Context analysis at an information handling system to manage authentication cycles

US 9,378,342 B2
Filed: 11/08/2013
Issued: 06/28/2016
Est. Priority Date: 11/08/2013
Status: Active Grant

First Claim

Patent Images

1. An information handling system comprising:

a housing;

a central processer unit disposed in the housing and operable to process information;

memory disposed in the housing and interfaced with the CPU, the memory operable to store information;

an operating system stored in the memory and operable to execute on the CPU, the operating system having a security subsystem to lock access to information and to unlock access to information in response to an operating system authentication input by an end user;

plural sensors disposed in the housing and operable to detect conditions external to the housing; and

a context engine operable to execute on one or more processing components disposed in the housing, the context engine establishing a context based upon external conditions sensed by the plural sensors in response to the operating system authentication input by the end user, the context including at least a wireless local area network identifier, an image captured by a camera, and motion detected by an accelerometer, the security subsystem locking access to a first set of information after a first time out period having a length set based on context sensed by all of the wireless local area network identifier that is detected, the camera image that is detected, and the motion that is detected by the accelerometer defines the context, the first set of information comprising less than all information accessible at the information handling system, and locking access to the first set of information after a second time out period different from the first time out period if only one of the wireless local area network identifier that is detected, the camera image that is detected or the motion that is detected by the accelerometer defines the context, the security subsystem locking access to all information accessible at the information handling system after a third time out period different from the first and second time out periods.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Context captured with sensors of an information handling system is applied to selectively lock access to currently unlocked information, with conditions for locking access based upon the context. Nervous states enforce locking of selected information based upon the confidence of the security of the information under sensed external conditions. Increased sensitivity for locking access includes reduced timeouts to a lock command, increased response to sensed conditions, and more rapid response where unlocked access is to sensitive information.

27 Citations

View as Search Results

20 Claims

1. An information handling system comprising:
- a housing;
  
  a central processer unit disposed in the housing and operable to process information;
  
  memory disposed in the housing and interfaced with the CPU, the memory operable to store information;
  
  an operating system stored in the memory and operable to execute on the CPU, the operating system having a security subsystem to lock access to information and to unlock access to information in response to an operating system authentication input by an end user;
  
  plural sensors disposed in the housing and operable to detect conditions external to the housing; and
  
  a context engine operable to execute on one or more processing components disposed in the housing, the context engine establishing a context based upon external conditions sensed by the plural sensors in response to the operating system authentication input by the end user, the context including at least a wireless local area network identifier, an image captured by a camera, and motion detected by an accelerometer, the security subsystem locking access to a first set of information after a first time out period having a length set based on context sensed by all of the wireless local area network identifier that is detected, the camera image that is detected, and the motion that is detected by the accelerometer defines the context, the first set of information comprising less than all information accessible at the information handling system, and locking access to the first set of information after a second time out period different from the first time out period if only one of the wireless local area network identifier that is detected, the camera image that is detected or the motion that is detected by the accelerometer defines the context, the security subsystem locking access to all information accessible at the information handling system after a third time out period different from the first and second time out periods.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The information handling system of claim 1 further comprising:
    - plural applications stored in the memory, at least some of the applications requiring an application authentication input to unlock access to information;
      
      wherein the context engine is further operable to establish a context based upon external conditions sensed by the plural sensors in response to each application authentication input by the end user.
  - 3. The information handling system of claim 2 further comprising a nervous state engine interfaced with the context engine and operable to analyze the context to establish an operating system predetermined condition to lock access with the operating system security subsystem and an application predetermined condition to lock access for each application authentication input.
  - 4. The information handling system of claim 3 wherein the nervous state engine is further operable to adjust the operating system predetermined condition and the application predetermined condition based upon changes to external conditions sensed by the sensors.
  - 5. The information handling system of claim 4 wherein the context comprises a wireless local area network detected by one or more of the plural sensors at the time of the operating system authentication input, the operating system predetermined condition comprises a first time period without a user input and the operating system predetermined condition adjusts to a second time period of less than the first time period if the one or more plural sensors fails to detect the wireless local area network.
  - 6. The information handling system of claim 5 wherein the operating system predetermined condition further adjusts to lock if an acceleration is detected with an accelerometer disposed in the housing.
  - 7. The information handling system of claim 1 wherein the context engine establishes a first context if the one or more plural sensors detects a predetermined safe position and a second context if the one or more sensors fails to sense a safe position.
  - 8. The information handling system of claim 7 wherein the one or more plural sensors comprises a GPS receiver and the safe position comprises a defined geographic boundary.

9. A method for locking access at an information handling system, the method comprising:
- inputting authentication to the information handling system to authorize access to information through the information handling system;
  
  in response to inputting authentication, capturing plural external conditions proximate the information handling system with plural sensors disposed in the information handling system;
  
  analyzing the plural external conditions to establish a context and a predetermined condition to lock access at the information handling system;
  
  detecting a change to one or more of the external conditions by one or more of the plural sensors; and
  
  in response to detecting the change, adjusting the predetermined condition to lock access at the information handling system;
  
  wherein the external conditions include one of a first charging condition of accepting an external charge with a charger having a first identifier connected to the information handling system, the first charging condition having a first predetermined condition to lock access and a second charging condition of accepting an external charge from a charger having a second identifier connected to the information handling system, the second charging condition having a second predetermined condition to lock access, the second predetermined condition including locking access upon detection of removal of the second charger connection from the information handling system;
  
  wherein a first set of less than all accessible information is locked in response to the first predetermined condition and all accessible information is locked in response to the second predetermined condition.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9 wherein:
    - analyzing the plural external conditions further comprises determining that a position of the information handling system falls within a predetermined position, the predetermined position including a boundary defined relative to a GPS location sensed at power up of the information handling system; and
      
      detecting a change comprises detecting a change in the position to outside of the predetermined position.
  - 11. The method of claim 10 wherein adjusting the predetermined condition to lock access further comprises reducing a time out period after which the information handling system locks.
  - 12. The method of claim 10 wherein the plural conditions include detecting a predetermined device through a wireless personal area network (WPAN) and the predetermined position comprises a position within range of the WPAN device.
  - 13. The method of claim 10 wherein the plural conditions include detecting a predetermined wireless local area network and the predetermined condition comprises a position within range of the wireless local area network.
  - 14. The method of claim 13 wherein the wireless local area network comprises an enterprise wireless local area network and the predetermined condition to lock access further comprises a first predetermined condition associated with access to enterprise information and a second predetermined condition associated with access to non-enterprise information.
  - 15. The method of claim 14 wherein the first predetermined condition comprises a timeout based upon a lack of inputs and the second predetermined condition comprises an acceleration detected by an accelerometer sensor.
  - 16. The method of claim 14 wherein the non-enterprise information comprises information accessible with a password input at a browser application executing on the CPU.
  - 17. The system of claim 16 wherein the plural conditions include detecting a predetermined external power adapter coupled to the information handling system and detecting a change comprises detecting decoupling of the power adapter from the information handling system.

18. A system for locking access at an information handling system, the system comprising:
- non-transitory memory storing;
  
  a security system that unlocks access to the information handling system in response to authentication information and relocks access to the information handling system in response to a predetermined condition; and
  
  a context engine executing on a processing component of the information handling system and interfaced with plural sensors disposed in the information handling system, the context engine operable to analyze external conditions detected by the plural sensors to select one of the plural sensors from the plural sensors for monitoring the predetermined condition, the context engine determining which of the plural sensors to have active for monitoring context based at least in part on a sensed context, the context engine having active only one of the plural sensors for a first sensed context having a first threat level and having all of the plural sensors active for a second sensed context having a second threat level;
  
  wherein the context includes at least a wireless local area network identifier, the security system locking access to a first set of less than all accessible information after a first time out period if a first wireless local area network identifier is detected and locking access to the first set of less than all accessible information after a second time out period different from the first time out period if a second wireless local area network identifier is detected.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18 wherein the context engine selects a camera and the predetermined condition comprises an image captured by the camera that lacks a human form.
  - 20. The system of claim 19 wherein context engine responds to the predetermined condition by relocking access and continuing to present multimedia information at a display of the information handling system after the relocking.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Robison, Charles D., Quinn, Liam B., Ancona, Rocco
Primary Examiner(s)
PEARSON, DAVID J

Application Number

US14/075,165
Publication Number

US 20150135270A1
Time in Patent Office

963 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/81   by operating on the power s...

G06F 2221/2139   Recurrent verification

G06F 2221/2149   Restricted operating enviro...

Context analysis at an information handling system to manage authentication cycles

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Context analysis at an information handling system to manage authentication cycles

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links