Scalable context-based authentication

US 20080172715A1
Filed: 01/12/2007
Published: 07/17/2008
Est. Priority Date: 01/12/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticating a user, the method comprising:

determining, based on an authentication policy and a context, whether a predetermined combination of a number of keys and types of keys from at least one group of keys are present at a time when the user wishes to access a resource; and

successfully authenticating the user when the predetermined combination of the number of keys and types of keys from the at least one group of keys are present at the time when the user wishes to access the resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable processing device or system may permit a user to access a resource when a certain number of keys are present, according to an authentication policy and a context in which the certain number of keys are provided. In some contexts fewer or no keys may be required, while in other contexts more keys may be required. The authentication policy may be adaptable, such that a precautionary action may be taken when a previously unused combination of keys and a context are used. Further, the authentication policy may require a fewer number of keys close to a time of a last successful authentication and may require a larger number of keys as time passes since the last successful authentication. In some embodiments, a type of visual feedback of entered password text may change based on a security level.

Citations

20 Claims

1. A method for authenticating a user, the method comprising:
- determining, based on an authentication policy and a context, whether a predetermined combination of a number of keys and types of keys from at least one group of keys are present at a time when the user wishes to access a resource; and
  
  successfully authenticating the user when the predetermined combination of the number of keys and types of keys from the at least one group of keys are present at the time when the user wishes to access the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein:
    - each of the keys is assigned a number of points, andthe predetermined combination of the number of keys and the types of keys from the at least one group of key is determined to be present when a total number of points of the predetermined combination of the number of keys and the types of keys exceeds a predetermined value.
  - 3. The method of claim 1, further comprising:
    - determining at least one pattern regarding when the user attempts to access the resource and which of the keys are used by the user when attempting to access the resource; and
      
      blocking the user from accessing the resource when a context of the attempt to access the resource varies from the determined at least one pattern.
  - 4. The method of claim 1, further comprising:
    - determining at least one pattern regarding when the user attempts to access the resource and which of the keys are used by the user when attempting to access the resource; and
      
      reporting the attempt to access the resource as suspicious activity when a context of the attempt to access the resource varies from the determined at least one pattern.
  - 5. The method of claim 1, further comprising:
    - determining at least one pattern regarding when the user attempts to access the resource and which of the keys are used by the user when attempting to access the resource; and
      
      adapting the authentication policy based on the determined at least one pattern.
  - 6. The method of claim 1, wherein:
    - at least one of the keys is a non-textual key, andthe method further comprising;
      
      providing visual feedback as the non-textual key is processed during authentication.
  - 7. The method of claim 1, wherein:
    - at least one of the keys is a password to be entered as text, andthe method further comprises;
      
      providing visual feedback as the password is entered, a type of visual feedback being provided is based on the authentication policy.
  - 8. The method of claim 1, wherein:
    - at least one of the keys is a password to be entered as text,at least some a plurality of types of feedback are associated with a security level, and the method further comprises;
      
      providing visual feedback as the password is entered, a type of visual feedback being provided is based on the authentication policy;
      
      adapting a security level of the authentication policy;
      
      changing the type of visual feedback provided when the password is entered in accordance with the adapted security level of the authentication policy.

9. A tangible machine-readable medium having recorded thereon instructions for at least one processor, the machine-readable medium comprising:
- instructions for receiving a password as text input;
  
  instructions for providing one of a plurality of types of visual feedback as the password is received, at least some of the plurality of types of visual feedback are associated with a security level; and
  
  instructions for providing a different one of the plurality of types of visual feedback as the password is received based on a selected security level, a selected type of visual feedback, or an authentication policy.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The tangible machine-readable medium of claim 9, wherein:
    - the plurality of types of visual feedback include at least one of displaying partially covered characters, displaying characters in a changed visual orientation, displaying characters using different symbols to represent uppercase, lowercase and numeric characters, displaying only a portion of each character, displaying a substitute character for each entered character based on a predefined substitution code, or displaying each character as it is entered and transforming the character to a symbol.
  - 11. The tangible machine-readable medium of claim 9, wherein:
    - the instructions for providing a different one of the plurality of types of visual feedback as a password is received is based on a selected security level, andthe selected security level is changeable on a per user basis.
  - 12. The tangible machine-readable medium of claim 9, wherein:
    - the instructions for providing a different one of the plurality of types of visual feedback as a password is received is based on a selected security level, andthe selected security level is changeable on a per system basis.
  - 13. The tangible machine-readable medium of claim 9, further comprising:
    - instructions for determining, based on the authentication policy and a context, whether a predetermined combination of a number of keys and types of keys from a plurality of groups keys are present at a time when a user wishes to access a resource;
      
      instructions for providing visual feedback as a non-textual key is processed during authentication, the visual feedback including displaying at least one configurable icon on a display screen; and
      
      instructions for successfully authenticating the user when the predetermined combination of the number of keys and the types of keys from the plurality of groups of keys are present at the time when the user wishes to access the resource, whereinthe received password is one of the keys.
  - 14. The tangible machine-readable medium of claim 9, further comprising:
    - instructions for determining, based on the authentication policy and a context, whether at least one key of a plurality of keys is present when a user wishes to access a resource, each of the plurality of keys being assigned a respective number of points; and
      
      instructions for permitting the user to access the resource only when the at least one key of the plurality of keys that is present has a total number of points exceeding a value, as determined by the authentication policy, whereinthe received password is one of the keys.
  - 15. The tangible machine-readable medium of claim 9, further comprising:
    - instructions for determining, based on the authentication policy and a context, whether a predetermined combination of a number of keys and types of keys from a plurality of groups of keys are present at a time when a user wishes to access a resource; and
      
      instructions for successfully authenticating the user when the predetermined combination of the number of keys and the types of keys from the plurality of groups of keys are present at the time when the user wishes to access the resource;
      
      instructions for determining at least one pattern regarding when the user attempts to access the resource and which of the keys are used by the user when attempting to access the resource; and
      
      instructions for adapting the authentication policy based on the determined at least one pattern, whereinthe received password is one of the keys.

16. A processing device comprising:
- at least one processor;
  
  a bus; and
  
  a memory including instructions for the at least one processor, the bus connecting the at least one processor and the memory, the instructions further comprising;
  
  instructions for adapting an authentication policy for accessing a resource based on a pattern with respect to keys provided when attempting to access the resource and a context when attempting to access the resource, the instructions for adapting an authentication policy for accessing a resource further includes instructions for adjusting a security level of the authentication policy, andinstructions for providing feedback when one of the keys is provided as textual input, a type of feedback being provided being based on the security level of the authentication policy.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The processing device of claim 16, wherein the feedback is visual feedback provided as the one of the keys is entered as the textual input.
  - 18. The processing device of claim 16, wherein the context includes a security level assigned with respect to a current location of the processing device when attempting to access the resource.
  - 19. The processing device of claim 16, wherein the instructions further comprise:
    - instructions for detecting an unfamiliar usage pattern and increasing a security level for authentication when the unfamiliar usage pattern is detected.
  - 20. The processing device of claim 16, wherein the instructions further comprise:
    - instructions for filling in portions of a displayed item on a display screen as one or more non-textual keys are processed during authentication, andinstructions for changing a type of feedback provided when the security level of the authentication policy is adjusted, wherein;
      
      the instructions for providing feedback when one of the keys is provided as textual input provide one of a plurality of types of visual feedback, at least some of the plurality of types of visual feedback being associated with a security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rajanna, Kanchen, Friedman, Jonathan David, Geiger, Avi Rom, Wilson, Brian Meredith, Lund, Arnold Milton

Application Number

US11/653,119
Publication Number

US 20080172715A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/35   communicating wirelessly

G06F 21/36   by graphic or iconic repres...

G06F 2221/2111   Location-sensitive, e.g. ge...

Scalable context-based authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Scalable context-based authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links