Passive security enforcement

US 10,389,712 B2
Filed: 03/29/2017
Issued: 08/20/2019
Est. Priority Date: 01/23/2009
Status: Active Grant

First Claim

Patent Images

1. A method for passive authentication by a computing system, the method comprising:

receiving, by the computing system, a first attribute;

passively authenticating, by the computing system, a user at a first authentication level based on comparing the first attribute to one or more first previously stored attributes, the first attribute having a first weight;

computing a confidence level associated with the first attribute and first weight;

receiving, by the computing system, a request to complete a transaction;

determining a confidence level to complete the transaction;

receiving, by the computing system, a second attribute;

passively updating, by the computing system, the first authentication level to a second authentication level different from the first authentication level based on comparing the second attribute to one or more second previously stored attributes, the second attribute having a second weight;

modifying the confidence level based upon the second attribute and the second weight;

determining the confidence level based upon the second attribute is sufficient to complete the transaction; and

completing the transaction,wherein the first and second attributes each comprise an event indicative of the user or a physical characteristic of the user,and wherein each previously stored attribute comprises a previously stored event, a previously stored physical characteristic, or one or more previously determined acceptable values for one or more users.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user'"'"'s interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.

38 Citations

View as Search Results

12 Claims

1. A method for passive authentication by a computing system, the method comprising:
- receiving, by the computing system, a first attribute;
  
  passively authenticating, by the computing system, a user at a first authentication level based on comparing the first attribute to one or more first previously stored attributes, the first attribute having a first weight;
  
  computing a confidence level associated with the first attribute and first weight;
  
  receiving, by the computing system, a request to complete a transaction;
  
  determining a confidence level to complete the transaction;
  
  receiving, by the computing system, a second attribute;
  
  passively updating, by the computing system, the first authentication level to a second authentication level different from the first authentication level based on comparing the second attribute to one or more second previously stored attributes, the second attribute having a second weight;
  
  modifying the confidence level based upon the second attribute and the second weight;
  
  determining the confidence level based upon the second attribute is sufficient to complete the transaction; and
  
  completing the transaction,wherein the first and second attributes each comprise an event indicative of the user or a physical characteristic of the user,and wherein each previously stored attribute comprises a previously stored event, a previously stored physical characteristic, or one or more previously determined acceptable values for one or more users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the attribute is moving the computing system to a location that is identifiable by the computing system.
  - 3. The method of claim 2 wherein the receiving includes at least one of capturing an image of surroundings using a camera, receiving location information, identifying a name of a data communications network, and identifying a device in a data communications network.
  - 4. The method of claim 1 further comprising:
    - initially disabling passive authentication; and
      
      enabling passive authentication after storing the first attribute.
  - 5. The method of claim 4 wherein when passive authentication is disabled, requiring the user to actively authenticate before completing a transaction requested by the user.
  - 6. The method of claim 1 wherein the attribute is an indication of making a telephone call.
  - 7. The method of claim 6 wherein the attribute is an indication of a telephone number to which the telephone call is made and the previously stored first attribute is a telephone number stored in a list of contacts.
  - 8. The method of claim 1 wherein the attribute is an indication of a detected temperature.
  - 9. The method of claim 1 wherein the attribute is an indication of a detected motion.
  - 10. The method of claim 1 wherein the attribute is an indication of a detected pressure.
  - 11. The method of claim 1 wherein the attribute is an indication of detecting co-presence of another device.
  - 12. The method of claim 1 wherein the attribute is an indication of a detected recognizing a face.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Steeves, David J., Cameron, Kim, Carpenter, Todd L., Foster, David, Miller, Quentin S.
Primary Examiner(s)
Abyaneh, Ali S

Application Number

US15/472,962
Publication Number

US 20170208061A1
Time in Patent Office

874 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 67/10   in which an application is ...

H04W 12/06   Authentication

H04W 12/065   Continuous authentication

H04W 12/40   Security arrangements using...

Passive security enforcement

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Passive security enforcement

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links