Security challenge assisted password proxy
First Claim
1. At least one non-transitory machine readable storage medium comprising a plurality of instructions that in response to being executed on a computing device cause the computing device to:
- obtain user specific context data from one or more sensors of the computing device and by monitoring one or more user activities performed with a user interface of a computing device;
maintain a credential in an encrypted proxy vault on the computing device that corresponds to a secured resource;
receive a request for access to the secured resource via an interface of the computing device;
determining a security value of the secure resource associated with the credential;
generate a challenge question based on a contextual data item in the user specific context data;
present the challenge question via the interface of the computing device;
receive a response to the challenge question via the interface of the computing device;
evaluate the response for correctness;
generate one or more additional challenge questions, in response to the security value being greater than a set security level, the one or more additional challenge questions based on a second user specific contextual data item; and
provide the credential to the secured resource in response to the response being correct.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, apparatus, and methods of authentication utilizing contextual data to authenticate individuals and prevent security breaches are described herein. An example proxy engine may monitor interactions with a computing device to obtain contextual data unique to a user. The contextual data may be utilized to generate unique challenge questions in response to requests for access to a secure resource, and may eliminate the need for a user to remember credentials to access the resource. Challenge questions may be limited to a single use and vary in difficulty in proportion to the value of the resource. In response to correct responses to challenge question(s), the proxy engine may access a vault containing a credential authorizing access to the resource. The vault and proxy engine may be entirely contained on the computing device or they may be implemented on a remote apparatus accessed via an application or interface on the computing device.
49 Citations
22 Claims
-
1. At least one non-transitory machine readable storage medium comprising a plurality of instructions that in response to being executed on a computing device cause the computing device to:
-
obtain user specific context data from one or more sensors of the computing device and by monitoring one or more user activities performed with a user interface of a computing device; maintain a credential in an encrypted proxy vault on the computing device that corresponds to a secured resource; receive a request for access to the secured resource via an interface of the computing device; determining a security value of the secure resource associated with the credential; generate a challenge question based on a contextual data item in the user specific context data; present the challenge question via the interface of the computing device; receive a response to the challenge question via the interface of the computing device; evaluate the response for correctness; generate one or more additional challenge questions, in response to the security value being greater than a set security level, the one or more additional challenge questions based on a second user specific contextual data item; and provide the credential to the secured resource in response to the response being correct. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of contextual authentication comprising:
-
monitoring one or more user activities performed with a user interface of a computing device; obtaining user specific data from one or more sensors of the computing device; transmitting user specific contextual data derived from the one or more user activities and the user specific data to a proxy device coupled to the computing device by a network; storing a set of user credentials in an encrypted vault; determining a security value of a secure resource associated with a credential in the set of user credentials; generating, in response to a request for access to a username-password combination in the set of user credentials, a challenge question based on the user specific contextual data; evaluating a response to the challenge question to determine whether the response is correct; generating one or more additional challenge questions, in response to the security value being greater than a set security level, the one or more additional challenge questions based on a second user specific contextual data item; and transmitting one of the set of user credentials that corresponds to the secure resource to the secure resource over the network when the response to the challenge question is correct. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A contextual authentication system comprising:
-
a device including one or more sensors, the one or more sensors configured to obtain user-context data based on user activity with the device; a user-interface of the device coupled to a proxy engine, the proxy engine being configured to monitor the user-interface and the one or more sensors, and to store the user-context data in a contextual database; a secure password vault configured to maintain a set of user credentials, the secure password vault including a memory and being coupled to the proxy engine; and a proxy interface coupled to the proxy engine, the proxy interface being configured to intercept a request for a secure resource received by the user-interface; wherein, in response to the request, the proxy engine is configured to;
determine a security value of the secure resource, generate a contextual challenge based on the user-context data in the contextual database, the contextual challenge being presented via the proxy interface, generate one or more additional challenge questions, in response to the security value being greater than a set security level, the one or more additional challenge questions based on a second user specific contextual data item, and access to the secure resource being prevented by the proxy engine until a correct answer to the contextual challenge is received. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification