Security is a pervasive issue with network transactions. Increasingly, intruders are finding ways to avoid new security techniques. Moreover, in some industries security techniques may be strongly regulated by the government. For example in the online financial and banking industries, transactions may have to achieve a certain degree of regulatory compliance in order to ensure that money is not stolen during those transactions.
Additionally from a privacy perspective, increased security can also potentially expose consumers to profiling, identity theft, etc. Generally, enterprises are concerned with authenticating a user for access to their assets. But, users may also desire to know that the enterprises in which they are interacting with are legitimate and have installed proper privacy safeguards.
In most cases, once a user is authenticated for access, and the user is satisfied that he/she is interacting with a legitimate enterprise, the access rights and permissions for enterprise assets are set for an entire user session. However, this does not adequately account for changing circumstances, which may warrant a desire on the part of the enterprise to restrict access even further and even beyond what was initially established for the session.
Accordingly, improved techniques for dynamic security enforcement are needed.