Personalized inferred authentication for virtual assistance

US 10,187,394 B2
Filed: 03/31/2016
Issued: 01/22/2019
Est. Priority Date: 03/31/2016
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising a computer memory and a computer processor that is configured to allow a personal digital assistant to control access to secure computing resources based on a measure of legitimacy for a current user, the computing device comprising:

the personal digital assistant that is a computer program stored on the computer memory having computer instructions that when executed by the computer processor cause the personal digital assistant to;

monitor ongoing user-related activity for a user associated with a current user-session on the computing device;

determine an authentication confidence score for the user associated with the current user-session on the computing device, the authentication confidence score determined based on a comparison of information from the monitored ongoing user-related activity and a persona model corresponding to a legitimate user associated with the computing device, wherein the persona model comprises activity patterns of the legitimate user, and wherein the authentication confidence score is determined from the monitored ongoing user-related activity and the persona model by an application or service to be used when the current user attempts to access secure data, applications, or services;

receive an indication of a request to access a first secure computing resource from a set of secure computing resources;

if the determined authentication confidence score indicates the current user is likely the legitimate user, then granting access to the first secure computing resource; and

if the determined authentication confidence score does not indicate that the current user is likely to be the legitimate user, then restricting access to the set of secure computing resources,wherein the persona model is determined from user-related activity information of the legitimate user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.

Citations

20 Claims

1. A computing device comprising a computer memory and a computer processor that is configured to allow a personal digital assistant to control access to secure computing resources based on a measure of legitimacy for a current user, the computing device comprising:
- the personal digital assistant that is a computer program stored on the computer memory having computer instructions that when executed by the computer processor cause the personal digital assistant to;
  
  monitor ongoing user-related activity for a user associated with a current user-session on the computing device;
  
  determine an authentication confidence score for the user associated with the current user-session on the computing device, the authentication confidence score determined based on a comparison of information from the monitored ongoing user-related activity and a persona model corresponding to a legitimate user associated with the computing device, wherein the persona model comprises activity patterns of the legitimate user, and wherein the authentication confidence score is determined from the monitored ongoing user-related activity and the persona model by an application or service to be used when the current user attempts to access secure data, applications, or services;
  
  receive an indication of a request to access a first secure computing resource from a set of secure computing resources;
  
  if the determined authentication confidence score indicates the current user is likely the legitimate user, then granting access to the first secure computing resource; and
  
  if the determined authentication confidence score does not indicate that the current user is likely to be the legitimate user, then restricting access to the set of secure computing resources,wherein the persona model is determined from user-related activity information of the legitimate user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computing device of claim 1, wherein the user-related activity information of the legitimate user used for determining the persona model comprises information detected via the computing device including one or more of a geographical location, a venue, a communication network, browsing history, application-usage history, or calling history.
  - 3. The computing device of claim 2, wherein the persona model comprises one or more patterns of user-activity for the legitimate user, and wherein determining the authentication confidence score determined based on the comparison comprises determining a statistical indication of difference between the monitored user-related activity and the one or more patterns of user-activity for the legitimate user.
  - 4. The computing device of claim 1, wherein the first secure computing resource comprises at least one of a credential associated with the legitimate user, sensitive data associated with the legitimate user, a financial application or service, a purchase transaction, or a security setting associated with the computing device, and wherein at least two secure computing resources in the set of secure computing resources are unrelated.
  - 5. The computing device of claim 1, wherein the authentication confidence score indicates the current user is likely the legitimate user if the authentication confidence score satisfies a first threshold, and wherein the authentication confidence score does not indicate that the current user is likely to be the legitimate user if the authentication confidence score does not satisfy the first threshold.
  - 6. The computing device of claim 5, wherein the first threshold is pre-determined based on the first secure computing resource.
  - 7. The computing device of claim 1, wherein the determined authentication confidence score does not indicate that the current user is likely to be the legitimate user, and wherein the computer instructions are further configured to:
    - generate a security challenge based on the persona model corresponding to the legitimate user;
      
      cause the security challenge to be presented via the computing device;
      
      receive a response to the security challenge;
      
      evaluate the response to the security challenge; and
      
      update the authentication confidence score based on the received response.
  - 8. The computing device of claim 7, wherein the security challenge comprises one of a biometric challenge, requesting a password, a static security question, or two-factor authentication procedure.
  - 9. The computing device of claim 7, wherein the security challenge comprises a question and corresponding answer derived from the user-related activity information of the legitimate user.
  - 10. The computing device of claim 9, wherein the user-related activity information of the legitimate user comprises information determined from one or more legitimate-user user-sessions conducted by the legitimate user within the previous two weeks.
  - 11. The computing device of claim 10, wherein the user-related activity information of the legitimate user comprises at least one of:
    - call history, location history, purchase history, browsing history, or social media activity.
  - 12. The computing device of claim 1, wherein the monitored user-related activity comprises user-related activity information provided by a third-party application, and wherein the determined authentication confidence score is weighted based on the third-party application.
  - 13. The computing device of claim 1, wherein the determined authentication confidence score indicates that the current user is likely to be the legitimate user, and wherein the computer instructions are further configured to update the persona model to include information from the monitored user-related activity for the current user-session on the computing device.

14. A computerized method for controlling access to secure computing resources, comprising:
- monitoring, during a current user session, ongoing user-related activity associated with at least one computing device;
  
  determining an initial authenticity score for a current user associated with the current user-session, the initial authenticity score determined based on a comparison of information from the monitored ongoing user-related activity and a persona model corresponding to a legitimate user associated with the at least one computing device, the initial authenticity score to be used when the current user attempts to access secure data, applications, or services;
  
  receiving a first indication of a request to access a first secure computing resource, the first secure computing resource having a corresponding first authenticity score threshold;
  
  determining that the initial authenticity score does not satisfy the first authenticity score threshold;
  
  providing a security challenge to the current user, wherein the security challenge is derived from user-related activity information of the legitimate user for one or more previous user sessions during which an authenticity score for the one or more previous user sessions was above a given threshold;
  
  receiving a response to the security challenge;
  
  based on an evaluation of the received response, updating the initial authenticity score to an updated authenticity score to be used to authenticate the current user; and
  
  based on a comparison of the updated authenticity score and the first authenticity score threshold,if the updated authenticity score satisfies the first authenticity score threshold, then providing access to the first secure computing resource; and
  
  if the updated authenticity score does not satisfy the first authenticity score threshold, then restricting access to the first secure computing resource.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the at least one computing device comprises one or more user devices, one or more servers, or a combination of one or more user devices and one or more servers.
  - 16. The method of claim 14, wherein the persona model comprises user-related activity information of the legitimate user, and wherein the security challenge comprises a question and is based on a portion of the user-related activity information of the legitimate user that occurred within the past seven days.
  - 17. The method of claim 16, wherein the portion of the user-related activity information of the legitimate user that occurred within the past seven days is provided from the online third-party application or an online third-party service.
  - 18. The method of claim 14, further comprising:
    - receiving a second indication of a request to access a second secure computing resource, the second secure computing resource having a corresponding second authenticity score threshold that is different than the first authenticity score threshold;
      
      determining that the initial authenticity score satisfies the second authenticity score threshold; and
      
      providing access to the second secure computing resource.

19. A computerized system comprising:
- one or more sensors configured to provide sensor data;
  
  one or more computing devices, at least one of the computing devices including a credentials manager configured to control access to a secure computing resource;
  
  one or more processors; and
  
  one or more computer storage media storing computer-useable instructions that, when used by the one or more processors, cause the one or more processors to perform operations comprising;
  
  monitoring ongoing user-related activity for a current user-session on the one or more computing devices, the user-related activity for the current user-session including sensor data from the one or more sensors;
  
  determining an authentication confidence score for a user associated with the current user-session on the one or more computing devices, the authentication confidence score determined based on a comparison of information from the monitored ongoing user-related activity and a persona model corresponding to a legitimate user associated with the one or more computing devices, the authentication confidence score to be used when the current user attempts to access secure data, applications, or services;
  
  receiving an indication of a request to access the secure computing resource;
  
  if the determined authentication confidence score indicates the current user is likely the legitimate user, then granting, by the credentials manager, access to the secure computing resource; and
  
  if the determined authentication confidence score does not indicate that the current user is likely to be the legitimate user, then restricting, by the credentials manager, access to the secure computing resource,wherein the persona model is determined from user-related activity information of the legitimate user detected on at least two of the one or more computing devices.
- View Dependent Claims (20)
- - 20. The computerized system of claim 19 wherein the determined authentication confidence score does not indicate that the current user is likely to be the legitimate user, and the operations further comprising:
    - generating a security challenge based on the persona model corresponding to the legitimate user;
      
      causing the security challenge to be presented via the one or more computing devices;
      
      receiving a response to the security challenge;
      
      evaluating the response to the security challenge;
      
      updating the authentication confidence score based on the received response thereby forming an updated authentication confidence score;
      
      determining that the updated authentication confidence score indicates the current user is likely the legitimate user; and
      
      granting, by the credentials manager, access to the secure computing resource,wherein the authentication confidence score indicates the current user is likely the legitimate user if the authentication confidence score satisfies a first threshold, wherein the authentication confidence score does not indicate that the current user is likely to be the legitimate user if the authentication confidence score does not satisfy the first threshold, and wherein the first threshold is pre-determined based on the secure computing resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Bar, Nadav, Jurgenson, Tom
Primary Examiner(s)
Naghdali, Khalil

Application Number

US15/087,777
Publication Number

US 20170289168A1
Time in Patent Office

1,027 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 2221/2103   Challenge-response

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

Personalized inferred authentication for virtual assistance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Personalized inferred authentication for virtual assistance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links