US 11,985,128 B2
Device step-up authentication system
Jacob Thomas Covell, New York, NY (US); Thomas Jefferson Sandridge, Tampa, FL (US); Alvin Zhang, Somerville, MA (US); and Robert Huntington Grant, Marietta, GA (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Aug. 19, 2021, as Appl. No. 17/406,439.
Prior Publication US 2023/0058138 A1, Feb. 23, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0876 (2013.01) [H04L 63/0272 (2013.01); H04L 63/0815 (2013.01); H04L 63/083 (2013.01); H04L 63/0861 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
monitoring user activity for one or more user interactions performed while connected to a Virtual Private Network (VPN);
generating a user impact score that measures potential impact if credentials of the user maintained access to the VPN by assigning weighted values to the user's access to sensitive information, the user's communication patterns demonstrating access to management, the user's decision making ability, transactions of the user, and system admin capabilities of the user;
determining a respective user interaction of the one or more user interactions deviates from established user interactions based on location of the user, times the user accesses the VPN, and biometrics of the user;
assigning each interaction of the user a weighted score that represents a real time risk of impact based on the actions performed; and
in response to the generated user impact score and weighted score that represents the real time risk of impact based on the actions performed exceeding a threshold level of risk authenticating the user's identity before allowing an action to perform the respective user interaction via random selection of an authentication measure; and
in response to a failed reauthentication of the user's identity, terminating connection to the VPN.