| CPC H04L 63/08 (2013.01) [H04L 63/0876 (2013.01); H04L 63/108 (2013.01); H04L 63/123 (2013.01); H04L 67/141 (2013.01); H04L 67/142 (2013.01)] | 15 Claims |
|
1. A method adjusting a duration of a user device session, the method comprising:
determining that a user account performed an authentication method that provides the user account with access to a secure resource;
determining a baseline period of time of a secure session during which the user account is authorized to access the secure resource;
establishing a first secure session on behalf of a user device associated with the user account, wherein the first secure session is established for the baseline period of time;
determining a posture associated with the user device;
learning a behavior history of the user account associated with the user device;
while the first secure session is established and prior to a reauthentication, decreasing, based at least in part on the posture indicating a deviation in behavior of the user account from the behavior history, the baseline period of time to a modified period of time during which the user account is authorized to access the secure resource, the modified period of time being shorter than the baseline period of time;
during the modified period of time:
receiving, from a user device associated with the user account, a request to access the secure resource;
accessing the secure resource during the modified period of time on behalf of the user account based at least in part on the request;
based at least in part on an end of the modified period of time:
restricting the user device associated with the user account from accessing the secure resource; and
requiring the user account to re-authenticate.
|