Passive security enforcement
First Claim
1. A method for passive authentication by a computing system, the method comprising:
- receiving, by the computing system, a first attribute;
passively authenticating, by the computing system, a user at a first authentication level based on comparing the first attribute to one or more first previously stored attributes, the first attribute having a first weight;
computing a confidence level associated with the first attribute and first weight;
receiving, by the computing system, a request to complete a transaction;
determining a confidence level to complete the transaction;
receiving, by the computing system, a second attribute;
passively updating, by the computing system, the first authentication level to a second authentication level different from the first authentication level based on comparing the second attribute to one or more second previously stored attributes, the second attribute having a second weight;
modifying the confidence level based upon the second attribute and the second weight;
determining the confidence level based upon the second attribute is sufficient to complete the transaction; and
completing the transaction,wherein the first and second attributes each comprise an event indicative of the user or a physical characteristic of the user,and wherein each previously stored attribute comprises a previously stored event, a previously stored physical characteristic, or one or more previously determined acceptable values for one or more users.
2 Assignments
0 Petitions
Accused Products
Abstract
Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user'"'"'s interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
38 Citations
12 Claims
-
1. A method for passive authentication by a computing system, the method comprising:
-
receiving, by the computing system, a first attribute; passively authenticating, by the computing system, a user at a first authentication level based on comparing the first attribute to one or more first previously stored attributes, the first attribute having a first weight; computing a confidence level associated with the first attribute and first weight; receiving, by the computing system, a request to complete a transaction; determining a confidence level to complete the transaction; receiving, by the computing system, a second attribute; passively updating, by the computing system, the first authentication level to a second authentication level different from the first authentication level based on comparing the second attribute to one or more second previously stored attributes, the second attribute having a second weight; modifying the confidence level based upon the second attribute and the second weight; determining the confidence level based upon the second attribute is sufficient to complete the transaction; and completing the transaction, wherein the first and second attributes each comprise an event indicative of the user or a physical characteristic of the user, and wherein each previously stored attribute comprises a previously stored event, a previously stored physical characteristic, or one or more previously determined acceptable values for one or more users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification