Smart authentication friction level adjusted based on circumstances

US 10,356,105 B2
Filed: 06/14/2016
Issued: 07/16/2019
Est. Priority Date: 06/14/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising:

one or more processors; and

one or more computer-readable hardware storage devices having stored thereon instructions that are executable by the one or more processors to configure the computer system to grant a validation time-period for access to the computer system, including instructions that are executable to configure the computer system to perform at least the following;

receive, at the computer system, one or more environmental sensor signals;

compute, at the computer system, an adversity quotient at least based on the one or more environmental sensor signals;

determine, at the computer system, that the adversity quotient meets an adversity quotient threshold;

based at least on determining that the adversity quotient threshold has been met, present a user with a prompt to provide at least one of a plurality of different authentication factors that are each valid at the adversity quotient threshold for accessing the computer system;

identify, at the computer system, one or more authentication scales that rank a strength of each of the plurality of different authentication factors, wherein the strength of each of the plurality of different authentication factors is usable to determine a length of a validation time-period, the length of the validation time-period being longer for a more strongly-ranked authentication factor than it is for a more weakly-ranked authentication factor;

receive, at the computer system, a user input providing the at least one of the plurality of different authentication factors;

determine, at the computer system, the strength of the at least one of the plurality of different authentication factors received in the user input;

based on the strength of the at least one of the plurality of different authentication factors received from the user input, determine, at the computer system, the length of validation time-period, during which time-period the user has access to the computer system; and

grant the user access to the computer system for the length of the validation time-period, avoiding re-computing at least the adversity quotient during the validation time-period.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Granting a validation period. A method includes receiving user input providing one or more authentication factors. The method further includes receiving information about one or more authentication scales. Based on the strength of the authentication factors received from the user and the information about the one or more authentication scales, the method further includes determining a validation period. The method further includes granting or revoking the validation period to the user.

Citations

20 Claims

1. A computer system comprising:
- one or more processors; and
  
  one or more computer-readable hardware storage devices having stored thereon instructions that are executable by the one or more processors to configure the computer system to grant a validation time-period for access to the computer system, including instructions that are executable to configure the computer system to perform at least the following;
  
  receive, at the computer system, one or more environmental sensor signals;
  
  compute, at the computer system, an adversity quotient at least based on the one or more environmental sensor signals;
  
  determine, at the computer system, that the adversity quotient meets an adversity quotient threshold;
  
  based at least on determining that the adversity quotient threshold has been met, present a user with a prompt to provide at least one of a plurality of different authentication factors that are each valid at the adversity quotient threshold for accessing the computer system;
  
  identify, at the computer system, one or more authentication scales that rank a strength of each of the plurality of different authentication factors, wherein the strength of each of the plurality of different authentication factors is usable to determine a length of a validation time-period, the length of the validation time-period being longer for a more strongly-ranked authentication factor than it is for a more weakly-ranked authentication factor;
  
  receive, at the computer system, a user input providing the at least one of the plurality of different authentication factors;
  
  determine, at the computer system, the strength of the at least one of the plurality of different authentication factors received in the user input;
  
  based on the strength of the at least one of the plurality of different authentication factors received from the user input, determine, at the computer system, the length of validation time-period, during which time-period the user has access to the computer system; and
  
  grant the user access to the computer system for the length of the validation time-period, avoiding re-computing at least the adversity quotient during the validation time-period.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer system of claim 1, wherein the one or more authentication scales comprises information about a user scale comprising weights and rules configured by a computing system user, a service scale comprising weights and rules provided by a computing service, and an enterprise scale comprising rules and weights provided by an enterprise.
  - 3. The computer system of claim 1, wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to smooth rules from the one or more authentication scales at one or more smoothing zones.
  - 4. The computer system of claim 1, wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to identify that a tipping factor has been triggered, and as a result, shorten the validation time-period, wherein triggering the tipping factor occurs when the computing system identifies that a change has occurred to the adversity quotient at least based on a change to the one or more environmental sensor signals.
  - 5. The computer system of claim 1, wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to identify that a tipping factor has been triggered, and as a result, revoke the validation time-period.
  - 6. The computer system of claim 1, wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to identify that a tipping factor has been triggered, and as a result, require one or more stronger authentication factors from the user.
  - 7. The computer system of claim 1, wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to automatically re-compute at least one authentication scale using machine learning.
  - 8. The computer system of claim 1, wherein information about the one or more authentication scales comprises rules specifying time of day ranges.
  - 9. The computer system of claim 1, wherein information about the one or more authentication scales comprises rules specifying locations.

10. A method, implemented at a computer system that includes one or more processors, of granting a validation time-period for access to the computer system, the method comprising:
- receiving, at the computer system, one or more environmental sensor signals;
  
  computing, at the computer system, an adversity quotient at least based on the one or more environmental sensor signals;
  
  determining, at the computer system, that the adversity quotient meets an adversity quotient threshold;
  
  based at least on determining that the adversity quotient threshold has been met, presenting a user with a prompt to provide at least one of a plurality of different authentication factors that are each valid at the adversity quotient threshold for accessing the computer system;
  
  identify, at the computer system, one or more authentication scales that rank a strength of each of the plurality of different authentication factors, wherein the strength of each of the plurality of different authentication factors is usable to determine a length of a validation time-period, the length of the validation time-period being longer for a more strongly-ranked authentication factor than it is for a more weakly-ranked authentication factor;
  
  receive, at the computer system, a user input providing the at least one of the plurality of different authentication factors;
  
  determine, at the computer system, the strength of the at least one of the plurality of different authentication factors received in the user input;
  
  based on the strength of the at least one of the plurality of different authentication factors received from the user input, determining, at the computer system, the length of the validation time-period, during which time-period the user has access to the computer system; and
  
  granting the user access to the computer system for the length of the validation time-period, avoiding re-computing at least the adversity quotient during the validation time-period.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the one or more authentication scales comprises information about a user scale comprising weights and rules configured by a computing system user, a service scale comprising weights and rules provided by a computing service, and an enterprise scale comprising rules and weights provided by an enterprise.
  - 12. The method of claim 10 further comprising smoothing rules from the one or more authentication scales at one or more smoothing zones.
  - 13. The method of claim 10 further comprising identifying that a tipping factor has been triggered, and as a result, shortening the validation period.
  - 14. The method of claim 10 further comprising identifying that a tipping factor has been triggered, and as a result, revoking the validation period.
  - 15. The method of claim 10 further comprising identifying that a tipping factor has been triggered, and as a result, requiring one or more stronger authentication factors from the user.
  - 16. The method of claim 10 further comprising automatically re-computing an authentication scale using machine learning.
  - 17. The method of claim 10, wherein information about the one or more authentication scales comprises rules specifying time of day ranges.
  - 18. The method of claim 10, wherein information about the one or more authentication scales comprises rules specifying locations.

19. A computer program product comprising one or more computer-readable hardware storage devices having stored thereon instructions that are executable by one or more processors to configure a computer system to grant a validation time-period for access to the computer system, including instructions that are executable to configure the computer system to perform at least the following:
- receive, at the computer system, one or more environmental sensor signals;
  
  compute, at the computer system, an adversity quotient at least based on the one or more environmental sensor signals;
  
  determine, at the computer system, that the adversity quotient meets an adversity quotient threshold;
  
  based at least on determining that the adversity quotient threshold has been met, present a user with a prompt to provide at least one of a plurality of different authentication factors that are each valid at the adversity quotient threshold for accessing the computer system;
  
  identify, at the computer system, one or more authentication scales that rank a strength of each of the plurality of different authentication factors, wherein the strength of each of the plurality of different authentication factors is usable to determine a length of a validation time-period, the length of the validation time-period being longer for a more strongly-ranked authentication factor than it is for a more weakly-ranked authentication factor;
  
  receive, at the computer system, a user input providing the at least one of the plurality of different authentication factors;
  
  determine, at the computer system, the strength of the at least one of the plurality of different authentication factors received in the user input;
  
  based on the strength of the at least one of the plurality of different authentication factors received from the user, determine, at the computer system, the length of the validation time-period, during which the user has access to the computer system; and
  
  grant the user access to the computer system for the length of the validation time-period, avoiding re-computing at least the adversity quotient during the validation time-period.
- View Dependent Claims (20)
- - 20. The computer program product of claim 19, wherein the one or more authentication scales comprises information about a user scale comprising weights and rules configured by a computing system user, a service scale comprising weights and rules provided by a computing service, and an enterprise scale comprising rules and weights provided by an enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Wang, Xuan, Sarkar, Ananda
Primary Examiner(s)
Patel, Ashokkumar B
Assistant Examiner(s)
Jones, William B

Application Number

US15/182,428
Publication Number

US 20170359355A1
Time in Patent Office

1,127 Days
Field of Search

100 1
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04W 12/065   Continuous authentication

H04W 12/069   using certificates or pre-s...

Smart authentication friction level adjusted based on circumstances

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Smart authentication friction level adjusted based on circumstances

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links