Passive security enforcement
First Claim
1. A method performed by a computing device for passively authenticating a user, comprising:
- detecting, by the computing device, an attribute of a single action;
receiving, by the computing device, at least one of a confidence level or one or more confidence factors required to authenticate the user, wherein;
the confidence level comprises a threshold level required for passive authentication, orthe confidence factors comprise one or more of;
detectable user events and detectable user physical characteristics;
examining, by the computing device, the detected attribute of the single action to determine either a difference level between the detected attribute and a previously stored attribute of a similar action or to determine a presence of security factors corresponding to one or more confidence factors;
determining, by the computing device, whether the difference level is within the confidence level, or whether the security factors match the one or more confidence factors to a predetermined degree; and
if the difference level is within the confidence level or if the security factors match the one or more confidence factors to a predetermined degree, passively authenticating, by the computing device, the user without requiring the user to actively authenticate.
2 Assignments
0 Petitions
Accused Products
Abstract
Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user'"'"'s interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
-
Citations
20 Claims
-
1. A method performed by a computing device for passively authenticating a user, comprising:
-
detecting, by the computing device, an attribute of a single action; receiving, by the computing device, at least one of a confidence level or one or more confidence factors required to authenticate the user, wherein; the confidence level comprises a threshold level required for passive authentication, or the confidence factors comprise one or more of;
detectable user events and detectable user physical characteristics;examining, by the computing device, the detected attribute of the single action to determine either a difference level between the detected attribute and a previously stored attribute of a similar action or to determine a presence of security factors corresponding to one or more confidence factors; determining, by the computing device, whether the difference level is within the confidence level, or whether the security factors match the one or more confidence factors to a predetermined degree; and if the difference level is within the confidence level or if the security factors match the one or more confidence factors to a predetermined degree, passively authenticating, by the computing device, the user without requiring the user to actively authenticate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable storage device storing computer-executable instructions that, when executed by a computing device, cause the computing device to perform operations for passively authenticating a user, the operations comprising:
-
receiving, by the computing device, a confidence authentication level, the confidence authentication level comprising a threshold level required for passive authentication; setting, by the computing device, a confidence level to a default value; identifying, by the computing device, a single action of a user; identifying, by the computing device, a set of confidence factors for the single action, wherein the confidence factors comprise one or more of;
detectable user events and detectable user physical characteristics;for each identified confidence factor in the set of confidence factors, computing, by the computing device, a confidence; and modifying, by the computing device, the confidence level based on the computed confidence; and if the modified confidence level exceeds the confidence authentication level, passively authenticating, by the computing device, the user without requiring the user to actively authenticate. - View Dependent Claims (15, 16, 17)
-
-
18. A device for passively authenticating a user, the device comprising:
-
a processor and memory; a computing component that initiates a request; an interface that receives at least one of a confidence level or one or more confidence factors required to authenticate the user, wherein; the confidence level comprises a threshold level required for passive authentication, or the confidence factors comprise one or more of;
detectable user events and detectable user physical characteristics; anda comparator computing component that is configured to compare examine a detected single action of a user to a previously stored action attribute to determine whether a difference value is at or above the confidence level or whether security factors of the single action match the confidence factors, and if the difference value is at or above the confidence level or the security factors of the single action match the confidence factors then, without prompting the user to provide an authentication input, passively authenticate the user so that the initiated request can be satisfied; wherein the difference value or the security factors are determined by the device based on the single action. - View Dependent Claims (19, 20)
-
Specification