Login and password protected access to systems and devices is well-known in a number of different environments. For example, devices that require a user to input or otherwise provide alphanumeric characters for identification have been used for some time. Additionally, devices such as building security systems that require some form of biometric identification to permit access also exist. But these devices act in isolation and not in concert. As communication evolves, the number of networked devices is slowly increasing. It would be desirable to leverage this network of devices in new and convenient ways. In other words, it would be desirable to utilize networked devices without repeated authentication at each device, while also diminishing the possibility of identity theft.
A more specific need exists with regards to the close tie of security models to an access point. It would be desirable to increase the scope of security models to cover an entire network including specific devices on the network. For example, current security systems only allow access from the single access point where the user provided their system identification. When a user logs in to a network at a computer terminal, they can only perform functions relating to or on that network at the single terminal. They would otherwise have to re-identify themselves at other terminals or devices to gain access to those terminals or devices. While this may seem logical in most environments, it is particularly cumbersome in a setting such as a home. When a user is granted access into the home on the basis of some authentication at the door, the user should not have to further identify themselves to other commonly shared, secure and networked devices within the home, such as a personal computer. The home should ‘know’ that the user is present and thus provide access to a limited set of functions, features and applications on the personal computer on the basis of that knowledge.
An even further need exists with regards to security models that treat all logins or system identification the same. That is, current security models assign equal levels of surety to all logins, regardless of the location, the method of identification or elapsed time since the authentication of a user. To the extent that there are numerous ways of logging into or otherwise identifying an individual to a system, these variations should be recognized and at least factored in by secure systems. Systems should account for the fact that each of the login methods provide differing certainty. In other words, some login methods are more susceptible to identity fraud and thus should not be accorded the same authentication surety as others. Furthermore, after a user has logged into a network system such as the home, the system should account for the possibility that as time passes, the user may have left the building or the immediate vicinity of the last authentication. As such, the system needs to be able to diminish the level of surety associated with an authentication as time elapses.
In light of the foregoing, there exists a need to provide a system and method that could enable different levels of security to be associated with a user's method of identification to a system. Furthermore, there exists a need for a system and method to diminish security access to system components or options, as a function of both time and the mode of user identification to the system. In other words, there exists a need for a system and method where a user's access to devices, and applications or certain properties of those devices, is determined by the degree of certainty or surety the system has that the user is who they claim to be. Furthermore, these access rights should not remain indefinitely, but vary over an appropriate duration of time.