US 11,657,174 B2
Dynamic multi-factor authentication
Joseph H. Levy, Farmington, UT (US); Andrew J. Thomas, Oxfordshire (GB); Daniel Salvatore Schiappa, Bedford, NH (US); and Kenneth D. Ray, Seattle, WA (US)
Assigned to Sophos Limited, Abingdon (GB)
Filed by Sophos Limited, Abingdon (GB)
Filed on Jun. 24, 2021, as Appl. No. 17/356,902.
Application 17/356,902 is a continuation of application No. 16/383,421, filed on Apr. 12, 2019, granted, now 11,068,615.
Claims priority of provisional application 62/657,542, filed on Apr. 13, 2018.
Claims priority of provisional application 62/659,031, filed on Apr. 17, 2018.
Claims priority of provisional application 62/744,956, filed on Oct. 12, 2018.
Prior Publication US 2021/0326467 A1, Oct. 21, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); H04L 9/40 (2022.01); G06N 20/00 (2019.01); G06F 16/93 (2019.01); G06F 16/28 (2019.01); G06F 16/13 (2019.01); G06F 21/64 (2013.01); H04L 9/32 (2006.01); H04L 41/00 (2022.01); H04L 41/22 (2022.01)
CPC G06F 21/6218 (2013.01) [G06F 16/137 (2019.01); G06F 16/285 (2019.01); G06F 16/93 (2019.01); G06F 21/64 (2013.01); G06N 20/00 (2019.01); H04L 9/3265 (2013.01); H04L 41/20 (2013.01); H04L 41/22 (2013.01); H04L 63/08 (2013.01); H04L 63/0838 (2013.01); H04L 63/101 (2013.01); H04L 63/102 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01); H04L 63/205 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
receiving a request for a remote resource from a compute instance in an enterprise network, the remote resource requiring authentication;
calculating a risk score for the compute instance based on a risk assessment for the compute instance by a local security agent executing on the compute instance;
selecting an authentication model from a number of authentication models for the remote resource, the authentication model specifying one or more requirements for authentication to the remote resource, wherein selecting the authentication model is dependent on the risk score for the compute instance;
authenticating the request by the compute instance for the remote resource to establish an authenticated session according to the authentication model;
updating the risk score for the compute instance; and
based on the updated risk score for the compute instance, deauthenticating the authenticated session and selecting a new authentication model from the number of authentication models for the remote resource.