module 406 retrieves the preferences of authentication technique for the application 401 and provides the rating to the adaptive authentication module 407. Similarly, upon receiving the selection of pre-stored security policy, the dynamic authentication module 406 retrieves the security rating of each of the authentication techniques 402 and provides the rating to the adaptive authentication module 407. The adaptive authentication module 407 then determines the security rating of the each of the authentication techniques based on the predefined rules, as described above, and selects an authentication technique having desired security rating according to the risk factors associated with the application 401.
[0081] Further, in one embodiment, the dynamic authentication module 406 dynamically determining the security rating of each of the authentication techniques 402 based on a set of attributes upon receiving the selection of dynamic security policy. In such embodiment, the dynamic authentication module 406 employs a classification method. Accordingly, the set of attributes associated with each of the authentication techniques are retrieved from the memory. The set of attributes are obtained when the user specifies a response to a challenge presented by the authentication techniques, as described earlier. In one example, for password authentication technique, attributes include, but not limited to, frequency of usage of the password technique for applications, usage of both uppercase and lower case letters in response, usage of numbers in response, and usage of special characters in the response. In another example, for fingerprint authentication image, attributes include, but not limited to, true minutiae positions such as bifurcation and ridges, position of scars/cut marks on finger image, quality index such as wet and dry, and visibility index such as highly visible, medium visible, and less visible.
[0082] Thereafter, weights are assigned to the authentication techniques 402 based on the attributes. In an example, each of the attributes is assigned a weight based on predefined rules. Based on the assigned weights, a security rating is computed for each of the authentication technique 402 as High, Medium, and Low. In an example, a module such as classifier is trained that can analyse these weights as feature and compute a security rank for an authentication lock. In such example, the classifier is trained using tree kernels such as support vector machine (SVM), nearest neighbour (NN), and Decision Tree. Upon determining the security rating of each of the authentication techniques 402, the dynamic authentication module 406 provides the rating to the adaptive authentication module 407. The adaptive authentication module 407 then determines the security rating of the each of the authentication techniques based on the predefined rules, as described above, and selects an authentication technique having desired security rating according to the risk factors associated with the application 401.
[0083] Figure 7 illustrates an exemplary process 700 of determining the security rating of authentication techniques 701 using the classification method by the dynamic authentication module 406. Accordingly, dynamic authentication module 406 retrieves set of attributes 702 from the memory. The set of attributes 702 include attributes A1, A2,…AN. For each of the attributes in the set of attributes 702, the adaptive authentication module 407 assigns weights 703 such attribute A1 is assigned weight W1, attribute A2 is assigned weight W2, …and attribute AN is assigned weight WN. Based on the assigned weights, a classifier 704 computes a security rating 705 for the application 701 as High, Medium, and Low.
[0084] Table 3 below further illustrates an exemplary security rating determined by the dynamic authentication module 406 in accordance with the dynamic security policy, pre-stored security policy, and user-defined security policy.
Table 3
Authentication Techniques Security Rating Using Dynamic Security Policy Security Rating Using Pre-Stored Security Policy Security Rating Using User-Defined Security Policy
Pattern Low Medium Medium
Password Medium High Low
PIN High Medium to High Low
Fingerprint (Biometric) High Medium to High High
(False Accept = 0)
Face (Biometric) Low Low High
(False Accept = 0)
[0085] Upon selecting the authentication technique based on the security rating and the predefined rules, the adaptive authentication module 407 provides the selection to the lock management module 405 through the dynamic authentication module 406. Thereafter, the lock management module 405 associates the selected authentication technique with the application 401 being accessed.
[0086] Further, the lock management module 405 provides a user-interface of the selected authentication technique 401 to the user on a display unit (not shown in the figure) of the computing device 400. The user-interface presents a challenge to the user in accordance with the selected authentication technique. The user then provides a response to the challenge. The lock management module 405 receives the response and compares the received response with the stored response. If a positive match is obtained, the lock management module 405 enables access to the application. If a negative match is obtained, the lock management module 405 prevents access to the application. Thus, the authentication application 403 provides a dynamic authentication system to enable access to an application 401 on the computing device 400 by dynamically determining security rating of each of the authentication techniques 402 when the user accesses the application 401.
[0087] Further, the authentication application 403 dynamically switches the authentication technique 402, which has been currently associated with the application 401. In on embodiment, as described earlier, the lock management module 405 upon receiving the request to access the application 401, determines a security level of the application 401 based on the risk factors. Accordingly, the lock management module 405 retrieves parameters from the computing device 400 based on the risk factors. Examples of the parameters include, but not limited to, location of accessing the application 401 and time of accessing the application 401. In a first example, the user has defined a security level of a messaging application as High at location L1 and Low at Any other location, and password authentication technique is currently associated with the messaging application. In such example, the lock management module 405 retrieves a location of accessing the messaging application from computing device 400 and compares the determined location with the location L1. The location of accessing the messaging application can be retrieved using any know methods such as determining GPS position of the computing device 400. If the determined location is same as location L1, the security level is determined is High. If, on the other hand, the determined location is different as location L1, the security level may be determined as Low.
[0088] In a second example, the user has defined a security level of messaging application is High at time T2 and Low at Any other time, and password authentication technique is currently associated with the messaging application. In such example, the lock management module 405 retrieves a time of accessing the messaging application from the computing device 400 and compares the determined time with the time T2. The time of accessing the messaging application can be retrieved using any know methods. If the determined time is same as time T2, the security level is determined is High. If, on the other hand, the determined time is different as time T2, the security level may be determined as Low.
[0089] Upon determining the security level of the application 401 being accessed, the dynamic authentication module 406 and the authentication module 407 determine a security rating of each of the authentication techniques 402 and select an authentication technique based on the determined security level of the application 401, as described above. Thereafter, the lock management module 405 dissociates the currently associated authentication technique and associates the selected authentication technique with the application 401 being accessed. In the examples above, security rating of pattern authentication technique is determined as High and the security rating of currently associated password authentication technique is determined as Medium. Since the security level of the messaging application is determined as High, the password authentication technique is dissociated and the pattern authentication technique is associated.
[0090] Further, the lock management module 405 provides a user-interface of the selected authentication technique to the user on the display unit (not shown in the figure) of the computing device 400. In the examples above, user-interface corresponding to the pattern authentication technique is provided. Thus, the authentication application 403 provides a dynamic authentication system to enable access to an application on the computing device 400 by dynamically switching an authentication technique when the user accesses the application.
[0091] Furthermore, the authentication application 403 analyses a priority of applications while users are accessing the applications. When the user first access an application with security level defined as High and then access an application with security level defined as Low, the authentication application 403 dynamically selects an authentication technique as described above for the application with security level defined as High. However, the authentication application 403 selects an authentication technique as previously associated with the application with security level defined as Low. In an example, imaging application has security level defined as High and image viewing application has security level defined as Low. In such example, when the user accesses the imaging application, the authentication application 403 determines an appropriate authentication technique, as described above. If the user then accesses the image viewing application, the authentication application 403 provides a previously associated authentication technique.
[0092] Figure 8 illustrates an exemplary dynamic switching 800 between authentication techniques by the authentication application 403. Accordingly, user selects the authentication application 403 on a computing device 801, and provides risk factors 802 for each of the applications 803. The applications 803 correspond to the applications 602 and the risk factors 802 correspond to the risk factors 601 as described in reference to Figure 6. As described earlier, the user customization module 404 receives the risk factors 802 and stores in the memory of the computing device 400. Upon receiving a selection of one of the applications 803, the lock management module 405 determines a security level of the application 803 when the user accesses the application 803 and determines a security policy, as described earlier. Thereafter, the dynamic authentication module 406 determines a security rating of the authentication techniques 804, the adaptive authentication module 408 selects an authentication technique 804 based on the security level of the application 803, and the lock management module 405 associates the selected authentication technique 804 with the application 803. Numeral 805 in the figure represent the lock management module 405, dynamic authentication module 406, and the adaptive authentication module 408. Thus, as illustrated in the figure, the authentication application 403 selects biometric authentication technique 804-1 based on fingerprint for application 803-1, biometric authentication technique 804-2 based on face for application 803-2, pattern authentication technique 804-3 for application 803-3, PIN authentication technique 804-4 for application 803-4, and pattern authentication technique 804-3 for application 803-5, based on the risk factors 802 and security policy.
[0093] Although the user customization module 404, the lock management module 405, dynamic authentication module 406, and the adaptive authentication module 407 are provided as separate modules in the authentication application 405, in one embodiment, a single module performs the functions of all these modules.
[0094] Figure 9 illustrates an exemplary network environment 900 providing dynamic authentication system, in accordance with various embodiments of present invention.
[0095] In accordance with the invention, the network environment 900 includes a plurality of computing device 901-1, 901-2, 901-3, …901-N (hereinafter referred to as computing device 901 indicating one computing device and computing devices 901 indicating two or more computing devices). Examples of the computing device 901 include desktop, notebook, tablet, smart phone, and laptop. The computing device 901 further includes a plurality of authentication techniques (not shown in the figure), as described in reference Figure 4. The computing devices 901 are coupled with a server 902 over a network 903. Examples of the network 903 include wireless network and wired network. The computing devices 901 include a plurality of applications (not shown in the figure) and a plurality of authentication techniques (not shown in the figure), as described in reference to Figure 4.
[0096] Further, each of the computing devices 901 includes an authentication application 904 for providing a dynamic authentication system on each of the computing device 901. The computing devices 901 receive the authentication application 904 from the server 902 over the network 903. The authentication application 904 dynamically determines security rating of each of the plurality of authentication techniques available on the computing device 901 upon receiving a request to access an application on the computing devices 901. In one embodiment, the authentication application 904, as described in reference to Figure 4, determines dynamic security rating of each of the plurality of authentication techniques based on a frequency of association of each of the authentication techniques with an application and risk factors associated with the application. In an example, the authentication application 904 determines security rating of each of the plurality of authentication techniques based on a frequency of association of each of the authentication techniques with an application being accessed on computing device 901-1, and frequency of association of each of the authentication techniques with the application on other computing devices 901-2, 901-3, and 901-N.
[0097] In another embodiment, the authentication application 904, as described in reference to Figure 4, determines security rating of the each of the authentication techniques based on user-defined security policy. In yet another embodiment, the authentication application 904, as described in reference to Figure 4, determines security rating of the each of the authentication techniques based on pre-stored security policy. Upon determining the security rating of the each of the authentication techniques, the authentication application selects one authentication technique based on the determined security rating and associates the selected authentication technique with the application being accessed.
[0098] Upon dynamically determining the security rating for each of the authentication techniques, the authentication application 904 selects an authentication technique based on the determined security rating and associates the authentication technique with the application.
EXEMPLARY HARDWARE CONFIGURATION
[0099] Figure 10 illustrates a typical hardware configuration of a computing device 1000, which is representative of a hardware environment for implementing the present invention. As would be understood, the computing devices 300 and 400, as described above, include the hardware configuration as described below.
[00100] In a networked deployment, the computing device 1000 may operate in the capacity of a server or as a client user computer in a server-client user network environment, or as a peer computer system in a peer-to-peer (or distributed) network environment. The computing device 1000 can also be implemented as or incorporated into various devices, such as a personal computer (PC), a tablet PC, a personal digital assistant (PDA), a mobile device, a palmtop computer, a laptop, a desktop computer, and a communications device. Further, while a single computing device 1000 is illustrated, the term "system" shall also be taken to include any collection of systems or sub-systems that individually or jointly execute a set, or multiple sets, of instructions to perform one or more computer functions.
[00101] The computing device 1000 may include a processor 1001 e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both. The processor 1001 may be a component in a variety of systems. For example, the processor 1001 may be part of a standard personal computer or a workstation. The processor 1001 may be one or more general processors, digital signal processors, application specific integrated circuits, field programmable gate arrays, servers, networks, digital circuits, analog circuits, combinations thereof, or other now known or later developed devices for analysing and processing data. The processor 1801 may implement a software program, such as code generated manually (i.e., programmed).
[00102] The computing device 1000 may include a memory 1002 communicating with the processor 1001 via a bus 1003. The memory 1002 may be a main memory, a static memory, or a dynamic memory. The memory 1002 may include, but is not limited to computer readable storage media such as various types of volatile and non-volatile storage media, including but not limited to random access memory, read-only memory, programmable read-only memory, electrically programmable read-only memory, electrically erasable read-only memory, flash memory, magnetic tape or disk, optical media and the like. The memory 1002 may be an external storage device or database for storing data. Examples include a hard drive, compact disc ("CD"), digital video disc ("DVD"), memory card, memory stick, floppy disc, universal serial bus ("USB") memory device, or any other device operative to store data. The memory 1002 is operable to store instructions executable by the processor 1001. The functions, acts or tasks illustrated in the figures or described may be performed by the programmed processor 1001 executing the instructions stored in the memory 1002. The functions, acts or tasks are independent of the particular type of instructions set, storage media, processor or processing strategy and may be performed by software, hardware, integrated circuits, firm-ware, micro-code and the like, operating alone or in combination. Likewise, processing strategies may include multiprocessing, multitasking, parallel processing and the like.
[00103] The computing device 1000 may further include a display unit 1004, such as a liquid crystal display (LCD), an organic light emitting diode (OLED), a flat panel display, a solid state display, a cathode ray tube (CRT), or other now known or later developed display device for outputting determined information.
[00104] Additionally, the computing device 1000 may include an input device 1005 configured to allow a user to interact with any of the components of system 1000. The input device 1005 may be a number pad, a keyboard, a stylus, an electronic pen, or a cursor control device, such as a mouse, or a joystick, touch screen display, remote control or any other device operative to interact with the computing device 1000.
[00105] The computer system 1000 may also include a disk or optical drive unit 1006. The drive unit 1006 may include a computer-readable medium 1007 in which one or more sets of instructions 1008, e.g. software, can be embedded. In addition, the instructions 1008 may be separately stored in the processor 1001 and the memory 1002.
[00106] The computing system 1000 may further be in communication with other device over a network 1009 to communicate voice, video, audio, images, or any other data over the network 1009. Further, the data and/or the instructions 1008 may be transmitted or received over the network 1009 via a communication port or interface 1010 or using the bus 1003. The communication port or interface 1010 may be a part of the processor 1001 or may be a separate component. The communication port 1010 may be created in software or may be a physical connection in hardware. The communication port 1010 may be configured to connect with the network 1009, external media, the display 1004, or any other components in system 1000 or combinations thereof. The connection with the network 1009 may be a physical connection, such as a wired Ethernet connection or may be established wirelessly as discussed later. Likewise, the additional connections with other components of the system 1000 may be physical connections or may be established wirelessly. The network 1009 may alternatively be directly connected to the bus 1003.
[00107] The network 1009 may include wired networks, wireless networks, Ethernet AVB networks, or combinations thereof. The wireless network may be a cellular telephone network, an 802.11, 802.16, 802.20, 802.1Q or WiMax network. Further, the network 1009 may be a public network, such as the Internet, a private network, such as an intranet, or combinations thereof, and may utilize a variety of networking protocols now available or later developed including, but not limited to TCP/IP based networking protocols.
[00108] In an alternative example, dedicated hardware implementations, such as application specific integrated circuits, programmable logic arrays and other hardware devices, can be constructed to implement various parts of the computing system 1000.
[00109] Applications that may include the systems can broadly include a variety of electronic and computer systems. One or more examples described may implement functions using two or more specific interconnected hardware modules or devices with related control and data signals that can be communicated between and through the modules, or as portions of an application-specific integrated circuit. Accordingly, the present system encompasses software, firmware, and hardware implementations.
[00110] The computing system 1000 may be implemented by software programs executable by the processor 1001. Further, in a non-limited example, implementations can include distributed processing, component/object distributed processing, and parallel processing. Alternatively, virtual computer system processing can be constructed to implement various parts of the system.
[00111] The computing system 1000 is not limited to operation with any particular standards and protocols. For example, standards for Internet and other packet switched network transmission (e.g., TCP/IP, UDP/IP, HTML, HTTP) may be used. Such standards are periodically superseded by faster or more efficient equivalents having essentially the same functions. Accordingly, replacement standards and protocols having the same or similar functions as those disclosed are considered equivalents thereof.
[00112] The drawings and the forgoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, orders of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples. Numerous variations, whether explicitly given in the specification or not, such as differences in structure, dimension, and use of material, are possible. The scope of embodiments is at least as broad as given by the following claims.
[00113] While certain present preferred embodiments of the invention have been illustrated and described herein, it is to be understood that the invention is not limited thereto. Clearly, the invention may be otherwise variously embodied, and practiced within the scope of the following claims.

CLIAMS:We Claim:
1.A method for authenticating a user to access an application on a computing device, said method comprising:
-receiving a request to access the application from a user;
-retrieving a plurality of authentication techniques available on the computing device from a memory;
-dynamically determining a security rating corresponding to the plurality of authentication techniques based on one or more risk factors associated with the application;
-selecting an authentication technique from amongst the plurality of authentication techniques based on the security rating determined thereof; and
-associating the authentication technique with the application to authenticate the user.
2.The method as claimed in claim 1, wherein the one or more risk factors are received from the user through an authentication application and stored in the memory, the authentication application being different from the application.
3.The method as claimed in claim 2, wherein the plurality of authentication techniques and the application are associated with the authentication application by the user.
4.The method as claimed in claim 1, wherein the one or more risk factors include one or more of security level of the application, usage category of the application, location of accessing the application, time of accessing the application, and combinations thereof.
5.The method as claimed in claim 1, wherein dynamically determining the security rating further comprises:
-selecting a security policy for determining the security rating based on the one or more risk factors and one or more policy rules, the security policy being selected from a group comprising of: dynamic security policy, user-defined security policy, and pre-stored security policy; and
-determining the security rating based on the selected security policy.
6.The method as claimed in claim 5, wherein the one or more policy rules are defined by the user through an authentication application and stored in the memory, the authentication application being different from the application.
7.The method as claimed in claim 5, wherein the one or more policy rules are indicative of preferences defined by the user for selecting the security policy.
8.The method as claimed in claim 5, wherein determining the security rating based on the dynamic security policy further comprises:
-determining a local security rating based on a frequency of associating one or more of the plurality of authentication techniques with the application on the computing device;
-determining a global security rating based on a frequency of associating one or more of the plurality of authentication techniques with the application on a plurality of computing devices, the plurality of computing devices excluding the computing device; and
-determining the security rating for the plurality of authentication techniques based on the local security rating determined thereof, the global security rating determined thereof, and a plurality of security rules.
9.The method as claimed in claim 5, wherein determining the security rating based on the user-defined security policy further comprises determining the security rating based on a preference of one or more authentication techniques defined by the user for the application.
10.The method as claimed in claim 5, wherein determining the security rating based on the pre-stored security policy further comprises determining the security rating based on a pre-stored security rating corresponding to the plurality of authentication techniques in the computing device.
11.The method as claimed in claim 1 further comprises providing a user-interface corresponding to the associated authentication technique, wherein the user-interface presents a challenge to the user.
12.The method as claimed in claim 11 further comprises:
-receiving a response from the user on the user-interface in response to the challenge;
-comparing the received response with a stored response associated with the authentication technique; and
-enabling access to the application when the received response matches with the stored response.

13.the method as claimed in claim 12, wherein the stored response associated with the authentication technique is predefined by the user and stored in the memory.

14.The method as claimed in claim 1, wherein plurality of authentication techniques is one of: a one-step authentication technique and a two-step authentication technique.

15.The method as claimed in claim 1, wherein one or metrics associated with one or more authentication techniques from amongst plurality of authentication techniques is defined by the user and stored in the memory.

16.A method for dynamically switching an authentication technique currently associated with an application running on a computing device, said method comprising:
-receiving a request to access the application from a user;
-retrieving parameters currently associated with the application from the computing device;
-determining a security level defined for the application based on the parameters thus retrieved;
-retrieving a plurality of authentication techniques available on the computing device from a memory;
-dynamically determining a security rating corresponding to the plurality of authentication techniques based the security level of the application;
-selecting an authentication technique from amongst the plurality of authentication techniques based on the security rating determined thereof;
-disassociating the authentication technique currently associated with the application; and
-associating the selected authentication technique with the application to authenticate the user.
17.The method as claimed in claim 16, wherein the parameters are based on one or more risk factors associated with the application.
18.The method as claimed in claim 17, wherein the one or more risk factors include one or more of security level of the application, usage category of the application, location of accessing the application, time of accessing the application, and combinations thereof.
19.The method as claimed in claim 17, wherein the one or more risk factors are received from the user through an authentication application and stored in the memory, the authentication application being different from the application.
20.A computing device for authenticating a user to access an application through the computing device, said computing device comprising:
-request receiving unit to receive a request to access the application from a user;
-a processor coupled to the request receiving unit to retrieve a plurality of authentication techniques from a memory coupled to the computing device; and
-a rating determination unit coupled to the processor to:
-dynamically determine a security rating corresponding to the plurality of authentication techniques based on one or more risk factors associated with the application;
-select an authentication technique from amongst the plurality of authentication techniques based on said one or more risk factors and the security rank determined thereof; and
-associate the selected authentication technique with the application to authenticate the user.
21.A computing device for dynamically switching an authentication technique currently associated with an application, said method comprising:
-request receiving unit to receive a request to access the application on the computing device from a user;
-a processor coupled to the request receiving unit to:
-obtain parameters currently associated with the application;
-determine a security level defined for the application based on the parameters thus retrieved; and
-retrieve a plurality of authentication techniques from a memory coupled to the computing device; and
-a rating determination unit coupled to the processor to:
-dynamically determine a security rating corresponding to the plurality of authentication techniques based the security level of the application;
-select an authentication technique from amongst the plurality of authentication techniques based on the security rating determined thereof;
-disassociate the authentication technique currently associated with the application; and
-associate the selected authentication technique with the application to authenticate the user.

Documents

Application Documents

# Name Date
1 1947-DEL-2015-IntimationOfGrant26-04-2022.pdf 2022-04-26
1 Specification.pdf 2015-06-30
2 1947-DEL-2015-PatentCertificate26-04-2022.pdf 2022-04-26
2 FORM-5.pdf 2015-06-30
3 FORM 3.pdf 2015-06-30
3 1947-DEL-2015-CLAIMS [02-05-2020(online)].pdf 2020-05-02
4 Form 26..pdf 2015-06-30
4 1947-DEL-2015-DRAWING [02-05-2020(online)].pdf 2020-05-02
5 Drawings.pdf 2015-06-30
5 1947-DEL-2015-FER_SER_REPLY [02-05-2020(online)].pdf 2020-05-02
6 1947-del-2015-Form-1-(06-07-2015).pdf 2015-07-06
6 1947-DEL-2015-FER.pdf 2019-10-31
7 1947-DEL-2015-Correspondence-101019.pdf 2019-10-14
7 1947-del-2015-Correspondence Others-(06-07-2015).pdf 2015-07-06
8 1947-DEL-2015-PA [18-09-2019(online)].pdf 2019-09-18
8 1947-DEL-2015-OTHERS-101019.pdf 2019-10-14
9 1947-DEL-2015-8(i)-Substitution-Change Of Applicant - Form 6 [18-09-2019(online)].pdf 2019-09-18
9 1947-DEL-2015-ASSIGNMENT DOCUMENTS [18-09-2019(online)].pdf 2019-09-18
10 1947-DEL-2015-8(i)-Substitution-Change Of Applicant - Form 6 [18-09-2019(online)].pdf 2019-09-18
10 1947-DEL-2015-ASSIGNMENT DOCUMENTS [18-09-2019(online)].pdf 2019-09-18
11 1947-DEL-2015-OTHERS-101019.pdf 2019-10-14
11 1947-DEL-2015-PA [18-09-2019(online)].pdf 2019-09-18
12 1947-del-2015-Correspondence Others-(06-07-2015).pdf 2015-07-06
12 1947-DEL-2015-Correspondence-101019.pdf 2019-10-14
13 1947-DEL-2015-FER.pdf 2019-10-31
13 1947-del-2015-Form-1-(06-07-2015).pdf 2015-07-06
14 1947-DEL-2015-FER_SER_REPLY [02-05-2020(online)].pdf 2020-05-02
14 Drawings.pdf 2015-06-30
15 1947-DEL-2015-DRAWING [02-05-2020(online)].pdf 2020-05-02
15 Form 26..pdf 2015-06-30
16 1947-DEL-2015-CLAIMS [02-05-2020(online)].pdf 2020-05-02
16 FORM 3.pdf 2015-06-30
17 1947-DEL-2015-PatentCertificate26-04-2022.pdf 2022-04-26
17 FORM-5.pdf 2015-06-30
18 Specification.pdf 2015-06-30
18 1947-DEL-2015-IntimationOfGrant26-04-2022.pdf 2022-04-26

Search Strategy

1 searchstrategy_30-10-2019.pdf

ERegister / Renewals

3rd: 03 Jun 2022

From 29/06/2017 - To 29/06/2018

4th: 03 Jun 2022

From 29/06/2018 - To 29/06/2019

5th: 03 Jun 2022

From 29/06/2019 - To 29/06/2020

6th: 03 Jun 2022

From 29/06/2020 - To 29/06/2021

7th: 03 Jun 2022

From 29/06/2021 - To 29/06/2022

8th: 03 Jun 2022

From 29/06/2022 - To 29/06/2023

9th: 26 Jun 2023

From 29/06/2023 - To 29/06/2024

10th: 26 Jun 2024

From 29/06/2024 - To 29/06/2025

11th: 28 Jun 2025

From 29/06/2025 - To 29/06/2026