System and method for non-intrusive, privacy-preserving authentication
First Claim
1. A method comprising:
- entering into a legitimate user state on a client device for a specified time period following a first explicit authentication by an end user;
recording reference data related to user behavior while in the legitimate user state;
measuring user behavior when outside of the legitimate user state and arriving at an authentication assurance level based on a distance between the measured user behavior and the recorded reference data;
entering into a first transaction with a relying party over a network resulting in an authentication request from the relying party;
in response to receiving the authentication request within the legitimate user state, transmitting an authentication assurance level at or above a defined threshold from the client device to the relying party over the network, the authentication assurance level being sufficient to authenticate the user to the relying party, and the relying party to responsively allow the first transaction; and
in response to an authentication request while outside of the legitimate user state, transmitting the authentication assurance level based on a distance between the measured user behavior and the recorded reference data from the client device to the relying party over the network;
wherein in response to receiving the authentication assurance level, determining at the relying party whether the authentication assurance level is acceptable to complete the first transaction, wherein if the assurance level is acceptable, then the relying party to responsively allow the first transaction and wherein if the assurance level is not acceptable, then the relying party to transmit a response requesting additional authentication, the method further comprising;
performing a second explicit authentication by the end user on the client device to re-enter the legitimate user state; and
transmitting an authentication assurance level from the client device to the relying party, and the relying party to responsively allow the first transaction.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for non-intrusive privacy-preserving authentication. For example, one embodiment of a method comprises: entering into a legitimate user state on a client device for a time period following an explicit authentication by an end user; recording reference data related to user behavior while in the legitimate user state; measuring user behavior when outside of the legitimate user state and arriving at an authentication assurance level based on a distance between the measured user behavior and the recorded reference data; in response to an authentication request within the legitimate user state, providing an authentication assurance level at or above a defined threshold, the authentication assurance level being sufficient to authenticate the user to a relying party; and in response to an authentication request while outside of the legitimate user state, providing the authentication assurance level based on a distance between the measured user behavior and the recorded reference data.
206 Citations
25 Claims
-
1. A method comprising:
-
entering into a legitimate user state on a client device for a specified time period following a first explicit authentication by an end user; recording reference data related to user behavior while in the legitimate user state; measuring user behavior when outside of the legitimate user state and arriving at an authentication assurance level based on a distance between the measured user behavior and the recorded reference data; entering into a first transaction with a relying party over a network resulting in an authentication request from the relying party; in response to receiving the authentication request within the legitimate user state, transmitting an authentication assurance level at or above a defined threshold from the client device to the relying party over the network, the authentication assurance level being sufficient to authenticate the user to the relying party, and the relying party to responsively allow the first transaction; and in response to an authentication request while outside of the legitimate user state, transmitting the authentication assurance level based on a distance between the measured user behavior and the recorded reference data from the client device to the relying party over the network; wherein in response to receiving the authentication assurance level, determining at the relying party whether the authentication assurance level is acceptable to complete the first transaction, wherein if the assurance level is acceptable, then the relying party to responsively allow the first transaction and wherein if the assurance level is not acceptable, then the relying party to transmit a response requesting additional authentication, the method further comprising; performing a second explicit authentication by the end user on the client device to re-enter the legitimate user state; and transmitting an authentication assurance level from the client device to the relying party, and the relying party to responsively allow the first transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An client device having a memory for storing program code and a processor for processing the program code, the client device comprising:
-
an explicit user authenticator comprising at least one biometric sensor or keypad to perform a first explicit authentication of an end user, the explicit user authenticator to cause the client device to enter into a legitimate user state for a specified time period following the first explicit authentication; and one or more additional sensors to collect reference data related to user behavior while in the legitimate user state, the one or more sensors in communication with the processor, the processor to perform the operations of; recording the reference data related to user behavior while in the legitimate user state; measuring user behavior using the one or more sensors when outside of the legitimate user state and arriving at an authentication assurance level based on a distance between the measured user behavior and the recorded reference data; entering into a first transaction with a relying party over a network resulting in an authentication request from the relying party; in response to receiving the authentication request within the legitimate user state, transmitting an authentication assurance level at or above a defined threshold from the client device to the relying party over the network, the authentication assurance level being sufficient to authenticate the user to the relying party, and the relying party to responsively allow the first transaction; and in response to an authentication request while outside of the legitimate user state, transmitting the authentication assurance level based on a distance between the measured user behavior and the recorded reference data from the client device to the relying party over the network; wherein in response to receiving the authentication assurance level, determining at the relying party whether the authentication assurance level is acceptable to complete the first transaction, wherein if the assurance level is acceptable, then the relying party to responsively allow the first transaction and wherein if the assurance level is not acceptable, then the relying party to transmit a response requesting additional authentication, the processor to perform the additional operations of; performing a second explicit authentication by the end user on the client device to re-enter the legitimate user state; and transmitting an authentication assurance level from the client device to the relying party, and the relying party to responsively allow the first transaction. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification