Browse Prior Art Database

Risk based access for electronic mail

IP.com Disclosure Number: IPCOM000234624D
Publication Date: 2014-Jan-23
Document File: 2 page(s) / 59K

Publishing Venue

The IP.com Prior Art Database

Abstract

All email messages do not share equivalent importance or contribute to threats from identity theft through to data loss. This article describes a solution for providing risk based access to email, with a security policy incorporating metadata about the mail messages, and making use of a plurality of authentication schemes with which to identify the user with an appropriate balance of risk management and user convenience.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Risk based access for electronic mail

The end user 's sensitivity to exposure of received email messages may be derived from the body of the email itself , whether it be aimed at leading the user to external systems via embedded hyperlinks , or simply that the message itself contains sensitive information . An example of this would be a message sent from an online application in response to the "I forgot my password " flow provided at in the login screen of an online site .

Because the end user 's email address was established at user registration time with the application , the embedded hyperlink may grant access to the online application and ultimately the user 's access and profile data located at that site . Often, the target of identity theft attacks would be to take control over a person 's email account , and then initiate password reset operations at the user 's registered sites . Making the problem worse is that the user 's email account will typically contain legitimate emails from systems (e.g. social networking site , bank) that the user is registered at .

Without a stronger method of validating identity before showing sensitive email contents to the end user , an intruder has the ability to take control of many of the user 's accounts.

The diagram below illustrates the architecture of a system implementing a proposed solution to the problem described above . The integration of a risk -based access system with the email service is central to the novelty .

Email Service is an existing capability , already providing access through a number of interfaces. For example , it may offer a web based interface via a web browser , as well as access from mobile devices via proprietary protocols or RESTful interfaces . The Email Service is modified in this invention to integrate with a Risk Based Access System .

Risk Based Access System is an existing capability . It is ideally a policy driven system that controls the combinations of devices and authentication mechanisms required to access particular resources .

1



Page 02 of 2

Authenticator (

(s

          ss)) describe a set of technical capabilities for validating the identity of a user and the context from which they are accessing the Email Service . That context could be the location , the client device and software environment . An Authenticator may be the well known username /password, or something more sophisticated such as a time based or single use token . The invention is intended t...