PASSIVE SECURITY ENFORCEMENT

US 20100192209A1
Filed: 01/23/2009
Published: 07/29/2010
Est. Priority Date: 01/23/2009
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computing system for passively authenticating a user, comprising:

detecting an attribute of an action;

comparing the detected attribute of the action to a previously stored attribute of a similar action;

determining whether the detected attribute is substantially equivalent to the previously stored attribute of the similar action; and

if the detected attribute is substantially equivalent to the previously stored attribute of the similar action, passively authenticating the user without requiring the user to actively authenticate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user'"'"'s interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.

Citations

20 Claims

1. A method performed by a computing system for passively authenticating a user, comprising:
- detecting an attribute of an action;
  
  comparing the detected attribute of the action to a previously stored attribute of a similar action;
  
  determining whether the detected attribute is substantially equivalent to the previously stored attribute of the similar action; and
  
  if the detected attribute is substantially equivalent to the previously stored attribute of the similar action, passively authenticating the user without requiring the user to actively authenticate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the action is moving the computing system to a location that is identifiable by the computing device.
  - 3. The method of claim 2 wherein the detecting includes at least one of capturing an image of surroundings using a camera, receiving location information, identifying a name of a data communications network, and identifying a device in a data communications network.
  - 4. The method of claim 1 further comprising initially disabling passive authentication and enabling passive authentication after storing the attribute of the action.
  - 5. The method of claim 4 wherein if passive authentication is disabled, requiring the user to actively authenticate before completing a transaction requested by the user.
  - 6. The method of claim 1 wherein the action is making a telephone call.
  - 7. The method of claim 6 wherein the attribute is a telephone number to which the telephone call is made and the previously stored attribute is a telephone number stored in a list of contacts.
  - 8. The method of claim 1 wherein the action is detecting temperature.
  - 9. The method of claim 1 wherein the action is detecting motion.
  - 10. The method of claim 1 wherein the action is detecting pressure.
  - 11. The method of claim 1 wherein the action is detecting co-presence of another device.
  - 12. The method of claim 1 wherein the action is recognizing a face.
  - 13. The method of claim 1 further comprising setting a confidence level based on two or more comparisons of attributes of actions and passively authenticating the user when the confidence level exceeds a specified threshold confidence level.

14. A computer-readable storage medium storing computer-executable instructions that, when executed, perform a method of passively authenticating a user, the method comprising:
- setting a confidence level to a default value;
  
  identifying a set of confidence factors;
  
  for each identified confidence factor in the set of confidence factors, computing a confidence; and
  
  modifying the confidence level based on the computed confidence; and
  
  if the modified confidence level exceeds a specified threshold, passively authenticating the user without requiring the user to actively authenticate.
- View Dependent Claims (15, 16, 17)
- - 15. The computer-readable storage medium of claim 14 further comprising setting a weight for each identified confidence factor and incorporating the weight when computing the confidence.
  - 16. The computer-readable storage medium of claim 15 wherein the modifying is based on the weight.
  - 17. The computer-readable storage medium of claim 15 further comprising increasing the confidence level upon receiving a signal from a proximate computing device that has also authenticated the user.

18. A system for passively authenticating a user, comprising:
- a component that initiates a request; and
  
  a comparator component that is configured to compare an detected input to a previously stored input without prompting the user to provide the detected input and, if the comparison is substantially equivalent, passively authenticates the user so that the initiated request can be satisfied.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18 further comprising a component that satisfies the request.
  - 20. The system of claim 18 wherein:
    - if the user is passively authenticated, the application satisfies the request; and
      
      if the user is not be passively authenticated, the application causes a component to prompt the user for authentication credentials so that the user can be actively authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Steeves, David J., Foster, David, Carpenter, Todd L., Cameron, Kim, Miller, Quentin S.

Granted Patent

US 8,590,021 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 67/10   in which an application is ...

H04W 12/06   Authentication

H04W 12/065   Continuous authentication

H04W 12/40   Security arrangements using...

PASSIVE SECURITY ENFORCEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PASSIVE SECURITY ENFORCEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links