PROGRESSIVE AUTHENTICATION

US 20130055348A1
Filed: 08/31/2011
Published: 02/28/2013
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented process for establishing the authenticity of a user, comprising:

using a computer to perform the following process actions;

inputting a plurality of pre-established authentication factors each of which corresponds to one or multiple attributes associated with the user, or historical patterns of one or more attributes associated with the user, or both, and each factor of which has a confidence level associated therewith that estimates a reliability of that factor in establishing the user'"'"'s authenticity;

inputting readings captured by one or more sensors, each sensor of which senses a one of said attributes associated with the user;

employing the inputted sensor readings to quantify each authentication factor confidence level;

establishing an overall confidence level based at least in part on a combination of the individual confidence levels associated with the plurality of authentication factors; and

designating a user to be authenticated whenever the established overall confidence level exceeds a prescribed authentication level.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Progressive authentication is generally employed to establish the authenticity of a user, such as a user of a computing device, or a user that wants to access a proprietary data item, software application or on-line service. This can entail inputting authentication factors each of which corresponds to one or multiple attributes associated with the user, or historical patterns of one or more attributes associated with the user, or both, and a confidence level that estimates a reliability of the factor. Sensor readings captured by one or more sensors are also input. Each sensor senses a user attribute and are used to quantify each authentication factor confidence level. An overall confidence level is established based at least in part on a combination of the individual confidence levels. A user is then designated as being authentic whenever the established overall confidence level exceeds a prescribed authentication level. This process can be continuous with the overall confidence level being continually updated.

108 Citations

View as Search Results

20 Claims

1. A computer-implemented process for establishing the authenticity of a user, comprising:
- using a computer to perform the following process actions;
  
  inputting a plurality of pre-established authentication factors each of which corresponds to one or multiple attributes associated with the user, or historical patterns of one or more attributes associated with the user, or both, and each factor of which has a confidence level associated therewith that estimates a reliability of that factor in establishing the user'"'"'s authenticity;
  
  inputting readings captured by one or more sensors, each sensor of which senses a one of said attributes associated with the user;
  
  employing the inputted sensor readings to quantify each authentication factor confidence level;
  
  establishing an overall confidence level based at least in part on a combination of the individual confidence levels associated with the plurality of authentication factors; and
  
  designating a user to be authenticated whenever the established overall confidence level exceeds a prescribed authentication level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The process of claim 1, wherein at least one of the authentication factors is associated with an attribute that comprises an expected sensor reading element which is considered indicative of the user being authentic, and wherein the process action of employing the inputted sensor readings to quantify each authentication factor confidence level, comprises an action of assigning a confidence level to said at least one authentication factor based on how close the expected sensor reading of that factor is to an inputted sensor reading associated with the same user attribute as the factor.
  - 3. The process of claim 2, wherein the process action of assigning a confidence level to said at least one authentication factor based on how close the expected sensor reading of that factor is to an inputted sensor reading associated with the same user attribute as the factor, comprises an action of assigning a prescribed confidence level value whenever said inputted sensor reading is within a prescribed range of the expected sensor reading.
  - 4. The process of claim 2, wherein the process action of assigning a confidence level to said at least one authentication factor based on how close the expected sensor reading of that factor is to an inputted sensor reading associated with the same user attribute as the factor, comprises an action of assigning a confidence level value that is proportional to a measure of the degree of closeness between said inputted sensor reading and the expected sensor reading.
  - 5. The process of claim 2, wherein said expected sensor reading is prescribed.
  - 6. The process of claim 2, wherein said expected sensor reading is derived from a historical pattern of past sensor readings captured by one or more sensors sensing the user attribute associated with the expected sensor reading.
  - 7. The process of claim 1, wherein the process action of establishing an overall confidence level based at least in part on a combination of the individual confidence levels associated with the plurality of authentication factors, comprises an action of employing prescribed conditional logic rules to combine the individual confidence levels.
  - 8. The process of claim 1, further comprising the process actions of:
    - cross-checking at least one group comprising user attributes to determine if the inputted sensor readings associated therewith are physically consistent with each other, wherein a sensor reading associated with a user attribute is deemed physically consistent with one or more other sensor readings associated with other user attributes in the same group if it is not indicative of a condition that would be physically improbable to a prescribed degree in view of conditions indicated by the one or more other sensor readings; and
      
      assigning a cross-check confidence level to each group of user attributes based on said physical consistency determination of that group; and
      
      wherein,the process action of establishing an overall confidence level, further comprises an action of combining the cross-check confidence level or levels with the individual confidence levels associated with the plurality of authentication factors.
  - 9. The process of claim 1, further comprising the process actions of:
    - cross-checking the at least one group comprising user attributes and non-user factors to determine if the inputted sensor readings associated therewith are physically consistent with each other, wherein a sensor reading associated with a user attribute or non-user factor is deemed physically consistent with one or more other sensor readings associated with other user attributes or non-user factors in the same group if it is not indicative of a condition that would be physically improbable to a prescribed degree in view of conditions indicated by the one or more other sensor readings, wherein a non-user factor corresponds to sensor readings which are not associated with the user, but which are indicative of a condition of the user; and
      
      assigning a non-user cross-check confidence level to each group of user attributes and non-user factors based on said physical consistency determination of that group; and
      
      wherein,the process action of establishing an overall confidence level, further comprises an action of combining the non-user cross-check confidence level or levels with the individual confidence levels associated with the plurality of authentication factors.
  - 10. The process of claim 1, further comprising the process actions of:
    - cross-checking the at least one group comprising user attributes and one or more user data items to determine if the inputted sensor readings associated with the user attributes are consistent with the one or more user data items, wherein a sensor reading associated with a user attribute is deemed consistent with a user data item in the same group if it is not indicative of a condition that would be improbable to a prescribed degree in view of the user data item; and
      
      assigning a user data item cross-check confidence level to each group of user attributes and one or more user data items based on said consistency determination of that group; and
      
      wherein,the process action of establishing an overall confidence level, further comprises an action of combining the user data item cross-check confidence level or levels with the individual confidence levels associated with the plurality of authentication factors.
  - 11. The process of claim 10, wherein said at least one group comprising user attributes and one or more user data items comprises a user attribute representing the current location of the user and a user data item representing a user schedule indicating where the user is expected to be and at what time the user is expected to be at the location, such that when it is determined during said cross-checking that the user is at a location and at a time which correspond to the location and time listed in the user schedule, a higher user data item cross-check confidence level is assigned than would be if the listed location and time did not correspond to the user'"'"'s current location.
  - 12. The process of claim 1, further comprising process action of:
    - providing feedback to the user which is indicative of a currently established overall confidence level;
      
      whenever the currently established overall confidence level does not exceed the prescribed authentication level,informing the user of what overall confidence level is needed to exceed the prescribed authentication level, andproviding suggestions to the user as to what actions are needed to increase overall confidence levels established in the future so that they exceed the prescribed authentication level.
  - 13. The process of claim 1, wherein a different prescribed authentication level is associated with different items or features, or both, of a computing device, or set of data items, or an application software program, or a computer network online service, and can vary between the different items or features, or both, and wherein the process action of designating a user to be authenticated whenever the established overall confidence level exceeds a prescribed authentication level, comprises allowing a user access to each of said items or features, or both, that have a prescribed authentication level that is lower than the established overall confidence level.

14. A computer-implemented process for establishing the authenticity of a user, comprising:
- using a computer to perform the following process actions;
  
  inputting a plurality of pre-established authentication factors each of which corresponds to one or multiple attributes associated with the user, or historical patterns of one or more attributes associated with the user, or both, and each factor of which has a confidence level associated therewith that estimates a reliability of that factor in establishing the user'"'"'s authenticity;
  
  continuously inputting readings captured by one or more sensors, each sensor of which senses a one of said attributes associated with the user;
  
  continuously employing the inputted sensor readings to quantify each authentication factor confidence level;
  
  establishing an overall confidence level based at least in part on a combination of the individual confidence levels associated with the plurality of authentication factors, and continuously updating the level; and
  
  deeming a user to be authentic as long as the current overall confidence level exceeds a prescribed authentication level.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The process of claim 14, wherein at least one of the authentication factors comprises an expected sensor reading for a one of said attributes associated with the user which is considered indicative of the user being authentic, said expected sensor reading being continuously derived from a historical pattern of sensor readings captured by one or more sensors sensing the user attribute associated with the expected sensor reading, and wherein the historical pattern of sensor readings is continuously updated using new sensor readings as they become available.
  - 16. The process of claim 14, further comprising a process action of abruptly de-authenticating the user whenever a current overall confidence level does not exceed the prescribed authentication level.
  - 17. The process of claim 14, further comprising a process action of, whenever a current overall confidence level does not exceed the prescribed authentication level, de-authenticating a user after a prescribed period of time.
  - 18. The process of claim 14, further comprising the process actions of,de-authenticating the user whenever a current overall confidence level does not exceed the prescribed authentication level;
    - andincreasing each overall confidence level established over its established level by a prescribed amount for as long as the user remains authenticated, wherein said prescribed amount of the increase can either be a fixed amount or can vary over time based on a prescribed function.

19. A computer-implemented process for establishing the authenticity of a user in connection with the user accessing a feature or item, comprising:
- using a computer to perform the following process actions;
  
  inputting a plurality of pre-established authentication factors each of which corresponds to one or multiple attributes associated with the user, or historical patterns of one or more attributes associated with the user, or both, and each factor of which has a confidence level associated therewith that estimates a reliability of that factor in establishing the user'"'"'s authenticity;
  
  inputting readings captured by one or more sensors, each sensor of which senses a one of said attributes associated with the user;
  
  employing the inputted sensor readings to quantify each authentication factor confidence level;
  
  establishing an overall confidence level based at least in part on a combination of the individual confidence levels associated with the plurality of authentication factors;
  
  inputting a plurality of pre-established authentication thresholds which are associated with different items or features, or both, associated with a computing device, or set of data items, or an application software program, or a computer network online service, wherein an authentication threshold represents a threshold that the established overall confidence level has to exceed in order for the user to be allowed access to one of said items or features; and
  
  allowing a user access to each of said items or features, or both, that have an authentication threshold that is lower than the established overall confidence level.
- View Dependent Claims (20)
- - 20. The process of claim 19, wherein said pre-established authentication thresholds vary between the different items or features, or both.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Strauss, Karin, Burger, Douglas, Lanier, Jaron, Riva, Oriana

Granted Patent

US 8,839,358 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/31   User authentication

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2113   Multi-level security, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

PROGRESSIVE AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROGRESSIVE AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links