Browse Prior Art Database

Method and system to login to system using a preference wallet based on risk

IP.com Disclosure Number: IPCOM000239684D
Publication Date: 2014-Nov-25
Document File: 4 page(s) / 42K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is related to a method and system to login to system using a preference wallet based on risk.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 30% of the total text.

Page 01 of 4

Method and system to login to system using a preference wallet based on risk

The internet today provides various services through websites and applications that run on different devices. The services can be accessed after authenticating to an identity provider. Most services provide multiple options for authentication by allowing the user to choose from a variety of identity providers. The users tend to have multiple accounts across these different identity providers. The user might not want to use a certain account for a certain service because of concerns such as privacy, spam, etc.

The way user handles this concern is by judging a service with the help of software notifications such as browser and anti-virus/malware and intuition.

This invention proposes a method and system to help user access service automatically based on:
• Risk Engine that uses reputation service and privacy loss calculation
• Preference wallet that stores credentials based on certain priority
• Automated selection or creation and injection of credentials to access the service

The solution currently used by people is to have multiple accounts and use one of their lest preferred accounts while accessing the service. The loss of data and privacy is minimum. But, creating and maintain such accounts can be tedious. There are patents and publications around this area such as : www.google.com/patents/US8504649 https://www.google.com/patents/US20130124644
In the invention we suggest using an agent to login automatically and using reputation service. These are existing systems and we do not propose these as a part of the invention.
http://www.siteadvisor.com/webmasters/index.html http://www-03.ibm.com/software/products/en/access-mgr-esso/

This idea proposes a system of automatically access services without worrying about the risk associated with the service provider.

The advantages of this solution:
1) Identifying and mitigating risk associated with accessing a service from a users point of view.

2) Ability to decide which credentials are important and need to be more secure.

3) Allowing the system to automatically login or create a new credential on the fly to access the service.

Let us understand the system through an example and use case flows.

User A works in a software security division of a large multinational firm. The user understands the implications of security because he/she works in a security firm. User A wants to access a research firm's website. Ex: www.kuppingercole.com . The site allows you to access material after logging in using an existing account at the site, Facebook login or google account login. Additionally, it provides an option of creating a new account at the site. User A chooses his/her google account to login as the site is trustworthy.

Now, User A accesses a site with bad reputation. Ex: kat.ph. The site allows you to

1


Page 02 of 4

access material after logging in using an existing account at the site, Facebook login or google acco...