Browse Prior Art Database

Risk based access for electronic mail Disclosure Number: IPCOM000234624D
Publication Date: 2014-Jan-23
Document File: 2 page(s) / 59K

Publishing Venue

The Prior Art Database


All email messages do not share equivalent importance or contribute to threats from identity theft through to data loss. This article describes a solution for providing risk based access to email, with a security policy incorporating metadata about the mail messages, and making use of a plurality of authentication schemes with which to identify the user with an appropriate balance of risk management and user convenience.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Risk based access for electronic mail

The end user 's sensitivity to exposure of received email messages may be derived from the body of the email itself , whether it be aimed at leading the user to external systems via embedded hyperlinks , or simply that the message itself contains sensitive information . An example of this would be a message sent from an online application in response to the "I forgot my password " flow provided at in the login screen of an online site .

Because the end user 's email address was established at user registration time with the application , the embedded hyperlink may grant access to the online application and ultimately the user 's access and profile data located at that site . Often, the target of identity theft attacks would be to take control over a person 's email account , and then initiate password reset operations at the user 's registered sites . Making the problem worse is that the user 's email account will typically contain legitimate emails from systems (e.g. social networking site , bank) that the user is registered at .

Without a stronger method of validating identity before showing sensitive email contents to the end user , an intruder has the ability to take control of many of the user 's accounts.

The diagram below illustrates the architecture of a system implementing a proposed solution to the problem described above . The integration of a risk -based access system with the email service is central to the novelty .

Email Service is an existing capability , already providing access through a number of interfaces. For example , it may offer a web based interface via a web browser , as well as access from mobile devices via proprietary protocols or RESTful interfaces . The Email Service is modified in this invention to integrate with a Risk Based Access System .

Risk Based Access System is an existing capability . It is ideally a policy driven system that controls the combinations of devices and authentication mechanisms required to access particular resources .


Page 02 of 2

Authenticator (


          ss)) describe a set of technical capabilities for validating the identity of a user and the context from which they are accessing the Email Service . That context could be the location , the client device and software environment . An Authenticator may be the well known username /password, or something more sophisticated such as a time based or single use token . The invention is intended t...