| CPC G06Q 20/40 (2013.01) [G06F 21/32 (2013.01); G06F 21/35 (2013.01); G06F 21/606 (2013.01); G06F 21/6263 (2013.01); G06Q 20/123 (2013.01); G06Q 20/382 (2013.01); G06Q 20/4012 (2013.01); G06Q 20/40145 (2013.01); G06Q 20/4016 (2013.01); G06Q 20/405 (2013.01); G06Q 20/409 (2013.01); G06Q 20/425 (2013.01); G06Q 30/06 (2013.01); G06Q 30/0601 (2013.01); G06Q 30/0613 (2013.01); G06Q 40/00 (2013.01)] | 58 Claims |
|
1. A non-transitory computer readable storage medium storing instructions that, when executed by one or more processors, configure one or more executing processors to:
receive a request from a requesting user identified in conjunction with the request, for utilization of a software program for which an identity validation rule set has been designated as a requirement for use, wherein the rule set includes a plurality of verification steps based on one or more characteristics, determinable by the one or more processors pursuant to the instructions, and designated for use in a validation analysis, the one or more characteristics including at least one of a device-identifier associated with a device from which the request originated, an IP address from which the request originated, or a geographic location from which the request originated,
perform the validation analysis, including the plurality of verification steps a according to the rule set, to determine whether at least one multi-factor authentication (MFA) action associated with at least one of the verification steps is required, based on results of one or more combinations of determinations, the combinations defined by respective ones of the verification steps and based at least in part on the characteristics,
wherein the one or more combinations of determinations include at least one determination of a plurality of determinations that the instructions configure the one or more processors to make, the plurality of determinations including:
determination of whether the device-identifier corresponds to one or more device identifiers defined for the requesting user based on at least one prior request from the requesting user,
determination of whether the IP address corresponds to one or more IP addresses defined for the requesting user, the one or more IP addresses based at least in part on the at least one prior request from the requesting user,
determination of whether the geographic location corresponds to one or more permissible geographic locations, wherein the instructions configure the one or more executing processors to utilize the IP address to determine the geographic location,
determination of risk associated with the IP address based on comparison of the IP address to one or more IP addresses having a designation of risk associated therewith, and
determination of whether an aspect of the request indicates that a proxy server may have been used in routing the request, and
wherein a first verification step of the verification steps defines at least one first condition, for requiring at least a first MFA action, as a function of first results of analysis of the one or more first ones of the combinations of determinations defined by the first verification step, the at least one first condition based at least in part on first present values for first ones of the characteristics associated with the first ones of the combinations matching first expected values defined for the first ones of the characteristics in conjunction with the first verification step,
wherein a second verification step of the verification steps defines at least one second condition, for requiring at least a second MFA action, as a function of second results of analysis of one or more second one of the combinations of determinations defined by the second verification step, the at least one second condition based at least in part on second present values for second ones of the characteristics associated with the second ones of the combinations not matching second expected values defined for the second ones of the characteristics in conjunction with the second verification step, and
wherein a third verification step of the verification steps defines at least one third condition for fulfilment of the request, in the absence of any MFA action, as a function of third results of analysis of one or more third ones of the combinations of determinations defined by the at least the third of the verification step, the third condition based on third present values for third ones of the characteristics associated with the third ones of the combinations matching expected values defined for the third ones of the characteristics in conjunction with the third verification step;
instruct, responsive to the at least one first or second condition being met for at least one of the respective first or second verification steps, the requesting user to undertake the at least one respective first or second MFA actions defined for the at least one of the first or second verification steps for which the at least one first or second condition was respectively met;
receive one or more MFA results of the at least one respective first or second MFA actions having been undertaken; and
fulfil the request for the software program, responsive to the MFA results indicating successful authentication.
|