PASSIVE SECURITY ENFORCEMENT
First Claim
1. A method for passive authentication, the method comprising:
- receiving one or more first attributes of a first user;
determining, from a set of types, corresponding types for each of the first attributes, wherein each of the types in the set of types has a corresponding weight;
comparing, based on the determined types for each of the first attributes, each of the first attributes of the first user to one or more previously stored attributes with a corresponding type, thereby selecting first applicable attributes;
passively authenticating the first user at a first confidence level, the first confidence level based on the weights for the types corresponding to each first applicable attribute;
after passively authenticating the first user at the first confidence level, receiving one or more second attributes of the first user;
determining, from the set of types, corresponding types for each of the second attributes;
comparing, based on the determined types for each of the second attributes, each of the second attributes of the first user to one or more of the previously stored attributes with a corresponding type, thereby selecting second applicable attributes; and
updating the first confidence level to a second confidence level, the second confidence level based on the weights for the types corresponding to each second applicable attribute, wherein each attribute of the first attributes and of the second attributes comprise at least one of an event associated with the first user and a physical characteristic of the first user;
wherein each previously stored attribute comprises a previously stored event associated with a second user, a previously stored physical characteristic of the second user, or one or more previously determined acceptable values for the type corresponding to that stored attribute.
3 Assignments
0 Petitions
Accused Products
Abstract
Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user'"'"'s interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
16 Citations
20 Claims
-
1. A method for passive authentication, the method comprising:
-
receiving one or more first attributes of a first user; determining, from a set of types, corresponding types for each of the first attributes, wherein each of the types in the set of types has a corresponding weight; comparing, based on the determined types for each of the first attributes, each of the first attributes of the first user to one or more previously stored attributes with a corresponding type, thereby selecting first applicable attributes; passively authenticating the first user at a first confidence level, the first confidence level based on the weights for the types corresponding to each first applicable attribute; after passively authenticating the first user at the first confidence level, receiving one or more second attributes of the first user; determining, from the set of types, corresponding types for each of the second attributes; comparing, based on the determined types for each of the second attributes, each of the second attributes of the first user to one or more of the previously stored attributes with a corresponding type, thereby selecting second applicable attributes; and updating the first confidence level to a second confidence level, the second confidence level based on the weights for the types corresponding to each second applicable attribute, wherein each attribute of the first attributes and of the second attributes comprise at least one of an event associated with the first user and a physical characteristic of the first user; wherein each previously stored attribute comprises a previously stored event associated with a second user, a previously stored physical characteristic of the second user, or one or more previously determined acceptable values for the type corresponding to that stored attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable storage device storing computer-executable instructions compared, when executed by a computing device, cause the computing device to perform operations for passively authenticating a user, the operations comprising:
-
receiving one or more first attributes of a first user; determining, from a set of types, corresponding types for each of the first attributes, wherein each of the types in the set of types has a corresponding weight; comparing, based on the determined types for each of the first attributes, each of the first attributes of the first user to one or more previously stored attributes with a corresponding type, thereby selecting first applicable attributes; passively authenticating the first user at a first confidence level, the first confidence level based on the weights for the types corresponding to each first applicable attribute; after passively authenticating the first user at the first confidence level, receiving one or more second attributes of the first user; determining, from the set of types, corresponding types for each of the second attributes; comparing, based on the determined types for each of the second attributes, each of the second attributes of the first user to one or more of the previously stored attributes with a corresponding type, thereby selecting second applicable attributes; and updating the first confidence level to a second confidence level, the second confidence level based on the weights for the types corresponding to each second applicable attribute, wherein each attribute of the first attributes and of the second attributes comprise at least one of;
an event associated with the first user and a physical characteristic of the first user;wherein each previously stored attribute comprises a previously stored event associated with a second user, a previously stored physical characteristic of the second user, or one or more previously determined acceptable values for the type corresponding to that stored attribute. - View Dependent Claims (15, 16, 17)
-
-
18. A device for passively authenticating a user, the device comprising:
-
a processor and memory; an input configured to receive one or more first attributes of a first user; an attribute analyzer configured to determine, from a set of types, corresponding types for each of the first attributes, wherein each of the types in the set of types has a corresponding weight; an attribute comparator configured to compare, based on the determined types for each of the first attributes, each of the first attributes of the first user to one or more previously stored attributes with a corresponding type, to thereby select first applicable attributes; and an authentication module configured to passively authenticate the first user at a first confidence level, the first confidence level based on the weights for the types corresponding to each first applicable attribute; wherein the input is further configured to, after the passive authentication of the first user at the first confidence level, receive one or more second attributes of the first user, wherein the attribute analyzer is further configured to determine, from the set of types, corresponding types for each of the second attributes, wherein the attribute comparator is further configured to compare, based on the determined types for each of the second attributes, each of the second attributes of the first user to one or more of the previously stored attributes with a corresponding type, to thereby select second applicable attributes, wherein the authentication module is further configured to update the first confidence level to a second confidence level, the second confidence level based on the weights for the types corresponding to each second applicable attribute, wherein each attribute of the first attributes and of the second attributes comprise at least one of;
an event associated with the first user and a physical characteristic of the first user, andwherein each previously stored attribute comprises a previously stored event associated with a second user, a previously stored physical characteristic of the second user, or one or more previously determined acceptable values for the type corresponding to that stored attribute. - View Dependent Claims (19, 20)
-
Specification