Embodiments of the invention are directed to methods of providing different levels of security based on data sensitivity.
Mobile devices increasingly store highly sensitive data. Typically, access permissions are defined statically, such that access to any data requires the same type of authentication. One example of this is a lock screen on a mobile phone. Access to data on the mobile phone is controlled by the lock screen and, once unlocked, all data on the phone is typically accessible without additional authentication. Additionally, application-centric authentication can be used to control access to some data that is relevant to a particular application. For example, s mobile banking application may require an authentication step before access is granted to the mobile banking application.
Application-centric and other coarse-grained security services make no attempts to distinguish between high sensitivity data and low sensitivity data, and instead apply one-size-fits-all security policies to data requests. Such security services are unable to adapt to provide different levels of security based on the sensitivity of data to protect against the unauthorized access of sensitive data.
Embodiments of the invention address these and other problems, individually and collectively.