Unsecured asset detection via correlated authentication anomalies

Assignee

• International Business Machines Corporation · US

Inventors

• John William Court · Gold Coast, AU
• Simon Gilbert Canning · Gold Coast, AU
• Simon Gee · Forsayth, AU
• Shane Bradley Weeden · Paradise Point, AU

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1466
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method, apparatus and computer program product for detecting that a computing device may not be secure based on inconsistent identity associations identified during Federated Single Sign-On (F-SSO). A detection proxy detects when a user with a particular session is accessing an identity provider (IdP) that is associated with an account that is not the current user's account. When a user performs a login to an F-SSO-enabled IdP, the proxy performs an F-SSO, and the results are compared with known aliases for that particular federation partner. If an anomaly is detected (e.g., the in-line device sees that a user logs into a web site as someone else), a workflow is initiated to perform a given action, such as blocking access, issuing an alert, or the like.