The original sin of authentication is the one-time check: you prove who you are at the door, and the system trusts you for the rest of the session. Stolen sessions, hijacked tokens, and insider misuse all exploit that single point of trust. Continuous authentication refuses it — it keeps asking, quietly, whether you are still you.
Acceptto Corporation's US10951606B1, “Continuous authentication through orchestration and risk calculation post-authorization system and method” (issued March 16, 2021; CPC H04L 63/0815 — single sign-on, and H04L 63/0807 — token-based access), describes calculating risk after authorization and orchestrating a response when that risk shifts. Read it at US10951606B1.
Mechanically, the system maintains a live risk score from behavioral and contextual signals — location, device, timing, patterns — and the orchestration layer can step up the challenge (re-authenticate, restrict, block) when the score crosses a threshold mid-session. The “post-authorization” framing in the claim is the whole point: the risk math does not stop at login.
Why this is a business story: Acceptto was acquired by Secureworks in 2021, and continuous, risk-based authentication is now table stakes in the identity stack that Okta, Microsoft, and Ping all compete on. The recurring risk calculation is also a recurring-revenue mechanism — it is a service that runs forever, not a gate you pass once. That is why this IP traded as part of a deal rather than sitting idle.
The grounded read: continuous authentication turns identity from a gate into a meter, recalculating trust throughout the session. Acceptto's 2021 grant names the post-authorization risk-and-orchestration loop that makes “never trust, always verify” operational rather than slogan.