Passive security enforcement

US 8,590,021 B2
Filed: 01/23/2009
Issued: 11/19/2013
Est. Priority Date: 01/23/2009
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computing device for passively authenticating a user, comprising:

detecting, by the computing device, an attribute of a single action;

receiving, by the computing device, at least one of a confidence level or one or more confidence factors required to authenticate the user, wherein;

the confidence level comprises a threshold level required for passive authentication, orthe confidence factors comprise one or more of;

detectable user events and detectable user physical characteristics;

examining, by the computing device, the detected attribute of the single action to determine either a difference level between the detected attribute and a previously stored attribute of a similar action or to determine a presence of security factors corresponding to one or more confidence factors;

determining, by the computing device, whether the difference level is within the confidence level, or whether the security factors match the one or more confidence factors to a predetermined degree; and

if the difference level is within the confidence level or if the security factors match the one or more confidence factors to a predetermined degree, passively authenticating, by the computing device, the user without requiring the user to actively authenticate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user'"'"'s interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.

Citations

20 Claims

1. A method performed by a computing device for passively authenticating a user, comprising:
- detecting, by the computing device, an attribute of a single action;
  
  receiving, by the computing device, at least one of a confidence level or one or more confidence factors required to authenticate the user, wherein;
  
  the confidence level comprises a threshold level required for passive authentication, orthe confidence factors comprise one or more of;
  
  detectable user events and detectable user physical characteristics;
  
  examining, by the computing device, the detected attribute of the single action to determine either a difference level between the detected attribute and a previously stored attribute of a similar action or to determine a presence of security factors corresponding to one or more confidence factors;
  
  determining, by the computing device, whether the difference level is within the confidence level, or whether the security factors match the one or more confidence factors to a predetermined degree; and
  
  if the difference level is within the confidence level or if the security factors match the one or more confidence factors to a predetermined degree, passively authenticating, by the computing device, the user without requiring the user to actively authenticate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the action is moving the computing device to a location that is identifiable by the computing device.
  - 3. The method of claim 2 wherein the detecting includes at least one of capturing an image of surroundings using a camera, receiving location information, identifying a name of a data communications network, and identifying a device in a data communications network.
  - 4. The method of claim 1 further comprising initially disabling passive authentication and enabling passive authentication after storing the attribute of the action.
  - 5. The method of claim 4 wherein if passive authentication is disabled, requiring the user to actively authenticate before completing a transaction requested by the user.
  - 6. The method of claim 1 wherein the action is making a telephone call.
  - 7. The method of claim 6 wherein the attribute is a telephone number to which the telephone call is made and the previously stored attribute is a telephone number stored in a list of contacts.
  - 8. The method of claim 1 wherein the action is detecting temperature.
  - 9. The method of claim 1 wherein the action is detecting motion.
  - 10. The method of claim 1 wherein the action is detecting pressure.
  - 11. The method of claim 1 wherein the action is detecting co-presence of another device.
  - 12. The method of claim 1 wherein the action is recognizing a face.
  - 13. The method of claim 1 wherein the difference level is based on two or more comparisons of attributes of the single action.

14. A computer-readable storage device storing computer-executable instructions that, when executed by a computing device, cause the computing device to perform operations for passively authenticating a user, the operations comprising:
- receiving, by the computing device, a confidence authentication level, the confidence authentication level comprising a threshold level required for passive authentication;
  
  setting, by the computing device, a confidence level to a default value;
  
  identifying, by the computing device, a single action of a user;
  
  identifying, by the computing device, a set of confidence factors for the single action, wherein the confidence factors comprise one or more of;
  
  detectable user events and detectable user physical characteristics;
  
  for each identified confidence factor in the set of confidence factors,computing, by the computing device, a confidence; and
  
  modifying, by the computing device, the confidence level based on the computed confidence; and
  
  if the modified confidence level exceeds the confidence authentication level, passively authenticating, by the computing device, the user without requiring the user to actively authenticate.
- View Dependent Claims (15, 16, 17)
- - 15. The computer-readable storage device of claim 14 wherein the operations further comprise setting a weight for each identified confidence factor and incorporating the weight when computing the confidence.
  - 16. The computer-readable storage device of claim 15 wherein the modifying is based on the weight.
  - 17. The computer-readable storage device of claim 15 wherein the operations further comprise increasing the confidence level upon receiving a signal from a proximate computing device that has also authenticated the user.

18. A device for passively authenticating a user, the device comprising:
- a processor and memory;
  
  a computing component that initiates a request;
  
  an interface that receives at least one of a confidence level or one or more confidence factors required to authenticate the user, wherein;
  
  the confidence level comprises a threshold level required for passive authentication, orthe confidence factors comprise one or more of;
  
  detectable user events and detectable user physical characteristics; and
  
  a comparator computing component that is configured to compare examine a detected single action of a user to a previously stored action attribute to determine whether a difference value is at or above the confidence level or whether security factors of the single action match the confidence factors, and if the difference value is at or above the confidence level or the security factors of the single action match the confidence factors then, without prompting the user to provide an authentication input, passively authenticate the user so that the initiated request can be satisfied;
  
  wherein the difference value or the security factors are determined by the device based on the single action.
- View Dependent Claims (19, 20)
- - 19. The device of claim 18 further comprising a computing component that satisfies the request.
  - 20. The device of claim 18 wherein:
    - if the user is passively authenticated, the application satisfies the request; and
      
      if the user is not be passively authenticated, the application causes a component to prompt the user for authentication credentials so that the user can be actively authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Steeves, David J., Cameron, Kim, Carpenter, Todd L., Foster, David, Miller, Quentin S.
Primary Examiner(s)
ABYANEH, ALI S

Application Number

US12/359,220
Publication Number

US 20100192209A1
Time in Patent Office

1,761 Days
Field of Search

726/7, 726/22, 726/5, 713/168, 713/182
US Class Current

726/5
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 67/10   in which an application is ...

H04W 12/06   Authentication

H04W 12/065   Continuous authentication

H04W 12/40   Security arrangements using...

Passive security enforcement

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Passive security enforcement

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links