Security challenge assisted password proxy

US 9,223,950 B2
Filed: 03/05/2013
Issued: 12/29/2015
Est. Priority Date: 03/05/2013
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine readable storage medium comprising a plurality of instructions that in response to being executed on a computing device cause the computing device to:

obtain user specific context data from one or more sensors of the computing device and by monitoring one or more user activities performed with a user interface of a computing device;

maintain a credential in an encrypted proxy vault on the computing device that corresponds to a secured resource;

receive a request for access to the secured resource via an interface of the computing device;

determining a security value of the secure resource associated with the credential;

generate a challenge question based on a contextual data item in the user specific context data;

present the challenge question via the interface of the computing device;

receive a response to the challenge question via the interface of the computing device;

evaluate the response for correctness;

generate one or more additional challenge questions, in response to the security value being greater than a set security level, the one or more additional challenge questions based on a second user specific contextual data item; and

provide the credential to the secured resource in response to the response being correct.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, apparatus, and methods of authentication utilizing contextual data to authenticate individuals and prevent security breaches are described herein. An example proxy engine may monitor interactions with a computing device to obtain contextual data unique to a user. The contextual data may be utilized to generate unique challenge questions in response to requests for access to a secure resource, and may eliminate the need for a user to remember credentials to access the resource. Challenge questions may be limited to a single use and vary in difficulty in proportion to the value of the resource. In response to correct responses to challenge question(s), the proxy engine may access a vault containing a credential authorizing access to the resource. The vault and proxy engine may be entirely contained on the computing device or they may be implemented on a remote apparatus accessed via an application or interface on the computing device.

49 Citations

View as Search Results

22 Claims

1. At least one non-transitory machine readable storage medium comprising a plurality of instructions that in response to being executed on a computing device cause the computing device to:
- obtain user specific context data from one or more sensors of the computing device and by monitoring one or more user activities performed with a user interface of a computing device;
  
  maintain a credential in an encrypted proxy vault on the computing device that corresponds to a secured resource;
  
  receive a request for access to the secured resource via an interface of the computing device;
  
  determining a security value of the secure resource associated with the credential;
  
  generate a challenge question based on a contextual data item in the user specific context data;
  
  present the challenge question via the interface of the computing device;
  
  receive a response to the challenge question via the interface of the computing device;
  
  evaluate the response for correctness;
  
  generate one or more additional challenge questions, in response to the security value being greater than a set security level, the one or more additional challenge questions based on a second user specific contextual data item; and
  
  provide the credential to the secured resource in response to the response being correct.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The at least one non-transitory machine readable medium as recited in claim 1, further comprising instructions to maintain a timer for a period, during which the response to the challenge question can be received.
  - 3. The at least one non-transitory machine readable medium as recited in claim 1, comprising a plurality of instructions that in response to being executed on a computing device can cause the computing device to:
    - request a username and password combination that corresponds to the secured resource in response to a negative evaluation of the response.
  - 4. The at least one non-transitory machine readable medium as recited in claim 1, comprising a plurality of instructions that in response to being executed on a computing device can cause the computing device to:
    - generate a plurality of contextual data items in response to the monitoring; and
      
      populate the user specific context data with the plurality of contextual data items.
  - 5. The at least one non-transitory machine readable medium as recited in claim 4, wherein the instructions to monitor user activities via the computing device includes instructions to access at least one of:
    - a calendar database, an e-mail communication, a text message, data indicating a geographic location of the computing device, audio signals from a microphone, web browsing history, social network interactions, or a list of user contacts.
  - 6. The at least one non-transitory machine readable medium as recited in claim 1, wherein the secured resource includes at least one of:
    - a bank website, a financial institution portal, an educational institution, a government service, a social network, an e-mail service, a media outlet, a gaming environment, a virtual reality system, or a massive role-playing game.
  - 7. The at least one non-transitory machine readable medium as recited in claim 1, wherein the credential that corresponds to the secured resource includes a username and password combination that is maintained in the encrypted proxy vault.
  - 8. The at least one non-transitory machine readable medium as recited in claim 1, comprising a plurality of instructions that in response to being executed on a computing device, can cause the computing device to:
    - receive a second response to the second challenge question; and
      
      evaluate the second response for correctness;
      
      wherein the credential is provided to the secured resource, at least in part, in response to the second response being correct.
  - 9. The at least one non-transitory machine readable medium as recited in claim 1, comprising a plurality of instructions that in response to being executed on a computing device can cause the computing device to:
    - generate questions based on one or more social networking interactions on a social network accessible from the computing device, or access personal data on the computing device.

10. A method of contextual authentication comprising:
- monitoring one or more user activities performed with a user interface of a computing device;
  
  obtaining user specific data from one or more sensors of the computing device;
  
  transmitting user specific contextual data derived from the one or more user activities and the user specific data to a proxy device coupled to the computing device by a network;
  
  storing a set of user credentials in an encrypted vault;
  
  determining a security value of a secure resource associated with a credential in the set of user credentials;
  
  generating, in response to a request for access to a username-password combination in the set of user credentials, a challenge question based on the user specific contextual data;
  
  evaluating a response to the challenge question to determine whether the response is correct;
  
  generating one or more additional challenge questions, in response to the security value being greater than a set security level, the one or more additional challenge questions based on a second user specific contextual data item; and
  
  transmitting one of the set of user credentials that corresponds to the secure resource to the secure resource over the network when the response to the challenge question is correct.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein the computing device includes the encrypted vault configured to store the set of user credentials.
  - 12. The method of claim 11, wherein the secure resource is a website that provides access in response to a username-password combination included in the set of user credentials.
  - 13. The method of claim 10, further comprising:
    - determining to a cognitive status of a user based a user-response to one or more questions;
      
      wherein generating the challenge question based on the user specific contextual data includes adapting a difficulty level of the challenge questions to the cognitive status of the user.
  - 14. The method of claim 10, further comprising:
    - generating a plurality of incorrect answers to the challenge question; and
      
      displaying the challenge question, the plurality of incorrect answers to the challenge question, and a correct answer to the challenge question on a display of the computing device.
  - 15. The method of claim 14, further comprising:
    - receiving an additional input in response to the one or more additional challenge questions;
      
      wherein the positive evaluation includes a positive evaluation of the additional input.
  - 16. The method of claim 10, wherein a format of the challenge question changes in response to a time of day or the monitored one or more activities performed with the computing device, and the user specific contextual data used in generating the challenge question is specific to a single user.

17. A contextual authentication system comprising:
- a device including one or more sensors, the one or more sensors configured to obtain user-context data based on user activity with the device;
  
  a user-interface of the device coupled to a proxy engine, the proxy engine being configured to monitor the user-interface and the one or more sensors, and to store the user-context data in a contextual database;
  
  a secure password vault configured to maintain a set of user credentials, the secure password vault including a memory and being coupled to the proxy engine; and
  
  a proxy interface coupled to the proxy engine, the proxy interface being configured to intercept a request for a secure resource received by the user-interface;
  
  wherein, in response to the request, the proxy engine is configured to;
  
  determine a security value of the secure resource, generate a contextual challenge based on the user-context data in the contextual database, the contextual challenge being presented via the proxy interface, generate one or more additional challenge questions, in response to the security value being greater than a set security level, the one or more additional challenge questions based on a second user specific contextual data item, and access to the secure resource being prevented by the proxy engine until a correct answer to the contextual challenge is received.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The contextual authentication system of claim 17, further comprising:
    - a password proxy service, coupled to the device via a network, the password proxy service being configured to maintain the secure password vault;
      
      wherein in response to the proxy engine indicating that the correct answer to the contextual challenge was received, the password proxy service transmits a credential, from the set of user credentials that corresponds to the secure resource, to the secure resource.
  - 19. The contextual authentication system of claim 17, wherein the secure password vault is configured to maintain a record of a plurality of credentials for a plurality of users.
  - 20. The contextual authentication system of claim 17, wherein the secure resource includes at least one of:
    - a bank website, financial institution portal, an educational institution, a government service, asocial network, an e-mail service, a media outlet, a gaming environment, a virtual reality system, or a massive role-playing game.
  - 21. The contextual authentication system of claim 20, wherein the secure resource includes a server configured to receive the credential.
  - 22. The contextual authentication system of claim 17, wherein the correct answer to the contextual challenge eliminates the need for a user to memorize or input a username or a password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Li, Hong, Wouhaybi, Rita H, Kohlenberg, Tobias
Primary Examiner(s)
ABEDIN, SHANTO

Application Number

US13/785,094
Publication Number

US 20140259130A1
Time in Patent Office

1,029 Days
Field of Search

726 2- 7, 726 26- 30, 713/182, 713/185, 707/783, 707/784, 705/14.25
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 2221/2103   Challenge-response

H04L 63/0281   Proxies

H04L 63/083   using passwords cryptograph...

H04L 63/1408   by monitoring network traff...

Security challenge assisted password proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Security challenge assisted password proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links